Chromium Code Reviews
chromiumcodereview-hr@appspot.gserviceaccount.com (chromiumcodereview-hr) | Please choose your nickname with Settings | Help | Chromium Project | Gerrit Changes | Sign out
(358)

Issues Search
    My Issues | Starred     Open | Closed | All

Side by Side Diff: components/certificate_transparency/tree_state_tracker.cc

Issue 2017563002: Add Certificate Transparency logs auditing (Closed) Base URL: https://chromium.googlesource.com/chromium/src.git@master
Patch Set: Addressing Ryan's two final comments Created 3 years, 11 months ago
Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.
Jump to:
View unified diff | Download patch
« no previous file with comments | « components/certificate_transparency/tree_state_tracker.h ('k') | net/cert/merkle_audit_proof.h » ('j') | no next file with comments »
Toggle Intra-line Diffs ('i') | Expand Comments ('e') | Collapse Comments ('c') | Show Comments Hide Comments ('s')
OLDNEW
1 // Copyright 2015 The Chromium Authors. All rights reserved. 1 // Copyright 2015 The Chromium Authors. All rights reserved.
2 // Use of this source code is governed by a BSD-style license that can be 2 // Use of this source code is governed by a BSD-style license that can be
3 // found in the LICENSE file. 3 // found in the LICENSE file.
4 4
5 #include "components/certificate_transparency/tree_state_tracker.h" 5 #include "components/certificate_transparency/tree_state_tracker.h"
6 6
7 #include "base/feature_list.h"
8 #include "base/memory/ptr_util.h"
9 #include "components/certificate_transparency/log_dns_client.h"
7 #include "components/certificate_transparency/single_tree_tracker.h" 10 #include "components/certificate_transparency/single_tree_tracker.h"
11 #include "net/base/network_change_notifier.h"
8 #include "net/cert/ct_log_verifier.h" 12 #include "net/cert/ct_log_verifier.h"
9 #include "net/cert/signed_certificate_timestamp.h" 13 #include "net/cert/signed_certificate_timestamp.h"
10 #include "net/cert/signed_tree_head.h" 14 #include "net/cert/signed_tree_head.h"
11 #include "net/cert/x509_certificate.h" 15 #include "net/cert/x509_certificate.h"
16 #include "net/dns/dns_client.h"
17 #include "net/dns/dns_config_service.h"
18 #include "net/log/net_log.h"
12 19
13 using net::X509Certificate; 20 using net::X509Certificate;
14 using net::CTLogVerifier; 21 using net::CTLogVerifier;
15 using net::ct::SignedCertificateTimestamp; 22 using net::ct::SignedCertificateTimestamp;
16 using net::ct::SignedTreeHead; 23 using net::ct::SignedTreeHead;
17 24
25 namespace {
26 const size_t kMaxConcurrentDnsQueries = 1;
27 }
28
18 namespace certificate_transparency { 29 namespace certificate_transparency {
19 30
31 // Enables or disables auditing Certificate Transparency logs over DNS.
32 const base::Feature kCTLogAuditing = {"CertificateTransparencyLogAuditing",
33 base::FEATURE_DISABLED_BY_DEFAULT};
34
20 TreeStateTracker::TreeStateTracker( 35 TreeStateTracker::TreeStateTracker(
21 std::vector<scoped_refptr<const CTLogVerifier>> ct_logs) { 36 std::vector<scoped_refptr<const CTLogVerifier>> ct_logs) {
22 for (const auto& log : ct_logs) 37 if (!base::FeatureList::IsEnabled(kCTLogAuditing))
23 tree_trackers_[log->key_id()].reset(new SingleTreeTracker(log)); 38 return;
39
40 // TODO(eranm): Hook up a real NetLog.
41 net::NetLogWithSource net_log;
42 std::unique_ptr<net::DnsClient> dns_client =
43 net::DnsClient::CreateClient(net_log.net_log());
44 dns_client_ = base::MakeUnique<LogDnsClient>(std::move(dns_client), net_log,
45 kMaxConcurrentDnsQueries);
46
47 for (const auto& log : ct_logs) {
48 tree_trackers_[log->key_id()].reset(
49 new SingleTreeTracker(log, dns_client_.get()));
50 }
24 } 51 }
25 52
26 TreeStateTracker::~TreeStateTracker() {} 53 TreeStateTracker::~TreeStateTracker() {}
27 54
28 void TreeStateTracker::OnSCTVerified(X509Certificate* cert, 55 void TreeStateTracker::OnSCTVerified(X509Certificate* cert,
29 const SignedCertificateTimestamp* sct) { 56 const SignedCertificateTimestamp* sct) {
30 auto it = tree_trackers_.find(sct->log_id); 57 auto it = tree_trackers_.find(sct->log_id);
31 // Ignore if the SCT is from an unknown log. 58 // Ignore if the SCT is from an unknown log.
32 if (it == tree_trackers_.end()) 59 if (it == tree_trackers_.end())
33 return; 60 return;
34 61
35 it->second->OnSCTVerified(cert, sct); 62 it->second->OnSCTVerified(cert, sct);
36 } 63 }
37 64
38 void TreeStateTracker::NewSTHObserved(const SignedTreeHead& sth) { 65 void TreeStateTracker::NewSTHObserved(const SignedTreeHead& sth) {
39 auto it = tree_trackers_.find(sth.log_id); 66 auto it = tree_trackers_.find(sth.log_id);
40 // Is the STH from a known log? Since STHs can be provided from external 67 // Is the STH from a known log? Since STHs can be provided from external
41 // sources for logs not yet recognized by this client, return, rather than 68 // sources for logs not yet recognized by this client, return, rather than
42 // DCHECK. 69 // DCHECK.
43 if (it == tree_trackers_.end()) 70 if (it == tree_trackers_.end())
44 return; 71 return;
45 72
46 it->second->NewSTHObserved(sth); 73 it->second->NewSTHObserved(sth);
47 } 74 }
48 75
49 } // namespace certificate_transparency 76 } // namespace certificate_transparency
OLDNEW
« no previous file with comments | « components/certificate_transparency/tree_state_tracker.h ('k') | net/cert/merkle_audit_proof.h » ('j') | no next file with comments »

Powered by Google App Engine
This is Rietveld 408576698