Chromium Code Reviews
chromiumcodereview-hr@appspot.gserviceaccount.com (chromiumcodereview-hr) | Please choose your nickname with Settings | Help | Chromium Project | Gerrit Changes | Sign out
(174)

Issues Search
    My Issues | Starred     Open | Closed | All

Unified Diff: net/cert/ct_log_verifier.h

Issue 2108833005: Adds domain names for all qualified CT logs (Closed) Base URL: https://chromium.googlesource.com/chromium/src.git@master
Patch Set: Created 4 years, 6 months ago
Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.
Jump to:
View side-by-side diff with in-line comments
Download patch
« net/cert/ct_known_logs_static-inc.h ('K') | « net/cert/ct_known_logs_static-inc.h ('k') | net/cert/ct_log_verifier.cc » ('j') | no next file with comments »
Expand Comments ('e') | Collapse Comments ('c') | Show Comments Hide Comments ('s')
Index: net/cert/ct_log_verifier.h
diff --git a/net/cert/ct_log_verifier.h b/net/cert/ct_log_verifier.h
index fa5ba248b7d713388eea3c58c574c76c67dab956..ef012e3f04cc302187cd7571cca30e4d92c3b100 100644
--- a/net/cert/ct_log_verifier.h
+++ b/net/cert/ct_log_verifier.h
@@ -40,10 +40,13 @@ class NET_EXPORT CTLogVerifier
// using |public_key|, which is a DER-encoded SubjectPublicKeyInfo.
// If |public_key| refers to an unsupported public key, returns NULL.
// |description| is a textual description of the log.
+ // |url| is the URL of the log's HTTPS API endpoint.
+ // |domain| is the DNS name of the log's DNS API endpoint, if one exists.
Eran Messeri 2016/06/30 20:02:51 rename |domain| to |dns_domain| throughout so it'
Rob Percival 2016/07/08 09:45:42 Done.
static scoped_refptr<const CTLogVerifier> Create(
const base::StringPiece& public_key,
const base::StringPiece& description,
- const base::StringPiece& url);
+ const base::StringPiece& url,
+ const base::StringPiece& domain = nullptr);
// Returns the log's key ID (RFC6962, Section 3.2)
const std::string& key_id() const { return key_id_; }
@@ -52,6 +55,10 @@ class NET_EXPORT CTLogVerifier
// Returns the log's URL
const GURL& url() const { return url_; }
+ // Returns the log's domain (for CT over DNS queries).
Eran Messeri 2016/06/30 20:02:51 Nit: Link to the CT-over-DNS protocol documentatio
Rob Percival 2016/07/08 09:45:42 Done.
+ // This will be empty if the log has no DNS API endpoint.
+ const std::string& domain() const { return domain_; }
+
// Verifies that |sct| is valid for |entry| and was signed by this log.
bool Verify(const ct::LogEntry& entry,
const ct::SignedCertificateTimestamp& sct) const;
@@ -72,7 +79,9 @@ class NET_EXPORT CTLogVerifier
FRIEND_TEST_ALL_PREFIXES(CTLogVerifierTest, VerifySignature);
friend class base::RefCountedThreadSafe<CTLogVerifier>;
- CTLogVerifier(const base::StringPiece& description, const GURL& url);
+ CTLogVerifier(const base::StringPiece& description,
+ const GURL& url,
+ const base::StringPiece& domain);
~CTLogVerifier();
// Performs crypto-library specific initialization.
@@ -91,6 +100,7 @@ class NET_EXPORT CTLogVerifier
std::string key_id_;
std::string description_;
GURL url_;
+ std::string domain_;
Eran Messeri 2016/06/30 20:02:51 As mentioned above, dns_domain_.
Rob Percival 2016/07/08 09:45:42 Done.
ct::DigitallySigned::HashAlgorithm hash_algorithm_;
ct::DigitallySigned::SignatureAlgorithm signature_algorithm_;
« net/cert/ct_known_logs_static-inc.h ('K') | « net/cert/ct_known_logs_static-inc.h ('k') | net/cert/ct_log_verifier.cc » ('j') | no next file with comments »

Powered by Google App Engine
This is Rietveld 408576698