Index: net/cert/ct_log_verifier.h |
diff --git a/net/cert/ct_log_verifier.h b/net/cert/ct_log_verifier.h |
index e9ba307c3e99d33d7a22b984b823ccb4e7022073..6e3b938eb0bff7884d1105465afa7bf99515b5a1 100644 |
--- a/net/cert/ct_log_verifier.h |
+++ b/net/cert/ct_log_verifier.h |
@@ -19,14 +19,13 @@ |
typedef struct evp_pkey_st EVP_PKEY; |
namespace net { |
namespace ct { |
- |
-struct SignedTreeHead; |
+struct MerkleAuditProof; |
struct MerkleConsistencyProof; |
- |
+struct SignedTreeHead; |
} // namespace ct |
// Class for verifying signatures of a single Certificate Transparency |
// log, whose identity is provided during construction. |
// Currently can verify Signed Certificate Timestamp (SCT) and Signed |
@@ -74,10 +73,18 @@ class NET_EXPORT CTLogVerifier |
// |new_tree_hash|. |
bool VerifyConsistencyProof(const ct::MerkleConsistencyProof& proof, |
const std::string& old_tree_hash, |
const std::string& new_tree_hash) const; |
+ // Verifies that |proof| is a valid audit proof (RFC 6962, Section 2.1.1) for |
+ // this log, and which proves that the certificate represented by |leaf_hash| |
+ // has been incorporated into the Merkle tree represented by |root_hash|. |
+ // Returns true if verification succeeds, false otherwise. |
+ bool VerifyAuditProof(const ct::MerkleAuditProof& proof, |
+ const std::string& root_hash, |
+ const std::string& leaf_hash) const; |
+ |
private: |
FRIEND_TEST_ALL_PREFIXES(CTLogVerifierTest, VerifySignature); |
friend class base::RefCountedThreadSafe<CTLogVerifier>; |
CTLogVerifier(const base::StringPiece& description, |