Certificate Transparency: Change CTVerifyResult to have a single list

net/cert/multi_log_ct_verifier.cc

 // Copyright 2013 The Chromium Authors. All rights reserved.
 // Use of this source code is governed by a BSD-style license that can be
 // found in the LICENSE file.
 
 #include "net/cert/multi_log_ct_verifier.h"
 
 #include <vector>
 
 #include "base/bind.h"
 #include "base/callback_helpers.h"
@@ skipping 28 matching lines @@
                             ct::SignedCertificateTimestamp::SCT_ORIGIN_MAX);
 }
 
 // Count the number of SCTs that were available for each SSL connection
 // (including SCTs embedded in the certificate).
 // This metric would allow measuring:
 // * Of all SSL connections, how many had SCTs available for validation.
 // * When SCTs are available, how many are available per connection.
 void LogNumSCTsToUMA(const ct::CTVerifyResult& result) {
   UMA_HISTOGRAM_CUSTOM_COUNTS("Net.CertificateTransparency.SCTsPerConnection",
-                              result.invalid_scts.size() +
-                                  result.verified_scts.size() +
-                                  result.unknown_logs_scts.size(),
-                              1,
-                              10,
-                              11);
+                              result.scts.size(), 1, 10, 11);
+}
+
+void AddSCTAndLogStatus(scoped_refptr<ct::SignedCertificateTimestamp> sct,
+                        ct::SCTVerifyStatus status,
+                        SignedCertificateTimestampAndStatusList* sct_list) {
+  LogSCTStatusToUMA(status);
+  sct_list->push_back(SignedCertificateTimestampAndStatus(sct, status));
 }
 
 }  // namespace
 
 MultiLogCTVerifier::MultiLogCTVerifier() : observer_(nullptr) {
 }
 
 MultiLogCTVerifier::~MultiLogCTVerifier() { }
 
 void MultiLogCTVerifier::AddLogs(
@@ skipping 10 matching lines @@
 
 int MultiLogCTVerifier::Verify(
     X509Certificate* cert,
     const std::string& stapled_ocsp_response,
     const std::string& sct_list_from_tls_extension,
     ct::CTVerifyResult* result,
     const BoundNetLog& net_log)  {
   DCHECK(cert);
   DCHECK(result);
 
-  result->verified_scts.clear();
-  result->invalid_scts.clear();
-  result->unknown_logs_scts.clear();
+  result->scts.clear();
 
   bool has_verified_scts = false;
 
   std::string embedded_scts;
   if (!cert->GetIntermediateCertificates().empty() &&
       ct::ExtractEmbeddedSCTList(
           cert->os_cert_handle(),
           &embedded_scts)) {
     ct::LogEntry precert_entry;
 
@@ skipping 86 matching lines @@
 
 bool MultiLogCTVerifier::VerifySingleSCT(
     scoped_refptr<ct::SignedCertificateTimestamp> sct,
     const ct::LogEntry& expected_entry,
     X509Certificate* cert,
     ct::CTVerifyResult* result) {
   // Assume this SCT is untrusted until proven otherwise.
   const auto& it = logs_.find(sct->log_id);
   if (it == logs_.end()) {
     DVLOG(1) << "SCT does not match any known log.";
-    result->unknown_logs_scts.push_back(sct);
-    LogSCTStatusToUMA(ct::SCT_STATUS_LOG_UNKNOWN);
+    AddSCTAndLogStatus(sct, ct::SCT_STATUS_LOG_UNKNOWN, &(result->scts));
     return false;
   }
 
   sct->log_description = it->second->description();
 
   if (!it->second->Verify(expected_entry, *sct.get())) {
     DVLOG(1) << "Unable to verify SCT signature.";
-    result->invalid_scts.push_back(sct);
-    LogSCTStatusToUMA(ct::SCT_STATUS_INVALID);
+    AddSCTAndLogStatus(sct, ct::SCT_STATUS_INVALID, &(result->scts));
     return false;
   }
 
   // SCT verified ok, just make sure the timestamp is legitimate.
   if (sct->timestamp > base::Time::Now()) {
     DVLOG(1) << "SCT is from the future!";
-    result->invalid_scts.push_back(sct);
-    LogSCTStatusToUMA(ct::SCT_STATUS_INVALID);
+    AddSCTAndLogStatus(sct, ct::SCT_STATUS_INVALID, &(result->scts));
     return false;
   }
 
-  LogSCTStatusToUMA(ct::SCT_STATUS_OK);
-  result->verified_scts.push_back(sct);
+  AddSCTAndLogStatus(sct, ct::SCT_STATUS_OK, &(result->scts));
   if (observer_)
     observer_->OnSCTVerified(cert, sct.get());
   return true;
 }
 
 } // namespace net