signed_certificate_timestamp.h revision f2477e01787aa58f445919b809d89e252beef54f 
1// Copyright 2013 The Chromium Authors. All rights reserved.
2// Use of this source code is governed by a BSD-style license that can be
3// found in the LICENSE file.
4
5#ifndef NET_CERT_SIGNED_CERTIFICATE_TIMESTAMP_H_
6#define NET_CERT_SIGNED_CERTIFICATE_TIMESTAMP_H_
7
8#include <string>
9#include <vector>
10
11#include "base/memory/ref_counted.h"
12#include "base/time/time.h"
13#include "net/base/hash_value.h"
14#include "net/base/net_export.h"
15
16namespace net {
17
18// Structures related to Certificate Transparency (RFC6962).
19namespace ct {
20
21// LogEntry struct in RFC 6962, Section 3.1
22struct NET_EXPORT LogEntry {
23  // LogEntryType enum in RFC 6962, Section 3.1
24  enum Type {
25    LOG_ENTRY_TYPE_X509 = 0,
26    LOG_ENTRY_TYPE_PRECERT = 1
27  };
28
29  LogEntry();
30  ~LogEntry();
31  void Reset();
32
33  Type type;
34
35  // Set if type == LOG_ENTRY_TYPE_X509
36  std::string leaf_certificate;
37
38  // Set if type == LOG_ENTRY_TYPE_PRECERT
39  SHA256HashValue issuer_key_hash;
40  std::string tbs_certificate;
41};
42
43// Helper structure to represent Digitally Signed data, as described in
44// Sections 4.7 and 7.4.1.4.1 of RFC 5246.
45struct NET_EXPORT_PRIVATE DigitallySigned {
46  enum HashAlgorithm {
47    HASH_ALGO_NONE = 0,
48    HASH_ALGO_MD5 = 1,
49    HASH_ALGO_SHA1 = 2,
50    HASH_ALGO_SHA224 = 3,
51    HASH_ALGO_SHA256 = 4,
52    HASH_ALGO_SHA384 = 5,
53    HASH_ALGO_SHA512 = 6,
54  };
55
56  enum SignatureAlgorithm {
57    SIG_ALGO_ANONYMOUS = 0,
58    SIG_ALGO_RSA = 1,
59    SIG_ALGO_DSA = 2,
60    SIG_ALGO_ECDSA = 3
61  };
62
63  DigitallySigned();
64  ~DigitallySigned();
65
66  HashAlgorithm hash_algorithm;
67  SignatureAlgorithm signature_algorithm;
68  // 'signature' field.
69  std::string signature_data;
70};
71
72// SignedCertificateTimestamp struct in RFC 6962, Section 3.2.
73struct NET_EXPORT SignedCertificateTimestamp
74    : public base::RefCountedThreadSafe<SignedCertificateTimestamp> {
75  // Predicate functor used in maps when SignedCertificateTimestamp is used as
76  // the key.
77  struct NET_EXPORT LessThan {
78    bool operator()(const scoped_refptr<SignedCertificateTimestamp>& lhs,
79                    const scoped_refptr<SignedCertificateTimestamp>& rhs) const;
80  };
81
82  // Version enum in RFC 6962, Section 3.2.
83  enum Version {
84    SCT_VERSION_1 = 0,
85  };
86
87  // Source of the SCT - supplementary, not defined in CT RFC.
88  enum Origin {
89    SCT_EMBEDDED = 0,
90    SCT_FROM_TLS_EXTENSION = 1,
91    SCT_FROM_OCSP_RESPONSE = 2,
92  };
93
94  SignedCertificateTimestamp();
95
96  Version version;
97  std::string log_id;
98  base::Time timestamp;
99  std::string extensions;
100  DigitallySigned signature;
101  // The origin should not participate in equality checks
102  // as the same SCT can be provided from multiple sources.
103  Origin origin;
104
105 private:
106  friend class base::RefCountedThreadSafe<SignedCertificateTimestamp>;
107
108  ~SignedCertificateTimestamp();
109
110  DISALLOW_COPY_AND_ASSIGN(SignedCertificateTimestamp);
111};
112
113}  // namespace ct
114
115}  // namespace net
116
117#endif  // NET_CERT_SIGNED_CERTIFICATE_TIMESTAMP_H_
118