| OLD | NEW |
|---|
| 1 // Copyright 2013 The Chromium Authors. All rights reserved. | 1 // Copyright 2013 The Chromium Authors. All rights reserved. |
| 2 // Use of this source code is governed by a BSD-style license that can be | 2 // Use of this source code is governed by a BSD-style license that can be |
| 3 // found in the LICENSE file. | 3 // found in the LICENSE file. |
| 4 | 4 |
| 5 #include "net/cert/ct_log_verifier.h" | 5 #include "net/cert/ct_log_verifier.h" |
| 6 | 6 |
| 7 #include <string.h> | 7 #include <string.h> |
| 8 #include <openssl/bytestring.h> | 8 #include <openssl/bytestring.h> |
| 9 #include <openssl/evp.h> | 9 #include <openssl/evp.h> |
| 10 | 10 |
| (...skipping 40 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 51 return NULL; | 51 return NULL; |
| 52 } | 52 } |
| 53 } | 53 } |
| 54 | 54 |
| 55 } // namespace | 55 } // namespace |
| 56 | 56 |
| 57 // static | 57 // static |
| 58 scoped_refptr<const CTLogVerifier> CTLogVerifier::Create( | 58 scoped_refptr<const CTLogVerifier> CTLogVerifier::Create( |
| 59 const base::StringPiece& public_key, | 59 const base::StringPiece& public_key, |
| 60 const base::StringPiece& description, | 60 const base::StringPiece& description, |
| 61 const base::StringPiece& url) { | 61 const base::StringPiece& url, |
| 62 const base::StringPiece& dns_domain) { |
| 62 GURL log_url(url.as_string()); | 63 GURL log_url(url.as_string()); |
| 63 if (!log_url.is_valid()) | 64 if (!log_url.is_valid()) |
| 64 return nullptr; | 65 return nullptr; |
| 65 scoped_refptr<CTLogVerifier> result(new CTLogVerifier(description, log_url)); | 66 scoped_refptr<CTLogVerifier> result( |
| 67 new CTLogVerifier(description, log_url, dns_domain)); |
| 66 if (!result->Init(public_key)) | 68 if (!result->Init(public_key)) |
| 67 return nullptr; | 69 return nullptr; |
| 68 return result; | 70 return result; |
| 69 } | 71 } |
| 70 | 72 |
| 71 CTLogVerifier::CTLogVerifier(const base::StringPiece& description, | 73 CTLogVerifier::CTLogVerifier(const base::StringPiece& description, |
| 72 const GURL& url) | 74 const GURL& url, |
| 75 const base::StringPiece& dns_domain) |
| 73 : description_(description.as_string()), | 76 : description_(description.as_string()), |
| 74 url_(url), | 77 url_(url), |
| 78 dns_domain_(dns_domain.as_string()), |
| 75 hash_algorithm_(ct::DigitallySigned::HASH_ALGO_NONE), | 79 hash_algorithm_(ct::DigitallySigned::HASH_ALGO_NONE), |
| 76 signature_algorithm_(ct::DigitallySigned::SIG_ALGO_ANONYMOUS), | 80 signature_algorithm_(ct::DigitallySigned::SIG_ALGO_ANONYMOUS), |
| 77 public_key_(NULL) { | 81 public_key_(NULL) { |
| 78 DCHECK(url_.is_valid()); | 82 DCHECK(url_.is_valid()); |
| 79 } | 83 } |
| 80 | 84 |
| 81 bool CTLogVerifier::Verify(const ct::LogEntry& entry, | 85 bool CTLogVerifier::Verify(const ct::LogEntry& entry, |
| 82 const ct::SignedCertificateTimestamp& sct) const { | 86 const ct::SignedCertificateTimestamp& sct) const { |
| 83 if (sct.log_id != key_id()) { | 87 if (sct.log_id != key_id()) { |
| 84 DVLOG(1) << "SCT is not signed by this log."; | 88 DVLOG(1) << "SCT is not signed by this log."; |
| (...skipping 216 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 301 data_to_sign.size()) && | 305 data_to_sign.size()) && |
| 302 1 == EVP_DigestVerifyFinal( | 306 1 == EVP_DigestVerifyFinal( |
| 303 &ctx, reinterpret_cast<const uint8_t*>(signature.data()), | 307 &ctx, reinterpret_cast<const uint8_t*>(signature.data()), |
| 304 signature.size())); | 308 signature.size())); |
| 305 | 309 |
| 306 EVP_MD_CTX_cleanup(&ctx); | 310 EVP_MD_CTX_cleanup(&ctx); |
| 307 return ok; | 311 return ok; |
| 308 } | 312 } |
| 309 | 313 |
| 310 } // namespace net | 314 } // namespace net |
| OLD | NEW |
|---|
Chromium Code Reviews
Issue 2108833005:
Adds domain names for all qualified CT logs (Closed)
Base URL: https://chromium.googlesource.com/chromium/src.git@master