Certificate Transparency: Switch to using a generated CT log list

net/cert/ct_known_logs.cc

Index: net/cert/ct_known_logs.cc
diff --git a/net/cert/ct_known_logs.cc b/net/cert/ct_known_logs.cc
index d6164da7846fd40b8b60acf6d217ac15faa65d7c..49b083e00e4ed917a471f6d77c880aaf7c11a07e 100644
--- a/net/cert/ct_known_logs.cc
+++ b/net/cert/ct_known_logs.cc
@@ -2,9 +2,10 @@
 // Use of this source code is governed by a BSD-style license that can be
 // found in the LICENSE file.
 
+#include <string>
+
 #include "net/cert/ct_known_logs.h"
 
-#include "base/memory/scoped_ptr.h"
 #include "base/strings/string_piece.h"
 #include "net/cert/ct_log_verifier.h"
 
@@ -14,64 +15,27 @@ namespace ct {
 
 namespace {
 
-// Oldest log - the "pilot" log.
-const char kGooglePilotLogKey[] =
-    "\x30\x59\x30\x13\x06\x07\x2a\x86\x48\xce\x3d\x02\x01\x06\x08\x2a\x86\x48"
-    "\xce\x3d\x03\x01\x07\x03\x42\x00\x04\x7d\xa8\x4b\x12\x29\x80\xa3\x3d\xad"
-    "\xd3\x5a\x77\xb8\xcc\xe2\x88\xb3\xa5\xfd\xf1\xd3\x0c\xcd\x18\x0c\xe8\x41"
-    "\x46\xe8\x81\x01\x1b\x15\xe1\x4b\xf1\x1b\x62\xdd\x36\x0a\x08\x18\xba\xed"
-    "\x0b\x35\x84\xd0\x9e\x40\x3c\x2d\x9e\x9b\x82\x65\xbd\x1f\x04\x10\x41\x4c"
-    "\xa0";
-
-const size_t kGooglePilotLogKeyLength = arraysize(kGooglePilotLogKey) - 1;
-
-const char kGooglePilotLogName[] = "Google US1 CT";
-
-// Newer log - the "aviator" log.
-const char kGoogleAviatorLogKey[] =
-    "\x30\x59\x30\x13\x06\x07\x2a\x86\x48\xce\x3d\x02\x01\x06\x08\x2a\x86\x48"
-    "\xce\x3d\x03\x01\x07\x03\x42\x00\x04\xd7\xf4\xcc\x69\xb2\xe4\x0e\x90\xa3"
-    "\x8a\xea\x5a\x70\x09\x4f\xef\x13\x62\xd0\x8d\x49\x60\xff\x1b\x40\x50\x07"
-    "\x0c\x6d\x71\x86\xda\x25\x49\x8d\x65\xe1\x08\x0d\x47\x34\x6b\xbd\x27\xbc"
-    "\x96\x21\x3e\x34\xf5\x87\x76\x31\xb1\x7f\x1d\xc9\x85\x3b\x0d\xf7\x1f\x3f"
-    "\xe9";
-
-const size_t kGoogleAviatorLogKeyLength = arraysize(kGoogleAviatorLogKey) - 1;
-
-const char kGoogleAviatorLogName[] = "Google US2 CT";
-
-// Latest log, not turned up yet, nicknamed "rocketeer"
-const char kGoogleRocketeerLogKey[] =
-    "\x30\x59\x30\x13\x06\x07\x2a\x86\x48\xce\x3d\x02\x01\x06\x08\x2a\x86\x48"
-    "\xce\x3d\x03\x01\x07\x03\x42\x00\x04\xf3\x58\x9d\x31\x6e\x2f\xc8\x98\x46"
-    "\x2b\x92\x08\x1f\x46\x98\x80\x55\xa9\x0d\x02\xe1\x39\xba\x9a\x90\xcf\x8b"
-    "\xe0\x8a\x7e\x06\x72\xd6\x53\x48\xb3\x4a\xc3\x4d\x2f\x52\xa6\x21\xfc\xcc"
-    "\x33\xcb\x92\x2b\x57\x95\x76\xf2\x07\xcd\x37\x56\x83\xbb\xfa\xea\xb6\xc4"
-    "\xd8";
+struct CTLogInfo {
+  const char* log_key;

[agl, 2014/06/13 00:32:05]

The keys are expected to be the same length, right? If so, const char
log_key[92] saves a relocation record for each one.

[Eran Messeri, 2014/06/17 17:31:41]

For now, for our logs, yes. May change if (hopefully when!) we add other logs.
The original intention was future-proofing this bit. I've set a constant size
for the log keys as you suggested, but if you think future-proofing here makes
sense I'll revert this change.

+  uint8 log_key_length;
+  std::string log_name;

[agl, 2014/06/13 00:32:05]

This looks like a static initialiser, so should probably be a const char * or
const char log_name[32];

[Eran Messeri, 2014/06/17 17:31:41]

Done.

+};
 
-const size_t kGoogleRocketeerLogKeyLength =
-    arraysize(kGoogleRocketeerLogKey) - 1;
-
-const char kGoogleRocketeerLogName[] = "Google EU CT";
+#include "net/cert/ct_known_logs_static.h"
 
 }  // namespace
 
-scoped_ptr<CTLogVerifier> CreateGooglePilotLogVerifier() {
-  base::StringPiece key(kGooglePilotLogKey, kGooglePilotLogKeyLength);
-
-  return CTLogVerifier::Create(key, kGooglePilotLogName);
-}
-
-scoped_ptr<CTLogVerifier> CreateGoogleAviatorLogVerifier() {
-  base::StringPiece key(kGoogleAviatorLogKey, kGoogleAviatorLogKeyLength);
-
-  return CTLogVerifier::Create(key, kGoogleAviatorLogName);
-}
+std::vector<linked_ptr<CTLogVerifier> > CreateLogVerifiersForKnownLogs() {
+  std::vector<linked_ptr<CTLogVerifier> > verifiers;
+  for (int i = 0; i < kNumKnownCTLogs; ++i) {
+    const CTLogInfo& log(kCTLogList[i]);
+    base::StringPiece key(log.log_key, log.log_key_length);
 
-scoped_ptr<CTLogVerifier> CreateGoogleRocketeerLogVerifier() {
-  base::StringPiece key(kGoogleRocketeerLogKey, kGoogleRocketeerLogKeyLength);
+    verifiers.push_back(linked_ptr<CTLogVerifier>(
+        CTLogVerifier::Create(key, log.log_name).release()));
+  }
 
-  return CTLogVerifier::Create(key, kGoogleRocketeerLogName);
+  return verifiers;
 }
 
 }  // namespace ct