| OLD | NEW |
|---|
| 1 // Copyright (c) 2013 The Chromium Authors. All rights reserved. | 1 // Copyright (c) 2013 The Chromium Authors. All rights reserved. |
| 2 // Use of this source code is governed by a BSD-style license that can be | 2 // Use of this source code is governed by a BSD-style license that can be |
| 3 // found in the LICENSE file. | 3 // found in the LICENSE file. |
| 4 | 4 |
| 5 #include "net/cert/single_log_ct_verifier.h" | 5 #include "net/cert/single_log_ct_verifier.h" |
| 6 | 6 |
| 7 #include "net/base/net_errors.h" | 7 #include "net/base/net_errors.h" |
| 8 #include "net/base/net_log.h" | 8 #include "net/base/net_log.h" |
| 9 #include "net/cert/ct_log_verifier.h" | 9 #include "net/cert/ct_log_verifier.h" |
| 10 #include "net/cert/ct_objects_extractor.h" | 10 #include "net/cert/ct_objects_extractor.h" |
| (...skipping 52 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 63 base::StringPiece temp(encoded_sct_list); | 63 base::StringPiece temp(encoded_sct_list); |
| 64 std::vector<base::StringPiece> sct_list; | 64 std::vector<base::StringPiece> sct_list; |
| 65 | 65 |
| 66 if (!ct::DecodeSCTList(&temp, &sct_list)) | 66 if (!ct::DecodeSCTList(&temp, &sct_list)) |
| 67 return false; | 67 return false; |
| 68 | 68 |
| 69 bool verified = false; | 69 bool verified = false; |
| 70 for (std::vector<base::StringPiece>::const_iterator it = sct_list.begin(); | 70 for (std::vector<base::StringPiece>::const_iterator it = sct_list.begin(); |
| 71 it != sct_list.end(); ++it) { | 71 it != sct_list.end(); ++it) { |
| 72 base::StringPiece temp_sct(*it); | 72 base::StringPiece temp_sct(*it); |
| 73 ct::SignedCertificateTimestamp decoded_sct; | 73 scoped_refptr<ct::SignedCertificateTimestamp> decoded_sct; |
| 74 if (!DecodeSignedCertificateTimestamp(&temp_sct, &decoded_sct)) { | 74 if (!DecodeSignedCertificateTimestamp(&temp_sct, &decoded_sct)) { |
| 75 // XXX(rsleevi): Should we really just skip over bad SCTs? | 75 // XXX(rsleevi): Should we really just skip over bad SCTs? |
| 76 continue; | 76 continue; |
| 77 } | 77 } |
| 78 // Assume this SCT is untrusted until proven otherwise. | 78 // Assume this SCT is untrusted until proven otherwise. |
| 79 result->unverified_scts.push_back(decoded_sct); | 79 result->unverified_scts.push_back(decoded_sct); |
| 80 | 80 |
| 81 if (!log_->Verify(expected_entry, decoded_sct)) { | 81 if (!log_->Verify(expected_entry, *decoded_sct.get())) { |
| 82 DVLOG(1) << "Unable to verify SCT signature."; | 82 DVLOG(1) << "Unable to verify SCT signature."; |
| 83 continue; | 83 continue; |
| 84 } | 84 } |
| 85 | 85 |
| 86 if (decoded_sct.timestamp + base::TimeDelta::FromSeconds(1) > | 86 if (decoded_sct->timestamp + base::TimeDelta::FromSeconds(1) > |
| 87 base::Time::Now()) { | 87 base::Time::Now()) { |
| 88 DVLOG(1) << "SCT is from the future!"; | 88 DVLOG(1) << "SCT is from the future!"; |
| 89 continue; | 89 continue; |
| 90 } | 90 } |
| 91 | 91 |
| 92 // Proven otherwise - remove. | 92 // Proven otherwise - remove. |
| 93 result->unverified_scts.pop_back(); | 93 result->unverified_scts.pop_back(); |
| 94 result->verified_scts.push_back(decoded_sct); | 94 result->verified_scts.push_back(decoded_sct); |
| 95 verified = true; | 95 verified = true; |
| 96 } | 96 } |
| 97 | 97 |
| 98 return verified; | 98 return verified; |
| 99 } | 99 } |
| 100 | 100 |
| 101 } // namespace net | 101 } // namespace net |
| OLD | NEW |
|---|
Chromium Code Reviews
Issue 71633002:
Convert SignedCertificateClass to be ref_counted, and add an SCTStore in which to store them. Add S…
Base URL: https://chromium.googlesource.com/chromium/src.git@master