OLD | NEW |
| (Empty) |
1 // Copyright 2014 The Chromium Authors. All rights reserved. | |
2 // Use of this source code is governed by a BSD-style license that can be | |
3 // found in the LICENSE file. | |
4 | |
5 #ifndef CHROME_BROWSER_NET_PACKED_CT_EV_WHITELIST_H_ | |
6 #define CHROME_BROWSER_NET_PACKED_CT_EV_WHITELIST_H_ | |
7 | |
8 #include <stdint.h> | |
9 | |
10 #include <string> | |
11 #include <vector> | |
12 | |
13 #include "base/gtest_prod_util.h" | |
14 #include "net/cert/ct_ev_whitelist.h" | |
15 | |
16 namespace base { | |
17 class FilePath; | |
18 } | |
19 | |
20 // An implementation of the EVCertsWhitelist that gets its data packed using | |
21 // Golomb coding to encode the difference between subsequent hash values. | |
22 // Format of the packed list: | |
23 // * First 8 bytes: First hash | |
24 // * Repeating Golomb-coded number which is the numeric difference of the | |
25 // previous hash value from this one | |
26 // | |
27 // The resulting, unpacked list is a sorted list of hash values that can be | |
28 // efficiently searched. | |
29 class PackedEVCertsWhitelist : public net::ct::EVCertsWhitelist { | |
30 public: | |
31 // Unpacks the given |compressed_whitelist|. See the class documentation | |
32 // for description of the |compressed_whitelist| format. | |
33 explicit PackedEVCertsWhitelist(const std::string& compressed_whitelist); | |
34 | |
35 // Returns true if the |certificate_hash| appears in the EV certificate hashes | |
36 // whitelist. Must not be called if IsValid for this instance returned false. | |
37 bool ContainsCertificateHash( | |
38 const std::string& certificate_hash) const override; | |
39 | |
40 // Returns true if the EV certificate hashes whitelist provided in the c'tor | |
41 // was valid, false otherwise. | |
42 bool IsValid() const override; | |
43 | |
44 protected: | |
45 ~PackedEVCertsWhitelist() override; | |
46 | |
47 private: | |
48 FRIEND_TEST_ALL_PREFIXES(PackedEVCertsWhitelistTest, | |
49 UncompressFailsForTooShortList); | |
50 FRIEND_TEST_ALL_PREFIXES(PackedEVCertsWhitelistTest, | |
51 UncompressFailsForTruncatedList); | |
52 FRIEND_TEST_ALL_PREFIXES(PackedEVCertsWhitelistTest, | |
53 UncompressFailsForInvalidValuesInList); | |
54 FRIEND_TEST_ALL_PREFIXES(PackedEVCertsWhitelistTest, | |
55 UncompressesWhitelistCorrectly); | |
56 | |
57 // Given a Golomb-coded list of hashes in |compressed_whitelist|, unpack into | |
58 // |uncompressed_list|. Returns true if the format of the compressed whitelist | |
59 // is valid, false otherwise. | |
60 static bool UncompressEVWhitelist(const std::string& compressed_whitelist, | |
61 std::vector<uint64_t>* uncompressed_list); | |
62 | |
63 // The whitelist is an array containing certificate hashes (truncated | |
64 // to a fixed size of 8 bytes), sorted. | |
65 // Binary search is used to locate hashes in the the array. | |
66 // Benchmarking bsearch vs std::set (with 120K entries, doing 1.2M lookups) | |
67 // shows that bsearch is about twice as fast as std::set lookups (and std::set | |
68 // has additional memory overhead). | |
69 std::vector<uint64_t> whitelist_; | |
70 | |
71 DISALLOW_COPY_AND_ASSIGN(PackedEVCertsWhitelist); | |
72 }; | |
73 | |
74 // Sets the EV certificate hashes whitelist in the SSLConfigService | |
75 // to the provided |whitelist|, if valid. Otherwise, does nothing. | |
76 // To set the new whitelist, this function dispatches a task to the IO thread. | |
77 void SetEVCertsWhitelist(scoped_refptr<net::ct::EVCertsWhitelist> whitelist); | |
78 | |
79 #endif // CHROME_BROWSER_NET_PACKED_CT_EV_WHITELIST_H_ | |
OLD | NEW |