net/cert/multi_log_ct_verifier.h - Issue 67513008: Certificate Transparency: Add the high-level interface for verifying SCTs over multiple logs

Side by Side Diff

Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.

Keyboard Shortcuts

	File
u :	up to issue
j / k :	jump to file after / before current file
J / K :	jump to next file with a comment after / before current file
	Side-by-side diff
i :	toggle intra-line diffs
e :	expand all comments
c :	collapse all comments
s :	toggle showing all comments
n / p :	next / previous diff chunk or comment
N / P :	next / previous comment
<Up> / <Down> :	next / previous line

	Issue
u :	up to list of issues
j / k :	jump to patch after / before current patch
o / <Enter> :	open current patch in side-by-side view
i :	open current patch in unified diff view

	Issue List
j / k :	jump to issue after / before current issue
o / <Enter> :	open current issue

Side by Side Diff: net/cert/multi_log_ct_verifier.h

Issue 67513008: Certificate Transparency: Add the high-level interface for verifying SCTs over multiple logs (Closed) Base URL: svn://svn.chromium.org/chrome/trunk/src

Patch Set: Addressing review comments. Created 7 years ago

Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.

Jump to:

View unified diff | Download patch | Annotate | Revision Log

OLD	NEW
(Empty)
	1 // Copyright 2013 The Chromium Authors. All rights reserved.

	2 // Use of this source code is governed by a BSD-style license that can be

	3 // found in the LICENSE file.

	4

	5 #ifndef NET_CERT_MULTI_LOG_CT_VERIFIER_H_

	6 #define NET_CERT_MULTI_LOG_CT_VERIFIER_H_

	7

	8 #include <map>

	9 #include <string>

	10

	11 #include "base/memory/linked_ptr.h"

	12 #include "base/memory/scoped_ptr.h"

	13 #include "net/base/net_export.h"

	14 #include "net/cert/ct_verifier.h"

	15 #include "net/cert/signed_certificate_timestamp.h"

	16

	17 namespace net {

	18

	19 namespace ct {

	20 struct LogEntry;

	21 } // namespace ct

	22

	23 class CTLogVerifier;

	24

	25 // A Certificate Transparency verifier that can verify Signed Certificate

	26 // Timestamps from multiple logs.

	27 // There should be a global instance of this class and for all known logs,

	28 // AddLog should be called with a CTLogVerifier (which is created from the

	29 // log's public key).

	30 class NET_EXPORT MultiLogCTVerifier : public CTVerifier {

	31 public:

	32 MultiLogCTVerifier();

	33 virtual ~MultiLogCTVerifier();

	34

	35 void AddLog(scoped_ptr<CTLogVerifier> log_verifier);

	36

	37 // CTVerifier implementation:

	38 virtual int Verify(X509Certificate* cert,

	39 const std::string& sct_list_from_ocsp,

	40 const std::string& sct_list_from_tls_extension,

	41 ct::CTVerifyResult* result) OVERRIDE;

	42

	43 private:

	44 // Mapping from a log's ID to the verifier for this log.

	45 // A log's ID is the SHA-256 of the log's key, as defined in section 3.2.

	46 // of RFC6962

	47 typedef std::map<std::string, linked_ptr<CTLogVerifier> > IDToLogMap;

	48

	49 // Verify a list of SCTs from \|encoded_sct_list\| over \|expected_entry\|,

	50 // placing the verification results in \|result\|. The SCTs in the list

	51 // come from \|origin\| (as will be indicated in the origin field of each SCT)
	wtc 2013/11/21 23:26:34 Nit: line 46 and line 51 are missing a period (.) Nit: line 46 and line 51 are missing a period (.) at the end. Eran M. (Google) 2013/11/23 21:02:07 Done. Show quoted text On 2013/11/21 23:26:34, wtc wrote: > > Nit: line 46 and line 51 are missing a period (.) at the end. Done.
	52 bool VerifySCTs(const std::string& encoded_sct_list,

	53 const ct::LogEntry& expected_entry,

	54 ct::SignedCertificateTimestamp::Origin origin,

	55 ct::CTVerifyResult* result);

	56

	57 // Verifies a single, parsed SCT against all logs.

	58 bool VerifySingleSCT(

	59 const ct::SignedCertificateTimestamp& sct,

	60 const ct::LogEntry& expected_entry,

	61 ct::CTVerifyResult* result);

	62

	63 IDToLogMap logs_;

	64

	65 DISALLOW_COPY_AND_ASSIGN(MultiLogCTVerifier);

	66 };

	67

	68 } // namespace net

	69

	70 #endif // NET_CERT_MULTI_LOG_CT_VERIFIER_H_

OLD	NEW

« net/cert/ct_verify_result.cc ('K') | « net/cert/ct_verify_result.cc ('k') | net/cert/multi_log_ct_verifier.cc » ('j') | net/cert/multi_log_ct_verifier.cc » ('J')