diff options
Diffstat (limited to 'chromium/net/cert/ct_log_verifier.h')
-rw-r--r-- | chromium/net/cert/ct_log_verifier.h | 14 |
1 files changed, 14 insertions, 0 deletions
diff --git a/chromium/net/cert/ct_log_verifier.h b/chromium/net/cert/ct_log_verifier.h index b4ee5202674..38e0930eb65 100644 --- a/chromium/net/cert/ct_log_verifier.h +++ b/chromium/net/cert/ct_log_verifier.h @@ -23,6 +23,10 @@ typedef struct SECKEYPublicKeyStr SECKEYPublicKey; namespace net { +namespace ct { +struct SignedTreeHead; +} // namespace ct + // Class for verifying Signed Certificate Timestamps (SCTs) provided by a // specific log (whose identity is provided during construction). class NET_EXPORT CTLogVerifier { @@ -46,6 +50,11 @@ class NET_EXPORT CTLogVerifier { bool Verify(const ct::LogEntry& entry, const ct::SignedCertificateTimestamp& sct); + // Verifies and sets |signed_tree_head|. If |signed_tree_head|'s signature is + // valid, stores it and returns true. Otherwise, discards the sth and + // returns false. + bool SetSignedTreeHead(scoped_ptr<ct::SignedTreeHead> signed_tree_head); + private: FRIEND_TEST_ALL_PREFIXES(CTLogVerifierTest, VerifySignature); @@ -61,10 +70,15 @@ class NET_EXPORT CTLogVerifier { bool VerifySignature(const base::StringPiece& data_to_sign, const base::StringPiece& signature); + // Returns true if the signature and hash algorithms in |signature| + // match those of the log + bool SignatureParametersMatch(const ct::DigitallySigned& signature); + std::string key_id_; std::string description_; ct::DigitallySigned::HashAlgorithm hash_algorithm_; ct::DigitallySigned::SignatureAlgorithm signature_algorithm_; + scoped_ptr<ct::SignedTreeHead> signed_tree_head_; #if defined(USE_OPENSSL) EVP_PKEY* public_key_; |