OLD | NEW |
(Empty) | |
| 1 // Copyright 2014 The Chromium Authors. All rights reserved. |
| 2 // Use of this source code is governed by a BSD-style license that can be |
| 3 // found in the LICENSE file. |
| 4 |
| 5 #ifndef NET_CERT_CT_EV_WHITELIST_H_ |
| 6 #define NET_CERT_CT_EV_WHITELIST_H_ |
| 7 |
| 8 #include <set> |
| 9 #include <string> |
| 10 |
| 11 #include "base/files/file_path.h" |
| 12 #include "net/base/net_export.h" |
| 13 |
| 14 namespace net { |
| 15 |
| 16 namespace ct { |
| 17 |
| 18 namespace internal { |
| 19 |
| 20 // Abstraction over a stream of bits, to be read independently |
| 21 // of the bytes they're packed into. Bits are read MSB-first from the stream. |
| 22 // It is limited to 64-bit reads and is inefficient as a design choice - Since |
| 23 // it is used infrequently to unpack the Golomb-coded EV certificate hashes |
| 24 // whitelist in a blocking thread. |
| 25 // |
| 26 // This class is declared here so it can be tested. |
| 27 class NET_EXPORT_PRIVATE BitStreamReader { |
| 28 public: |
| 29 BitStreamReader(const char* source, size_t length); |
| 30 |
| 31 // Reads unary-encoded number into |out|. Returns true if |
| 32 // there was at least one bit to read, false otherwise. |
| 33 bool ReadUnaryEncoding(uint64* out); |
| 34 // Reads |num_bits| (up to 64) into |out|. |out| is filled from the MSB to the |
| 35 // LSB. If |num_bits| is less than 64, the most significant |64 - num_bits| |
| 36 // bits are unused and left as zeros. Returns true if the stream had the |
| 37 // requested |num_bits|, false otherwise. |
| 38 bool ReadBits(uint8 num_bits, uint64* out); |
| 39 // Returns the number of bits left in the stream. |
| 40 uint64 BitsLeft() const; |
| 41 |
| 42 private: |
| 43 // Reads a single bit. Within a byte, the bits are read from the MSB to the |
| 44 // LSB. |
| 45 uint8 ReadBit(); |
| 46 |
| 47 const char* const source_; |
| 48 const size_t length_; |
| 49 |
| 50 // Index of the byte currently being read from. |
| 51 uint64 current_byte_; |
| 52 // Index of the last bit read within |current_byte_|. Since bits are read |
| 53 // from the MSB to the LSB, this value is initialized to 7 and decremented |
| 54 // after each read. |
| 55 int8 current_bit_; |
| 56 }; |
| 57 |
| 58 // Given a Golomb-coded list of hashes in |compressed_whitelist|, unpack into |
| 59 // |uncompressed_list|. Returns true if the format of the compressed whitelist |
| 60 // is valid, false otherwise. |
| 61 NET_EXPORT_PRIVATE bool UncompressEVWhitelist( |
| 62 const std::string& compressed_whitelist, |
| 63 std::set<std::string>* uncompressed_list); |
| 64 |
| 65 // Sets the given |ev_whitelist| into the global context. |
| 66 // Note that |ev_whitelist| will contain the old EV whitelist data after this |
| 67 // call as the implementation is using set::swap() to efficiently switch the |
| 68 // sets. |
| 69 NET_EXPORT_PRIVATE void SetEVWhitelistData(std::set<std::string>& ev_whitelist); |
| 70 |
| 71 } // namespace internal |
| 72 |
| 73 // Sets the global EV certificate hashes whitelist from |
| 74 // |compressed_whitelist_file| in the global context, after uncompressing it. |
| 75 // If the data in |compressed_whitelist_file| is not a valid compressed |
| 76 // whitelist, does nothing. |
| 77 NET_EXPORT void SetEVWhitelistFromFile( |
| 78 const base::FilePath& compressed_whitelist_file); |
| 79 |
| 80 // Returns true if the |certificate_hash| appears in the EV certificate hashes |
| 81 // whitelist. |
| 82 NET_EXPORT bool IsCertificateHashInWhitelist( |
| 83 const std::string& certificate_hash); |
| 84 |
| 85 // Returns true if the global EV certificate hashes whitelist is non-empty, |
| 86 // false otherwise. |
| 87 NET_EXPORT bool HasValidEVWhitelist(); |
| 88 |
| 89 } // namespace ct |
| 90 |
| 91 } // namespace net |
| 92 |
| 93 #endif // NET_CERT_CT_EV_WHITELIST_H_ |
OLD | NEW |