net/cert/ct_log_verifier.cc - chromium/src.git - Git at Google

 // Copyright 2013 The Chromium Authors. All rights reserved.
 // Use of this source code is governed by a BSD-style license that can be
 // found in the LICENSE file.

 #include "net/cert/ct_log_verifier.h"

 #include "base/logging.h"
 #include "net/cert/ct_serialization.h"

 namespace net {

 // static
 scoped_ptr<CTLogVerifier> CTLogVerifier::Create(
     const base::StringPiece& public_key,
     const base::StringPiece& description) {
   scoped_ptr<CTLogVerifier> result(new CTLogVerifier());
   if (!result->Init(public_key, description))
     result.reset();
   return result.Pass();
 }

 bool CTLogVerifier::Verify(const ct::LogEntry& entry,
                            const ct::SignedCertificateTimestamp& sct) {
   if (sct.log_id != key_id()) {
     DVLOG(1) << "SCT is not signed by this log.";
     return false;
   }

   if (sct.signature.hash_algorithm != hash_algorithm_) {
     DVLOG(1) << "Mismatched hash algorithm. Expected " << hash_algorithm_
              << ", got " << sct.signature.hash_algorithm << ".";
     return false;
   }

   if (sct.signature.signature_algorithm != signature_algorithm_) {
     DVLOG(1) << "Mismatched sig algorithm. Expected " << signature_algorithm_
              << ", got " << sct.signature.signature_algorithm << ".";
     return false;
   }

   std::string serialized_log_entry;
   if (!ct::EncodeLogEntry(entry, &serialized_log_entry)) {
     DVLOG(1) << "Unable to serialize entry.";
     return false;
   }
   std::string serialized_data;
   if (!ct::EncodeV1SCTSignedData(sct.timestamp, serialized_log_entry,
                                  sct.extensions, &serialized_data)) {
     DVLOG(1) << "Unable to create SCT to verify.";
     return false;
   }

   return VerifySignature(serialized_data, sct.signature.signature_data);
 }

 }  // namespace net
	// Copyright 2013 The Chromium Authors. All rights reserved.
	// Use of this source code is governed by a BSD-style license that can be
	// found in the LICENSE file.

	#include "net/cert/ct_log_verifier.h"

	#include "base/logging.h"
	#include "net/cert/ct_serialization.h"

	namespace net {

	// static
	scoped_ptr<CTLogVerifier> CTLogVerifier::Create(
	const base::StringPiece& public_key,
	const base::StringPiece& description) {
	scoped_ptr<CTLogVerifier> result(new CTLogVerifier());
	if (!result->Init(public_key, description))
	result.reset();
	return result.Pass();
	}

	bool CTLogVerifier::Verify(const ct::LogEntry& entry,
	const ct::SignedCertificateTimestamp& sct) {
	if (sct.log_id != key_id()) {
	DVLOG(1) << "SCT is not signed by this log.";
	return false;
	}

	if (sct.signature.hash_algorithm != hash_algorithm_) {
	DVLOG(1) << "Mismatched hash algorithm. Expected " << hash_algorithm_
	<< ", got " << sct.signature.hash_algorithm << ".";
	return false;
	}

	if (sct.signature.signature_algorithm != signature_algorithm_) {
	DVLOG(1) << "Mismatched sig algorithm. Expected " << signature_algorithm_
	<< ", got " << sct.signature.signature_algorithm << ".";
	return false;
	}

	std::string serialized_log_entry;
	if (!ct::EncodeLogEntry(entry, &serialized_log_entry)) {
	DVLOG(1) << "Unable to serialize entry.";
	return false;
	}
	std::string serialized_data;
	if (!ct::EncodeV1SCTSignedData(sct.timestamp, serialized_log_entry,
	sct.extensions, &serialized_data)) {
	DVLOG(1) << "Unable to create SCT to verify.";
	return false;
	}

	return VerifySignature(serialized_data, sct.signature.signature_data);
	}

	} // namespace net