Certificate Transparency: Fetching of Signed Tree Heads (DRAFT)

net/cert/ct_verifier.h

Index: net/cert/ct_verifier.h
diff --git a/net/cert/ct_verifier.h b/net/cert/ct_verifier.h
index 290a0474a649138733c902fdc5a8e47b6210f12d..99b9f6ad9704cce8aee076ff1846619239669bb3 100644
--- a/net/cert/ct_verifier.h
+++ b/net/cert/ct_verifier.h
@@ -5,21 +5,41 @@
 #ifndef NET_CERT_CT_VERIFIER_H_
 #define NET_CERT_CT_VERIFIER_H_
 
+#include <string>
+
+#include "base/macros.h"
 #include "net/base/net_export.h"
 
 namespace net {
 
 namespace ct {
 struct CTVerifyResult;
+struct SignedCertificateTimestamp;
 }  // namespace ct
 
 class BoundNetLog;
+class CTLogVerifier;
 class X509Certificate;
 
 // Interface for verifying Signed Certificate Timestamps over a certificate.
 class NET_EXPORT CTVerifier {
  public:
-  virtual ~CTVerifier() {}
+  class NET_EXPORT Observer {
+   public:
+    virtual ~Observer() {}
+
+    virtual void OnSCTVerified(const ct::SignedCertificateTimestamp* sct,

[Ryan Sleevi, 2015/06/29 11:58:13]

Document when/how this is called

+                               CTLogVerifier* verifier) {}

[Ryan Sleevi, 2015/06/29 11:58:13]

make this pure virtual

+
+   protected:
+    Observer() {}
+
+   private:
+    DISALLOW_COPY_AND_ASSIGN(Observer);

[Ryan Sleevi, 2015/06/29 11:58:13]

delete; unneeded for pure interfaces

+  };
+
+  CTVerifier();
+  virtual ~CTVerifier();
 
   // Verifies SCTs embedded in the certificate itself, SCTs embedded in a
   // stapled OCSP response, and SCTs obtained via the
@@ -36,6 +56,18 @@ class NET_EXPORT CTVerifier {
                      const std::string& sct_list_from_tls_extension,
                      ct::CTVerifyResult* result,
                      const BoundNetLog& net_log) = 0;
+
+  virtual void StopNotifications() = 0;
+
+  // Registers |observer| to receive notifications of validated SCTs. The
+  // thread on which this is called is the thread on which |observer| will be
+  // called back with notifications. Does not take ownership of the observer
+  // as the observer may be performing URLRequests which have to be cancelled
+  // before this object is destroyed.
+  virtual void SetObserver(Observer* observer) = 0;
+
+ private:
+  DISALLOW_COPY_AND_ASSIGN(CTVerifier);

[Ryan Sleevi, 2015/06/29 11:58:13]

ditto about unneeded for pure interfaces

 };
 
 }  // namespace net