net/cert/multi_log_ct_verifier.h - Issue 67513008: Certificate Transparency: Add the high-level interface for verifying SCTs over multiple logs

Side by Side Diff: net/cert/multi_log_ct_verifier.h

Issue 67513008: Certificate Transparency: Add the high-level interface for verifying SCTs over multiple logs (Closed) Base URL: svn://svn.chromium.org/chrome/trunk/src

Patch Set: Created 7 years, 1 month ago

Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.

Jump to:

View unified diff | Download patch | Annotate | Revision Log

OLD	NEW
(Empty)
	1 // Copyright (c) 2013 The Chromium Authors. All rights reserved.

	2 // Use of this source code is governed by a BSD-style license that can be

	3 // found in the LICENSE file.

	4

	5 #ifndef NET_CERT_MULTI_LOG_CT_VERIFIER_H_

	6 #define NET_CERT_MULTI_LOG_CT_VERIFIER_H_

	7

	8 #include <string>

	9

	10 #include "base/memory/scoped_ptr.h"

	11 #include "base/memory/scoped_vector.h"

	12 #include "net/base/net_export.h"

	13 #include "net/cert/ct_verifier.h"

	14 #include "net/cert/signed_certificate_timestamp.h"

	15

	16 namespace net {

	17

	18 namespace ct {

	19 struct LogEntry;

	20 } // namespace ct

	21

	22 class CTLogVerifier;

	23

	24 class NET_EXPORT MultiLogCTVerifier : public CTVerifier {
	Ryan Sleevi 2013/11/20 01:09:42 Style Nit: Please add documentation about this cla Style Nit: Please add documentation about this class and how to use it right. Eran M. (Google) 2013/11/20 19:45:06 Done, in the header file. Show quoted text On 2013/11/20 01:09:42, Ryan Sleevi wrote: > Style Nit: Please add documentation about this class and how to use it right. Done, in the header file.
	25 public:

	26 explicit MultiLogCTVerifier(scoped_ptr<CTLogVerifier> log_verifier);
	Ryan Sleevi 2013/11/20 01:09:42 API design: Why use two different methods for addi API design: Why use two different methods for adding a log (ctor & AddLog), versus a consistent interface (eg: always using AddLog) Eran M. (Google) 2013/11/20 19:45:06 Good point, left AddLog and removed the argument f Show quoted text On 2013/11/20 01:09:42, Ryan Sleevi wrote: > API design: Why use two different methods for adding a log (ctor & AddLog), > versus a consistent interface (eg: always using AddLog) Good point, left AddLog and removed the argument from the c'tor.
	27 virtual ~MultiLogCTVerifier();

	28

	29 virtual void AddLog(scoped_ptr<CTLogVerifier> log_verifier);
	Ryan Sleevi 2013/11/20 01:09:42 Why does this need to be virtual? Why does this need to be virtual? Eran M. (Google) 2013/11/20 19:45:06 Does not - removed virtual qualifier. Show quoted text On 2013/11/20 01:09:42, Ryan Sleevi wrote: > Why does this need to be virtual? Does not - removed virtual qualifier. Eran M. (Google) 2013/11/20 19:45:06 Does not - removed. Show quoted text On 2013/11/20 01:09:42, Ryan Sleevi wrote: > Why does this need to be virtual? Does not - removed.
	30 // CTVerifier implementation:
	Ryan Sleevi 2013/11/20 01:09:42 nit: newline before the comment nit: newline before the comment Eran M. (Google) 2013/11/20 19:45:06 Done. Show quoted text On 2013/11/20 01:09:42, Ryan Sleevi wrote: > nit: newline before the comment Done.
	31 virtual int Verify(X509Certificate* verified_cert,

	32 const std::string& sct_list_from_ocsp,

	33 const std::string& sct_list_from_tls_handshake,

	34 ct::CTVerifyResult* result,

	35 const CompletionCallback& callback,

	36 const BoundNetLog& net_log) OVERRIDE;

	37

	38 private:

	39 MultiLogCTVerifier();

	40

	41 // Verify a list of SCTs from \|encoded_sct_list\|, placing the verification

	42 // results in \|result\|. Fills in the origin field of each SCT from

	43 // \|origin\|.

	44 bool VerifySCTs(const std::string& encoded_sct_list,

	45 const ct::LogEntry& expected_entry,

	46 ct::SignedCertificateTimestamp::Origin origin,

	47 ct::CTVerifyResult* result);

	48

	49 // Verifies a single, parsed SCT against all logs.

	50 bool VerifySingleSCT(

	51 const ct::SignedCertificateTimestamp& sct,

	52 const ct::LogEntry& expected_entry,

	53 ct::CTVerifyResult* result);

	54

	55 ScopedVector<CTLogVerifier> logs_;
	Ryan Sleevi 2013/11/20 01:09:42 API design: Why a vector, when every CTLogVerifier API design: Why a vector, when every CTLogVerifier has an associated log id that may make it more efficient as a map lookup for the given SCT's log id? Eran M. (Google) 2013/11/20 19:45:06 Good point - a map would make more sense here. As Show quoted text On 2013/11/20 01:09:42, Ryan Sleevi wrote: > API design: Why a vector, when every CTLogVerifier has an associated log id that > may make it more efficient as a map lookup for the given SCT's log id? Good point - a map would make more sense here. As discussed offline, switching to a map of strings to linked_ptr<CTLogVerifier>
	56

	57 DISALLOW_COPY_AND_ASSIGN(MultiLogCTVerifier);

	58 };

	59

	60 } // namespace net

	61

	62 #endif // NET_CERT_MULTI_LOG_CT_VERIFIER_H_

OLD	NEW

« net/cert/ct_serialization.cc ('K') | « net/cert/ct_verify_result.cc ('k') | net/cert/multi_log_ct_verifier.cc » ('j') | net/cert/multi_log_ct_verifier_unittest.cc » ('J')