signed_certificate_timestamp.h revision f2477e01787aa58f445919b809d89e252beef54f
1// Copyright 2013 The Chromium Authors. All rights reserved. 2// Use of this source code is governed by a BSD-style license that can be 3// found in the LICENSE file. 4 5#ifndef NET_CERT_SIGNED_CERTIFICATE_TIMESTAMP_H_ 6#define NET_CERT_SIGNED_CERTIFICATE_TIMESTAMP_H_ 7 8#include <string> 9#include <vector> 10 11#include "base/memory/ref_counted.h" 12#include "base/time/time.h" 13#include "net/base/hash_value.h" 14#include "net/base/net_export.h" 15 16namespace net { 17 18// Structures related to Certificate Transparency (RFC6962). 19namespace ct { 20 21// LogEntry struct in RFC 6962, Section 3.1 22struct NET_EXPORT LogEntry { 23 // LogEntryType enum in RFC 6962, Section 3.1 24 enum Type { 25 LOG_ENTRY_TYPE_X509 = 0, 26 LOG_ENTRY_TYPE_PRECERT = 1 27 }; 28 29 LogEntry(); 30 ~LogEntry(); 31 void Reset(); 32 33 Type type; 34 35 // Set if type == LOG_ENTRY_TYPE_X509 36 std::string leaf_certificate; 37 38 // Set if type == LOG_ENTRY_TYPE_PRECERT 39 SHA256HashValue issuer_key_hash; 40 std::string tbs_certificate; 41}; 42 43// Helper structure to represent Digitally Signed data, as described in 44// Sections 4.7 and 7.4.1.4.1 of RFC 5246. 45struct NET_EXPORT_PRIVATE DigitallySigned { 46 enum HashAlgorithm { 47 HASH_ALGO_NONE = 0, 48 HASH_ALGO_MD5 = 1, 49 HASH_ALGO_SHA1 = 2, 50 HASH_ALGO_SHA224 = 3, 51 HASH_ALGO_SHA256 = 4, 52 HASH_ALGO_SHA384 = 5, 53 HASH_ALGO_SHA512 = 6, 54 }; 55 56 enum SignatureAlgorithm { 57 SIG_ALGO_ANONYMOUS = 0, 58 SIG_ALGO_RSA = 1, 59 SIG_ALGO_DSA = 2, 60 SIG_ALGO_ECDSA = 3 61 }; 62 63 DigitallySigned(); 64 ~DigitallySigned(); 65 66 HashAlgorithm hash_algorithm; 67 SignatureAlgorithm signature_algorithm; 68 // 'signature' field. 69 std::string signature_data; 70}; 71 72// SignedCertificateTimestamp struct in RFC 6962, Section 3.2. 73struct NET_EXPORT SignedCertificateTimestamp 74 : public base::RefCountedThreadSafe<SignedCertificateTimestamp> { 75 // Predicate functor used in maps when SignedCertificateTimestamp is used as 76 // the key. 77 struct NET_EXPORT LessThan { 78 bool operator()(const scoped_refptr<SignedCertificateTimestamp>& lhs, 79 const scoped_refptr<SignedCertificateTimestamp>& rhs) const; 80 }; 81 82 // Version enum in RFC 6962, Section 3.2. 83 enum Version { 84 SCT_VERSION_1 = 0, 85 }; 86 87 // Source of the SCT - supplementary, not defined in CT RFC. 88 enum Origin { 89 SCT_EMBEDDED = 0, 90 SCT_FROM_TLS_EXTENSION = 1, 91 SCT_FROM_OCSP_RESPONSE = 2, 92 }; 93 94 SignedCertificateTimestamp(); 95 96 Version version; 97 std::string log_id; 98 base::Time timestamp; 99 std::string extensions; 100 DigitallySigned signature; 101 // The origin should not participate in equality checks 102 // as the same SCT can be provided from multiple sources. 103 Origin origin; 104 105 private: 106 friend class base::RefCountedThreadSafe<SignedCertificateTimestamp>; 107 108 ~SignedCertificateTimestamp(); 109 110 DISALLOW_COPY_AND_ASSIGN(SignedCertificateTimestamp); 111}; 112 113} // namespace ct 114 115} // namespace net 116 117#endif // NET_CERT_SIGNED_CERTIFICATE_TIMESTAMP_H_ 118