OLD | NEW |
1 // Copyright (c) 2015 The Chromium Authors. All rights reserved. | 1 // Copyright (c) 2015 The Chromium Authors. All rights reserved. |
2 // Use of this source code is governed by a BSD-style license that can be | 2 // Use of this source code is governed by a BSD-style license that can be |
3 // found in the LICENSE file. | 3 // found in the LICENSE file. |
4 | 4 |
5 #ifndef NET_CERT_CERT_VERIFY_PROC_WHITELIST_H_ | 5 #ifndef NET_CERT_CERT_VERIFY_PROC_WHITELIST_H_ |
6 #define NET_CERT_CERT_VERIFY_PROC_WHITELIST_H_ | 6 #define NET_CERT_CERT_VERIFY_PROC_WHITELIST_H_ |
7 | 7 |
8 #include <stddef.h> | 8 #include <stddef.h> |
9 #include <stdint.h> | 9 #include <stdint.h> |
10 | 10 |
| 11 #include "base/strings/string_piece.h" |
11 #include "crypto/sha2.h" | 12 #include "crypto/sha2.h" |
12 #include "net/base/hash_value.h" | 13 #include "net/base/hash_value.h" |
13 #include "net/base/net_export.h" | 14 #include "net/base/net_export.h" |
14 | 15 |
15 namespace net { | 16 namespace net { |
16 | 17 |
17 class X509Certificate; | 18 class X509Certificate; |
18 | 19 |
19 // Returns true if |cert| has been issued by a CA that is constrained from | 20 // Returns true if |cert| has been issued by a CA that is constrained from |
20 // issuing new certificates and |cert| is not within the whitelist of | 21 // issuing new certificates and |cert| is not within the whitelist of |
21 // existing certificates. Returns false if |cert| was issued by an | 22 // existing certificates. Returns false if |cert| was issued by an |
22 // unconstrained CA or if it was in the whitelist for that | 23 // unconstrained CA or if it was in the whitelist for that |
23 // CA. | 24 // CA. |
24 // |cert| should be the verified certificate chain, with |public_key_hashes| | 25 // |cert| should be the verified certificate chain, with |public_key_hashes| |
25 // being the set of hashes of the SPKIs within the verified chain. | 26 // being the set of hashes of the SPKIs within the verified chain, and |
| 27 // |hostname| as the GURL-normalized hostname. |
26 bool NET_EXPORT_PRIVATE | 28 bool NET_EXPORT_PRIVATE |
27 IsNonWhitelistedCertificate(const X509Certificate& cert, | 29 IsNonWhitelistedCertificate(const X509Certificate& cert, |
28 const HashValueVector& public_key_hashes); | 30 const HashValueVector& public_key_hashes, |
| 31 base::StringPiece hostname); |
| 32 |
| 33 // Returns true if |host| is in (or a subdomain of) a whitelisted host |
| 34 // in |graph|, which is a DAFSA constructed by |
| 35 // //net/tools/dafsa/make_dafsa.py that is |graph_length| bytes long. |
| 36 bool NET_EXPORT_PRIVATE IsWhitelistedHost(const unsigned char* graph, |
| 37 size_t graph_length, |
| 38 base::StringPiece host); |
29 | 39 |
30 } // namespace net | 40 } // namespace net |
31 | 41 |
32 #endif // NET_CERT_CERT_VERIFY_PROC_WHITELIST_H_ | 42 #endif // NET_CERT_CERT_VERIFY_PROC_WHITELIST_H_ |
OLD | NEW |