1 // Copyright 2013 The Chromium Authors. All rights reserved. 2 // Use of this source code is governed by a BSD-style license that can be 3 // found in the LICENSE file. 4 5 #include "net/cert/ct_log_verifier.h" 6 7 #include "base/logging.h" 8 #include "net/cert/ct_serialization.h" 9 10 namespace net { 11 12 // static 13 scoped_ptr<CTLogVerifier> CTLogVerifier::Create( 14 const base::StringPiece& public_key, 15 const base::StringPiece& description) { 16 scoped_ptr<CTLogVerifier> result(new CTLogVerifier()); 17 if (!result->Init(public_key, description)) 18 result.reset(); 19 return result.Pass(); 20 } 21 22 bool CTLogVerifier::Verify(const ct::LogEntry& entry, 23 const ct::SignedCertificateTimestamp& sct) { 24 if (sct.log_id != key_id()) { 25 DVLOG(1) << "SCT is not signed by this log."; 26 return false; 27 } 28 29 if (sct.signature.hash_algorithm != hash_algorithm_) { 30 DVLOG(1) << "Mismatched hash algorithm. Expected " << hash_algorithm_ 31 << ", got " << sct.signature.hash_algorithm << "."; 32 return false; 33 } 34 35 if (sct.signature.signature_algorithm != signature_algorithm_) { 36 DVLOG(1) << "Mismatched sig algorithm. Expected " << signature_algorithm_ 37 << ", got " << sct.signature.signature_algorithm << "."; 38 return false; 39 } 40 41 std::string serialized_log_entry; 42 if (!ct::EncodeLogEntry(entry, &serialized_log_entry)) { 43 DVLOG(1) << "Unable to serialize entry."; 44 return false; 45 } 46 std::string serialized_data; 47 if (!ct::EncodeV1SCTSignedData(sct.timestamp, serialized_log_entry, 48 sct.extensions, &serialized_data)) { 49 DVLOG(1) << "Unable to create SCT to verify."; 50 return false; 51 } 52 53 return VerifySignature(serialized_data, sct.signature.signature_data); 54 } 55 56 } // namespace net 57
