Index: chrome/browser/net/packed_ct_ev_whitelist.h |
diff --git a/chrome/browser/net/packed_ct_ev_whitelist.h b/chrome/browser/net/packed_ct_ev_whitelist.h |
new file mode 100644 |
index 0000000000000000000000000000000000000000..350af8b5233db96a8ea60a1f3589a159ae3324bf |
--- /dev/null |
+++ b/chrome/browser/net/packed_ct_ev_whitelist.h |
@@ -0,0 +1,71 @@ |
+// Copyright 2014 The Chromium Authors. All rights reserved. |
+// Use of this source code is governed by a BSD-style license that can be |
+// found in the LICENSE file. |
+ |
+#ifndef CHROME_BROWSER_NET_PACKED_CT_EV_WHITELIST_H_ |
+#define CHROME_BROWSER_NET_PACKED_CT_EV_WHITELIST_H_ |
+ |
+#include <stdint.h> |
+ |
+#include <string> |
+#include <vector> |
+ |
+#include "base/gtest_prod_util.h" |
+#include "base/memory/ref_counted.h" |
+#include "base/strings/string_piece.h" |
+#include "net/cert/ct_ev_whitelist.h" |
+ |
+namespace base { |
+class FilePath; |
+} |
+ |
+class PackedEVCertsWhitelist : public net::ct::EVCertsWhitelist { |
Ryan Sleevi
2014/10/20 19:18:25
Document
Eran Messeri
2014/10/21 14:59:59
Done.
|
+ public: |
+ explicit PackedEVCertsWhitelist(const std::string& compressed_whitelist); |
Ryan Sleevi
2014/10/20 19:18:25
Document
Eran Messeri
2014/10/21 14:59:59
Done.
|
+ |
+ // Returns true if the |certificate_hash| appears in the EV certificate hashes |
+ // whitelist. |
+ virtual bool ContainsCertificateHash( |
+ const std::string& certificate_hash) const OVERRIDE; |
+ |
+ // Returns true if the global EV certificate hashes whitelist is non-empty, |
+ // false otherwise. |
+ virtual bool IsValid() const OVERRIDE; |
+ |
+ protected: |
+ virtual ~PackedEVCertsWhitelist(); |
+ // Given a Golomb-coded list of hashes in |compressed_whitelist|, unpack into |
+ // |uncompressed_list|. Returns true if the format of the compressed whitelist |
+ // is valid, false otherwise. |
+ static bool UncompressEVWhitelist( |
+ const std::string& compressed_whitelist, |
+ std::vector<std::string>* uncompressed_list); |
Ryan Sleevi
2014/10/20 19:18:25
Why is this protected+static?
Private+static plus
Eran Messeri
2014/10/21 14:59:59
Done.
|
+ |
+ FRIEND_TEST_ALL_PREFIXES(PackedEVCertsWhitelistTest, |
+ UncompressFailsForTooShortList); |
+ FRIEND_TEST_ALL_PREFIXES(PackedEVCertsWhitelistTest, |
+ UncompressFailsForTruncatedList); |
+ FRIEND_TEST_ALL_PREFIXES(PackedEVCertsWhitelistTest, |
+ UncompressesWhitelistCorrectly); |
+ |
+ private: |
+ friend class base::RefCountedThreadSafe<net::ct::EVCertsWhitelist>; |
Ryan Sleevi
2014/10/20 19:18:25
This isn't necessary - the base class must already
Eran Messeri
2014/10/21 14:59:59
Done.
|
+ |
+ bool is_whitelist_valid_; |
+ // The whitelist is an array containing certificate hashes (truncated |
+ // to a fixed size of 8 bytes), sorted. |
+ // Binary search is used to locate hashes in the the array. |
+ // Benchmarking bsearch vs std::set (with 120K entries, doing 1.2M lookups) |
+ // shows that bsearch is about twice as fast as std::set lookups (and std::set |
+ // has additional memory overhead). |
+ char* whitelist_; |
+ uint32_t whitelist_size_; |
+}; |
+ |
+// Sets the EV certificate hashes whitelist from |compressed_whitelist_file| |
+// in |ssl_config_service|, after uncompressing it. |
+// If the data in |compressed_whitelist_file| is not a valid compressed |
+// whitelist, does nothing. |
+void SetEVWhitelistFromFile(const base::FilePath& compressed_whitelist_file); |
+ |
+#endif // CHROME_BROWSER_NET_PACKED_CT_EV_WHITELIST_H_ |