net/cert/signed_certificate_timestamp.h - Issue 37633002: CT: First step towards supporting Certificate Transparency in Chrome.

Side by Side Diff: net/cert/signed_certificate_timestamp.h

Issue 37633002: CT: First step towards supporting Certificate Transparency in Chrome. (Closed) Base URL: https://chromium.googlesource.com/chromium/src.git@master

Patch Set: Created 7 years, 2 months ago

Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.

Jump to:

View unified diff | Download patch

OLD	NEW
(Empty)
	1 // Copyright (c) 2013 The Chromium Authors. All rights reserved.

	2 // Use of this source code is governed by a BSD-style license that can be

	3 // found in the LICENSE file.

	4

	5 #ifndef NET_CERT_SIGNED_CERTIFICATE_TIMESTAMP_H_

	6 #define NET_CERT_SIGNED_CERTIFICATE_TIMESTAMP_H_

	7

	8 #include <string>

	9 #include <vector>

	10

	11 #include "base/time/time.h"

	12 #include "net/base/hash_value.h"

	13 #include "net/base/net_export.h"

	14

	15 namespace net {

	16

	17 // Structures related to Certificate Transparency (RFC6962).

	18 namespace ct {

	19

	20 struct NET_EXPORT LogEntry {
	wtc 2013/10/24 23:14:23 General suggestion: to help future maintainers of General suggestion: to help future maintainers of this code, I suggest you include the definitions of the original types in comments. For example, for struct LogEntry, add: enum { x509_entry(0), precert_entry(1), (65535) } LogEntryType; struct { LogEntryType entry_type; select (entry_type) { case x509_entry: X509ChainEntry; case precert_entry: PrecertChainEntry; } entry; } LogEntry; If you think this is too verbose, at least mention the name of the types (for exmple, "enum LogEntryType and struct LogEntry in RFC 6962, Sec. 3.1") in comments. Eran M. (Google) 2013/10/30 18:00:08 Resolved by mentioning the name of RFC & section f Show quoted text On 2013/10/24 23:14:23, wtc wrote: > > General suggestion: to help future maintainers of this code, I suggest you > include the definitions of the original types in comments. For example, for > struct LogEntry, add: > > enum { x509_entry(0), precert_entry(1), (65535) } LogEntryType; > > struct { > LogEntryType entry_type; > select (entry_type) { > case x509_entry: X509ChainEntry; > case precert_entry: PrecertChainEntry; > } entry; > } LogEntry; > > If you think this is too verbose, at least mention the name of the types (for > exmple, "enum LogEntryType and struct LogEntry in RFC 6962, Sec. 3.1") in > comments. Resolved by mentioning the name of RFC & section for each of the relevant structs/enums.
	21 enum Type {

	22 LOG_ENTRY_TYPE_X509 = 0,

	23 LOG_ENTRY_TYPE_PRECERT = 1

	24 };

	25

	26 LogEntry();

	27 ~LogEntry();

	28

	29 void Reset();

	30

	31 Type type;
	wtc 2013/10/24 23:14:23 You should use a union below. You should use a union below. Eran M. (Google) 2013/10/30 18:00:08 the objects in the suggested union are not plain d Show quoted text On 2013/10/24 23:14:23, wtc wrote: > > You should use a union below. the objects in the suggested union are not plain data types and so are forbidden (unrestricted unions are available with c++0x only). I could use pointers or boost::variant, if you think it's important enough.
	32

	33 // Set if type == LOG_ENTRY_TYPE_X509

	34 std::string leaf_cert;
	wtc 2013/10/24 23:14:23 Nit: leaf_cert => leaf_certificate because you di Nit: leaf_cert => leaf_certificate because you didn't abbreviate "tbs_certificate". Eran M. (Google) 2013/10/30 18:00:08 Done. Show quoted text On 2013/10/24 23:14:23, wtc wrote: > > > Nit: leaf_cert => leaf_certificate > > because you didn't abbreviate "tbs_certificate". Done.
	35

	36 // Set if type == LOG_ENTRY_TYPE_PRECERT

	37 SHA256HashValue issuer_key_hash;

	38 std::string tbs_certificate;

	39 };

	40

	41 // Helper structure to represent Digitally Signed data, as described in

	42 // Sections 4.7 and 7.4.1.4.1 of RFC 5246.

	43 struct DigitallySigned {

	44 enum HashAlgorithm {

	45 HASH_ALGO_NONE = 0,

	46 HASH_ALGO_MD5 = 1,

	47 HASH_ALGO_SHA1 = 2,

	48 HASH_ALGO_SHA224 = 3,

	49 HASH_ALGO_SHA256 = 4,

	50 HASH_ALGO_SHA384 = 5,

	51 HASH_ALGO_SHA512 = 6,

	52 };

	53

	54 enum SignatureAlgorithm {

	55 SIG_ALGO_ANONYMOUS = 0,

	56 SIG_ALGO_RSA = 1,

	57 SIG_ALGO_DSA = 2,

	58 SIG_ALGO_ECDSA = 3

	59 };

	60

	61 DigitallySigned();

	62 ~DigitallySigned();

	63

	64 HashAlgorithm hash_algorithm;

	65 SignatureAlgorithm signature_algorithm;

	66 std::string signature_data;
	wtc 2013/10/24 23:14:23 Nit: this field is named "signature" in the RFC. I Nit: this field is named "signature" in the RFC. If you deliberately renamed it "signature_data" for clarity, that's fine by me. Eran M. (Google) 2013/10/30 18:00:08 I have (found it confusing when actually accessing Show quoted text On 2013/10/24 23:14:23, wtc wrote: > > Nit: this field is named "signature" in the RFC. If you deliberately renamed it > "signature_data" for clarity, that's fine by me. I have (found it confusing when actually accessing the field).
	67 };

	68

	69 struct NET_EXPORT SignedCertificateTimestamp {

	70 enum Version {

	71 SCT_VERSION_1 = 0,

	72 };

	73

	74 // Source of the SCT - supplamentary, not defined in CT RFC.
	wtc 2013/10/24 23:14:23 Typo: supplamentary => supplementary Typo: supplamentary => supplementary Eran M. (Google) 2013/10/30 18:00:08 Done. Show quoted text On 2013/10/24 23:14:23, wtc wrote: > > Typo: supplamentary => supplementary Done.
	75 enum Origin {

	76 EMBEDDED = 0,

	77 FROM_TLS_HANDSHAKE = 1,

	78 FROM_OCSP_RESPONSE = 2,
	wtc 2013/10/24 23:14:23 Nit: the naming of the Origin enumerators differs Nit: the naming of the Origin enumerators differs in style from the other enumerators in this header, which all have a consistent prefix that suggests which enum type they belong to. Either style is fine by me. I am just pointing out this inconsistency. Eran M. (Google) 2013/10/30 18:00:08 Done - changed to conform other enums. Show quoted text On 2013/10/24 23:14:23, wtc wrote: > > Nit: the naming of the Origin enumerators differs in style from the other > enumerators in this header, which all have a consistent prefix that suggests > which enum type they belong to. Either style is fine by me. I am just pointing > out this inconsistency. Done - changed to conform other enums.
	79 };

	80

	81 SignedCertificateTimestamp();

	82 ~SignedCertificateTimestamp();

	83

	84 Version version;

	85 std::string log_id;

	86 base::Time timestamp;

	87 std::string extensions;

	88 DigitallySigned signature;

	89 // The origin should not participate in equality checks

	90 // As the same SCT can be provided from multiple sources.
	wtc 2013/10/24 23:14:23 Nit: As => as Nit: As => as Eran M. (Google) 2013/10/30 18:00:08 Done. Show quoted text On 2013/10/24 23:14:23, wtc wrote: > > Nit: As => as Done.
	91 Origin origin;

	92 };

	93

	94 } // namespace ct

	95

	96 } // namespace net

	97

	98 #endif // NET_CERT_SIGNED_CERTIFICATE_TIMESTAMP_H_

OLD	NEW

« net/cert/ct_serialization_unittest.cc ('K') | « net/cert/ct_serialization_unittest.cc ('k') | net/cert/signed_certificate_timestamp.cc » ('j') | net/cert/signed_certificate_timestamp.cc » ('J')