Index: chrome/browser/net/packed_ct_ev_whitelist.h |
diff --git a/chrome/browser/net/packed_ct_ev_whitelist.h b/chrome/browser/net/packed_ct_ev_whitelist.h |
new file mode 100644 |
index 0000000000000000000000000000000000000000..962863be822208b0540a6f22ebd55c3fe2e72f0e |
--- /dev/null |
+++ b/chrome/browser/net/packed_ct_ev_whitelist.h |
@@ -0,0 +1,111 @@ |
+// Copyright 2014 The Chromium Authors. All rights reserved. |
+// Use of this source code is governed by a BSD-style license that can be |
+// found in the LICENSE file. |
+ |
+#ifndef CHROME_BROWSER_NET_PACKED_CT_EV_WHITELIST_H_ |
+#define CHROME_BROWSER_NET_PACKED_CT_EV_WHITELIST_H_ |
+ |
+#include <stdint.h> |
+ |
+#include <set> |
+#include <string> |
+ |
+#include "base/gtest_prod_util.h" |
+#include "base/memory/ref_counted.h" |
+#include "base/strings/string_piece.h" |
+#include "net/cert/ct_ev_whitelist.h" |
+ |
+namespace base { |
+class FilePath; |
+} |
+ |
+namespace net { |
+class SSLConfigService; |
+} // namespace net |
+ |
+namespace internal { |
+ |
+// A class for reading individual bits from a buffer of bytes they are packed |
+// into. Bits are read MSB-first from the stream. |
+// It is limited to 64-bit reads and is inefficient as a design choice - Since |
+// it is used infrequently to unpack the Golomb-coded EV certificate hashes |
+// whitelist in a blocking thread. |
+class BitStreamReader { |
Ryan Sleevi
2014/10/01 20:15:42
Split into separate files?
Eran Messeri
2014/10/03 12:00:11
Done.
|
+ public: |
+ explicit BitStreamReader(const base::StringPiece& source); |
+ |
+ // Reads unary-encoded number into |out|. Returns true if |
+ // there was at least one bit to read, false otherwise. |
+ bool ReadUnaryEncoding(uint64_t* out); |
+ |
+ // Reads |num_bits| (up to 64) into |out|. |out| is filled from the MSB to the |
+ // LSB. If |num_bits| is less than 64, the most significant |64 - num_bits| |
+ // bits are unused and left as zeros. Returns true if the stream had the |
+ // requested |num_bits|, false otherwise. |
+ bool ReadBits(uint8_t num_bits, uint64_t* out); |
+ |
+ // Returns the number of bits left in the stream. |
+ uint64_t BitsLeft() const; |
+ |
+ private: |
+ // Reads a single bit. Within a byte, the bits are read from the MSB to the |
+ // LSB. |
+ uint8_t ReadBit(); |
+ |
+ const base::StringPiece source_; |
+ |
+ // Index of the byte currently being read from. |
+ uint64_t current_byte_; |
+ |
+ // Index of the last bit read within |current_byte_|. Since bits are read |
+ // from the MSB to the LSB, this value is initialized to 7 and decremented |
+ // after each read. |
+ int8 current_bit_; |
+}; |
+ |
+} // namespace internal |
+ |
+class PackedEVCertsWhitelist : public net::ct::EVCertsWhitelist { |
+ public: |
+ explicit PackedEVCertsWhitelist(const std::string& compressed_whitelist); |
+ |
+ // Returns true if the |certificate_hash| appears in the EV certificate hashes |
+ // whitelist. |
+ virtual bool ContainsCertificateHash( |
+ const std::string& certificate_hash) const OVERRIDE; |
+ |
+ // Returns true if the global EV certificate hashes whitelist is non-empty, |
+ // false otherwise. |
+ virtual bool IsValid() const OVERRIDE; |
+ |
+ protected: |
+ virtual ~PackedEVCertsWhitelist(); |
+ // Given a Golomb-coded list of hashes in |compressed_whitelist|, unpack into |
+ // |uncompressed_list|. Returns true if the format of the compressed whitelist |
+ // is valid, false otherwise. |
+ static bool UncompressEVWhitelist(const std::string& compressed_whitelist, |
+ std::set<std::string>* uncompressed_list); |
+ |
+ FRIEND_TEST_ALL_PREFIXES(PackedEVCertsWhitelistTest, |
+ UncompressFailsForTooShortList); |
+ FRIEND_TEST_ALL_PREFIXES(PackedEVCertsWhitelistTest, |
+ UncompressFailsForTruncatedList); |
+ FRIEND_TEST_ALL_PREFIXES(PackedEVCertsWhitelistTest, |
+ UncompressesWhitelistCorrectly); |
+ |
+ private: |
+ friend class base::RefCountedThreadSafe<net::ct::EVCertsWhitelist>; |
+ |
+ bool is_whitelist_valid_; |
+ std::set<std::string> whitelist_; |
+}; |
+ |
+// Sets the EV certificate hashes whitelist from |compressed_whitelist_file| |
+// in |ssl_config_service|, after uncompressing it. |
+// If the data in |compressed_whitelist_file| is not a valid compressed |
+// whitelist, does nothing. |
+void SetEVWhitelistFromFile( |
+ const base::FilePath& compressed_whitelist_file, |
+ scoped_refptr<net::SSLConfigService> ssl_config_service); |
+ |
+#endif // CHROME_BROWSER_NET_PACKED_CT_EV_WHITELIST_H_ |