1// Copyright 2013 The Chromium Authors. All rights reserved. 2// Use of this source code is governed by a BSD-style license that can be 3// found in the LICENSE file. 4 5#ifndef NET_CERT_SIGNED_CERTIFICATE_TIMESTAMP_H_ 6#define NET_CERT_SIGNED_CERTIFICATE_TIMESTAMP_H_ 7 8#include <string> 9#include <vector> 10 11#include "base/memory/ref_counted.h" 12#include "base/time/time.h" 13#include "net/base/hash_value.h" 14#include "net/base/net_export.h" 15 16class Pickle; 17class PickleIterator; 18 19namespace net { 20 21// Structures related to Certificate Transparency (RFC6962). 22namespace ct { 23 24// LogEntry struct in RFC 6962, Section 3.1 25struct NET_EXPORT LogEntry { 26 // LogEntryType enum in RFC 6962, Section 3.1 27 enum Type { 28 LOG_ENTRY_TYPE_X509 = 0, 29 LOG_ENTRY_TYPE_PRECERT = 1 30 }; 31 32 LogEntry(); 33 ~LogEntry(); 34 void Reset(); 35 36 Type type; 37 38 // Set if type == LOG_ENTRY_TYPE_X509 39 std::string leaf_certificate; 40 41 // Set if type == LOG_ENTRY_TYPE_PRECERT 42 SHA256HashValue issuer_key_hash; 43 std::string tbs_certificate; 44}; 45 46// Helper structure to represent Digitally Signed data, as described in 47// Sections 4.7 and 7.4.1.4.1 of RFC 5246. 48struct NET_EXPORT_PRIVATE DigitallySigned { 49 enum HashAlgorithm { 50 HASH_ALGO_NONE = 0, 51 HASH_ALGO_MD5 = 1, 52 HASH_ALGO_SHA1 = 2, 53 HASH_ALGO_SHA224 = 3, 54 HASH_ALGO_SHA256 = 4, 55 HASH_ALGO_SHA384 = 5, 56 HASH_ALGO_SHA512 = 6, 57 }; 58 59 enum SignatureAlgorithm { 60 SIG_ALGO_ANONYMOUS = 0, 61 SIG_ALGO_RSA = 1, 62 SIG_ALGO_DSA = 2, 63 SIG_ALGO_ECDSA = 3 64 }; 65 66 DigitallySigned(); 67 ~DigitallySigned(); 68 69 // Returns true if |other_hash_algorithm| and |other_signature_algorithm| 70 // match this DigitallySigned hash and signature algorithms. 71 bool SignatureParametersMatch( 72 HashAlgorithm other_hash_algorithm, 73 SignatureAlgorithm other_signature_algorithm) const; 74 75 HashAlgorithm hash_algorithm; 76 SignatureAlgorithm signature_algorithm; 77 // 'signature' field. 78 std::string signature_data; 79}; 80 81// SignedCertificateTimestamp struct in RFC 6962, Section 3.2. 82struct NET_EXPORT SignedCertificateTimestamp 83 : public base::RefCountedThreadSafe<SignedCertificateTimestamp> { 84 // Predicate functor used in maps when SignedCertificateTimestamp is used as 85 // the key. 86 struct NET_EXPORT LessThan { 87 bool operator()(const scoped_refptr<SignedCertificateTimestamp>& lhs, 88 const scoped_refptr<SignedCertificateTimestamp>& rhs) const; 89 }; 90 91 // Version enum in RFC 6962, Section 3.2. 92 enum Version { 93 SCT_VERSION_1 = 0, 94 }; 95 96 // Source of the SCT - supplementary, not defined in CT RFC. 97 // Note: The numeric values are used within histograms and should not change 98 // or be re-assigned. 99 enum Origin { 100 SCT_EMBEDDED = 0, 101 SCT_FROM_TLS_EXTENSION = 1, 102 SCT_FROM_OCSP_RESPONSE = 2, 103 SCT_ORIGIN_MAX, 104 }; 105 106 SignedCertificateTimestamp(); 107 108 void Persist(Pickle* pickle); 109 static scoped_refptr<SignedCertificateTimestamp> CreateFromPickle( 110 PickleIterator* iter); 111 112 Version version; 113 std::string log_id; 114 base::Time timestamp; 115 std::string extensions; 116 DigitallySigned signature; 117 // The origin should not participate in equality checks 118 // as the same SCT can be provided from multiple sources. 119 Origin origin; 120 // The log description is not one of the SCT fields, but a user-readable 121 // name defined alongside the log key. It should not participate 122 // in equality checks as the log's description could change while 123 // the SCT would be the same. 124 std::string log_description; 125 126 private: 127 friend class base::RefCountedThreadSafe<SignedCertificateTimestamp>; 128 129 ~SignedCertificateTimestamp(); 130 131 DISALLOW_COPY_AND_ASSIGN(SignedCertificateTimestamp); 132}; 133 134} // namespace ct 135 136} // namespace net 137 138#endif // NET_CERT_SIGNED_CERTIFICATE_TIMESTAMP_H_ 139