Index: net/cert/ct_verifier.h |
diff --git a/net/cert/ct_verifier.h b/net/cert/ct_verifier.h |
index 290a0474a649138733c902fdc5a8e47b6210f12d..18e187b07f9aae30ab1b2e3597cda2d1e779c1d1 100644 |
--- a/net/cert/ct_verifier.h |
+++ b/net/cert/ct_verifier.h |
@@ -5,21 +5,26 @@ |
#ifndef NET_CERT_CT_VERIFIER_H_ |
#define NET_CERT_CT_VERIFIER_H_ |
+#include "base/memory/ref_counted.h" |
+#include "base/observer_list.h" |
#include "net/base/net_export.h" |
namespace net { |
namespace ct { |
struct CTVerifyResult; |
+struct SignedCertificateTimestamp; |
} // namespace ct |
class BoundNetLog; |
+class CTLogVerifier; |
class X509Certificate; |
// Interface for verifying Signed Certificate Timestamps over a certificate. |
class NET_EXPORT CTVerifier { |
public: |
- virtual ~CTVerifier() {} |
+ CTVerifier(); |
+ virtual ~CTVerifier(); |
// Verifies SCTs embedded in the certificate itself, SCTs embedded in a |
// stapled OCSP response, and SCTs obtained via the |
@@ -36,6 +41,39 @@ class NET_EXPORT CTVerifier { |
const std::string& sct_list_from_tls_extension, |
ct::CTVerifyResult* result, |
const BoundNetLog& net_log) = 0; |
+ |
+ class NET_EXPORT Observer { |
+ public: |
+ virtual ~Observer() {} |
+ |
davidben
2015/05/07 21:59:38
Add a comment for when this is called and what |ve
Eran Messeri
2015/07/10 13:15:48
Done.
|
+ virtual void OnSCTVerified(const ct::SignedCertificateTimestamp* sct, |
+ CTLogVerifier* verifier) {} |
davidben
2015/05/07 21:59:38
I wonder if this is better in MultiLogCTVerifier i
Eran Messeri
2015/07/10 13:15:48
The distinction between CTVerifier and MultiLogCTV
Ryan Sleevi
2015/07/10 13:45:02
I seem to recall us discussing this in person and
Ryan Sleevi
2015/07/10 13:45:02
Well, no, it was somewhat intentional, not artific
Eran Messeri
2015/07/13 10:58:22
Acknowledged - the CTLogVerifier* is not needed he
|
+ |
+ protected: |
+ Observer() {} |
+ |
+ private: |
+ DISALLOW_COPY_AND_ASSIGN(Observer); |
+ }; |
+ |
+ // Registers |observer| to receive notifications of validated SCTs. The |
+ // thread on which this is called is the thread on which |observer| will be |
+ // called back with notifications. |
davidben
2015/05/07 21:59:38
Is this true? We're not using an ObserverListThrea
Eran Messeri
2015/07/10 13:15:48
Right, corrected the comment.
|
+ void AddObserver(Observer* observer); |
+ |
+ // Unregisters |observer| from receiving notifications. This must be called |
+ // on the same thread on which AddObserver() was called. |
+ void RemoveObserver(Observer* observer); |
+ |
+ protected: |
+ void NotifyObserversOfSCTVerified( |
+ scoped_refptr<ct::SignedCertificateTimestamp> sct, |
+ CTLogVerifier* verifier); |
+ |
+ private: |
+ ObserverList<Observer> observer_list_; |
+ |
+ DISALLOW_COPY_AND_ASSIGN(CTVerifier); |
}; |
} // namespace net |