OLD | NEW |
| (Empty) |
1 // Copyright 2014 The Chromium Authors. All rights reserved. | |
2 // Use of this source code is governed by a BSD-style license that can be | |
3 // found in the LICENSE file. | |
4 #ifndef NET_CERT_CERT_POLICY_ENFORCER_H | |
5 #define NET_CERT_CERT_POLICY_ENFORCER_H | |
6 | |
7 #include <stddef.h> | |
8 | |
9 #include "net/base/net_export.h" | |
10 #include "net/log/net_log.h" | |
11 | |
12 namespace net { | |
13 | |
14 namespace ct { | |
15 | |
16 struct CTVerifyResult; | |
17 class EVCertsWhitelist; | |
18 | |
19 } // namespace ct | |
20 | |
21 class X509Certificate; | |
22 | |
23 // Class for checking that a given certificate conforms to security-related | |
24 // policies. | |
25 class NET_EXPORT CertPolicyEnforcer { | |
26 public: | |
27 CertPolicyEnforcer() {} | |
28 virtual ~CertPolicyEnforcer() {} | |
29 | |
30 // Returns true if the collection of SCTs for the given certificate | |
31 // conforms with the CT/EV policy. Conformance details are logged to | |
32 // |net_log|. | |
33 // |cert| is the certificate for which the SCTs apply. | |
34 // |ct_result| must contain the result of verifying any SCTs associated with | |
35 // |cert| prior to invoking this method. | |
36 virtual bool DoesConformToCTEVPolicy(X509Certificate* cert, | |
37 const ct::EVCertsWhitelist* ev_whitelist, | |
38 const ct::CTVerifyResult& ct_result, | |
39 const BoundNetLog& net_log); | |
40 }; | |
41 | |
42 } // namespace net | |
43 | |
44 #endif // NET_CERT_CERT_POLICY_ENFORCER_H | |
OLD | NEW |