Certificate Transparency: Parse Signed Tree Heads and validate them

net/cert/ct_log_verifier.h

Index: net/cert/ct_log_verifier.h
diff --git a/net/cert/ct_log_verifier.h b/net/cert/ct_log_verifier.h
index b4ee52026746809a7c8b0e3657ceae77a1d0f6ad..38e0930eb6594ec60c77e01fc4dd77b05e32c8cf 100644
--- a/net/cert/ct_log_verifier.h
+++ b/net/cert/ct_log_verifier.h
@@ -23,6 +23,10 @@ typedef struct SECKEYPublicKeyStr SECKEYPublicKey;
 
 namespace net {
 
+namespace ct {
+struct SignedTreeHead;
+}  // namespace ct
+
 // Class for verifying Signed Certificate Timestamps (SCTs) provided by a
 // specific log (whose identity is provided during construction).
 class NET_EXPORT CTLogVerifier {
@@ -46,6 +50,11 @@ class NET_EXPORT CTLogVerifier {
   bool Verify(const ct::LogEntry& entry,
               const ct::SignedCertificateTimestamp& sct);
 
+  // Verifies and sets |signed_tree_head|. If |signed_tree_head|'s signature is
+  // valid, stores it and returns true. Otherwise, discards the sth and
+  // returns false.
+  bool SetSignedTreeHead(scoped_ptr<ct::SignedTreeHead> signed_tree_head);
+
  private:
   FRIEND_TEST_ALL_PREFIXES(CTLogVerifierTest, VerifySignature);
 
@@ -61,10 +70,15 @@ class NET_EXPORT CTLogVerifier {
   bool VerifySignature(const base::StringPiece& data_to_sign,
                        const base::StringPiece& signature);
 
+  // Returns true if the signature and hash algorithms in |signature|
+  // match those of the log
+  bool SignatureParametersMatch(const ct::DigitallySigned& signature);
+
   std::string key_id_;
   std::string description_;
   ct::DigitallySigned::HashAlgorithm hash_algorithm_;
   ct::DigitallySigned::SignatureAlgorithm signature_algorithm_;
+  scoped_ptr<ct::SignedTreeHead> signed_tree_head_;
 
 #if defined(USE_OPENSSL)
   EVP_PKEY* public_key_;