net/cert/ct_objects_extractor.h - Issue 27026002: CT: Adding preliminary Certificate Transparency support to Chromium.

Keyboard Shortcuts

	File
u :	up to issue
j / k :	jump to file after / before current file
J / K :	jump to next file with a comment after / before current file
	Side-by-side diff
i :	toggle intra-line diffs
e :	expand all comments
c :	collapse all comments
s :	toggle showing all comments
n / p :	next / previous diff chunk or comment
N / P :	next / previous comment
<Up> / <Down> :	next / previous line

	Issue
u :	up to list of issues
j / k :	jump to patch after / before current patch
o / <Enter> :	open current patch in side-by-side view
i :	open current patch in unified diff view

	Issue List
j / k :	jump to issue after / before current issue
o / <Enter> :	open current issue

Unified Diff: net/cert/ct_objects_extractor.h

Issue 27026002: CT: Adding preliminary Certificate Transparency support to Chromium. Base URL: svn://svn.chromium.org/chrome/trunk/src

Patch Set: Distinguish between SCTs from unknown logs and unverified ones Created 7 years, 1 month ago

Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.

Jump to:

View side-by-side diff with in-line comments

Download patch

Index: net/cert/ct_objects_extractor.h

diff --git a/net/cert/ct_objects_extractor.h b/net/cert/ct_objects_extractor.h

new file mode 100644

index 0000000000000000000000000000000000000000..b09f1d6b9e805a659479bf0290108dbecd555313

--- /dev/null

+++ b/net/cert/ct_objects_extractor.h

@@ -0,0 +1,53 @@

+// Use of this source code is governed by a BSD-style license that can be

+// found in the LICENSE file.

+#ifndef NET_CERT_CT_OBJECTS_EXTRACTOR_H_

+#define NET_CERT_CT_OBJECTS_EXTRACTOR_H_

+#include <string>

+#include "net/base/net_export.h"

+#include "net/cert/x509_certificate.h"

+namespace net {

+namespace ct {

+struct LogEntry;

+// Extracts a SignedCertificateTimestampList that has been embedded within a

+// leaf cert as an X.509v3 extension with the OID 1.3.6.1.4.1.11129.2.4.2.

+// If the extension is present, returns true, updating |*sct_list| to contain

+// the encoded list, minus the DER encoding necessary for the extension.

+// |*sct_list| can then be further decoded with ct::DecodeSCTList

+NET_EXPORT_PRIVATE bool ExtractEmbeddedSCTs(X509Certificate::OSCertHandle cert,

+ std::string* sct_list);

+// Obtains a PrecertChain log entry for |leaf|, an X.509v3 certificate that

+// contains an X.509v3 extension with the OID 1.3.6.1.4.1.11129.2.4.2. On

+// success, fills |*result| with the data for a PrecertChain log entry and

+// returns true.

+// The filled |*result| should be verified using ct::CTLogVerifier::VerifySCT

+// Note: If |leaf| does not contain the required extension, it is treated as

+// a failure.

+NET_EXPORT_PRIVATE bool GetPrecertLogEntry(X509Certificate::OSCertHandle leaf,

+ X509Certificate::OSCertHandle issuer,

+ LogEntry* result);

+// Obtains an X509Chain log entry for |leaf|, an X.509v3 certificate that

+// contains an X.509v3 extension with the OID 1.3.6.1.4.1.11129.2.4.2. On

+// success, fills |result| with the data for an X509Chain log entry and

+// returns true.

+// This function should be called when the SCT for the certificate was not

+// embedded in it.

+// The filled |*result| should be verified using ct::CTLogVerifier::VerifySCT

+NET_EXPORT_PRIVATE bool GetAsn1CertLogEntry(

+ X509Certificate::OSCertHandle leaf_cert,

+ LogEntry* result);

+} // namespace ct

+} // namespace net

+#endif // NET_CERT_CT_OBJECTS_EXTRACTOR_H_

« no previous file with comments | « net/cert/ct_log_verifier_unittest.cc ('k') | net/cert/ct_objects_extractor_nss.cc » ('j') | no next file with comments »