| OLD | NEW |
|---|
| (Empty) | |
| 1 // Copyright 2013 The Chromium Authors. All rights reserved. |
| 2 // Use of this source code is governed by a BSD-style license that can be |
| 3 // found in the LICENSE file. |
| 4 |
| 5 #include "net/cert/ct_signed_certificate_timestamp_log_param.h" |
| 6 |
| 7 #include <algorithm> |
| 8 #include <string> |
| 9 |
| 10 #include "base/base64.h" |
| 11 #include "base/strings/string_number_conversions.h" |
| 12 #include "base/strings/stringprintf.h" |
| 13 #include "base/values.h" |
| 14 #include "net/cert/ct_verify_result.h" |
| 15 #include "net/cert/signed_certificate_timestamp.h" |
| 16 |
| 17 namespace net { |
| 18 |
| 19 namespace { |
| 20 |
| 21 // Converts a numeric |origin| to text describing the SCT's origin |
| 22 const char* OriginToString(ct::SignedCertificateTimestamp::Origin origin) { |
| 23 switch (origin) { |
| 24 case ct::SignedCertificateTimestamp::SCT_EMBEDDED: |
| 25 return "embedded_in_certificate"; |
| 26 case ct::SignedCertificateTimestamp::SCT_FROM_TLS_EXTENSION: |
| 27 return "tls_extension"; |
| 28 case ct::SignedCertificateTimestamp::SCT_FROM_OCSP_RESPONSE: |
| 29 return "ocsp"; |
| 30 } |
| 31 |
| 32 return "unknown"; |
| 33 } |
| 34 |
| 35 // Converts a numeric |hash_algorithm| to its textual representation |
| 36 const char* HashAlgorithmToString( |
| 37 ct::DigitallySigned::HashAlgorithm hash_algorithm) { |
| 38 switch (hash_algorithm) { |
| 39 case ct::DigitallySigned::HASH_ALGO_NONE: |
| 40 return "NONE"; |
| 41 case ct::DigitallySigned::HASH_ALGO_MD5: |
| 42 return "MD5"; |
| 43 case ct::DigitallySigned::HASH_ALGO_SHA1: |
| 44 return "SHA1"; |
| 45 case ct::DigitallySigned::HASH_ALGO_SHA224: |
| 46 return "SHA224"; |
| 47 case ct::DigitallySigned::HASH_ALGO_SHA256: |
| 48 return "SHA256"; |
| 49 case ct::DigitallySigned::HASH_ALGO_SHA384: |
| 50 return "SHA384"; |
| 51 case ct::DigitallySigned::HASH_ALGO_SHA512: |
| 52 return "SHA512"; |
| 53 } |
| 54 |
| 55 return "unknown"; |
| 56 } |
| 57 |
| 58 // Converts a numeric |signature_algorithm| to its textual representation |
| 59 const char* SignatureAlgorithmToString( |
| 60 ct::DigitallySigned::SignatureAlgorithm signature_algorithm) { |
| 61 switch (signature_algorithm) { |
| 62 case ct::DigitallySigned::SIG_ALGO_ANONYMOUS: |
| 63 return "ANONYMOUS"; |
| 64 case ct::DigitallySigned::SIG_ALGO_RSA: |
| 65 return "RSA"; |
| 66 case ct::DigitallySigned::SIG_ALGO_DSA: |
| 67 return "DSA"; |
| 68 case ct::DigitallySigned::SIG_ALGO_ECDSA: |
| 69 return "ECDSA"; |
| 70 } |
| 71 |
| 72 return "unknown"; |
| 73 } |
| 74 |
| 75 // Base64 encode the given |value| string and put it in |dict| with the |
| 76 // description |key|. |
| 77 void SetBinaryData( |
| 78 const char* key, |
| 79 const std::string& value, |
| 80 base::DictionaryValue* dict) { |
| 81 std::string b64_value; |
| 82 base::Base64Encode(value, &b64_value); |
| 83 |
| 84 dict->SetString(key, b64_value); |
| 85 } |
| 86 |
| 87 // Returns a dictionary where each key is a field of the SCT and its value |
| 88 // is this field's value in the SCT. This dictionary is meant to be used for |
| 89 // outputting a de-serialized SCT to the NetLog. |
| 90 base::DictionaryValue* SCTToDictionary( |
| 91 const ct::SignedCertificateTimestamp& sct) { |
| 92 base::DictionaryValue* out = new base::DictionaryValue(); |
| 93 |
| 94 out->SetString("origin", OriginToString(sct.origin)); |
| 95 out->SetInteger("version", sct.version); |
| 96 |
| 97 SetBinaryData("log_id", sct.log_id, out); |
| 98 base::TimeDelta time_since_unix_epoch = |
| 99 sct.timestamp - base::Time::UnixEpoch(); |
| 100 out->SetString("timestamp", |
| 101 base::Int64ToString(time_since_unix_epoch.InMilliseconds())); |
| 102 SetBinaryData("extensions", sct.extensions, out); |
| 103 |
| 104 out->SetString("hash_algorithm", |
| 105 HashAlgorithmToString(sct.signature.hash_algorithm)); |
| 106 out->SetString("signature_algorithm", |
| 107 SignatureAlgorithmToString(sct.signature.signature_algorithm)); |
| 108 SetBinaryData( |
| 109 "signature_data", sct.signature.signature_data, out); |
| 110 |
| 111 return out; |
| 112 } |
| 113 |
| 114 // Given a list of SCTs, return a ListValue instance where each item in the |
| 115 // list is a dictionary created by SCTToDictionary. |
| 116 base::ListValue* SCTListToPrintableValues( |
| 117 const ct::SCTList& sct_list) { |
| 118 base::ListValue* output_scts = new base::ListValue(); |
| 119 for (ct::SCTList::const_iterator it = sct_list.begin(); |
| 120 it != sct_list.end(); |
| 121 ++it) |
| 122 output_scts->Append(SCTToDictionary(*(it->get()))); |
| 123 |
| 124 return output_scts; |
| 125 } |
| 126 |
| 127 } // namespace |
| 128 |
| 129 base::Value* NetLogSignedCertificateTimestampCallback( |
| 130 const ct::CTVerifyResult* ct_result, NetLog::LogLevel log_level) { |
| 131 base::DictionaryValue* dict = new base::DictionaryValue(); |
| 132 |
| 133 dict->Set("verified_scts", |
| 134 SCTListToPrintableValues(ct_result->verified_scts)); |
| 135 |
| 136 dict->Set("invalid_scts", |
| 137 SCTListToPrintableValues(ct_result->invalid_scts)); |
| 138 |
| 139 dict->Set("unknown_logs_scts", |
| 140 SCTListToPrintableValues(ct_result->unknown_logs_scts)); |
| 141 |
| 142 return dict; |
| 143 } |
| 144 |
| 145 base::Value* NetLogRawSignedCertificateTimestampCallback( |
| 146 const std::string* embedded_scts, |
| 147 const std::string* sct_list_from_ocsp, |
| 148 const std::string* sct_list_from_tls_extension, |
| 149 NetLog::LogLevel log_level) { |
| 150 base::DictionaryValue* dict = new base::DictionaryValue(); |
| 151 |
| 152 SetBinaryData("embedded_scts", *embedded_scts, dict); |
| 153 SetBinaryData("scts_from_ocsp_response", *sct_list_from_ocsp, dict); |
| 154 SetBinaryData("scts_from_tls_extension", *sct_list_from_tls_extension, dict); |
| 155 |
| 156 return dict; |
| 157 } |
| 158 |
| 159 } // namespace net |
| OLD | NEW |
|---|
Chromium Code Reviews
Issue 86503002:
Certificate Transparency: Logging SCTs to the NetLog. (Closed)
Base URL: svn://svn.chromium.org/chrome/trunk/src