1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
|
// Copyright 2018 The Chromium Authors
// Use of this source code is governed by a BSD-style license that can be
// found in the LICENSE file.
#ifndef COMPONENTS_CERTIFICATE_TRANSPARENCY_CHROME_CT_POLICY_ENFORCER_H_
#define COMPONENTS_CERTIFICATE_TRANSPARENCY_CHROME_CT_POLICY_ENFORCER_H_
#include <map>
#include <optional>
#include <string>
#include <string_view>
#include <utility>
#include <vector>
#include "base/component_export.h"
#include "base/gtest_prod_util.h"
#include "base/memory/raw_ptr.h"
#include "base/time/clock.h"
#include "base/time/time.h"
#include "net/cert/ct_policy_enforcer.h"
#include "services/network/public/mojom/ct_log_info.mojom.h"
namespace certificate_transparency {
struct COMPONENT_EXPORT(CERTIFICATE_TRANSPARENCY) OperatorHistoryEntry {
// Name of the current operator for the log.
std::string current_operator;
// Vector of previous operators (if any) for the log, represented as pairs of
// operator name and time when they stopped operating the log.
std::vector<std::pair<std::string, base::Time>> previous_operators;
OperatorHistoryEntry();
~OperatorHistoryEntry();
OperatorHistoryEntry(const OperatorHistoryEntry& other);
};
struct COMPONENT_EXPORT(CERTIFICATE_TRANSPARENCY) LogInfo {
// Operator history for this log.
OperatorHistoryEntry operator_history;
// Type of the log.
network::mojom::CTLogInfo::LogType log_type;
};
// A CTPolicyEnforcer that enforces the "Certificate Transparency in Chrome"
// policies detailed at
// https://github.com/chromium/ct-policy/blob/master/ct_policy.md
//
// This should only be used when there is a reliable, rapid update mechanism
// for the set of known, qualified logs - either through a reliable binary
// updating mechanism or through out-of-band delivery. See
// //net/docs/certificate-transparency.md for more details.
class COMPONENT_EXPORT(CERTIFICATE_TRANSPARENCY) ChromeCTPolicyEnforcer
: public net::CTPolicyEnforcer {
public:
// |logs| is a list of Certificate Transparency logs. Data about each log is
// needed to apply Chrome's policies. |disqualified_logs| is a map of log ID
// to disqualification date. (Log IDs are the SHA-256 hash of the log's
// DER-encoded SubjectPublicKeyInfo.) |log_list_date| is the time at which
// the other two arguments were generated. Both lists of logs must be sorted
// by log ID. |log_info| contains operator history and log types of the logs.
ChromeCTPolicyEnforcer(
base::Time log_list_date,
std::vector<std::pair<std::string, base::Time>> disqualified_logs,
std::map<std::string, LogInfo> log_info,
bool enable_static_ct_api_enforcement);
net::ct::CTPolicyCompliance CheckCompliance(
net::X509Certificate* cert,
const net::ct::SCTList& verified_scts,
base::Time current_time,
const net::NetLogWithSource& net_log) const override;
std::optional<base::Time> GetLogDisqualificationTime(
std::string_view log_id) const override;
bool IsCtEnabled() const override;
// TODO(crbug.com/41479068): These are exposed to allow end-to-end
// testing by higher layers (i.e. that the ChromeCTPolicyEnforcer is
// correctly constructed). When either this issue or https://crbug.com/848277
// are fixed, the configuration can be tested independently, and these can
// be removed.
const std::vector<std::pair<std::string, base::Time>>&
disqualified_logs_for_testing() {
return disqualified_logs_;
}
const std::map<std::string, LogInfo>& log_info_for_testing() const {
return log_info_;
}
protected:
~ChromeCTPolicyEnforcer() override;
private:
FRIEND_TEST_ALL_PREFIXES(ChromeCTPolicyEnforcerTest,
IsLogDisqualifiedTimestamp);
FRIEND_TEST_ALL_PREFIXES(ChromeCTPolicyEnforcerTest,
IsLogDisqualifiedReturnsFalseOnUnknownLog);
// Returns true if the log identified by |log_id| (the SHA-256 hash of the
// log's DER-encoded SPKI) has been disqualified, and sets
// |*disqualification_date| to the date of disqualification. Any SCTs that
// are embedded in certificates issued after |*disqualification_date| should
// not be trusted, nor contribute to any uniqueness or freshness
bool IsLogDisqualified(std::string_view log_id,
base::Time current_time,
base::Time* disqualification_date) const;
// Returns true if the supplied log data are fresh enough.
bool IsLogDataTimely(base::Time current_time) const;
net::ct::CTPolicyCompliance CheckCTPolicyCompliance(
const net::X509Certificate& cert,
const net::ct::SCTList& verified_scts,
base::Time current_time) const;
std::string GetOperatorForLog(const std::string& log_id,
base::Time timestamp) const;
network::mojom::CTLogInfo::LogType GetLogType(
const std::string& log_id) const;
// Map of SHA-256(SPKI) to log disqualification date.
const std::vector<std::pair<std::string, base::Time>> disqualified_logs_;
const std::map<std::string, LogInfo> log_info_;
// The time at which |disqualified_logs_| and |log_operator_history_| were
// generated.
const base::Time log_list_date_;
const bool enable_static_ct_api_enforcement_;
};
} // namespace certificate_transparency
#endif // COMPONENTS_CERTIFICATE_TRANSPARENCY_CHROME_CT_POLICY_ENFORCER_H_
|
