OLD | NEW |
1 // Copyright 2013 The Chromium Authors. All rights reserved. | 1 // Copyright 2013 The Chromium Authors. All rights reserved. |
2 // Use of this source code is governed by a BSD-style license that can be | 2 // Use of this source code is governed by a BSD-style license that can be |
3 // found in the LICENSE file. | 3 // found in the LICENSE file. |
4 | 4 |
5 #include "net/cert/multi_log_ct_verifier.h" | 5 #include "net/cert/multi_log_ct_verifier.h" |
6 | 6 |
7 #include "net/base/net_errors.h" | 7 #include "net/base/net_errors.h" |
8 #include "net/cert/ct_log_verifier.h" | 8 #include "net/cert/ct_log_verifier.h" |
9 #include "net/cert/ct_objects_extractor.h" | 9 #include "net/cert/ct_objects_extractor.h" |
10 #include "net/cert/ct_serialization.h" | 10 #include "net/cert/ct_serialization.h" |
(...skipping 116 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
127 return false; | 127 return false; |
128 } | 128 } |
129 | 129 |
130 if (!it->second->Verify(expected_entry, *sct)) { | 130 if (!it->second->Verify(expected_entry, *sct)) { |
131 DVLOG(1) << "Unable to verify SCT signature."; | 131 DVLOG(1) << "Unable to verify SCT signature."; |
132 result->unverified_scts.push_back(sct); | 132 result->unverified_scts.push_back(sct); |
133 return false; | 133 return false; |
134 } | 134 } |
135 | 135 |
136 // SCT verified ok, just make sure the timestamp is legitimate. | 136 // SCT verified ok, just make sure the timestamp is legitimate. |
137 // Add 1 second to allow some slack for accepting SCTs which have *Just* | |
138 // been issued. | |
139 if (sct->timestamp > base::Time::Now()) { | 137 if (sct->timestamp > base::Time::Now()) { |
140 DVLOG(1) << "SCT is from the future!"; | 138 DVLOG(1) << "SCT is from the future!"; |
141 result->unverified_scts.push_back(sct); | 139 result->unverified_scts.push_back(sct); |
142 return false; | 140 return false; |
143 } | 141 } |
144 | 142 |
145 result->verified_scts.push_back(sct); | 143 result->verified_scts.push_back(sct); |
146 return true; | 144 return true; |
147 } | 145 } |
148 | 146 |
149 } // namespace net | 147 } // namespace net |
OLD | NEW |