Roll src/third_party/WebKit eac3800:0237a66 (svn 202606:202607)
[chromium-blink-merge.git] / net / cert / signed_certificate_timestamp.h
blob671c250fdc82689957a303ea63c99e50be51ca50
1 // Copyright 2013 The Chromium Authors. All rights reserved.
2 // Use of this source code is governed by a BSD-style license that can be
3 // found in the LICENSE file.
5 #ifndef NET_CERT_SIGNED_CERTIFICATE_TIMESTAMP_H_
6 #define NET_CERT_SIGNED_CERTIFICATE_TIMESTAMP_H_
8 #include <string>
9 #include <vector>
11 #include "base/memory/ref_counted.h"
12 #include "base/time/time.h"
13 #include "net/base/hash_value.h"
14 #include "net/base/net_export.h"
16 namespace base {
17 class Pickle;
18 class PickleIterator;
21 namespace net {
23 // Structures related to Certificate Transparency (RFC6962).
24 namespace ct {
26 // LogEntry struct in RFC 6962, Section 3.1
27 struct NET_EXPORT LogEntry {
28 // LogEntryType enum in RFC 6962, Section 3.1
29 enum Type {
30 LOG_ENTRY_TYPE_X509 = 0,
31 LOG_ENTRY_TYPE_PRECERT = 1
34 LogEntry();
35 ~LogEntry();
36 void Reset();
38 Type type;
40 // Set if type == LOG_ENTRY_TYPE_X509
41 std::string leaf_certificate;
43 // Set if type == LOG_ENTRY_TYPE_PRECERT
44 SHA256HashValue issuer_key_hash;
45 std::string tbs_certificate;
48 // Helper structure to represent Digitally Signed data, as described in
49 // Sections 4.7 and 7.4.1.4.1 of RFC 5246.
50 struct NET_EXPORT_PRIVATE DigitallySigned {
51 enum HashAlgorithm {
52 HASH_ALGO_NONE = 0,
53 HASH_ALGO_MD5 = 1,
54 HASH_ALGO_SHA1 = 2,
55 HASH_ALGO_SHA224 = 3,
56 HASH_ALGO_SHA256 = 4,
57 HASH_ALGO_SHA384 = 5,
58 HASH_ALGO_SHA512 = 6,
61 enum SignatureAlgorithm {
62 SIG_ALGO_ANONYMOUS = 0,
63 SIG_ALGO_RSA = 1,
64 SIG_ALGO_DSA = 2,
65 SIG_ALGO_ECDSA = 3
68 DigitallySigned();
69 ~DigitallySigned();
71 // Returns true if |other_hash_algorithm| and |other_signature_algorithm|
72 // match this DigitallySigned hash and signature algorithms.
73 bool SignatureParametersMatch(
74 HashAlgorithm other_hash_algorithm,
75 SignatureAlgorithm other_signature_algorithm) const;
77 HashAlgorithm hash_algorithm;
78 SignatureAlgorithm signature_algorithm;
79 // 'signature' field.
80 std::string signature_data;
83 // SignedCertificateTimestamp struct in RFC 6962, Section 3.2.
84 struct NET_EXPORT SignedCertificateTimestamp
85 : public base::RefCountedThreadSafe<SignedCertificateTimestamp> {
86 // Predicate functor used in maps when SignedCertificateTimestamp is used as
87 // the key.
88 struct NET_EXPORT LessThan {
89 bool operator()(const scoped_refptr<SignedCertificateTimestamp>& lhs,
90 const scoped_refptr<SignedCertificateTimestamp>& rhs) const;
93 // Version enum in RFC 6962, Section 3.2.
94 enum Version {
95 SCT_VERSION_1 = 0,
98 // Source of the SCT - supplementary, not defined in CT RFC.
99 // Note: The numeric values are used within histograms and should not change
100 // or be re-assigned.
101 enum Origin {
102 SCT_EMBEDDED = 0,
103 SCT_FROM_TLS_EXTENSION = 1,
104 SCT_FROM_OCSP_RESPONSE = 2,
105 SCT_ORIGIN_MAX,
108 SignedCertificateTimestamp();
110 void Persist(base::Pickle* pickle);
111 static scoped_refptr<SignedCertificateTimestamp> CreateFromPickle(
112 base::PickleIterator* iter);
114 Version version;
115 std::string log_id;
116 base::Time timestamp;
117 std::string extensions;
118 DigitallySigned signature;
119 Origin origin;
120 // The log description is not one of the SCT fields, but a user-readable
121 // name defined alongside the log key. It should not participate
122 // in equality checks as the log's description could change while
123 // the SCT would be the same.
124 std::string log_description;
126 private:
127 friend class base::RefCountedThreadSafe<SignedCertificateTimestamp>;
129 ~SignedCertificateTimestamp();
131 DISALLOW_COPY_AND_ASSIGN(SignedCertificateTimestamp);
134 } // namespace ct
136 } // namespace net
138 #endif // NET_CERT_SIGNED_CERTIFICATE_TIMESTAMP_H_