naiveproxy/net/cert/ct_known_logs.cc

95 lines
2.8 KiB
C++
Raw Normal View History

2018-02-02 13:49:39 +03:00
// Copyright 2013 The Chromium Authors. All rights reserved.
// Use of this source code is governed by a BSD-style license that can be
// found in the LICENSE file.
#include "net/cert/ct_known_logs.h"
#include <stddef.h>
#include <string.h>
#include <algorithm>
#include <iterator>
#include "base/logging.h"
#include "base/macros.h"
#include "base/time/time.h"
#include "crypto/sha2.h"
#if !defined(OS_NACL)
#include "net/cert/ct_log_verifier.h"
#endif
namespace net {
namespace ct {
namespace {
#include "net/data/ssl/certificate_transparency/log_list-inc.cc"
} // namespace
#if !defined(OS_NACL)
std::vector<scoped_refptr<const CTLogVerifier>>
CreateLogVerifiersForKnownLogs() {
std::vector<scoped_refptr<const CTLogVerifier>> verifiers;
// Add all qualified logs.
for (const auto& log : kCTLogList) {
base::StringPiece key(log.log_key, log.log_key_length);
verifiers.push_back(CTLogVerifier::Create(key, log.log_name, log.log_url,
log.log_dns_domain));
// Make sure no null logs enter verifiers. Parsing of all known logs should
// succeed.
CHECK(verifiers.back().get());
}
// Add all disqualified logs. Callers are expected to filter verified SCTs
// via IsLogQualified().
for (const auto& disqualified_log : kDisqualifiedCTLogList) {
const CTLogInfo& log = disqualified_log.log_info;
base::StringPiece key(log.log_key, log.log_key_length);
verifiers.push_back(CTLogVerifier::Create(key, log.log_name, log.log_url,
log.log_dns_domain));
// Make sure no null logs enter verifiers. Parsing of all known logs should
// succeed.
CHECK(verifiers.back().get());
}
return verifiers;
}
#endif
bool IsLogOperatedByGoogle(base::StringPiece log_id) {
CHECK_EQ(log_id.size(), crypto::kSHA256Length);
return std::binary_search(std::begin(kGoogleLogIDs), std::end(kGoogleLogIDs),
log_id.data(), [](const char* a, const char* b) {
return memcmp(a, b, crypto::kSHA256Length) < 0;
});
}
bool IsLogDisqualified(base::StringPiece log_id,
base::Time* disqualification_date) {
CHECK_EQ(log_id.size(), arraysize(kDisqualifiedCTLogList[0].log_id) - 1);
auto* p = std::lower_bound(
std::begin(kDisqualifiedCTLogList), std::end(kDisqualifiedCTLogList),
log_id.data(),
[](const DisqualifiedCTLogInfo& disqualified_log, const char* log_id) {
return memcmp(disqualified_log.log_id, log_id, crypto::kSHA256Length) <
0;
});
if (p == std::end(kDisqualifiedCTLogList) ||
memcmp(p->log_id, log_id.data(), crypto::kSHA256Length) != 0) {
return false;
}
*disqualification_date = base::Time::UnixEpoch() + p->disqualification_date;
return true;
}
} // namespace ct
} // namespace net