Chromium Code Reviews
chromiumcodereview-hr@appspot.gserviceaccount.com (chromiumcodereview-hr) | Please choose your nickname with Settings | Help | Chromium Project | Gerrit Changes | Sign out
(3)

Issues Search
    My Issues | Starred     Open | Closed | All

Side by Side Diff: net/cert/ct_policy_enforcer.h

Issue 1652603002: Add information to SSLInfo about CT EV policy compliance (Closed) Base URL: https://chromium.googlesource.com/chromium/src.git@master
Patch Set: add TODO for CTVerifyResult in CTPolicyEnforcer tests Created 4 years, 10 months ago
Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.
Jump to:
View unified diff | Download patch
« no previous file with comments | « no previous file | net/cert/ct_policy_enforcer.cc » ('j') | net/quic/crypto/proof_verifier_chromium.cc » ('J')
Toggle Intra-line Diffs ('i') | Expand Comments ('e') | Collapse Comments ('c') | Show Comments Hide Comments ('s')
OLDNEW
1 // Copyright 2014 The Chromium Authors. All rights reserved. 1 // Copyright 2014 The Chromium Authors. All rights reserved.
2 // Use of this source code is governed by a BSD-style license that can be 2 // Use of this source code is governed by a BSD-style license that can be
3 // found in the LICENSE file. 3 // found in the LICENSE file.
4 #ifndef NET_CERT_CT_POLICY_ENFORCER_H 4 #ifndef NET_CERT_CT_POLICY_ENFORCER_H
5 #define NET_CERT_CT_POLICY_ENFORCER_H 5 #define NET_CERT_CT_POLICY_ENFORCER_H
6 6
7 #include <stddef.h> 7 #include <stddef.h>
8 8
9 #include "net/base/net_export.h" 9 #include "net/base/net_export.h"
10 #include "net/cert/ct_policy_status.h"
11 #include "net/cert/signed_certificate_timestamp.h"
10 #include "net/log/net_log.h" 12 #include "net/log/net_log.h"
11 13
12 namespace net { 14 namespace net {
13 15
14 namespace ct { 16 namespace ct {
15 17
16 struct CTVerifyResult;
17 class EVCertsWhitelist; 18 class EVCertsWhitelist;
18 19
19 } // namespace ct 20 } // namespace ct
20 21
21 class X509Certificate; 22 class X509Certificate;
22 23
24 using SCTList = std::vector<scoped_refptr<ct::SignedCertificateTimestamp>>;
25
23 // Class for checking that a given certificate conforms to security-related 26 // Class for checking that a given certificate conforms to security-related
24 // policies. 27 // policies.
25 class NET_EXPORT CTPolicyEnforcer { 28 class NET_EXPORT CTPolicyEnforcer {
26 public: 29 public:
27 CTPolicyEnforcer() {} 30 CTPolicyEnforcer() {}
28 virtual ~CTPolicyEnforcer() {} 31 virtual ~CTPolicyEnforcer() {}
29 32
30 // Returns true if the collection of SCTs for the given certificate 33 // Returns an enum indicating if the collection of SCTs for the given
31 // conforms with the CT/EV policy. Conformance details are logged to 34 // certificate conforms with the CT/EV policy. Conformance details are logged
32 // |net_log|. 35 // to |net_log|.
33 // |cert| is the certificate for which the SCTs apply. 36 // |cert| is the certificate for which the SCTs apply.
34 // |ct_result| must contain the result of verifying any SCTs associated with 37 // |verified_scts| contains any SCTs associated with |cert| that were
35 // |cert| prior to invoking this method. 38 // verified prior to invoking this method and found to be valid.
36 virtual bool DoesConformToCTEVPolicy(X509Certificate* cert, 39 virtual ct::EVPolicyCompliance DoesConformToCTEVPolicy(
37 const ct::EVCertsWhitelist* ev_whitelist, 40 X509Certificate* cert,
38 const ct::CTVerifyResult& ct_result, 41 const ct::EVCertsWhitelist* ev_whitelist,
39 const BoundNetLog& net_log); 42 const SCTList& verified_scts,
43 const BoundNetLog& net_log);
40 }; 44 };
41 45
42 } // namespace net 46 } // namespace net
43 47
44 #endif // NET_CERT_CT_POLICY_ENFORCER_H 48 #endif // NET_CERT_CT_POLICY_ENFORCER_H
OLDNEW
« no previous file with comments | « no previous file | net/cert/ct_policy_enforcer.cc » ('j') | net/quic/crypto/proof_verifier_chromium.cc » ('J')

Powered by Google App Engine
This is Rietveld 408576698