chrome_ct_policy_enforcer.cc | Explore in Territory

// Copyright 2014 The Chromium Authors
// Use of this source code is governed by a BSD-style license that can be
// found in the LICENSE file.

#include "components/certificate_transparency/chrome_ct_policy_enforcer.h"

#include <stdint.h>

#include <algorithm>
#include <memory>
#include <utility>

#include "base/feature_list.h"
#include "base/functional/bind.h"
#include "base/functional/callback_helpers.h"
#include "base/metrics/field_trial.h"
#include "base/metrics/histogram_macros.h"
#include "base/numerics/safe_conversions.h"
#include "base/strings/string_number_conversions.h"
#include "base/time/default_clock.h"
#include "base/time/time.h"
#include "base/values.h"
#include "base/version.h"
#include "components/certificate_transparency/ct_known_logs.h"
#include "crypto/sha2.h"
#include "net/cert/ct_policy_status.h"
#include "net/cert/signed_certificate_timestamp.h"
#include "net/cert/x509_certificate.h"
#include "net/log/net_log_capture_mode.h"
#include "net/log/net_log_event_type.h"
#include "net/log/net_log_with_source.h"

CTPolicyCompliance;

namespace certificate_transparency {

namespace {

base::Value::Dict NetLogCertComplianceCheckResultParams(
    net::X509Certificate* cert,
    bool build_timely,
    CTPolicyCompliance compliance) { … }

}  // namespace

OperatorHistoryEntry::OperatorHistoryEntry() = default;
OperatorHistoryEntry::~OperatorHistoryEntry() = default;
OperatorHistoryEntry::OperatorHistoryEntry(const OperatorHistoryEntry& other) =
    default;

ChromeCTPolicyEnforcer::ChromeCTPolicyEnforcer(
    base::Time log_list_date,
    std::vector<std::pair<std::string, base::Time>> disqualified_logs,
    std::map<std::string, OperatorHistoryEntry> log_operator_history)
    : … { … }

ChromeCTPolicyEnforcer::ChromeCTPolicyEnforcer(
    base::Time log_list_date,
    std::vector<std::pair<std::string, base::Time>> disqualified_logs,
    std::map<std::string, OperatorHistoryEntry> log_operator_history,
    const base::Clock* clock)
    : … { … }

ChromeCTPolicyEnforcer::~ChromeCTPolicyEnforcer() { … }

CTPolicyCompliance ChromeCTPolicyEnforcer::CheckCompliance(
    net::X509Certificate* cert,
    const net::ct::SCTList& verified_scts,
    const net::NetLogWithSource& net_log) const { … }

std::optional<base::Time> ChromeCTPolicyEnforcer::GetLogDisqualificationTime(
    std::string_view log_id) const { … }

bool ChromeCTPolicyEnforcer::IsCtEnabled() const { … }

bool ChromeCTPolicyEnforcer::IsLogDisqualified(
    std::string_view log_id,
    base::Time* out_disqualification_date) const { … }

bool ChromeCTPolicyEnforcer::IsLogDataTimely() const { … }

// Evaluates against the "on-or-after 15 April 2022" policy specified at
// https://googlechrome.github.io/CertificateTransparency/ct_policy.html
// (No certificate issued before that date could still be valid.)
CTPolicyCompliance ChromeCTPolicyEnforcer::CheckCTPolicyCompliance(
    const net::X509Certificate& cert,
    const net::ct::SCTList& verified_scts) const { … }

std::string ChromeCTPolicyEnforcer::GetOperatorForLog(
    std::string log_id,
    base::Time timestamp) const { … }

}  // namespace certificate_transparency
chromium/components/certificate_transparency/chrome_ct_policy_enforcer.cc
