net/cert/ct_signed_certificate_timestamp_log_param.cc - Issue 86503002: Certificate Transparency: Logging SCTs to the NetLog.

Side by Side Diff: net/cert/ct_signed_certificate_timestamp_log_param.cc

Issue 86503002: Certificate Transparency: Logging SCTs to the NetLog. (Closed) Base URL: svn://svn.chromium.org/chrome/trunk/src

Patch Set: Preparing for review Created 7 years ago

Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.

Jump to:

View unified diff | Download patch | Annotate | Revision Log

OLD	NEW
(Empty)
	1 // Copyright 2013 The Chromium Authors. All rights reserved.

	2 // Use of this source code is governed by a BSD-style license that can be

	3 // found in the LICENSE file.

	4

	5 #include "net/cert/ct_signed_certificate_timestamp_log_param.h"

	6

	7 #include <algorithm>

	8 #include <string>

	9

	10 #include "base/base64.h"

	11 #include "base/strings/stringprintf.h"

	12 #include "base/values.h"

	13 #include "net/cert/ct_verify_result.h"

	14 #include "net/cert/signed_certificate_timestamp.h"

	15

	16 namespace net {

	17

	18 namespace ct {

	19

	20 namespace {

	21

	22 void GetSCTFieldsAsStrings(
	eroman 2013/11/27 00:03:20 I don't understand this --> why not write directly I don't understand this --> why not write directly into a base::Value? The indirection of writing to a std::map and then transferring to a base::DictionaryValue seems unnecessary. Eran M. (Google) 2013/11/27 12:40:22 Done - this was leftover from a previous attempt i Show quoted text On 2013/11/27 00:03:20, eroman wrote: > I don't understand this --> why not write directly into a base::Value? The > indirection of writing to a std::map and then transferring to a > base::DictionaryValue seems unnecessary. Done - this was leftover from a previous attempt in implementation, not necessary anymore.
	23 const SignedCertificateTimestamp& sct,

	24 std::map<std::string, std::string>* out) {

	25 std::string origin_string;

	26 switch (sct.origin) {

	27 case SignedCertificateTimestamp::SCT_EMBEDDED:

	28 origin_string = "embedded_in_certificate";

	29 break;

	30 case SignedCertificateTimestamp::SCT_FROM_TLS_EXTENSION:

	31 origin_string = "tls_extension";

	32 break;

	33 case SignedCertificateTimestamp::SCT_FROM_OCSP_RESPONSE:

	34 origin_string = "ocsp";

	35 break;

	36 }

	37

	38 (*out)["origin"] = origin_string;

	39 (*out)["version"] = base::StringPrintf("%d", sct.version);
	eroman 2013/11/27 00:03:20 sct.version as I understand is an unsigned value ( sct.version as I understand is an unsigned value (enum), so technically %d isn't the right choice. Since this is being written into a base::DictionaryValue and will be jsonified you can write it out directly as a number for the interchange. Eran M. (Google) 2013/11/27 12:40:22 Done - I assume you meant base::DictionaryValue::S Show quoted text On 2013/11/27 00:03:20, eroman wrote: > sct.version as I understand is an unsigned value (enum), so technically %d isn't > the right choice. Since this is being written into a base::DictionaryValue and > will be jsonified you can write it out directly as a number for the interchange. Done - I assume you meant base::DictionaryValue::SetInteger? eroman 2013/11/27 20:39:55 Correct. Show quoted text On 2013/11/27 12:40:22, eranm wrote: > On 2013/11/27 00:03:20, eroman wrote: > > sct.version as I understand is an unsigned value (enum), so technically %d > isn't > > the right choice. Since this is being written into a base::DictionaryValue and > > will be jsonified you can write it out directly as a number for the > interchange. > > Done - I assume you meant base::DictionaryValue::SetInteger? Correct.
	40 base::Base64Encode(sct.log_id, &((*out)["log_id"]));
	eroman 2013/11/27 00:03:20 what is the format of the log_id? base::Values can what is the format of the log_id? base::Values can directly receive a UTF-8 string if it is already one. Eran M. (Google) 2013/11/27 12:40:22 It's not a human-readable string, but a hash of a Show quoted text On 2013/11/27 00:03:20, eroman wrote: > what is the format of the log_id? base::Values can directly receive a UTF-8 > string if it is already one. It's not a human-readable string, but a hash of a public key, so I'm base-64 encoding it.
	41 base::TimeDelta time_since_epoch = sct.timestamp - base::Time::UnixEpoch();

	42 (*out)["timestamp"] =

	43 base::StringPrintf("%lld", time_since_epoch.InMilliseconds());
	eroman 2013/11/27 00:03:20 things like base::Int64ToString() would be cleaner things like base::Int64ToString() would be cleaner. Eran M. (Google) 2013/11/27 12:40:22 Done. Show quoted text On 2013/11/27 00:03:20, eroman wrote: > things like base::Int64ToString() would be cleaner. Done.
	44 base::Base64Encode(sct.extensions, &((*out)["extensions"]));

	45 (*out)["hash_algorithm"] =

	46 base::StringPrintf("%d", sct.signature.hash_algorithm);
	eroman 2013/11/27 00:03:20 Same nit, i believe this is an unsigned value. Mor Same nit, i believe this is an unsigned value. Moreover doesn't need to be serialized to a string, can be left as a Number. Eran M. (Google) 2013/11/27 12:40:22 Done and done, for both values. Show quoted text On 2013/11/27 00:03:20, eroman wrote: > Same nit, i believe this is an unsigned value. Moreover doesn't need to be > serialized to a string, can be left as a Number. Done and done, for both values.
	47 (*out)["signature_algorithm"] =

	48 base::StringPrintf("%d", sct.signature.signature_algorithm);

	49 base::Base64Encode(sct.signature.signature_data, &((*out)["signature_data"]));

	50 }

	51

	52 class AddToDictionary {

	53 public:

	54 AddToDictionary(base::DictionaryValue* dict) : dict_(dict) {}
	eroman 2013/11/27 00:03:20 Explicit. But really I don't believe this class sh Explicit. But really I don't believe this class should exist, since can directly populate the base::Value without generating a map<> first. Eran M. (Google) 2013/11/27 12:40:22 Removed this class together with the associated ma Show quoted text On 2013/11/27 00:03:20, eroman wrote: > Explicit. But really I don't believe this class should exist, since can directly > populate the base::Value without generating a map<> first. Removed this class together with the associated map use.
	55 ~AddToDictionary() {}

	56

	57 void operator()(const std::pair<std::string, std::string>& p) {

	58 dict_->Set(p.first, new base::StringValue(p.second));
	eroman 2013/11/27 00:03:20 dict_->SetString() dict_->SetString() Eran M. (Google) 2013/11/27 12:40:22 Done - removed class. Show quoted text On 2013/11/27 00:03:20, eroman wrote: > dict_->SetString() Done - removed class.
	59 }

	60

	61 private:

	62 base::DictionaryValue* dict_;

	63 };

	64

	65 base::ListValue* SCTListToPrintableValues(

	66 const ct::SCTList& sct_list) {

	67

	68 base::ListValue* output_scts = new base::ListValue();

	69 for (ct::SCTList::const_iterator it = sct_list.begin();

	70 it != sct_list.end();

	71 ++it) {

	72 std::map<std::string, std::string> sct_fields;

	73 GetSCTFieldsAsStrings(*(it->get()), &sct_fields);

	74

	75 base::DictionaryValue* sct_dict = new base::DictionaryValue();

	76 std::for_each(

	77 sct_fields.begin(), sct_fields.end(), AddToDictionary(sct_dict));

	78 output_scts->Append(sct_dict);

	79 }

	80

	81 return output_scts;

	82 }

	83

	84 void AddBase64EncodedStringToDictionary(

	85 base::DictionaryValue* dict,

	86 const char* description,

	87 const std::string& data) {

	88

	89 std::string b64_data;

	90 base::Base64Encode(data, &b64_data);

	91

	92 dict->Set(description, new base::StringValue(b64_data));
	eroman 2013/11/27 00:03:20 dict->SetString() dict->SetString() Eran M. (Google) 2013/11/27 12:40:22 Done. Show quoted text On 2013/11/27 00:03:20, eroman wrote: > dict->SetString() Done. Eran M. (Google) 2013/11/27 12:40:22 Done. Show quoted text On 2013/11/27 00:03:20, eroman wrote: > dict->SetString() Done.
	93 }

	94

	95 } // namespace

	96

	97 } // namespace ct

	98

	99 base::Value* NetLogSignedCertificateTimestampCallback(

	100 const ct::CTVerifyResult* ct_result, NetLog::LogLevel log_level) {

	101 base::DictionaryValue* dict = new base::DictionaryValue();

	102

	103 dict->Set("verified_scts",

	104 ct::SCTListToPrintableValues(ct_result->verified_scts));

	105

	106 dict->Set("failed_to_verify_scts",

	107 ct::SCTListToPrintableValues(ct_result->unverified_scts));

	108

	109 dict->Set("scts_from_unknown_logs",

	110 ct::SCTListToPrintableValues(ct_result->unknown_logs_scts));

	111

	112 return dict;

	113 }

	114

	115 base::Value* NetLogRawSignedCertificateTimestampCallback(

	116 const std::string* embedded_scts,

	117 const std::string* sct_list_from_ocsp,

	118 const std::string* sct_list_from_tls_extension,

	119 NetLog::LogLevel log_level) {

	120 base::DictionaryValue* dict = new base::DictionaryValue();

	121

	122 ct::AddBase64EncodedStringToDictionary(dict, "embedded_scts", *embedded_scts);

	123 ct::AddBase64EncodedStringToDictionary(

	124 dict, "scts_from_ocsp_response", *sct_list_from_ocsp);

	125 ct::AddBase64EncodedStringToDictionary(

	126 dict, "scts_from_tls_extension", *sct_list_from_tls_extension);

	127

	128 return dict;

	129 }

	130

	131 } // namespace net

OLD	NEW

« net/base/net_log_event_type_list.h ('K') | « net/cert/ct_signed_certificate_timestamp_log_param.h ('k') | net/cert/ct_verifier.h » ('j') | no next file with comments »