Chromium Code Reviews Chromium Code Reviews
Issue 37633002:
CT: First step towards supporting Certificate Transparency in Chrome. (Closed)
Base URL: https://chromium.googlesource.com/chromium/src.git@master| Index: net/cert/signed_certificate_timestamp.h |
| diff --git a/net/cert/signed_certificate_timestamp.h b/net/cert/signed_certificate_timestamp.h |
| new file mode 100644 |
| index 0000000000000000000000000000000000000000..5165f20f19ed1a46d9c084783e32ec42fe9e4d62 |
| --- /dev/null |
| +++ b/net/cert/signed_certificate_timestamp.h |
| @@ -0,0 +1,98 @@ |
| +// Copyright (c) 2013 The Chromium Authors. All rights reserved. |
| +// Use of this source code is governed by a BSD-style license that can be |
| +// found in the LICENSE file. |
| + |
| +#ifndef NET_CERT_SIGNED_CERTIFICATE_TIMESTAMP_H_ |
| +#define NET_CERT_SIGNED_CERTIFICATE_TIMESTAMP_H_ |
| + |
| +#include <string> |
| +#include <vector> |
| + |
| +#include "base/time/time.h" |
| +#include "net/base/hash_value.h" |
| +#include "net/base/net_export.h" |
| + |
| +namespace net { |
| + |
| +// Structures related to Certificate Transparency (RFC6962). |
| +namespace ct { |
| + |
| +struct NET_EXPORT LogEntry { |
|
wtc
2013/10/24 23:14:23
General suggestion: to help future maintainers of
Eran M. (Google)
2013/10/30 18:00:08
Resolved by mentioning the name of RFC & section f
|
| + enum Type { |
| + LOG_ENTRY_TYPE_X509 = 0, |
| + LOG_ENTRY_TYPE_PRECERT = 1 |
| + }; |
| + |
| + LogEntry(); |
| + ~LogEntry(); |
| + |
| + void Reset(); |
| + |
| + Type type; |
|
wtc
2013/10/24 23:14:23
You should use a union below.
Eran M. (Google)
2013/10/30 18:00:08
the objects in the suggested union are not plain d
|
| + |
| + // Set if type == LOG_ENTRY_TYPE_X509 |
| + std::string leaf_cert; |
|
wtc
2013/10/24 23:14:23
Nit: leaf_cert => leaf_certificate
because you di
Eran M. (Google)
2013/10/30 18:00:08
Done.
|
| + |
| + // Set if type == LOG_ENTRY_TYPE_PRECERT |
| + SHA256HashValue issuer_key_hash; |
| + std::string tbs_certificate; |
| +}; |
| + |
| +// Helper structure to represent Digitally Signed data, as described in |
| +// Sections 4.7 and 7.4.1.4.1 of RFC 5246. |
| +struct DigitallySigned { |
| + enum HashAlgorithm { |
| + HASH_ALGO_NONE = 0, |
| + HASH_ALGO_MD5 = 1, |
| + HASH_ALGO_SHA1 = 2, |
| + HASH_ALGO_SHA224 = 3, |
| + HASH_ALGO_SHA256 = 4, |
| + HASH_ALGO_SHA384 = 5, |
| + HASH_ALGO_SHA512 = 6, |
| + }; |
| + |
| + enum SignatureAlgorithm { |
| + SIG_ALGO_ANONYMOUS = 0, |
| + SIG_ALGO_RSA = 1, |
| + SIG_ALGO_DSA = 2, |
| + SIG_ALGO_ECDSA = 3 |
| + }; |
| + |
| + DigitallySigned(); |
| + ~DigitallySigned(); |
| + |
| + HashAlgorithm hash_algorithm; |
| + SignatureAlgorithm signature_algorithm; |
| + std::string signature_data; |
|
wtc
2013/10/24 23:14:23
Nit: this field is named "signature" in the RFC. I
Eran M. (Google)
2013/10/30 18:00:08
I have (found it confusing when actually accessing
|
| +}; |
| + |
| +struct NET_EXPORT SignedCertificateTimestamp { |
| + enum Version { |
| + SCT_VERSION_1 = 0, |
| + }; |
| + |
| + // Source of the SCT - supplamentary, not defined in CT RFC. |
|
wtc
2013/10/24 23:14:23
Typo: supplamentary => supplementary
Eran M. (Google)
2013/10/30 18:00:08
Done.
|
| + enum Origin { |
| + EMBEDDED = 0, |
| + FROM_TLS_HANDSHAKE = 1, |
| + FROM_OCSP_RESPONSE = 2, |
|
wtc
2013/10/24 23:14:23
Nit: the naming of the Origin enumerators differs
Eran M. (Google)
2013/10/30 18:00:08
Done - changed to conform other enums.
|
| + }; |
| + |
| + SignedCertificateTimestamp(); |
| + ~SignedCertificateTimestamp(); |
| + |
| + Version version; |
| + std::string log_id; |
| + base::Time timestamp; |
| + std::string extensions; |
| + DigitallySigned signature; |
| + // The origin should not participate in equality checks |
| + // As the same SCT can be provided from multiple sources. |
|
wtc
2013/10/24 23:14:23
Nit: As => as
Eran M. (Google)
2013/10/30 18:00:08
Done.
|
| + Origin origin; |
| +}; |
| + |
| +} // namespace ct |
| + |
| +} // namespace net |
| + |
| +#endif // NET_CERT_SIGNED_CERTIFICATE_TIMESTAMP_H_ |
