Chromium Code Reviews
chromiumcodereview-hr@appspot.gserviceaccount.com (chromiumcodereview-hr) | Please choose your nickname with Settings | Help | Chromium Project | Gerrit Changes | Sign out
(22)

Issues Search
    My Issues | Starred     Open | Closed | All

Side by Side Diff: net/cert/ct_policy_enforcer.h

Issue 1652603002: Add information to SSLInfo about CT EV policy compliance (Closed) Base URL: https://chromium.googlesource.com/chromium/src.git@master
Patch Set: rsleevi nits Created 4 years, 10 months ago
Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.
Jump to:
View unified diff | Download patch
« no previous file with comments | « no previous file | net/cert/ct_policy_enforcer.cc » ('j') | no next file with comments »
Toggle Intra-line Diffs ('i') | Expand Comments ('e') | Collapse Comments ('c') | Show Comments Hide Comments ('s')
OLDNEW
1 // Copyright 2014 The Chromium Authors. All rights reserved. 1 // Copyright 2014 The Chromium Authors. All rights reserved.
2 // Use of this source code is governed by a BSD-style license that can be 2 // Use of this source code is governed by a BSD-style license that can be
3 // found in the LICENSE file. 3 // found in the LICENSE file.
4
4 #ifndef NET_CERT_CT_POLICY_ENFORCER_H 5 #ifndef NET_CERT_CT_POLICY_ENFORCER_H
5 #define NET_CERT_CT_POLICY_ENFORCER_H 6 #define NET_CERT_CT_POLICY_ENFORCER_H
6 7
7 #include <stddef.h> 8 #include <stddef.h>
9 #include <vector>
8 10
9 #include "net/base/net_export.h" 11 #include "net/base/net_export.h"
12 #include "net/cert/signed_certificate_timestamp.h"
10 #include "net/log/net_log.h" 13 #include "net/log/net_log.h"
11 14
12 namespace net { 15 namespace net {
13 16
14 namespace ct { 17 namespace ct {
15 18
16 struct CTVerifyResult;
17 class EVCertsWhitelist; 19 class EVCertsWhitelist;
20 enum class EVPolicyCompliance;
18 21
19 } // namespace ct 22 } // namespace ct
20 23
21 class X509Certificate; 24 class X509Certificate;
22 25
26 using SCTList = std::vector<scoped_refptr<ct::SignedCertificateTimestamp>>;
27
23 // Class for checking that a given certificate conforms to security-related 28 // Class for checking that a given certificate conforms to security-related
24 // policies. 29 // policies.
25 class NET_EXPORT CTPolicyEnforcer { 30 class NET_EXPORT CTPolicyEnforcer {
26 public: 31 public:
27 CTPolicyEnforcer() {} 32 CTPolicyEnforcer() {}
28 virtual ~CTPolicyEnforcer() {} 33 virtual ~CTPolicyEnforcer() {}
29 34
30 // Returns true if the collection of SCTs for the given certificate 35 // Returns the CT/EV policy compliance status for a given certificate
31 // conforms with the CT/EV policy. Conformance details are logged to 36 // and collection of SCTs.
32 // |net_log|. 37 // |cert| is the certificate for which to check compliance, and
33 // |cert| is the certificate for which the SCTs apply. 38 // |verified_scts| contains any/all SCTs associated with |cert| that
34 // |ct_result| must contain the result of verifying any SCTs associated with 39 // have been verified (well-formed, issued by known logs, and applying to
35 // |cert| prior to invoking this method. 40 // |cert|).
36 virtual bool DoesConformToCTEVPolicy(X509Certificate* cert, 41 virtual ct::EVPolicyCompliance DoesConformToCTEVPolicy(
37 const ct::EVCertsWhitelist* ev_whitelist, 42 X509Certificate* cert,
38 const ct::CTVerifyResult& ct_result, 43 const ct::EVCertsWhitelist* ev_whitelist,
39 const BoundNetLog& net_log); 44 const SCTList& verified_scts,
45 const BoundNetLog& net_log);
40 }; 46 };
41 47
42 } // namespace net 48 } // namespace net
43 49
44 #endif // NET_CERT_CT_POLICY_ENFORCER_H 50 #endif // NET_CERT_CT_POLICY_ENFORCER_H
OLDNEW
« no previous file with comments | « no previous file | net/cert/ct_policy_enforcer.cc » ('j') | no next file with comments »

Powered by Google App Engine
This is Rietveld 408576698