Index: net/cert/ct_ev_whitelist.h |
diff --git a/net/cert/ct_ev_whitelist.h b/net/cert/ct_ev_whitelist.h |
new file mode 100644 |
index 0000000000000000000000000000000000000000..03e97ad4d67243b44ba57c65d5d513c6b1e00e26 |
--- /dev/null |
+++ b/net/cert/ct_ev_whitelist.h |
@@ -0,0 +1,121 @@ |
+// Copyright 2014 The Chromium Authors. All rights reserved. |
+// Use of this source code is governed by a BSD-style license that can be |
+// found in the LICENSE file. |
+ |
+#ifndef NET_CERT_CT_EV_WHITELIST_H_ |
+#define NET_CERT_CT_EV_WHITELIST_H_ |
+ |
+#include <stdint.h> |
+ |
+#include <set> |
+#include <string> |
+ |
+#include "base/files/file_path.h" |
+#include "base/gtest_prod_util.h" |
+#include "base/memory/ref_counted.h" |
+#include "base/strings/string_piece.h" |
+#include "net/base/net_export.h" |
+ |
+namespace net { |
+ |
+namespace ct { |
+ |
+namespace internal { |
+ |
+// A class for reading individual bits from a buffer of bytes they are packed |
+// into. Bits are read MSB-first from the stream. |
+// It is limited to 64-bit reads and is inefficient as a design choice - Since |
+// it is used infrequently to unpack the Golomb-coded EV certificate hashes |
+// whitelist in a blocking thread. |
+class NET_EXPORT_PRIVATE BitStreamReader { |
Ryan Sleevi
2014/09/11 23:44:38
Why do you have this in a public header in an ::in
Eran Messeri
2014/10/01 16:08:36
Short answer is that it's in a public header in an
|
+ public: |
+ BitStreamReader(const base::StringPiece& source); |
+ |
+ // Reads unary-encoded number into |out|. Returns true if |
+ // there was at least one bit to read, false otherwise. |
+ bool ReadUnaryEncoding(uint64_t* out); |
+ |
+ // Reads |num_bits| (up to 64) into |out|. |out| is filled from the MSB to the |
+ // LSB. If |num_bits| is less than 64, the most significant |64 - num_bits| |
+ // bits are unused and left as zeros. Returns true if the stream had the |
+ // requested |num_bits|, false otherwise. |
+ bool ReadBits(uint8_t num_bits, uint64_t* out); |
+ |
+ // Returns the number of bits left in the stream. |
+ uint64_t BitsLeft() const; |
+ |
+ private: |
+ // Reads a single bit. Within a byte, the bits are read from the MSB to the |
+ // LSB. |
+ uint8_t ReadBit(); |
+ |
+ const base::StringPiece source_; |
+ |
+ // Index of the byte currently being read from. |
+ uint64_t current_byte_; |
+ |
+ // Index of the last bit read within |current_byte_|. Since bits are read |
+ // from the MSB to the LSB, this value is initialized to 7 and decremented |
+ // after each read. |
+ int8 current_bit_; |
+}; |
+ |
+} // namespace internal |
+ |
+class NET_EXPORT EVCertsWhitelist |
+ : public base::RefCountedThreadSafe<EVCertsWhitelist> { |
Ryan Sleevi
2014/09/11 23:44:38
There's a really, really high-barrier for introduc
Eran Messeri
2014/10/01 16:08:36
(also mentioned offline) It's ref-counted because,
|
+ public: |
+ // Returns true if the |certificate_hash| appears in the EV certificate hashes |
+ // whitelist. |
+ virtual bool ContainsCertificateHash( |
+ const std::string& certificate_hash) const = 0; |
+ |
+ // Returns true if the global EV certificate hashes whitelist is non-empty, |
+ // false otherwise. |
+ virtual bool IsValid() const = 0; |
+ |
+ // Sets the EV whitelist from a compressed string, if it is valid. |
+ // Sets the global EV certificate hashes whitelist from |
+ // |compressed_whitelist_file| in the global context, after uncompressing it. |
+ // If the data in |compressed_whitelist_file| is not a valid compressed |
+ // whitelist, does nothing. |
+ virtual bool Update(const std::string& compressed_whitelist) = 0; |
Ryan Sleevi
2014/09/11 23:44:38
I don't think this method really belongs/makes sen
Eran Messeri
2014/10/01 16:08:36
Yes - as you recommended, moved the implementation
|
+ |
+ protected: |
+ virtual ~EVCertsWhitelist() {} |
+ // Given a Golomb-coded list of hashes in |compressed_whitelist|, unpack into |
+ // |uncompressed_list|. Returns true if the format of the compressed whitelist |
+ // is valid, false otherwise. |
+ static bool UncompressEVWhitelist(const std::string& compressed_whitelist, |
+ std::set<std::string>* uncompressed_list); |
+ |
+ friend class EVCertsWhitelistTest; |
+ FRIEND_TEST_ALL_PREFIXES(EVCertsWhitelistTest, |
+ UncompressFailsForTooShortList); |
+ FRIEND_TEST_ALL_PREFIXES(EVCertsWhitelistTest, |
+ UncompressFailsForTruncatedList); |
+ FRIEND_TEST_ALL_PREFIXES(EVCertsWhitelistTest, |
+ UncompressesWhitelistCorrectly); |
Ryan Sleevi
2014/09/11 23:44:38
Generally, pick one or the other here. If you frie
Eran Messeri
2014/10/01 16:08:35
Done. Picked FRIEND_TEST_ALL_PREFIXES because the
|
+ |
+ private: |
+ friend class base::RefCountedThreadSafe<EVCertsWhitelist>; |
+}; |
+ |
+// Sets the global EV certificate hashes whitelist from |
+// |compressed_whitelist_file| in the global context, after uncompressing |
+// it. |
+// If the data in |compressed_whitelist_file| is not a valid compressed |
+// whitelist, does nothing. |
+NET_EXPORT void SetEVWhitelistFromFile( |
+ const base::FilePath& compressed_whitelist_file); |
Ryan Sleevi
2014/09/11 23:44:38
If you did keep this method (still uncomfortable w
Eran Messeri
2014/10/01 16:08:35
That now lives in //chrome/browser/net, forward-de
|
+ |
+namespace internal { |
+// For testing purposes |
+NET_EXPORT EVCertsWhitelist* GetEmptyEVCertsWhitelist(); |
Ryan Sleevi
2014/09/11 23:44:39
If it's for testing, why isn't it NET_EXPORT_PRIVA
Eran Messeri
2014/10/01 16:08:35
Removed this method, per your suggestion there's a
|
+} // namespace internal |
+ |
+} // namespace ct |
+ |
+} // namespace net |
+ |
+#endif // NET_CERT_CT_EV_WHITELIST_H_ |