1 // Copyright 2013 The Chromium Authors. All rights reserved. 2 // Use of this source code is governed by a BSD-style license that can be 3 // found in the LICENSE file. 4 5 #ifndef NET_CERT_SIGNED_CERTIFICATE_TIMESTAMP_H_ 6 #define NET_CERT_SIGNED_CERTIFICATE_TIMESTAMP_H_ 7 8 #include <string> 9 #include <vector> 10 11 #include "base/memory/ref_counted.h" 12 #include "base/time/time.h" 13 #include "net/base/hash_value.h" 14 #include "net/base/net_export.h" 15 16 class Pickle; 17 class PickleIterator; 18 19 namespace net { 20 21 // Structures related to Certificate Transparency (RFC6962). 22 namespace ct { 23 24 // LogEntry struct in RFC 6962, Section 3.1 25 struct NET_EXPORT LogEntry { 26 // LogEntryType enum in RFC 6962, Section 3.1 27 enum Type { 28 LOG_ENTRY_TYPE_X509 = 0, 29 LOG_ENTRY_TYPE_PRECERT = 1 30 }; 31 32 LogEntry(); 33 ~LogEntry(); 34 void Reset(); 35 36 Type type; 37 38 // Set if type == LOG_ENTRY_TYPE_X509 39 std::string leaf_certificate; 40 41 // Set if type == LOG_ENTRY_TYPE_PRECERT 42 SHA256HashValue issuer_key_hash; 43 std::string tbs_certificate; 44 }; 45 46 // Helper structure to represent Digitally Signed data, as described in 47 // Sections 4.7 and 7.4.1.4.1 of RFC 5246. 48 struct NET_EXPORT_PRIVATE DigitallySigned { 49 enum HashAlgorithm { 50 HASH_ALGO_NONE = 0, 51 HASH_ALGO_MD5 = 1, 52 HASH_ALGO_SHA1 = 2, 53 HASH_ALGO_SHA224 = 3, 54 HASH_ALGO_SHA256 = 4, 55 HASH_ALGO_SHA384 = 5, 56 HASH_ALGO_SHA512 = 6, 57 }; 58 59 enum SignatureAlgorithm { 60 SIG_ALGO_ANONYMOUS = 0, 61 SIG_ALGO_RSA = 1, 62 SIG_ALGO_DSA = 2, 63 SIG_ALGO_ECDSA = 3 64 }; 65 66 DigitallySigned(); 67 ~DigitallySigned(); 68 69 HashAlgorithm hash_algorithm; 70 SignatureAlgorithm signature_algorithm; 71 // 'signature' field. 72 std::string signature_data; 73 }; 74 75 // SignedCertificateTimestamp struct in RFC 6962, Section 3.2. 76 struct NET_EXPORT SignedCertificateTimestamp 77 : public base::RefCountedThreadSafe<SignedCertificateTimestamp> { 78 // Predicate functor used in maps when SignedCertificateTimestamp is used as 79 // the key. 80 struct NET_EXPORT LessThan { 81 bool operator()(const scoped_refptr<SignedCertificateTimestamp>& lhs, 82 const scoped_refptr<SignedCertificateTimestamp>& rhs) const; 83 }; 84 85 // Version enum in RFC 6962, Section 3.2. 86 enum Version { 87 SCT_VERSION_1 = 0, 88 }; 89 90 // Source of the SCT - supplementary, not defined in CT RFC. 91 enum Origin { 92 SCT_EMBEDDED = 0, 93 SCT_FROM_TLS_EXTENSION = 1, 94 SCT_FROM_OCSP_RESPONSE = 2, 95 }; 96 97 SignedCertificateTimestamp(); 98 99 void Persist(Pickle* pickle); 100 static scoped_refptr<SignedCertificateTimestamp> CreateFromPickle( 101 PickleIterator* iter); 102 103 Version version; 104 std::string log_id; 105 base::Time timestamp; 106 std::string extensions; 107 DigitallySigned signature; 108 // The origin should not participate in equality checks 109 // as the same SCT can be provided from multiple sources. 110 Origin origin; 111 // The log description is not one of the SCT fields, but a user-readable 112 // name defined alongside the log key. It should not participate 113 // in equality checks as the log's description could change while 114 // the SCT would be the same. 115 std::string log_description; 116 117 private: 118 friend class base::RefCountedThreadSafe<SignedCertificateTimestamp>; 119 120 ~SignedCertificateTimestamp(); 121 122 DISALLOW_COPY_AND_ASSIGN(SignedCertificateTimestamp); 123 }; 124 125 } // namespace ct 126 127 } // namespace net 128 129 #endif // NET_CERT_SIGNED_CERTIFICATE_TIMESTAMP_H_ 130
