Chromium Code Reviews Chromium Code Reviews
Issue 2108833005:
Adds domain names for all qualified CT logs (Closed)
Base URL: https://chromium.googlesource.com/chromium/src.git@master| Index: net/cert/ct_known_logs_static-inc.h |
| diff --git a/net/cert/ct_known_logs_static-inc.h b/net/cert/ct_known_logs_static-inc.h |
| index 783db760eadc3b9785b5e0f7ffc76eddd6f847cf..c06bf528148a084cc4596fe851935e126ee7949c 100644 |
| --- a/net/cert/ct_known_logs_static-inc.h |
| +++ b/net/cert/ct_known_logs_static-inc.h |
| @@ -2,6 +2,10 @@ |
| // Use of this source code is governed by a BSD-style license that can be |
| // found in the LICENSE file. |
| +#include <stddef.h> |
| + |
| +#include "base/time/time.h" |
| + |
| struct CTLogInfo { |
| // The DER-encoded SubjectPublicKeyInfo for the log. |
| const char* const log_key; |
| @@ -10,9 +14,14 @@ struct CTLogInfo { |
| // The user-friendly log name. |
| // Note: This will not be translated. |
| const char* const log_name; |
| - // The API endpoint for the log. |
| + // The HTTPS API endpoint for the log. |
| // Note: Trailing slashes should be included. |
| const char* const log_url; |
| + // The DNS API endpoint for the log. |
| + // This is used as the parent domain for all queries about the log. |
| + // May be null, if CT DNS queries are not supported for the log. |
| + // https://github.com/google/certificate-transparency-rfcs/blob/master/dns/draft-ct-over-dns.md. |
| + const char* const log_dns_domain; |
| }; |
| // The set of all presently-qualifying CT logs. |
| @@ -23,35 +32,40 @@ const CTLogInfo kCTLogList[] = { |
| "\x0c\xe8\x41\x46\xe8\x81\x01\x1b\x15\xe1\x4b\xf1\x1b\x62\xdd\x36\x0a" |
| "\x08\x18\xba\xed\x0b\x35\x84\xd0\x9e\x40\x3c\x2d\x9e\x9b\x82\x65\xbd" |
| "\x1f\x04\x10\x41\x4c\xa0", |
| - 91, "Google 'Pilot' log", "https://ct.googleapis.com/pilot/"}, |
| + 91, "Google 'Pilot' log", "https://ct.googleapis.com/pilot/", |
| + "pilot.ct.googleapis.com"}, |
| {"\x30\x59\x30\x13\x06\x07\x2a\x86\x48\xce\x3d\x02\x01\x06\x08\x2a\x86" |
| "\x48\xce\x3d\x03\x01\x07\x03\x42\x00\x04\xd7\xf4\xcc\x69\xb2\xe4\x0e" |
| "\x90\xa3\x8a\xea\x5a\x70\x09\x4f\xef\x13\x62\xd0\x8d\x49\x60\xff\x1b" |
| "\x40\x50\x07\x0c\x6d\x71\x86\xda\x25\x49\x8d\x65\xe1\x08\x0d\x47\x34" |
| "\x6b\xbd\x27\xbc\x96\x21\x3e\x34\xf5\x87\x76\x31\xb1\x7f\x1d\xc9\x85" |
| "\x3b\x0d\xf7\x1f\x3f\xe9", |
| - 91, "Google 'Aviator' log", "https://ct.googleapis.com/aviator/"}, |
| + 91, "Google 'Aviator' log", "https://ct.googleapis.com/aviator/", |
| + "aviator.ct.googleapis.com"}, |
| {"\x30\x59\x30\x13\x06\x07\x2a\x86\x48\xce\x3d\x02\x01\x06\x08\x2a\x86" |
| "\x48\xce\x3d\x03\x01\x07\x03\x42\x00\x04\x02\x46\xc5\xbe\x1b\xbb\x82" |
| "\x40\x16\xe8\xc1\xd2\xac\x19\x69\x13\x59\xf8\xf8\x70\x85\x46\x40\xb9" |
| "\x38\xb0\x23\x82\xa8\x64\x4c\x7f\xbf\xbb\x34\x9f\x4a\x5f\x28\x8a\xcf" |
| "\x19\xc4\x00\xf6\x36\x06\x93\x65\xed\x4c\xf5\xa9\x21\x62\x5a\xd8\x91" |
| "\xeb\x38\x24\x40\xac\xe8", |
| - 91, "DigiCert Log Server", "https://ct1.digicert-ct.com/log/"}, |
| + 91, "DigiCert Log Server", "https://ct1.digicert-ct.com/log/", |
| + "digicert.ct.googleapis.com"}, |
|
eroman
2016/07/16 00:14:28
Is it expected that these are all at googleapis.co
Rob Percival
2016/07/18 09:52:28
Yes, we're the only people running CT DNS servers.
|
| {"\x30\x59\x30\x13\x06\x07\x2a\x86\x48\xce\x3d\x02\x01\x06\x08\x2a\x86" |
| "\x48\xce\x3d\x03\x01\x07\x03\x42\x00\x04\x20\x5b\x18\xc8\x3c\xc1\x8b" |
| "\xb3\x31\x08\x00\xbf\xa0\x90\x57\x2b\xb7\x47\x8c\x6f\xb5\x68\xb0\x8e" |
| "\x90\x78\xe9\xa0\x73\xea\x4f\x28\x21\x2e\x9c\xc0\xf4\x16\x1b\xaa\xf9" |
| "\xd5\xd7\xa9\x80\xc3\x4e\x2f\x52\x3c\x98\x01\x25\x46\x24\x25\x28\x23" |
| "\x77\x2d\x05\xc2\x40\x7a", |
| - 91, "Google 'Rocketeer' log", "https://ct.googleapis.com/rocketeer/"}, |
| + 91, "Google 'Rocketeer' log", "https://ct.googleapis.com/rocketeer/", |
| + "rocketeer.ct.googleapis.com"}, |
| {"\x30\x59\x30\x13\x06\x07\x2a\x86\x48\xce\x3d\x02\x01\x06\x08\x2a\x86" |
| "\x48\xce\x3d\x03\x01\x07\x03\x42\x00\x04\x96\xea\xac\x1c\x46\x0c\x1b" |
| "\x55\xdc\x0d\xfc\xb5\x94\x27\x46\x57\x42\x70\x3a\x69\x18\xe2\xbf\x3b" |
| "\xc4\xdb\xab\xa0\xf4\xb6\x6c\xc0\x53\x3f\x4d\x42\x10\x33\xf0\x58\x97" |
| "\x8f\x6b\xbe\x72\xf4\x2a\xec\x1c\x42\xaa\x03\x2f\x1a\x7e\x28\x35\x76" |
| "\x99\x08\x3d\x21\x14\x86", |
| - 91, "Symantec log", "https://ct.ws.symantec.com/"}, |
| + 91, "Symantec log", "https://ct.ws.symantec.com/", |
| + "symantec.ct.googleapis.com"}, |
| {"\x30\x82\x01\x22\x30\x0d\x06\x09\x2a\x86\x48\x86\xf7\x0d\x01\x01\x01" |
| "\x05\x00\x03\x82\x01\x0f\x00\x30\x82\x01\x0a\x02\x82\x01\x01\x00\xa2" |
| "\x5a\x48\x1f\x17\x52\x95\x35\xcb\xa3\x5b\x3a\x1f\x53\x82\x76\x94\xa3" |
| @@ -70,14 +84,16 @@ const CTLogInfo kCTLogList[] = { |
| "\x05\xbf\x5f\xae\x94\x97\xdb\x5f\x64\xd4\xee\x16\x8b\xa3\x84\x6c\x71" |
| "\x2b\xf1\xab\x7f\x5d\x0d\x32\xee\x04\xe2\x90\xec\x41\x9f\xfb\x39\xc1" |
| "\x02\x03\x01\x00\x01", |
| - 294, "Venafi log", "https://ctlog.api.venafi.com/"}, |
| + 294, "Venafi log", "https://ctlog.api.venafi.com/", |
| + "venafi.ct.googleapis.com"}, |
| {"\x30\x59\x30\x13\x06\x07\x2a\x86\x48\xce\x3d\x02\x01\x06\x08\x2a\x86" |
| "\x48\xce\x3d\x03\x01\x07\x03\x42\x00\x04\xea\x95\x9e\x02\xff\xee\xf1" |
| "\x33\x6d\x4b\x87\xbc\xcd\xfd\x19\x17\x62\xff\x94\xd3\xd0\x59\x07\x3f" |
| "\x02\x2d\x1c\x90\xfe\xc8\x47\x30\x3b\xf1\xdd\x0d\xb8\x11\x0c\x5d\x1d" |
| "\x86\xdd\xab\xd3\x2b\x46\x66\xfb\x6e\x65\xb7\x3b\xfd\x59\x68\xac\xdf" |
| "\xa6\xf8\xce\xd2\x18\x4d", |
| - 91, "Symantec 'Vega' log", "https://vega.ws.symantec.com/"}, |
| + 91, "Symantec 'Vega' log", "https://vega.ws.symantec.com/", |
| + "symantec-vega.ct.googleapis.com"}, |
| {"\x30\x82\x01\x22\x30\x0d\x06\x09\x2a\x86\x48\x86\xf7\x0d\x01\x01\x01" |
| "\x05\x00\x03\x82\x01\x0f\x00\x30\x82\x01\x0a\x02\x82\x01\x01\x00\xbf" |
| "\xb5\x08\x61\x9a\x29\x32\x04\xd3\x25\x63\xe9\xd8\x85\xe1\x86\xe0\x1f" |
| @@ -96,7 +112,8 @@ const CTLogInfo kCTLogList[] = { |
| "\x6f\xdf\x3c\x2c\x43\x57\xa1\x47\x0c\x91\x04\xf4\x75\x4d\xda\x89\x81" |
| "\xa4\x14\x06\x34\xb9\x98\xc3\xda\xf1\xfd\xed\x33\x36\xd3\x16\x2d\x35" |
| "\x02\x03\x01\x00\x01", |
| - 294, "CNNIC CT log", "https://ctserver.cnnic.cn/"}}; |
| + 294, "CNNIC CT log", "https://ctserver.cnnic.cn/", |
| + "cnnic.ct.googleapis.com"}}; |
| // Information related to previously-qualified, but now disqualified, CT |
| // logs. |
| @@ -123,7 +140,7 @@ const DisqualifiedCTLogInfo kDisqualifiedCTLogList[] = { |
| "\x11\xc4\x11\x17\xab\x5c\xcf\x0f\x74\xac\xb5\x97\x90\x93\x00\x5b\xb8" |
| "\xeb\xf7\x27\x3d\xd9\xb2\x0a\x81\x5f\x2f\x0d\x75\x38\x94\x37\x99\x1e" |
| "\xf6\x07\x76\xe0\xee\xbe", |
| - 91, "Izenpe log", "https://ct.izenpe.com/"}, |
| + 91, "Izenpe log", "https://ct.izenpe.com/", nullptr}, |
| // 2016-05-30 00:00:00 UTC |
| base::TimeDelta::FromSeconds(1464566400), |
| }, |
| @@ -136,7 +153,7 @@ const DisqualifiedCTLogInfo kDisqualifiedCTLogList[] = { |
| "\x8f\x01\x42\x0a\x7c\x98\x26\x27\xc1\xb5\xdd\x92\x93\xb0\xae\xf8\x9b" |
| "\x3d\x0c\xd8\x4c\x4e\x1d\xf9\x15\xfb\x47\x68\x7b\xba\x66\xb7\x25\x9c" |
| "\xd0\x4a\xc2\x66\xdb\x48", |
| - 91, "Certly.IO log", "https://log.certly.io/"}, |
| + 91, "Certly.IO log", "https://log.certly.io/", nullptr}, |
| // 2016-04-15 00:00:00 UTC |
| base::TimeDelta::FromSeconds(1460678400), |
| }, |
