Chromium Code Reviews
chromiumcodereview-hr@appspot.gserviceaccount.com (chromiumcodereview-hr) | Please choose your nickname with Settings | Help | Chromium Project | Gerrit Changes | Sign out
(1388)

Issues Search
    My Issues | Starred     Open | Closed | All

Unified Diff: net/cert/ct_policy_enforcer.h

Issue 1652603002: Add information to SSLInfo about CT EV policy compliance (Closed) Base URL: https://chromium.googlesource.com/chromium/src.git@master
Patch Set: rsleevi nits Created 4 years, 10 months ago
Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.
Jump to:
View side-by-side diff with in-line comments
Download patch
« no previous file with comments | « no previous file | net/cert/ct_policy_enforcer.cc » ('j') | no next file with comments »
Expand Comments ('e') | Collapse Comments ('c') | Show Comments Hide Comments ('s')
Index: net/cert/ct_policy_enforcer.h
diff --git a/net/cert/ct_policy_enforcer.h b/net/cert/ct_policy_enforcer.h
index 8c29da5ecb3a9891ef2be90a55ae873ab61c91d4..a2db8f0872e449a8d3b2c772126a5b00c5d6be8e 100644
--- a/net/cert/ct_policy_enforcer.h
+++ b/net/cert/ct_policy_enforcer.h
@@ -1,25 +1,30 @@
// Copyright 2014 The Chromium Authors. All rights reserved.
// Use of this source code is governed by a BSD-style license that can be
// found in the LICENSE file.
+
#ifndef NET_CERT_CT_POLICY_ENFORCER_H
#define NET_CERT_CT_POLICY_ENFORCER_H
#include <stddef.h>
+#include <vector>
#include "net/base/net_export.h"
+#include "net/cert/signed_certificate_timestamp.h"
#include "net/log/net_log.h"
namespace net {
namespace ct {
-struct CTVerifyResult;
class EVCertsWhitelist;
+enum class EVPolicyCompliance;
} // namespace ct
class X509Certificate;
+using SCTList = std::vector<scoped_refptr<ct::SignedCertificateTimestamp>>;
+
// Class for checking that a given certificate conforms to security-related
// policies.
class NET_EXPORT CTPolicyEnforcer {
@@ -27,16 +32,17 @@ class NET_EXPORT CTPolicyEnforcer {
CTPolicyEnforcer() {}
virtual ~CTPolicyEnforcer() {}
- // Returns true if the collection of SCTs for the given certificate
- // conforms with the CT/EV policy. Conformance details are logged to
- // |net_log|.
- // |cert| is the certificate for which the SCTs apply.
- // |ct_result| must contain the result of verifying any SCTs associated with
- // |cert| prior to invoking this method.
- virtual bool DoesConformToCTEVPolicy(X509Certificate* cert,
- const ct::EVCertsWhitelist* ev_whitelist,
- const ct::CTVerifyResult& ct_result,
- const BoundNetLog& net_log);
+ // Returns the CT/EV policy compliance status for a given certificate
+ // and collection of SCTs.
+ // |cert| is the certificate for which to check compliance, and
+ // |verified_scts| contains any/all SCTs associated with |cert| that
+ // have been verified (well-formed, issued by known logs, and applying to
+ // |cert|).
+ virtual ct::EVPolicyCompliance DoesConformToCTEVPolicy(
+ X509Certificate* cert,
+ const ct::EVCertsWhitelist* ev_whitelist,
+ const SCTList& verified_scts,
+ const BoundNetLog& net_log);
};
} // namespace net
« no previous file with comments | « no previous file | net/cert/ct_policy_enforcer.cc » ('j') | no next file with comments »

Powered by Google App Engine
This is Rietveld 408576698