Chromium Code Reviews
chromiumcodereview-hr@appspot.gserviceaccount.com (chromiumcodereview-hr) | Please choose your nickname with Settings | Help | Chromium Project | Gerrit Changes | Sign out
(128)

Issues Search
    My Issues | Starred     Open | Closed | All

Unified Diff: net/cert/ct_policy_enforcer.h

Issue 1578993003: Add Expect CT policy that gets checked on all certs (Closed) Base URL: https://chromium.googlesource.com/chromium/src.git@master
Patch Set: tweaks Created 4 years, 11 months ago
Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.
Jump to:
View side-by-side diff with in-line comments
Download patch
« no previous file with comments | « no previous file | net/cert/ct_policy_enforcer.cc » ('j') | net/cert/ct_policy_enforcer.cc » ('J')
Expand Comments ('e') | Collapse Comments ('c') | Show Comments Hide Comments ('s')
Index: net/cert/ct_policy_enforcer.h
diff --git a/net/cert/ct_policy_enforcer.h b/net/cert/ct_policy_enforcer.h
index 8c29da5ecb3a9891ef2be90a55ae873ab61c91d4..41020766bc41bcf5f27a254e77426a4cd517448f 100644
--- a/net/cert/ct_policy_enforcer.h
+++ b/net/cert/ct_policy_enforcer.h
@@ -7,6 +7,7 @@
#include <stddef.h>
#include "net/base/net_export.h"
+#include "net/cert/cert_status_flags.h"
#include "net/log/net_log.h"
namespace net {
@@ -20,23 +21,32 @@ class EVCertsWhitelist;
class X509Certificate;
-// Class for checking that a given certificate conforms to security-related
-// policies.
+// Class for checking that a given certificate conforms to
+// Certificate-Transparency-related policies.
class NET_EXPORT CTPolicyEnforcer {
public:
CTPolicyEnforcer() {}
virtual ~CTPolicyEnforcer() {}
- // Returns true if the collection of SCTs for the given certificate
- // conforms with the CT/EV policy. Conformance details are logged to
- // |net_log|.
+ // Returns true if the collection of SCTs for the given |certificate|
+ // conforms with the CT certificate policy.
// |cert| is the certificate for which the SCTs apply.
// |ct_result| must contain the result of verifying any SCTs associated with
// |cert| prior to invoking this method.
- virtual bool DoesConformToCTEVPolicy(X509Certificate* cert,
- const ct::EVCertsWhitelist* ev_whitelist,
- const ct::CTVerifyResult& ct_result,
- const BoundNetLog& net_log);
+ virtual bool DoesConformToCertPolicy(X509Certificate* cert,
+ const ct::CTVerifyResult& ct_result);
+
+ // Returns true if the collection of SCTs for the given |certificate|
+ // and |cert_status| conforms with the EV policy. Conformance details
+ // are logged to |net_log|.
+ // |cert| is the certificate for which the SCTs apply.
+ // |cert_status| is the CertStatus computed for |cert|.
+ // |ev_whitelist| is a whitelist of EV certificates for which CT policy need
+ // not apply.
+ virtual bool DoesConformToEVPolicy(X509Certificate* cert,
+ CertStatus cert_status,
+ const ct::EVCertsWhitelist* ev_whitelist,
+ const BoundNetLog& net_log);
};
} // namespace net
« no previous file with comments | « no previous file | net/cert/ct_policy_enforcer.cc » ('j') | net/cert/ct_policy_enforcer.cc » ('J')

Powered by Google App Engine
This is Rietveld 408576698