Add Certificate Transparency logs auditing

components/certificate_transparency/observed_leaf.h

Index: components/certificate_transparency/observed_leaf.h
diff --git a/components/certificate_transparency/observed_leaf.h b/components/certificate_transparency/observed_leaf.h
new file mode 100644
index 0000000000000000000000000000000000000000..c8be88cad82ad7d3464785a0df2ff0c918a6e1ba
--- /dev/null
+++ b/components/certificate_transparency/observed_leaf.h
@@ -0,0 +1,48 @@
+// Copyright 2016 The Chromium Authors. All rights reserved.
+// Use of this source code is governed by a BSD-style license that can be
+// found in the LICENSE file.
+
+#ifndef COMPONENTS_CERTIFICATE_TRANSPARENCY_OBSERVED_LEAF_H_
+#define COMPONENTS_CERTIFICATE_TRANSPARENCY_OBSERVED_LEAF_H_
+
+#include <stdint.h>
+
+#include "base/optional.h"
+#include "base/time/time.h"
+#include "net/cert/merkle_tree_leaf.h"
+

[Ryan Sleevi, 2016/06/30 22:48:18]

should be in the certificate_transparency namespace

[Eran Messeri, 2016/07/01 13:24:00]

Moved to the SingleTreeTracker class.

+// Represents a MerkleTreeLeaf with additional metadata: The time it was
+// first observed by this client and the index of the MerkleTreeLeaf in
+// the log, if known.
+class ObservedLeaf {

[Ryan Sleevi, 2016/06/30 22:48:18]

1) Why do we need a dedicated class for this?
2) Why does this belong here vs //net?

[Eran Messeri, 2016/07/01 13:24:00]

I've significantly changed this class and moved it into SingleTreeTracker:
- It now only holds the state, without the leaf itself.
- Since it's an implementation detail of the SingleTreeTracker it should not
exist on its own.

+ public:
+  ObservedLeaf(net::ct::MerkleTreeLeaf&& leaf, const base::Time& observed_at);
+  ObservedLeaf(const ObservedLeaf& other);
+  ObservedLeaf(ObservedLeaf&&);
+  ~ObservedLeaf();
+
+  // Sets the index of the leaf in the tree. May be called only once per
+  // instance.
+  void SetLeafIndex(uint64_t index);

[Ryan Sleevi, 2016/06/30 22:48:18]

Use vertical whitespace (between each and every one of these methods)

[Eran Messeri, 2016/07/01 13:24:00]

Done.

+  // Returns true if the leaf index was set for this instance.
+  bool HasLeafIndex() const;
+  // Returns the leaf index. May only be called on an instance where
+  // SetLeafIndex
+  // was called.

[Ryan Sleevi, 2016/06/30 22:48:18]

line wrapping

[Eran Messeri, 2016/07/01 13:24:00]

Done.

+  uint64_t GetLeafIndex() const;

[Ryan Sleevi, 2016/06/30 22:48:18]

DESIGN: API design wise, "May only be called ..." is generally a big red flag.

[Eran Messeri, 2016/07/01 13:24:00]

Can you elaborate? Also, is it a significant issue now that it's a nested class
in SingleTreeTracker?

+  // The actual tree leaf.
+  const net::ct::MerkleTreeLeaf& GetLeaf() const;
+  // The time the leaf was observed.
+  const base::Time& ObservedAt() const;
+
+ private:
+  // The entire leaf for the certificate.
+  const net::ct::MerkleTreeLeaf leaf_;
+  // When the leaf for the particular certificate was first seen.
+  const base::Time observed_at_;
+  // The leaf's index in the tree. Only set if the index has been
+  // obtained from the log.
+  base::Optional<uint64_t> leaf_index_;
+};
+
+#endif  // COMPONENTS_CERTIFICATE_TRANSPARENCY_OBSERVED_LEAF_H_