net/cert/ct_policy_enforcer.h - Issue 1652603002: Add information to SSLInfo about CT EV policy compliance

Side by Side Diff: net/cert/ct_policy_enforcer.h

Issue 1652603002: Add information to SSLInfo about CT EV policy compliance (Closed) Base URL: https://chromium.googlesource.com/chromium/src.git@master

Patch Set: some cleanup Created 4 years, 10 months ago

Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.

Jump to:

View unified diff | Download patch

OLD	NEW
1 // Copyright 2014 The Chromium Authors. All rights reserved.	1 // Copyright 2014 The Chromium Authors. All rights reserved.

2 // Use of this source code is governed by a BSD-style license that can be	2 // Use of this source code is governed by a BSD-style license that can be

3 // found in the LICENSE file.	3 // found in the LICENSE file.

4 #ifndef NET_CERT_CT_POLICY_ENFORCER_H	4 #ifndef NET_CERT_CT_POLICY_ENFORCER_H
	Ryan Sleevi 2016/02/18 06:46:51 There's supposed to be a newline between 3 & 4 There's supposed to be a newline between 3 & 4 estark 2016/02/18 19:24:31 Done. Show quoted text On 2016/02/18 06:46:51, Ryan Sleevi (Slow to 2-21) wrote: > There's supposed to be a newline between 3 & 4 Done.
5 #define NET_CERT_CT_POLICY_ENFORCER_H	5 #define NET_CERT_CT_POLICY_ENFORCER_H

6	6

7 #include <stddef.h>	7 #include <stddef.h>

8	8

9 #include "net/base/net_export.h"	9 #include "net/base/net_export.h"

	10 #include "net/cert/ct_policy_status.h"

	11 #include "net/cert/signed_certificate_timestamp.h"

10 #include "net/log/net_log.h"	12 #include "net/log/net_log.h"

11	13

12 namespace net {	14 namespace net {

13	15

14 namespace ct {	16 namespace ct {

15	17

16 struct CTVerifyResult;

17 class EVCertsWhitelist;	18 class EVCertsWhitelist;

18	19

19 } // namespace ct	20 } // namespace ct

20	21

21 class X509Certificate;	22 class X509Certificate;

22	23

	24 using SCTList = std::vector<scoped_refptr<ct::SignedCertificateTimestamp>>;
	Ryan Sleevi 2016/02/18 06:46:51 Missing include: vector Missing include: vector estark 2016/02/18 19:24:31 Done. Show quoted text On 2016/02/18 06:46:51, Ryan Sleevi (Slow to 2-21) wrote: > Missing include: vector Done.
	25

23 // Class for checking that a given certificate conforms to security-related	26 // Class for checking that a given certificate conforms to security-related

24 // policies.	27 // policies.

25 class NET_EXPORT CTPolicyEnforcer {	28 class NET_EXPORT CTPolicyEnforcer {

26 public:	29 public:

27 CTPolicyEnforcer() {}	30 CTPolicyEnforcer() {}

28 virtual ~CTPolicyEnforcer() {}	31 virtual ~CTPolicyEnforcer() {}

29	32

30 // Returns true if the collection of SCTs for the given certificate	33 // Returns an enum indicating if the collection of SCTs for the given

31 // conforms with the CT/EV policy. Conformance details are logged to	34 // certificate conforms with the CT/EV policy. Conformance details are logged
	Ryan Sleevi 2016/02/18 06:46:51 Comment nit: It feels weird to say "returns an enu Comment nit: It feels weird to say "returns an enum" (that feels a bit like documenting the interface prosaically) and it feels weird to say "if", since it always returns an enum // Returns the compliance status to the CT/EV policy for a given certificate and collection of SCTs. // \|cert\| is the certificate to check the compliance of, and \|verified_scts\| contains any/all SCTs // associated with \|cert\| that have been verified (well-formed, issued by known logs, applying to // \|cert\|) There's probably better ways to phrase that, but that gives the rough idea. estark 2016/02/18 19:24:31 Done. Show quoted text On 2016/02/18 06:46:51, Ryan Sleevi (Slow to 2-21) wrote: > Comment nit: > It feels weird to say "returns an enum" (that feels a bit like documenting the > interface prosaically) and it feels weird to say "if", since it always returns > an enum > > // Returns the compliance status to the CT/EV policy for a given certificate and > collection of SCTs. > // \|cert\| is the certificate to check the compliance of, and \|verified_scts\| > contains any/all SCTs > // associated with \|cert\| that have been verified (well-formed, issued by known > logs, applying to > // \|cert\|) > > There's probably better ways to phrase that, but that gives the rough idea. Done.
32 // \|net_log\|.	35 // to \|net_log\|.

33 // \|cert\| is the certificate for which the SCTs apply.	36 // \|cert\| is the certificate for which the SCTs apply.

34 // \|ct_result\| must contain the result of verifying any SCTs associated with	37 // \|verified_scts\| contains any SCTs associated with \|cert\| that were

35 // \|cert\| prior to invoking this method.	38 // verified prior to invoking this method and found to be valid.

36 virtual bool DoesConformToCTEVPolicy(X509Certificate* cert,	39 virtual ct::EVPolicyCompliance DoesConformToCTEVPolicy(

37 const ct::EVCertsWhitelist* ev_whitelist,	40 X509Certificate* cert,

38 const ct::CTVerifyResult& ct_result,	41 const ct::EVCertsWhitelist* ev_whitelist,

39 const BoundNetLog& net_log);	42 const SCTList& verified_scts,

	43 const BoundNetLog& net_log);

40 };	44 };

41	45

42 } // namespace net	46 } // namespace net

43	47

44 #endif // NET_CERT_CT_POLICY_ENFORCER_H	48 #endif // NET_CERT_CT_POLICY_ENFORCER_H

OLD	NEW

« no previous file with comments | « no previous file | net/cert/ct_policy_enforcer.cc » ('j') | net/cert/ct_policy_enforcer_unittest.cc » ('J')