net/cert/ct_signed_certificate_timestamp_log_param.cc - Issue 2225223002: Certificate Transparency: Change CTVerifyResult to have a single list

Side by Side Diff: net/cert/ct_signed_certificate_timestamp_log_param.cc

Issue 2225223002: Certificate Transparency: Change CTVerifyResult to have a single list (Closed) Base URL: https://chromium.googlesource.com/chromium/src.git@master

Patch Set: Removed redundant change & other coment Created 4 years, 4 months ago

Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.

Jump to:

View unified diff | Download patch

OLD	NEW
1 // Copyright 2013 The Chromium Authors. All rights reserved.	1 // Copyright 2013 The Chromium Authors. All rights reserved.

2 // Use of this source code is governed by a BSD-style license that can be	2 // Use of this source code is governed by a BSD-style license that can be

3 // found in the LICENSE file.	3 // found in the LICENSE file.

4	4

5 #include "net/cert/ct_signed_certificate_timestamp_log_param.h"	5 #include "net/cert/ct_signed_certificate_timestamp_log_param.h"

6	6

7 #include <algorithm>	7 #include <algorithm>

8 #include <memory>	8 #include <memory>

9 #include <string>	9 #include <string>

10 #include <utility>	10 #include <utility>

(...skipping 42 matching lines...) Expand 10 before \| Expand all \| Expand 10 after Loading...
53 out->SetString("hash_algorithm",	53 out->SetString("hash_algorithm",

54 HashAlgorithmToString(sct.signature.hash_algorithm));	54 HashAlgorithmToString(sct.signature.hash_algorithm));

55 out->SetString("signature_algorithm",	55 out->SetString("signature_algorithm",

56 SignatureAlgorithmToString(sct.signature.signature_algorithm));	56 SignatureAlgorithmToString(sct.signature.signature_algorithm));

57 SetBinaryData("signature_data", sct.signature.signature_data, out.get());	57 SetBinaryData("signature_data", sct.signature.signature_data, out.get());

58	58

59 return out;	59 return out;

60 }	60 }

61	61

62 // Given a list of SCTs, return a ListValue instance where each item in the	62 // Given a list of SCTs, return a ListValue instance where each item in the

63 // list is a dictionary created by SCTToDictionary.	63 // list is a dictionary created by SCTToDictionary.
	estark 2016/08/09 20:02:04 nit: perhaps update this comment to note that we o nit: perhaps update this comment to note that we only output SCTs matching \|match_status\| Eran Messeri 2016/08/10 22:05:07 Done. Show quoted text On 2016/08/09 at 20:02:04, estark wrote: > nit: perhaps update this comment to note that we only output SCTs matching \|match_status\| Done.
64 std::unique_ptr<base::ListValue> SCTListToPrintableValues(	64 std::unique_ptr<base::ListValue> SCTListToPrintableValues(

65 const ct::SCTList& sct_list) {	65 const SignedCertificateTimestampAndStatusList& sct_and_status_list,

	66 ct::SCTVerifyStatus match_status) {

66 std::unique_ptr<base::ListValue> output_scts(new base::ListValue());	67 std::unique_ptr<base::ListValue> output_scts(new base::ListValue());

67 for (const auto& sct : sct_list)	68 for (const auto& sct_and_status : sct_and_status_list)

68 output_scts->Append(SCTToDictionary(*(sct.get())));	69 if (sct_and_status.status == match_status)

	70 output_scts->Append(SCTToDictionary(*(sct_and_status.sct.get())));

69	71

70 return output_scts;	72 return output_scts;

71 }	73 }

72	74

73 } // namespace	75 } // namespace

74	76

75 std::unique_ptr<base::Value> NetLogSignedCertificateTimestampCallback(	77 std::unique_ptr<base::Value> NetLogSignedCertificateTimestampCallback(

76 const ct::CTVerifyResult* ct_result,	78 const ct::CTVerifyResult* ct_result,

77 NetLogCaptureMode capture_mode) {	79 NetLogCaptureMode capture_mode) {

78 std::unique_ptr<base::DictionaryValue> dict(new base::DictionaryValue());	80 std::unique_ptr<base::DictionaryValue> dict(new base::DictionaryValue());

79	81

80 dict->Set("verified_scts",	82 dict->Set("verified_scts",

81 SCTListToPrintableValues(ct_result->verified_scts));	83 SCTListToPrintableValues(ct_result->scts, ct::SCT_STATUS_OK));
	eroman 2016/08/10 19:00:40 Is there a need to preserve the old format? AFAIC Is there a need to preserve the old format? AFAICT there isn't a consumer that relies on this structure (just getting dumped into NetLog right)? In that case, can you re-structure it to match the code organization? For instance add an "scts" parameter that is an array of all the SCTs. This should be more informative when debugging issues (in case order ends up mattering), and also means if a new veryfstatus is added don't need to remember to update this. If you do not make that change, then please add a breadcrumb to inform callers that this needs to be updated. Something like this would suffice: static_assert(ct::SCT_STATUS_MAX == 4, "When adding new verify status add it to the NetLog here"); Eran Messeri 2016/08/10 22:05:07 Re-structured as suggested. Now the status is pass Show quoted text On 2016/08/10 at 19:00:40, eroman wrote: > Is there a need to preserve the old format? > > AFAICT there isn't a consumer that relies on this structure (just getting dumped into NetLog right)? > > In that case, can you re-structure it to match the code organization? > > For instance add an "scts" parameter that is an array of all the SCTs. > > This should be more informative when debugging issues (in case order ends up mattering), and also means if a new veryfstatus is added don't need to remember to update this. > > If you do not make that change, then please add a breadcrumb to inform callers that this needs to be updated. Something like this would suffice: > > static_assert(ct::SCT_STATUS_MAX == 4, "When adding new verify status add it to the NetLog here"); Re-structured as suggested. Now the status is passed all the way to SCTToDictionary and is added to the dictionary as an integer value there. Note this affects the MultiLogCTVerifier unit test.
82	84

83 dict->Set("invalid_scts",	85 dict->Set("invalid_scts",

84 SCTListToPrintableValues(ct_result->invalid_scts));	86 SCTListToPrintableValues(ct_result->scts, ct::SCT_STATUS_INVALID));

85	87

86 dict->Set("unknown_logs_scts",	88 dict->Set(

87 SCTListToPrintableValues(ct_result->unknown_logs_scts));	89 "unknown_logs_scts",

	90 SCTListToPrintableValues(ct_result->scts, ct::SCT_STATUS_LOG_UNKNOWN));

88	91

89 return std::move(dict);	92 return std::move(dict);

90 }	93 }

91	94

92 std::unique_ptr<base::Value> NetLogRawSignedCertificateTimestampCallback(	95 std::unique_ptr<base::Value> NetLogRawSignedCertificateTimestampCallback(

93 const std::string* embedded_scts,	96 const std::string* embedded_scts,

94 const std::string* sct_list_from_ocsp,	97 const std::string* sct_list_from_ocsp,

95 const std::string* sct_list_from_tls_extension,	98 const std::string* sct_list_from_tls_extension,

96 NetLogCaptureMode capture_mode) {	99 NetLogCaptureMode capture_mode) {

97 std::unique_ptr<base::DictionaryValue> dict(new base::DictionaryValue());	100 std::unique_ptr<base::DictionaryValue> dict(new base::DictionaryValue());

98	101

99 SetBinaryData("embedded_scts", *embedded_scts, dict.get());	102 SetBinaryData("embedded_scts", *embedded_scts, dict.get());

100 SetBinaryData("scts_from_ocsp_response", *sct_list_from_ocsp, dict.get());	103 SetBinaryData("scts_from_ocsp_response", *sct_list_from_ocsp, dict.get());

101 SetBinaryData("scts_from_tls_extension", *sct_list_from_tls_extension,	104 SetBinaryData("scts_from_tls_extension", *sct_list_from_tls_extension,

102 dict.get());	105 dict.get());

103	106

104 return std::move(dict);	107 return std::move(dict);

105 }	108 }

106	109

107 } // namespace net	110 } // namespace net

OLD	NEW

« no previous file with comments | « no previous file | net/cert/ct_verify_result.h » ('j') | net/cert/ct_verify_result.h » ('J')