diff options
Diffstat (limited to 'chromium/net/cert/ct_known_logs.cc')
-rw-r--r-- | chromium/net/cert/ct_known_logs.cc | 43 |
1 files changed, 39 insertions, 4 deletions
diff --git a/chromium/net/cert/ct_known_logs.cc b/chromium/net/cert/ct_known_logs.cc index 381d4dd1013..eddeb55a8a9 100644 --- a/chromium/net/cert/ct_known_logs.cc +++ b/chromium/net/cert/ct_known_logs.cc @@ -4,28 +4,63 @@ #include "net/cert/ct_known_logs.h" -#include <string> +#include <algorithm> +#include "base/logging.h" #include "base/macros.h" -#include "base/strings/string_piece.h" +#include "crypto/sha2.h" #include "net/cert/ct_known_logs_static.h" + +#if !defined(OS_NACL) #include "net/cert/ct_log_verifier.h" +#endif namespace net { namespace ct { -std::vector<scoped_refptr<CTLogVerifier>> CreateLogVerifiersForKnownLogs() { - std::vector<scoped_refptr<CTLogVerifier>> verifiers; +namespace { + +int log_ids_compare(const char* log_id, const char* lookup_id) { + return strncmp(log_id, lookup_id, crypto::kSHA256Length) < 0; +} + +} // namespace + +#if !defined(OS_NACL) +std::vector<scoped_refptr<const CTLogVerifier>> +CreateLogVerifiersForKnownLogs() { + std::vector<scoped_refptr<const CTLogVerifier>> verifiers; for (size_t i = 0; i < arraysize(kCTLogList); ++i) { const CTLogInfo& log(kCTLogList[i]); base::StringPiece key(log.log_key, log.log_key_length); verifiers.push_back(CTLogVerifier::Create(key, log.log_name, log.log_url)); + // Make sure no null logs enter verifiers. Parsing of all known logs should + // succeed. + CHECK(verifiers.back().get()); } return verifiers; } +#endif + +bool IsLogOperatedByGoogle(base::StringPiece log_id) { + // No callers should provide a log_id that's not of the expected length + // (log IDs are SHA-256 hashes of the key and are always 32 bytes). + // Without this DCHECK (i.e. in production) this function would always + // return false. + DCHECK_EQ(log_id.size(), arraysize(kGoogleLogIDs[0]) - 1); + + auto p = std::lower_bound(kGoogleLogIDs, kGoogleLogIDs + kNumGoogleLogs, + log_id.data(), &log_ids_compare); + if ((p == kGoogleLogIDs + kNumGoogleLogs) || + log_id != base::StringPiece(*p, crypto::kSHA256Length)) { + return false; + } + + return true; +} } // namespace ct |