Popular sites on the NTP: Try to keep the ordering constant
[chromium-blink-merge.git] / components / packed_ct_ev_whitelist / packed_ct_ev_whitelist.h
blobf3accc47138ffd974fa3e2e0df489ad16d0f65b5
1 // Copyright 2014 The Chromium Authors. All rights reserved.
2 // Use of this source code is governed by a BSD-style license that can be
3 // found in the LICENSE file.
5 #ifndef COMPONENTS_PACKED_CT_EV_WHITELIST_PACKED_CT_EV_WHITELIST_H_
6 #define COMPONENTS_PACKED_CT_EV_WHITELIST_PACKED_CT_EV_WHITELIST_H_
8 #include <stdint.h>
10 #include <string>
11 #include <vector>
13 #include "base/gtest_prod_util.h"
14 #include "base/version.h"
15 #include "net/cert/ct_ev_whitelist.h"
17 namespace base {
18 class FilePath;
21 namespace packed_ct_ev_whitelist {
23 // An implementation of the EVCertsWhitelist that gets its data packed using
24 // Golomb coding to encode the difference between subsequent hash values.
25 // Format of the packed list:
26 // * First 8 bytes: First hash
27 // * Repeating Golomb-coded number which is the numeric difference of the
28 // previous hash value from this one
30 // The resulting, unpacked list is a sorted list of hash values that can be
31 // efficiently searched.
32 class PackedEVCertsWhitelist : public net::ct::EVCertsWhitelist {
33 public:
34 // Unpacks the given |compressed_whitelist|. See the class documentation
35 // for description of the |compressed_whitelist| format.
36 PackedEVCertsWhitelist(const std::string& compressed_whitelist,
37 const base::Version& version);
39 // Returns true if the |certificate_hash| appears in the EV certificate hashes
40 // whitelist. Must not be called if IsValid for this instance returned false.
41 bool ContainsCertificateHash(
42 const std::string& certificate_hash) const override;
44 // Returns true if the EV certificate hashes whitelist provided in the c'tor
45 // was valid, false otherwise.
46 bool IsValid() const override;
48 // Returns the version of the whitelist in use, if available.
49 base::Version Version() const override;
51 protected:
52 ~PackedEVCertsWhitelist() override;
54 private:
55 FRIEND_TEST_ALL_PREFIXES(PackedEVCertsWhitelistTest,
56 UncompressFailsForTooShortList);
57 FRIEND_TEST_ALL_PREFIXES(PackedEVCertsWhitelistTest,
58 UncompressFailsForTruncatedList);
59 FRIEND_TEST_ALL_PREFIXES(PackedEVCertsWhitelistTest,
60 UncompressFailsForInvalidValuesInList);
61 FRIEND_TEST_ALL_PREFIXES(PackedEVCertsWhitelistTest,
62 UncompressesWhitelistCorrectly);
64 // Given a Golomb-coded list of hashes in |compressed_whitelist|, unpack into
65 // |uncompressed_list|. Returns true if the format of the compressed whitelist
66 // is valid, false otherwise.
67 static bool UncompressEVWhitelist(const std::string& compressed_whitelist,
68 std::vector<uint64_t>* uncompressed_list);
70 // The whitelist is an array containing certificate hashes (truncated
71 // to a fixed size of 8 bytes), sorted.
72 // Binary search is used to locate hashes in the the array.
73 // Benchmarking bsearch vs std::set (with 120K entries, doing 1.2M lookups)
74 // shows that bsearch is about twice as fast as std::set lookups (and std::set
75 // has additional memory overhead).
76 std::vector<uint64_t> whitelist_;
77 base::Version version_;
79 DISALLOW_COPY_AND_ASSIGN(PackedEVCertsWhitelist);
82 // Sets the EV certificate hashes whitelist in the SSLConfigService
83 // to the provided |whitelist|, if valid. Otherwise, does nothing.
84 // To set the new whitelist, this function dispatches a task to the IO thread.
85 void SetEVCertsWhitelist(scoped_refptr<net::ct::EVCertsWhitelist> whitelist);
87 } // namespace packed_ct_ev_whitelist
89 #endif // COMPONENTS_PACKED_CT_EV_WHITELIST_PACKED_CT_EV_WHITELIST_H_