We started redesigning GpuMemoryBuffer interface to handle multiple buffers [0].
[chromium-blink-merge.git] / net / cert / ct_log_verifier.cc
blob6efb96a93192d1001a74a3019f20cc06acc0a949
1 // Copyright 2013 The Chromium Authors. All rights reserved.
2 // Use of this source code is governed by a BSD-style license that can be
3 // found in the LICENSE file.
5 #include "net/cert/ct_log_verifier.h"
7 #include "base/logging.h"
8 #include "net/cert/ct_serialization.h"
9 #include "net/cert/signed_tree_head.h"
11 namespace net {
13 // static
14 scoped_ptr<CTLogVerifier> CTLogVerifier::Create(
15 const base::StringPiece& public_key,
16 const base::StringPiece& description) {
17 scoped_ptr<CTLogVerifier> result(new CTLogVerifier());
18 if (!result->Init(public_key, description))
19 result.reset();
20 return result.Pass();
23 bool CTLogVerifier::Verify(const ct::LogEntry& entry,
24 const ct::SignedCertificateTimestamp& sct) {
25 if (sct.log_id != key_id()) {
26 DVLOG(1) << "SCT is not signed by this log.";
27 return false;
30 if (!SignatureParametersMatch(sct.signature))
31 return false;
33 std::string serialized_log_entry;
34 if (!ct::EncodeLogEntry(entry, &serialized_log_entry)) {
35 DVLOG(1) << "Unable to serialize entry.";
36 return false;
38 std::string serialized_data;
39 if (!ct::EncodeV1SCTSignedData(sct.timestamp, serialized_log_entry,
40 sct.extensions, &serialized_data)) {
41 DVLOG(1) << "Unable to create SCT to verify.";
42 return false;
45 return VerifySignature(serialized_data, sct.signature.signature_data);
48 bool CTLogVerifier::SetSignedTreeHead(
49 scoped_ptr<ct::SignedTreeHead> signed_tree_head) {
50 if (!SignatureParametersMatch(signed_tree_head->signature))
51 return false;
53 std::string serialized_data;
54 ct::EncodeTreeHeadSignature(*signed_tree_head.get(), &serialized_data);
55 if (VerifySignature(serialized_data,
56 signed_tree_head->signature.signature_data)) {
57 signed_tree_head_.reset(signed_tree_head.release());
58 return true;
60 return false;
63 bool CTLogVerifier::SignatureParametersMatch(
64 const ct::DigitallySigned& signature) {
65 if (!signature.SignatureParametersMatch(hash_algorithm_,
66 signature_algorithm_)) {
67 DVLOG(1) << "Mismatched hash or signature algorithm. Hash: "
68 << hash_algorithm_ << " vs " << signature.hash_algorithm
69 << " Signature: " << signature_algorithm_ << " vs "
70 << signature.signature_algorithm << ".";
71 return false;
74 return true;
77 } // namespace net