OLD | NEW |
(Empty) | |
| 1 // Copyright 2014 The Chromium Authors. All rights reserved. |
| 2 // Use of this source code is governed by a BSD-style license that can be |
| 3 // found in the LICENSE file. |
| 4 |
| 5 #ifndef CHROME_BROWSER_NET_PACKED_CT_EV_WHITELIST_H_ |
| 6 #define CHROME_BROWSER_NET_PACKED_CT_EV_WHITELIST_H_ |
| 7 |
| 8 #include <stdint.h> |
| 9 |
| 10 #include <string> |
| 11 #include <vector> |
| 12 |
| 13 #include "base/gtest_prod_util.h" |
| 14 #include "net/cert/ct_ev_whitelist.h" |
| 15 |
| 16 namespace base { |
| 17 class FilePath; |
| 18 } |
| 19 |
| 20 // An implementation of the EVCertsWhitelist that gets its data packed using |
| 21 // Golomb coding to encode the difference between subsequent hash values. |
| 22 // Format of the packed list: |
| 23 // * First 8 bytes: First hash |
| 24 // * Repeating Golomb-coded number which is the numeric difference of the |
| 25 // previous hash value from this one |
| 26 // |
| 27 // The resulting, unpacked list is a sorted list of hash values that can be |
| 28 // efficiently searched. |
| 29 class PackedEVCertsWhitelist : public net::ct::EVCertsWhitelist { |
| 30 public: |
| 31 // Unpacks the given |compressed_whitelist|. See the class documentation |
| 32 // for description of the |compressed_whitelist| format. |
| 33 explicit PackedEVCertsWhitelist(const std::string& compressed_whitelist); |
| 34 |
| 35 // Returns true if the |certificate_hash| appears in the EV certificate hashes |
| 36 // whitelist. Must not be called if IsValid for this instance returned false. |
| 37 bool ContainsCertificateHash( |
| 38 const std::string& certificate_hash) const override; |
| 39 |
| 40 // Returns true if the EV certificate hashes whitelist provided in the c'tor |
| 41 // was valid, false otherwise. |
| 42 bool IsValid() const override; |
| 43 |
| 44 protected: |
| 45 ~PackedEVCertsWhitelist() override; |
| 46 |
| 47 private: |
| 48 FRIEND_TEST_ALL_PREFIXES(PackedEVCertsWhitelistTest, |
| 49 UncompressFailsForTooShortList); |
| 50 FRIEND_TEST_ALL_PREFIXES(PackedEVCertsWhitelistTest, |
| 51 UncompressFailsForTruncatedList); |
| 52 FRIEND_TEST_ALL_PREFIXES(PackedEVCertsWhitelistTest, |
| 53 UncompressFailsForInvalidValuesInList); |
| 54 FRIEND_TEST_ALL_PREFIXES(PackedEVCertsWhitelistTest, |
| 55 UncompressesWhitelistCorrectly); |
| 56 |
| 57 // Given a Golomb-coded list of hashes in |compressed_whitelist|, unpack into |
| 58 // |uncompressed_list|. Returns true if the format of the compressed whitelist |
| 59 // is valid, false otherwise. |
| 60 static bool UncompressEVWhitelist(const std::string& compressed_whitelist, |
| 61 std::vector<uint64_t>* uncompressed_list); |
| 62 |
| 63 bool is_whitelist_valid_; |
| 64 |
| 65 // The whitelist is an array containing certificate hashes (truncated |
| 66 // to a fixed size of 8 bytes), sorted. |
| 67 // Binary search is used to locate hashes in the the array. |
| 68 // Benchmarking bsearch vs std::set (with 120K entries, doing 1.2M lookups) |
| 69 // shows that bsearch is about twice as fast as std::set lookups (and std::set |
| 70 // has additional memory overhead). |
| 71 std::vector<uint64_t> whitelist_; |
| 72 |
| 73 DISALLOW_COPY_AND_ASSIGN(PackedEVCertsWhitelist); |
| 74 }; |
| 75 |
| 76 // Sets the EV certificate hashes whitelist from |compressed_whitelist_file| |
| 77 // in |ssl_config_service|, after uncompressing it. |
| 78 // If the data in |compressed_whitelist_file| is not a valid compressed |
| 79 // whitelist, does nothing. |
| 80 // As this function performs file operations, it should be called from a |
| 81 // blocking pool worker or a file worker. |
| 82 // To set the new whitelist, this function dispatches a task to the IO thread. |
| 83 void SetEVWhitelistFromFile(const base::FilePath& compressed_whitelist_file); |
| 84 |
| 85 #endif // CHROME_BROWSER_NET_PACKED_CT_EV_WHITELIST_H_ |
OLD | NEW |