1f2477e01787aa58f445919b809d89e252beef54fTorne (Richard Coles)// Copyright 2013 The Chromium Authors. All rights reserved. 2f2477e01787aa58f445919b809d89e252beef54fTorne (Richard Coles)// Use of this source code is governed by a BSD-style license that can be 3f2477e01787aa58f445919b809d89e252beef54fTorne (Richard Coles)// found in the LICENSE file. 4f2477e01787aa58f445919b809d89e252beef54fTorne (Richard Coles) 5f2477e01787aa58f445919b809d89e252beef54fTorne (Richard Coles)#ifndef NET_CERT_MULTI_LOG_CT_VERIFIER_H_ 6f2477e01787aa58f445919b809d89e252beef54fTorne (Richard Coles)#define NET_CERT_MULTI_LOG_CT_VERIFIER_H_ 7f2477e01787aa58f445919b809d89e252beef54fTorne (Richard Coles) 8f2477e01787aa58f445919b809d89e252beef54fTorne (Richard Coles)#include <map> 9f2477e01787aa58f445919b809d89e252beef54fTorne (Richard Coles)#include <string> 10f2477e01787aa58f445919b809d89e252beef54fTorne (Richard Coles) 11f2477e01787aa58f445919b809d89e252beef54fTorne (Richard Coles)#include "base/memory/linked_ptr.h" 12f2477e01787aa58f445919b809d89e252beef54fTorne (Richard Coles)#include "base/memory/scoped_ptr.h" 13116680a4aac90f2aa7413d9095a592090648e557Ben Murdoch#include "base/memory/scoped_vector.h" 14f2477e01787aa58f445919b809d89e252beef54fTorne (Richard Coles)#include "net/base/net_export.h" 15f2477e01787aa58f445919b809d89e252beef54fTorne (Richard Coles)#include "net/cert/ct_verifier.h" 16f2477e01787aa58f445919b809d89e252beef54fTorne (Richard Coles)#include "net/cert/signed_certificate_timestamp.h" 17f2477e01787aa58f445919b809d89e252beef54fTorne (Richard Coles) 18f2477e01787aa58f445919b809d89e252beef54fTorne (Richard Coles)namespace net { 19f2477e01787aa58f445919b809d89e252beef54fTorne (Richard Coles) 20f2477e01787aa58f445919b809d89e252beef54fTorne (Richard Coles)namespace ct { 21f2477e01787aa58f445919b809d89e252beef54fTorne (Richard Coles)struct LogEntry; 22f2477e01787aa58f445919b809d89e252beef54fTorne (Richard Coles)} // namespace ct 23f2477e01787aa58f445919b809d89e252beef54fTorne (Richard Coles) 24f2477e01787aa58f445919b809d89e252beef54fTorne (Richard Coles)class CTLogVerifier; 25f2477e01787aa58f445919b809d89e252beef54fTorne (Richard Coles) 26f2477e01787aa58f445919b809d89e252beef54fTorne (Richard Coles)// A Certificate Transparency verifier that can verify Signed Certificate 27f2477e01787aa58f445919b809d89e252beef54fTorne (Richard Coles)// Timestamps from multiple logs. 28f2477e01787aa58f445919b809d89e252beef54fTorne (Richard Coles)// There should be a global instance of this class and for all known logs, 29f2477e01787aa58f445919b809d89e252beef54fTorne (Richard Coles)// AddLog should be called with a CTLogVerifier (which is created from the 30f2477e01787aa58f445919b809d89e252beef54fTorne (Richard Coles)// log's public key). 31f2477e01787aa58f445919b809d89e252beef54fTorne (Richard Coles)class NET_EXPORT MultiLogCTVerifier : public CTVerifier { 32f2477e01787aa58f445919b809d89e252beef54fTorne (Richard Coles) public: 33f2477e01787aa58f445919b809d89e252beef54fTorne (Richard Coles) MultiLogCTVerifier(); 34f2477e01787aa58f445919b809d89e252beef54fTorne (Richard Coles) virtual ~MultiLogCTVerifier(); 35f2477e01787aa58f445919b809d89e252beef54fTorne (Richard Coles) 36f2477e01787aa58f445919b809d89e252beef54fTorne (Richard Coles) void AddLog(scoped_ptr<CTLogVerifier> log_verifier); 37116680a4aac90f2aa7413d9095a592090648e557Ben Murdoch void AddLogs(ScopedVector<CTLogVerifier> log_verifiers); 38f2477e01787aa58f445919b809d89e252beef54fTorne (Richard Coles) 39f2477e01787aa58f445919b809d89e252beef54fTorne (Richard Coles) // CTVerifier implementation: 40f2477e01787aa58f445919b809d89e252beef54fTorne (Richard Coles) virtual int Verify(X509Certificate* cert, 415d1f7b1de12d16ceb2c938c56701a3e8bfa558f7Torne (Richard Coles) const std::string& stapled_ocsp_response, 42f2477e01787aa58f445919b809d89e252beef54fTorne (Richard Coles) const std::string& sct_list_from_tls_extension, 43a3f6a49ab37290eeeb8db0f41ec0f1cb74a68be7Torne (Richard Coles) ct::CTVerifyResult* result, 44a3f6a49ab37290eeeb8db0f41ec0f1cb74a68be7Torne (Richard Coles) const BoundNetLog& net_log) OVERRIDE; 45f2477e01787aa58f445919b809d89e252beef54fTorne (Richard Coles) 46f2477e01787aa58f445919b809d89e252beef54fTorne (Richard Coles) private: 47f2477e01787aa58f445919b809d89e252beef54fTorne (Richard Coles) // Mapping from a log's ID to the verifier for this log. 48f2477e01787aa58f445919b809d89e252beef54fTorne (Richard Coles) // A log's ID is the SHA-256 of the log's key, as defined in section 3.2. 49f2477e01787aa58f445919b809d89e252beef54fTorne (Richard Coles) // of RFC6962. 50f2477e01787aa58f445919b809d89e252beef54fTorne (Richard Coles) typedef std::map<std::string, linked_ptr<CTLogVerifier> > IDToLogMap; 51f2477e01787aa58f445919b809d89e252beef54fTorne (Richard Coles) 52f2477e01787aa58f445919b809d89e252beef54fTorne (Richard Coles) // Verify a list of SCTs from |encoded_sct_list| over |expected_entry|, 53f2477e01787aa58f445919b809d89e252beef54fTorne (Richard Coles) // placing the verification results in |result|. The SCTs in the list 54f2477e01787aa58f445919b809d89e252beef54fTorne (Richard Coles) // come from |origin| (as will be indicated in the origin field of each SCT). 55f2477e01787aa58f445919b809d89e252beef54fTorne (Richard Coles) bool VerifySCTs(const std::string& encoded_sct_list, 56f2477e01787aa58f445919b809d89e252beef54fTorne (Richard Coles) const ct::LogEntry& expected_entry, 57f2477e01787aa58f445919b809d89e252beef54fTorne (Richard Coles) ct::SignedCertificateTimestamp::Origin origin, 58f2477e01787aa58f445919b809d89e252beef54fTorne (Richard Coles) ct::CTVerifyResult* result); 59f2477e01787aa58f445919b809d89e252beef54fTorne (Richard Coles) 60f2477e01787aa58f445919b809d89e252beef54fTorne (Richard Coles) // Verifies a single, parsed SCT against all logs. 61f2477e01787aa58f445919b809d89e252beef54fTorne (Richard Coles) bool VerifySingleSCT( 62f2477e01787aa58f445919b809d89e252beef54fTorne (Richard Coles) scoped_refptr<ct::SignedCertificateTimestamp> sct, 63f2477e01787aa58f445919b809d89e252beef54fTorne (Richard Coles) const ct::LogEntry& expected_entry, 64f2477e01787aa58f445919b809d89e252beef54fTorne (Richard Coles) ct::CTVerifyResult* result); 65f2477e01787aa58f445919b809d89e252beef54fTorne (Richard Coles) 66f2477e01787aa58f445919b809d89e252beef54fTorne (Richard Coles) IDToLogMap logs_; 67f2477e01787aa58f445919b809d89e252beef54fTorne (Richard Coles) 68f2477e01787aa58f445919b809d89e252beef54fTorne (Richard Coles) DISALLOW_COPY_AND_ASSIGN(MultiLogCTVerifier); 69f2477e01787aa58f445919b809d89e252beef54fTorne (Richard Coles)}; 70f2477e01787aa58f445919b809d89e252beef54fTorne (Richard Coles) 71f2477e01787aa58f445919b809d89e252beef54fTorne (Richard Coles)} // namespace net 72f2477e01787aa58f445919b809d89e252beef54fTorne (Richard Coles) 73f2477e01787aa58f445919b809d89e252beef54fTorne (Richard Coles)#endif // NET_CERT_MULTI_LOG_CT_VERIFIER_H_ 74