Index: net/cert/ct_known_logs.h |
diff --git a/net/cert/ct_known_logs.h b/net/cert/ct_known_logs.h |
index 48904c2cc54771c4a0da73a8e9c622cc850222fe..cbc4b2c6fb2b62807fc25d04fa32135c112ebdd7 100644 |
--- a/net/cert/ct_known_logs.h |
+++ b/net/cert/ct_known_logs.h |
@@ -12,6 +12,10 @@ |
#include "build/build_config.h" |
#include "net/base/net_export.h" |
+namespace base { |
+class Time; |
+} // namespace base |
+ |
namespace net { |
class CTLogVerifier; |
@@ -20,12 +24,25 @@ |
#if !defined(OS_NACL) |
// CreateLogVerifiersForKnownLogs returns a vector of CT logs for all the known |
-// and trusted logs. |
+// logs. This set includes logs that are presently qualified for inclusion and |
+// logs which were previously qualifying, but have since been disqualified. To |
+// determine the status of a given log, use |IsLogDisqualified()|. |
NET_EXPORT std::vector<scoped_refptr<const CTLogVerifier>> |
CreateLogVerifiersForKnownLogs(); |
#endif |
+// Returns true if the log identified by |log_id| (the SHA-256 hash of the |
+// log's DER-encoded SPKI) is operated by Google. |
NET_EXPORT bool IsLogOperatedByGoogle(base::StringPiece log_id); |
+ |
+// Returns true if the log identified by |log_id| (the SHA-256 hash of the |
+// log's DER-encoded SPKI) has been disqualified, and sets |
+// |*disqualification_date| to the date of disqualification. Any SCTs that |
+// are embedded in certificates issued after |*disqualification_date| should |
+// not be trusted, nor contribute to any uniqueness or freshness |
+// requirements. |
+NET_EXPORT bool IsLogDisqualified(base::StringPiece log_id, |
+ base::Time* disqualification_date); |
} // namespace ct |