OLD | NEW |
1 // Copyright 2014 The Chromium Authors. All rights reserved. | 1 // Copyright 2014 The Chromium Authors. All rights reserved. |
2 // Use of this source code is governed by a BSD-style license that can be | 2 // Use of this source code is governed by a BSD-style license that can be |
3 // found in the LICENSE file. | 3 // found in the LICENSE file. |
4 #ifndef NET_CERT_CT_POLICY_ENFORCER_H | 4 #ifndef NET_CERT_CT_POLICY_ENFORCER_H |
5 #define NET_CERT_CT_POLICY_ENFORCER_H | 5 #define NET_CERT_CT_POLICY_ENFORCER_H |
6 | 6 |
7 #include <stddef.h> | 7 #include <stddef.h> |
8 | 8 |
9 #include "net/base/net_export.h" | 9 #include "net/base/net_export.h" |
| 10 #include "net/cert/cert_status_flags.h" |
10 #include "net/log/net_log.h" | 11 #include "net/log/net_log.h" |
11 | 12 |
12 namespace net { | 13 namespace net { |
13 | 14 |
14 namespace ct { | 15 namespace ct { |
15 | 16 |
16 struct CTVerifyResult; | 17 struct CTVerifyResult; |
17 class EVCertsWhitelist; | 18 class EVCertsWhitelist; |
18 | 19 |
19 } // namespace ct | 20 } // namespace ct |
20 | 21 |
21 class X509Certificate; | 22 class X509Certificate; |
22 | 23 |
23 // Class for checking that a given certificate conforms to security-related | 24 // Class for checking that a given certificate conforms to |
24 // policies. | 25 // Certificate-Transparency-related policies. |
25 class NET_EXPORT CTPolicyEnforcer { | 26 class NET_EXPORT CTPolicyEnforcer { |
26 public: | 27 public: |
27 CTPolicyEnforcer() {} | 28 CTPolicyEnforcer() {} |
28 virtual ~CTPolicyEnforcer() {} | 29 virtual ~CTPolicyEnforcer() {} |
29 | 30 |
30 // Returns true if the collection of SCTs for the given certificate | 31 // Returns true if the collection of SCTs for the given |certificate| |
31 // conforms with the CT/EV policy. Conformance details are logged to | 32 // conforms with the CT certificate policy. |
32 // |net_log|. | |
33 // |cert| is the certificate for which the SCTs apply. | 33 // |cert| is the certificate for which the SCTs apply. |
34 // |ct_result| must contain the result of verifying any SCTs associated with | 34 // |ct_result| must contain the result of verifying any SCTs associated with |
35 // |cert| prior to invoking this method. | 35 // |cert| prior to invoking this method. |
36 virtual bool DoesConformToCTEVPolicy(X509Certificate* cert, | 36 virtual bool DoesConformToCertPolicy(X509Certificate* cert, |
37 const ct::EVCertsWhitelist* ev_whitelist, | 37 const ct::CTVerifyResult& ct_result); |
38 const ct::CTVerifyResult& ct_result, | 38 |
39 const BoundNetLog& net_log); | 39 // Returns true if the collection of SCTs for the given |certificate| |
| 40 // and |cert_status| conforms with the EV policy. Conformance details |
| 41 // are logged to |net_log|. |
| 42 // |cert| is the certificate for which the SCTs apply. |
| 43 // |cert_status| is the CertStatus computed for |cert|. |
| 44 // |ev_whitelist| is a whitelist of EV certificates for which CT policy need |
| 45 // not apply. |
| 46 virtual bool DoesConformToEVPolicy(X509Certificate* cert, |
| 47 CertStatus cert_status, |
| 48 const ct::EVCertsWhitelist* ev_whitelist, |
| 49 const BoundNetLog& net_log); |
40 }; | 50 }; |
41 | 51 |
42 } // namespace net | 52 } // namespace net |
43 | 53 |
44 #endif // NET_CERT_CT_POLICY_ENFORCER_H | 54 #endif // NET_CERT_CT_POLICY_ENFORCER_H |
OLD | NEW |