search:
summary | log | graphiclog1 | graphiclog2 | commit | commitdiff | tree | refs | edit | fork
blame | history | raw | HEAD
Switch some page set from user_agent fields to coresponding shared_state classes
[chromium-blink-merge.git] / net / cert / ct_log_verifier.cc
blobe61b2064b4763e6e5c348d430089870a4242a88c
1 // Copyright 2013 The Chromium Authors. All rights reserved.
2 // Use of this source code is governed by a BSD-style license that can be
3 // found in the LICENSE file.
4
5 #include "net/cert/ct_log_verifier.h"
6
7 #include "base/logging.h"
8 #include "net/cert/ct_serialization.h"
9 #include "net/cert/signed_tree_head.h"
10
11 namespace net {
12
13 // static
14 scoped_ptr<CTLogVerifier> CTLogVerifier::Create(
15 const base::StringPiece& public_key,
16 const base::StringPiece& description,
17 const base::StringPiece& url) {
18 GURL log_url(url.as_string());
19 if (!log_url.is_valid())
20 return nullptr;
21 scoped_ptr<CTLogVerifier> result(new CTLogVerifier(description, log_url));
22 if (!result->Init(public_key))
23 result.reset();
24 return result.Pass();
25 }
26
27 CTLogVerifier::CTLogVerifier(const base::StringPiece& description,
28 const GURL& url)
29 : description_(description.as_string()),
30 url_(url),
31 hash_algorithm_(ct::DigitallySigned::HASH_ALGO_NONE),
32 signature_algorithm_(ct::DigitallySigned::SIG_ALGO_ANONYMOUS),
33 public_key_(NULL) {
34 DCHECK(url_.is_valid());
35 }
36
37 bool CTLogVerifier::Verify(const ct::LogEntry& entry,
38 const ct::SignedCertificateTimestamp& sct) {
39 if (sct.log_id != key_id()) {
40 DVLOG(1) << "SCT is not signed by this log.";
41 return false;
42 }
43
44 if (!SignatureParametersMatch(sct.signature))
45 return false;
46
47 std::string serialized_log_entry;
48 if (!ct::EncodeLogEntry(entry, &serialized_log_entry)) {
49 DVLOG(1) << "Unable to serialize entry.";
50 return false;
51 }
52 std::string serialized_data;
53 if (!ct::EncodeV1SCTSignedData(sct.timestamp, serialized_log_entry,
54 sct.extensions, &serialized_data)) {
55 DVLOG(1) << "Unable to create SCT to verify.";
56 return false;
57 }
58
59 return VerifySignature(serialized_data, sct.signature.signature_data);
60 }
61
62 bool CTLogVerifier::VerifySignedTreeHead(
63 const ct::SignedTreeHead& signed_tree_head) {
64 if (!SignatureParametersMatch(signed_tree_head.signature))
65 return false;
66
67 std::string serialized_data;
68 ct::EncodeTreeHeadSignature(signed_tree_head, &serialized_data);
69 if (VerifySignature(serialized_data,
70 signed_tree_head.signature.signature_data)) {
71 return true;
72 }
73 return false;
74 }
75
76 bool CTLogVerifier::SignatureParametersMatch(
77 const ct::DigitallySigned& signature) {
78 if (!signature.SignatureParametersMatch(hash_algorithm_,
79 signature_algorithm_)) {
80 DVLOG(1) << "Mismatched hash or signature algorithm. Hash: "
81 << hash_algorithm_ << " vs " << signature.hash_algorithm
82 << " Signature: " << signature_algorithm_ << " vs "
83 << signature.signature_algorithm << ".";
84 return false;
85 }
86
87 return true;
88 }
89
90 } // namespace net