net/cert/ct_verify_result.h - Issue 2208073002: DO NOT REVIEW: Certificate Transparency: Extend SCT verify result enum.

Side by Side Diff: net/cert/ct_verify_result.h

Issue 2208073002: DO NOT REVIEW: Certificate Transparency: Extend SCT verify result enum. (Closed) Base URL: https://chromium.googlesource.com/chromium/src.git@master

Patch Set: CT: Formatting and compilation fixes. Created 4 years, 4 months ago

Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.

Jump to:

View unified diff | Download patch

OLD	NEW
1 // Copyright 2013 The Chromium Authors. All rights reserved.	1 // Copyright 2013 The Chromium Authors. All rights reserved.

2 // Use of this source code is governed by a BSD-style license that can be	2 // Use of this source code is governed by a BSD-style license that can be

3 // found in the LICENSE file.	3 // found in the LICENSE file.

4	4

5 #ifndef NET_CERT_CT_VERIFY_RESULT_H_	5 #ifndef NET_CERT_CT_VERIFY_RESULT_H_

6 #define NET_CERT_CT_VERIFY_RESULT_H_	6 #define NET_CERT_CT_VERIFY_RESULT_H_

7	7

	8 #include <utility>

8 #include <vector>	9 #include <vector>

9	10

	11 #include "net/cert/sct_status_flags.h"

10 #include "net/cert/ct_policy_enforcer.h"	12 #include "net/cert/ct_policy_enforcer.h"

11 #include "net/cert/signed_certificate_timestamp.h"	13 #include "net/cert/signed_certificate_timestamp.h"

12	14

13 namespace net {	15 namespace net {

14	16

15 namespace ct {	17 namespace ct {

16	18

17 enum class CertPolicyCompliance;	19 enum class CertPolicyCompliance;

18 enum class EVPolicyCompliance;	20 enum class EVPolicyCompliance;

19	21

20 typedef std::vector<scoped_refptr<SignedCertificateTimestamp> > SCTList;	22 typedef std::vector<scoped_refptr<SignedCertificateTimestamp> > SCTList;

	23 // TODO(eranm): Move net/ssl/signed_certificate_timestamp_and_status.h to

	24 // net/cert

	25 // then switch to using that.
	Ryan Sleevi 2016/08/03 19:19:40 Why? :) Why? :)
	26 typedef std::vector<

	27 std::pair<scoped_refptr<SignedCertificateTimestamp>, SCTVerifyStatus>>

	28 SCTAndStatusList;

21	29

22 // Holds Signed Certificate Timestamps, depending on their verification	30 // Holds Signed Certificate Timestamps, depending on their verification

23 // results, and information about CT policies that were applied on the	31 // results, and information about CT policies that were applied on the

24 // connection.	32 // connection.

25 struct NET_EXPORT CTVerifyResult {	33 struct NET_EXPORT CTVerifyResult {

26 CTVerifyResult();	34 CTVerifyResult();

27 CTVerifyResult(const CTVerifyResult& other);	35 CTVerifyResult(const CTVerifyResult& other);

28 ~CTVerifyResult();	36 ~CTVerifyResult();

29	37

30 // SCTs from known logs where the signature verified correctly.	38 // SCTs from known logs where the signature verified correctly.

31 SCTList verified_scts;	39 SCTList verified_scts;

32 // SCTs from known logs where the signature failed to verify.	40 // SCTs from known logs where the signature failed to verify or the timestamp

33 SCTList invalid_scts;	41 // is invalid.

	42 SCTAndStatusList invalid_scts;
	Ryan Sleevi 2016/08/03 19:19:40 From a design standpoint, could you explain more y From a design standpoint, could you explain more your reasoning for this change? One approach could have been to leave it as an SCTList (that is, not surface the additional details beyond this API point yet) Another could have been to combine all three vectors into a single vector, since you're now tracking SCTVerifyStatus with the SCT. But it's unclear why you did a little of A and a little of B
34 // SCTs from unknown logs and as such are unverifiable.	43 // SCTs from unknown logs and as such are unverifiable.

35 SCTList unknown_logs_scts;	44 SCTList unknown_logs_scts;

36	45

37 // True if any CT policies were applied on this connection.	46 // True if any CT policies were applied on this connection.

38 bool ct_policies_applied;	47 bool ct_policies_applied;

39 // The result of evaluating whether the connection complies with the	48 // The result of evaluating whether the connection complies with the

40 // CT certificate policy.	49 // CT certificate policy.

41 CertPolicyCompliance cert_policy_compliance;	50 CertPolicyCompliance cert_policy_compliance;

42 // The result of evaluating whether the connection complies with the	51 // The result of evaluating whether the connection complies with the

43 // EV CT policy.	52 // EV CT policy.

44 EVPolicyCompliance ev_policy_compliance;	53 EVPolicyCompliance ev_policy_compliance;

45 };	54 };

46	55

47 } // namespace ct	56 } // namespace ct

48	57

49 } // namespace net	58 } // namespace net

50	59

51 #endif // NET_CERT_CT_VERIFY_RESULT_H_	60 #endif // NET_CERT_CT_VERIFY_RESULT_H_

OLD	NEW

« no previous file with comments | « net/cert/ct_signed_certificate_timestamp_log_param.cc ('k') | net/cert/multi_log_ct_verifier.cc » ('j') | tools/metrics/histograms/histograms.xml » ('J')