Chromium Code Reviews Chromium Code Reviews
Issue 547603002:
Certificate Transparency: Code for unpacking EV cert hashes whitelist (Closed)
Base URL: https://chromium.googlesource.com/chromium/src.git@master| Index: chrome/browser/net/packed_ct_ev_whitelist.h |
| diff --git a/chrome/browser/net/packed_ct_ev_whitelist.h b/chrome/browser/net/packed_ct_ev_whitelist.h |
| new file mode 100644 |
| index 0000000000000000000000000000000000000000..350af8b5233db96a8ea60a1f3589a159ae3324bf |
| --- /dev/null |
| +++ b/chrome/browser/net/packed_ct_ev_whitelist.h |
| @@ -0,0 +1,71 @@ |
| +// Copyright 2014 The Chromium Authors. All rights reserved. |
| +// Use of this source code is governed by a BSD-style license that can be |
| +// found in the LICENSE file. |
| + |
| +#ifndef CHROME_BROWSER_NET_PACKED_CT_EV_WHITELIST_H_ |
| +#define CHROME_BROWSER_NET_PACKED_CT_EV_WHITELIST_H_ |
| + |
| +#include <stdint.h> |
| + |
| +#include <string> |
| +#include <vector> |
| + |
| +#include "base/gtest_prod_util.h" |
| +#include "base/memory/ref_counted.h" |
| +#include "base/strings/string_piece.h" |
| +#include "net/cert/ct_ev_whitelist.h" |
| + |
| +namespace base { |
| +class FilePath; |
| +} |
| + |
| +class PackedEVCertsWhitelist : public net::ct::EVCertsWhitelist { |
|
Ryan Sleevi
2014/10/20 19:18:25
Document
Eran Messeri
2014/10/21 14:59:59
Done.
|
| + public: |
| + explicit PackedEVCertsWhitelist(const std::string& compressed_whitelist); |
|
Ryan Sleevi
2014/10/20 19:18:25
Document
Eran Messeri
2014/10/21 14:59:59
Done.
|
| + |
| + // Returns true if the |certificate_hash| appears in the EV certificate hashes |
| + // whitelist. |
| + virtual bool ContainsCertificateHash( |
| + const std::string& certificate_hash) const OVERRIDE; |
| + |
| + // Returns true if the global EV certificate hashes whitelist is non-empty, |
| + // false otherwise. |
| + virtual bool IsValid() const OVERRIDE; |
| + |
| + protected: |
| + virtual ~PackedEVCertsWhitelist(); |
| + // Given a Golomb-coded list of hashes in |compressed_whitelist|, unpack into |
| + // |uncompressed_list|. Returns true if the format of the compressed whitelist |
| + // is valid, false otherwise. |
| + static bool UncompressEVWhitelist( |
| + const std::string& compressed_whitelist, |
| + std::vector<std::string>* uncompressed_list); |
|
Ryan Sleevi
2014/10/20 19:18:25
Why is this protected+static?
Private+static plus
Eran Messeri
2014/10/21 14:59:59
Done.
|
| + |
| + FRIEND_TEST_ALL_PREFIXES(PackedEVCertsWhitelistTest, |
| + UncompressFailsForTooShortList); |
| + FRIEND_TEST_ALL_PREFIXES(PackedEVCertsWhitelistTest, |
| + UncompressFailsForTruncatedList); |
| + FRIEND_TEST_ALL_PREFIXES(PackedEVCertsWhitelistTest, |
| + UncompressesWhitelistCorrectly); |
| + |
| + private: |
| + friend class base::RefCountedThreadSafe<net::ct::EVCertsWhitelist>; |
|
Ryan Sleevi
2014/10/20 19:18:25
This isn't necessary - the base class must already
Eran Messeri
2014/10/21 14:59:59
Done.
|
| + |
| + bool is_whitelist_valid_; |
| + // The whitelist is an array containing certificate hashes (truncated |
| + // to a fixed size of 8 bytes), sorted. |
| + // Binary search is used to locate hashes in the the array. |
| + // Benchmarking bsearch vs std::set (with 120K entries, doing 1.2M lookups) |
| + // shows that bsearch is about twice as fast as std::set lookups (and std::set |
| + // has additional memory overhead). |
| + char* whitelist_; |
| + uint32_t whitelist_size_; |
| +}; |
| + |
| +// Sets the EV certificate hashes whitelist from |compressed_whitelist_file| |
| +// in |ssl_config_service|, after uncompressing it. |
| +// If the data in |compressed_whitelist_file| is not a valid compressed |
| +// whitelist, does nothing. |
| +void SetEVWhitelistFromFile(const base::FilePath& compressed_whitelist_file); |
| + |
| +#endif // CHROME_BROWSER_NET_PACKED_CT_EV_WHITELIST_H_ |
