Roll src/third_party/WebKit d9c6159:8139f33 (svn 201974:201975)
[chromium-blink-merge.git] / net / cert / ct_log_verifier.cc
blob7dbde12c4b225120ecb6aca5989b6e29c98f2bd0
1 // Copyright 2013 The Chromium Authors. All rights reserved.
2 // Use of this source code is governed by a BSD-style license that can be
3 // found in the LICENSE file.
5 #include "net/cert/ct_log_verifier.h"
7 #include "base/logging.h"
8 #include "net/cert/ct_serialization.h"
9 #include "net/cert/signed_tree_head.h"
11 namespace net {
13 // static
14 scoped_refptr<CTLogVerifier> CTLogVerifier::Create(
15 const base::StringPiece& public_key,
16 const base::StringPiece& description,
17 const base::StringPiece& url) {
18 GURL log_url(url.as_string());
19 if (!log_url.is_valid())
20 return nullptr;
21 scoped_refptr<CTLogVerifier> result(new CTLogVerifier(description, log_url));
22 if (!result->Init(public_key))
23 return nullptr;
24 return result;
27 CTLogVerifier::CTLogVerifier(const base::StringPiece& description,
28 const GURL& url)
29 : description_(description.as_string()),
30 url_(url),
31 hash_algorithm_(ct::DigitallySigned::HASH_ALGO_NONE),
32 signature_algorithm_(ct::DigitallySigned::SIG_ALGO_ANONYMOUS),
33 public_key_(NULL) {
34 DCHECK(url_.is_valid());
37 bool CTLogVerifier::Verify(const ct::LogEntry& entry,
38 const ct::SignedCertificateTimestamp& sct) {
39 if (sct.log_id != key_id()) {
40 DVLOG(1) << "SCT is not signed by this log.";
41 return false;
44 if (!SignatureParametersMatch(sct.signature))
45 return false;
47 std::string serialized_log_entry;
48 if (!ct::EncodeLogEntry(entry, &serialized_log_entry)) {
49 DVLOG(1) << "Unable to serialize entry.";
50 return false;
52 std::string serialized_data;
53 if (!ct::EncodeV1SCTSignedData(sct.timestamp, serialized_log_entry,
54 sct.extensions, &serialized_data)) {
55 DVLOG(1) << "Unable to create SCT to verify.";
56 return false;
59 return VerifySignature(serialized_data, sct.signature.signature_data);
62 bool CTLogVerifier::VerifySignedTreeHead(
63 const ct::SignedTreeHead& signed_tree_head) {
64 if (!SignatureParametersMatch(signed_tree_head.signature))
65 return false;
67 std::string serialized_data;
68 ct::EncodeTreeHeadSignature(signed_tree_head, &serialized_data);
69 if (VerifySignature(serialized_data,
70 signed_tree_head.signature.signature_data)) {
71 return true;
73 return false;
76 bool CTLogVerifier::SignatureParametersMatch(
77 const ct::DigitallySigned& signature) {
78 if (!signature.SignatureParametersMatch(hash_algorithm_,
79 signature_algorithm_)) {
80 DVLOG(1) << "Mismatched hash or signature algorithm. Hash: "
81 << hash_algorithm_ << " vs " << signature.hash_algorithm
82 << " Signature: " << signature_algorithm_ << " vs "
83 << signature.signature_algorithm << ".";
84 return false;
87 return true;
90 } // namespace net