OLD | NEW |
---|---|
1 // Copyright 2014 The Chromium Authors. All rights reserved. | 1 // Copyright 2014 The Chromium Authors. All rights reserved. |
2 // Use of this source code is governed by a BSD-style license that can be | 2 // Use of this source code is governed by a BSD-style license that can be |
3 // found in the LICENSE file. | 3 // found in the LICENSE file. |
4 #ifndef NET_CERT_CT_POLICY_ENFORCER_H | 4 #ifndef NET_CERT_CT_POLICY_ENFORCER_H |
Ryan Sleevi
2016/02/18 06:46:51
There's supposed to be a newline between 3 & 4
estark
2016/02/18 19:24:31
Done.
| |
5 #define NET_CERT_CT_POLICY_ENFORCER_H | 5 #define NET_CERT_CT_POLICY_ENFORCER_H |
6 | 6 |
7 #include <stddef.h> | 7 #include <stddef.h> |
8 | 8 |
9 #include "net/base/net_export.h" | 9 #include "net/base/net_export.h" |
10 #include "net/cert/ct_policy_status.h" | |
11 #include "net/cert/signed_certificate_timestamp.h" | |
10 #include "net/log/net_log.h" | 12 #include "net/log/net_log.h" |
11 | 13 |
12 namespace net { | 14 namespace net { |
13 | 15 |
14 namespace ct { | 16 namespace ct { |
15 | 17 |
16 struct CTVerifyResult; | |
17 class EVCertsWhitelist; | 18 class EVCertsWhitelist; |
18 | 19 |
19 } // namespace ct | 20 } // namespace ct |
20 | 21 |
21 class X509Certificate; | 22 class X509Certificate; |
22 | 23 |
24 using SCTList = std::vector<scoped_refptr<ct::SignedCertificateTimestamp>>; | |
Ryan Sleevi
2016/02/18 06:46:51
Missing include: vector
estark
2016/02/18 19:24:31
Done.
| |
25 | |
23 // Class for checking that a given certificate conforms to security-related | 26 // Class for checking that a given certificate conforms to security-related |
24 // policies. | 27 // policies. |
25 class NET_EXPORT CTPolicyEnforcer { | 28 class NET_EXPORT CTPolicyEnforcer { |
26 public: | 29 public: |
27 CTPolicyEnforcer() {} | 30 CTPolicyEnforcer() {} |
28 virtual ~CTPolicyEnforcer() {} | 31 virtual ~CTPolicyEnforcer() {} |
29 | 32 |
30 // Returns true if the collection of SCTs for the given certificate | 33 // Returns an enum indicating if the collection of SCTs for the given |
31 // conforms with the CT/EV policy. Conformance details are logged to | 34 // certificate conforms with the CT/EV policy. Conformance details are logged |
Ryan Sleevi
2016/02/18 06:46:51
Comment nit:
It feels weird to say "returns an enu
estark
2016/02/18 19:24:31
Done.
| |
32 // |net_log|. | 35 // to |net_log|. |
33 // |cert| is the certificate for which the SCTs apply. | 36 // |cert| is the certificate for which the SCTs apply. |
34 // |ct_result| must contain the result of verifying any SCTs associated with | 37 // |verified_scts| contains any SCTs associated with |cert| that were |
35 // |cert| prior to invoking this method. | 38 // verified prior to invoking this method and found to be valid. |
36 virtual bool DoesConformToCTEVPolicy(X509Certificate* cert, | 39 virtual ct::EVPolicyCompliance DoesConformToCTEVPolicy( |
37 const ct::EVCertsWhitelist* ev_whitelist, | 40 X509Certificate* cert, |
38 const ct::CTVerifyResult& ct_result, | 41 const ct::EVCertsWhitelist* ev_whitelist, |
39 const BoundNetLog& net_log); | 42 const SCTList& verified_scts, |
43 const BoundNetLog& net_log); | |
40 }; | 44 }; |
41 | 45 |
42 } // namespace net | 46 } // namespace net |
43 | 47 |
44 #endif // NET_CERT_CT_POLICY_ENFORCER_H | 48 #endif // NET_CERT_CT_POLICY_ENFORCER_H |
OLD | NEW |