Chromium Code Reviews
chromiumcodereview-hr@appspot.gserviceaccount.com (chromiumcodereview-hr) | Please choose your nickname with Settings | Help | Chromium Project | Gerrit Changes | Sign out
(1937)

Issues Search
    My Issues | Starred     Open | Closed | All

Unified Diff: net/cert/ocsp_staple.h

Issue 2040513003: Implement Expect-Staple (Closed) Base URL: https://chromium.googlesource.com/chromium/src.git@master
Patch Set: Remove call to GetSSLInfo Created 4 years, 6 months ago
Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.
Jump to:
View side-by-side diff with in-line comments
Download patch
« no previous file with comments | « no previous file | net/cert/ocsp_staple.cc » ('j') | net/cert/ocsp_staple.cc » ('J')
Expand Comments ('e') | Collapse Comments ('c') | Show Comments Hide Comments ('s')
Index: net/cert/ocsp_staple.h
diff --git a/net/cert/ocsp_staple.h b/net/cert/ocsp_staple.h
new file mode 100644
index 0000000000000000000000000000000000000000..76c08bda488795210b1f69743d88392522834900
--- /dev/null
+++ b/net/cert/ocsp_staple.h
@@ -0,0 +1,70 @@
+// Copyright 2016 The Chromium Authors. All rights reserved.
+// Use of this source code is governed by a BSD-style license that can be
+// found in the LICENSE file.
+
+#ifndef NET_CERT_OCSP_STAPLE_H
+#define NET_CERT_OCSP_STAPLE_H
+
+#include <memory>
+
+#include "base/macros.h"
+#include "base/time/time.h"
+#include "net/base/net_export.h"
+#include "net/cert/internal/parse_ocsp.h"
+#include "net/cert/x509_certificate.h"
+
+namespace net {
+
+class NET_EXPORT ExpectStapleReport {
estark 2016/06/14 02:10:28 Probably should document this class with a comment
dadrian 2016/06/14 18:40:01 Done.
+ public:
+ ExpectStapleReport();
+ ~ExpectStapleReport();
+
+ // Stores the validity of a single stapled response.
+ struct SingleResult {
+ bool is_date_valid = false;
+ bool is_correct_certificate = false;
+ OCSPCertStatus::Status status = OCSPCertStatus::Status::UNKNOWN;
+ };
+
+ // Represents where the staple verification an error occured.
estark 2016/06/14 02:10:28 typo; extra "an"?
dadrian 2016/06/14 18:40:01 Done.
+ enum class StapleError {
+ OK = 0,
+ PARSE_RESPONSE = 1,
+ BAD_RESPONSE = 2,
+ PARSE_RESPONSE_DATA = 3,
+ PARSE_SINGLE_RESPONSE = 4,
+ NO_MATCHING_RESPONSE = 5
+ };
+
+ // Creates an ExpectStapleReport from an unparsed OCSP response.
+ // This compares the serial number of the certificate, and verifies that
+ // |verify_time| is within thisUpdate and nextUpdate, and that thisUpdate is
+ // at least as recent as |verify_time - max_age|.
+ //
+ // TODO(dadrian): Check issuer and signatures
estark 2016/06/14 02:10:28 add a bug number please
dadrian 2016/06/14 18:40:01 Done.
+ static std::unique_ptr<ExpectStapleReport> FromRawOCSPResponse(
+ const std::string raw_response,
estark 2016/06/14 02:10:28 pass by reference here
dadrian 2016/06/14 18:40:01 Done.
+ const base::Time& verify_time,
+ const base::TimeDelta& max_age,
+ const X509Certificate& server_certificate);
+
+ StapleError staple_error() const { return staple_error_; }
+
+ const std::vector<SingleResult>& stapled_responses() const {
+ return stapled_responses_;
+ }
+
+ const base::Time& verify_time() const { return verify_time_; }
+
+ private:
+ base::Time verify_time_;
+ StapleError staple_error_;
+ std::vector<SingleResult> stapled_responses_;
+
+ DISALLOW_COPY_AND_ASSIGN(ExpectStapleReport);
+};
+
+} // namespace net
+
+#endif /* NET_CERT_OCSP_STAPLE_H */
« no previous file with comments | « no previous file | net/cert/ocsp_staple.cc » ('j') | net/cert/ocsp_staple.cc » ('J')

Powered by Google App Engine
This is Rietveld 408576698