OLD | NEW |
---|---|
(Empty) | |
1 // Copyright 2014 The Chromium Authors. All rights reserved. | |
2 // Use of this source code is governed by a BSD-style license that can be | |
3 // found in the LICENSE file. | |
4 | |
5 #ifndef CHROME_BROWSER_NET_PACKED_CT_EV_WHITELIST_H_ | |
6 #define CHROME_BROWSER_NET_PACKED_CT_EV_WHITELIST_H_ | |
7 | |
8 #include <stdint.h> | |
9 | |
10 #include <string> | |
11 #include <vector> | |
12 | |
13 #include "base/gtest_prod_util.h" | |
14 #include "base/memory/ref_counted.h" | |
15 #include "base/strings/string_piece.h" | |
16 #include "net/cert/ct_ev_whitelist.h" | |
17 | |
18 namespace base { | |
19 class FilePath; | |
20 } | |
21 | |
22 class PackedEVCertsWhitelist : public net::ct::EVCertsWhitelist { | |
Ryan Sleevi
2014/10/20 19:18:25
Document
Eran Messeri
2014/10/21 14:59:59
Done.
| |
23 public: | |
24 explicit PackedEVCertsWhitelist(const std::string& compressed_whitelist); | |
Ryan Sleevi
2014/10/20 19:18:25
Document
Eran Messeri
2014/10/21 14:59:59
Done.
| |
25 | |
26 // Returns true if the |certificate_hash| appears in the EV certificate hashes | |
27 // whitelist. | |
28 virtual bool ContainsCertificateHash( | |
29 const std::string& certificate_hash) const OVERRIDE; | |
30 | |
31 // Returns true if the global EV certificate hashes whitelist is non-empty, | |
32 // false otherwise. | |
33 virtual bool IsValid() const OVERRIDE; | |
34 | |
35 protected: | |
36 virtual ~PackedEVCertsWhitelist(); | |
37 // Given a Golomb-coded list of hashes in |compressed_whitelist|, unpack into | |
38 // |uncompressed_list|. Returns true if the format of the compressed whitelist | |
39 // is valid, false otherwise. | |
40 static bool UncompressEVWhitelist( | |
41 const std::string& compressed_whitelist, | |
42 std::vector<std::string>* uncompressed_list); | |
Ryan Sleevi
2014/10/20 19:18:25
Why is this protected+static?
Private+static plus
Eran Messeri
2014/10/21 14:59:59
Done.
| |
43 | |
44 FRIEND_TEST_ALL_PREFIXES(PackedEVCertsWhitelistTest, | |
45 UncompressFailsForTooShortList); | |
46 FRIEND_TEST_ALL_PREFIXES(PackedEVCertsWhitelistTest, | |
47 UncompressFailsForTruncatedList); | |
48 FRIEND_TEST_ALL_PREFIXES(PackedEVCertsWhitelistTest, | |
49 UncompressesWhitelistCorrectly); | |
50 | |
51 private: | |
52 friend class base::RefCountedThreadSafe<net::ct::EVCertsWhitelist>; | |
Ryan Sleevi
2014/10/20 19:18:25
This isn't necessary - the base class must already
Eran Messeri
2014/10/21 14:59:59
Done.
| |
53 | |
54 bool is_whitelist_valid_; | |
55 // The whitelist is an array containing certificate hashes (truncated | |
56 // to a fixed size of 8 bytes), sorted. | |
57 // Binary search is used to locate hashes in the the array. | |
58 // Benchmarking bsearch vs std::set (with 120K entries, doing 1.2M lookups) | |
59 // shows that bsearch is about twice as fast as std::set lookups (and std::set | |
60 // has additional memory overhead). | |
61 char* whitelist_; | |
62 uint32_t whitelist_size_; | |
63 }; | |
64 | |
65 // Sets the EV certificate hashes whitelist from |compressed_whitelist_file| | |
66 // in |ssl_config_service|, after uncompressing it. | |
67 // If the data in |compressed_whitelist_file| is not a valid compressed | |
68 // whitelist, does nothing. | |
69 void SetEVWhitelistFromFile(const base::FilePath& compressed_whitelist_file); | |
70 | |
71 #endif // CHROME_BROWSER_NET_PACKED_CT_EV_WHITELIST_H_ | |
OLD | NEW |