mirror of
https://github.com/klzgrad/naiveproxy.git
synced 2024-11-24 14:26:09 +03:00
95 lines
2.8 KiB
C++
95 lines
2.8 KiB
C++
// Copyright 2013 The Chromium Authors. All rights reserved.
|
|
// Use of this source code is governed by a BSD-style license that can be
|
|
// found in the LICENSE file.
|
|
|
|
#include "net/cert/ct_known_logs.h"
|
|
|
|
#include <stddef.h>
|
|
#include <string.h>
|
|
|
|
#include <algorithm>
|
|
#include <iterator>
|
|
|
|
#include "base/logging.h"
|
|
#include "base/macros.h"
|
|
#include "base/time/time.h"
|
|
#include "crypto/sha2.h"
|
|
|
|
#if !defined(OS_NACL)
|
|
#include "net/cert/ct_log_verifier.h"
|
|
#endif
|
|
|
|
namespace net {
|
|
|
|
namespace ct {
|
|
|
|
namespace {
|
|
|
|
#include "net/data/ssl/certificate_transparency/log_list-inc.cc"
|
|
|
|
} // namespace
|
|
|
|
#if !defined(OS_NACL)
|
|
std::vector<scoped_refptr<const CTLogVerifier>>
|
|
CreateLogVerifiersForKnownLogs() {
|
|
std::vector<scoped_refptr<const CTLogVerifier>> verifiers;
|
|
|
|
// Add all qualified logs.
|
|
for (const auto& log : kCTLogList) {
|
|
base::StringPiece key(log.log_key, log.log_key_length);
|
|
verifiers.push_back(CTLogVerifier::Create(key, log.log_name, log.log_url,
|
|
log.log_dns_domain));
|
|
// Make sure no null logs enter verifiers. Parsing of all known logs should
|
|
// succeed.
|
|
CHECK(verifiers.back().get());
|
|
}
|
|
|
|
// Add all disqualified logs. Callers are expected to filter verified SCTs
|
|
// via IsLogQualified().
|
|
for (const auto& disqualified_log : kDisqualifiedCTLogList) {
|
|
const CTLogInfo& log = disqualified_log.log_info;
|
|
base::StringPiece key(log.log_key, log.log_key_length);
|
|
verifiers.push_back(CTLogVerifier::Create(key, log.log_name, log.log_url,
|
|
log.log_dns_domain));
|
|
// Make sure no null logs enter verifiers. Parsing of all known logs should
|
|
// succeed.
|
|
CHECK(verifiers.back().get());
|
|
}
|
|
|
|
return verifiers;
|
|
}
|
|
#endif
|
|
|
|
bool IsLogOperatedByGoogle(base::StringPiece log_id) {
|
|
CHECK_EQ(log_id.size(), crypto::kSHA256Length);
|
|
|
|
return std::binary_search(std::begin(kGoogleLogIDs), std::end(kGoogleLogIDs),
|
|
log_id.data(), [](const char* a, const char* b) {
|
|
return memcmp(a, b, crypto::kSHA256Length) < 0;
|
|
});
|
|
}
|
|
|
|
bool IsLogDisqualified(base::StringPiece log_id,
|
|
base::Time* disqualification_date) {
|
|
CHECK_EQ(log_id.size(), arraysize(kDisqualifiedCTLogList[0].log_id) - 1);
|
|
|
|
auto* p = std::lower_bound(
|
|
std::begin(kDisqualifiedCTLogList), std::end(kDisqualifiedCTLogList),
|
|
log_id.data(),
|
|
[](const DisqualifiedCTLogInfo& disqualified_log, const char* log_id) {
|
|
return memcmp(disqualified_log.log_id, log_id, crypto::kSHA256Length) <
|
|
0;
|
|
});
|
|
if (p == std::end(kDisqualifiedCTLogList) ||
|
|
memcmp(p->log_id, log_id.data(), crypto::kSHA256Length) != 0) {
|
|
return false;
|
|
}
|
|
|
|
*disqualification_date = base::Time::UnixEpoch() + p->disqualification_date;
|
|
return true;
|
|
}
|
|
|
|
} // namespace ct
|
|
|
|
} // namespace net
|