1 // Copyright 2013 The Chromium Authors. All rights reserved.
2 // Use of this source code is governed by a BSD-style license that can be
3 // found in the LICENSE file.
5 #include "net/cert/ct_log_verifier.h"
7 #include "base/logging.h"
8 #include "net/cert/ct_serialization.h"
13 scoped_ptr
<CTLogVerifier
> CTLogVerifier::Create(
14 const base::StringPiece
& public_key
,
15 const base::StringPiece
& description
) {
16 scoped_ptr
<CTLogVerifier
> result(new CTLogVerifier());
17 if (!result
->Init(public_key
, description
))
22 bool CTLogVerifier::Verify(const ct::LogEntry
& entry
,
23 const ct::SignedCertificateTimestamp
& sct
) {
24 if (sct
.log_id
!= key_id()) {
25 DVLOG(1) << "SCT is not signed by this log.";
29 if (sct
.signature
.hash_algorithm
!= hash_algorithm_
) {
30 DVLOG(1) << "Mismatched hash algorithm. Expected " << hash_algorithm_
31 << ", got " << sct
.signature
.hash_algorithm
<< ".";
35 if (sct
.signature
.signature_algorithm
!= signature_algorithm_
) {
36 DVLOG(1) << "Mismatched sig algorithm. Expected " << signature_algorithm_
37 << ", got " << sct
.signature
.signature_algorithm
<< ".";
41 std::string serialized_log_entry
;
42 if (!ct::EncodeLogEntry(entry
, &serialized_log_entry
)) {
43 DVLOG(1) << "Unable to serialize entry.";
46 std::string serialized_data
;
47 if (!ct::EncodeV1SCTSignedData(sct
.timestamp
, serialized_log_entry
,
48 sct
.extensions
, &serialized_data
)) {
49 DVLOG(1) << "Unable to create SCT to verify.";
53 return VerifySignature(serialized_data
, sct
.signature
.signature_data
);
