OLD | NEW |
| (Empty) |
1 // Copyright (c) 2011 The Chromium Authors. All rights reserved. | |
2 // Use of this source code is governed by a BSD-style license that can be | |
3 // found in the LICENSE file. | |
4 | |
5 #ifndef NET_SOCKET_DNS_CERT_PROVENANCE_CHECKER_H | |
6 #define NET_SOCKET_DNS_CERT_PROVENANCE_CHECKER_H | |
7 | |
8 #include <string> | |
9 #include <vector> | |
10 | |
11 #include "base/string_piece.h" | |
12 #include "net/base/net_export.h" | |
13 | |
14 namespace net { | |
15 | |
16 class DnsRRResolver; | |
17 | |
18 // DnsCertProvenanceChecker is an interface for asynchronously checking HTTPS | |
19 // certificates via a DNS side-channel. | |
20 class NET_EXPORT DnsCertProvenanceChecker { | |
21 public: | |
22 class NET_EXPORT Delegate { | |
23 public: | |
24 virtual ~Delegate(); | |
25 | |
26 virtual void OnDnsCertLookupFailed( | |
27 const std::string& hostname, | |
28 const std::vector<std::string>& der_certs) = 0; | |
29 }; | |
30 | |
31 virtual ~DnsCertProvenanceChecker(); | |
32 | |
33 virtual void Shutdown() = 0; | |
34 | |
35 // DoAsyncVerification starts an asynchronous check for the given certificate | |
36 // chain. It must be run on the network thread. | |
37 virtual void DoAsyncVerification( | |
38 const std::string& hostname, | |
39 const std::vector<base::StringPiece>& der_certs) = 0; | |
40 | |
41 | |
42 protected: | |
43 // DoAsyncLookup performs a DNS lookup for the given name and certificate | |
44 // chain. In the event that the lookup reports a failure, the Delegate is | |
45 // called back. | |
46 static void DoAsyncLookup( | |
47 const std::string& hostname, | |
48 const std::vector<base::StringPiece>& der_certs, | |
49 DnsRRResolver* dnsrr_resolver, | |
50 Delegate* delegate); | |
51 | |
52 // BuildEncryptedRecord encrypts the certificate chain to a fixed public key | |
53 // and returns the encrypted blob. Since this code is reporting a possible | |
54 // HTTPS failure, it would seem silly to use HTTPS to protect the uploaded | |
55 // report. | |
56 static std::string BuildEncryptedReport( | |
57 const std::string& hostname, | |
58 const std::vector<std::string>& der_certs); | |
59 }; | |
60 | |
61 } // namespace net | |
62 | |
63 #endif // NET_SOCKET_DNS_CERT_PROVENANCE_CHECK_H | |
OLD | NEW |