summaryrefslogtreecommitdiff
path: root/chromium/net/cert/ct_known_logs.cc
diff options
context:
space:
mode:
Diffstat (limited to 'chromium/net/cert/ct_known_logs.cc')
-rw-r--r--chromium/net/cert/ct_known_logs.cc43
1 files changed, 39 insertions, 4 deletions
diff --git a/chromium/net/cert/ct_known_logs.cc b/chromium/net/cert/ct_known_logs.cc
index 381d4dd1013..eddeb55a8a9 100644
--- a/chromium/net/cert/ct_known_logs.cc
+++ b/chromium/net/cert/ct_known_logs.cc
@@ -4,28 +4,63 @@
#include "net/cert/ct_known_logs.h"
-#include <string>
+#include <algorithm>
+#include "base/logging.h"
#include "base/macros.h"
-#include "base/strings/string_piece.h"
+#include "crypto/sha2.h"
#include "net/cert/ct_known_logs_static.h"
+
+#if !defined(OS_NACL)
#include "net/cert/ct_log_verifier.h"
+#endif
namespace net {
namespace ct {
-std::vector<scoped_refptr<CTLogVerifier>> CreateLogVerifiersForKnownLogs() {
- std::vector<scoped_refptr<CTLogVerifier>> verifiers;
+namespace {
+
+int log_ids_compare(const char* log_id, const char* lookup_id) {
+ return strncmp(log_id, lookup_id, crypto::kSHA256Length) < 0;
+}
+
+} // namespace
+
+#if !defined(OS_NACL)
+std::vector<scoped_refptr<const CTLogVerifier>>
+CreateLogVerifiersForKnownLogs() {
+ std::vector<scoped_refptr<const CTLogVerifier>> verifiers;
for (size_t i = 0; i < arraysize(kCTLogList); ++i) {
const CTLogInfo& log(kCTLogList[i]);
base::StringPiece key(log.log_key, log.log_key_length);
verifiers.push_back(CTLogVerifier::Create(key, log.log_name, log.log_url));
+ // Make sure no null logs enter verifiers. Parsing of all known logs should
+ // succeed.
+ CHECK(verifiers.back().get());
}
return verifiers;
}
+#endif
+
+bool IsLogOperatedByGoogle(base::StringPiece log_id) {
+ // No callers should provide a log_id that's not of the expected length
+ // (log IDs are SHA-256 hashes of the key and are always 32 bytes).
+ // Without this DCHECK (i.e. in production) this function would always
+ // return false.
+ DCHECK_EQ(log_id.size(), arraysize(kGoogleLogIDs[0]) - 1);
+
+ auto p = std::lower_bound(kGoogleLogIDs, kGoogleLogIDs + kNumGoogleLogs,
+ log_id.data(), &log_ids_compare);
+ if ((p == kGoogleLogIDs + kNumGoogleLogs) ||
+ log_id != base::StringPiece(*p, crypto::kSHA256Length)) {
+ return false;
+ }
+
+ return true;
+}
} // namespace ct
View Lorry Controller Status