OLD | NEW |
---|---|
1 // Copyright 2013 The Chromium Authors. All rights reserved. | 1 // Copyright 2013 The Chromium Authors. All rights reserved. |
2 // Use of this source code is governed by a BSD-style license that can be | 2 // Use of this source code is governed by a BSD-style license that can be |
3 // found in the LICENSE file. | 3 // found in the LICENSE file. |
4 | 4 |
5 #ifndef NET_CERT_CT_VERIFIER_H_ | 5 #ifndef NET_CERT_CT_VERIFIER_H_ |
6 #define NET_CERT_CT_VERIFIER_H_ | 6 #define NET_CERT_CT_VERIFIER_H_ |
7 | 7 |
8 #include <string> | |
9 | |
8 #include "net/base/net_export.h" | 10 #include "net/base/net_export.h" |
9 | 11 |
10 namespace net { | 12 namespace net { |
11 | 13 |
12 namespace ct { | 14 namespace ct { |
13 struct CTVerifyResult; | 15 struct CTVerifyResult; |
14 } // namespace ct | 16 } // namespace ct |
15 | 17 |
16 class BoundNetLog; | 18 class BoundNetLog; |
17 class X509Certificate; | 19 class X509Certificate; |
(...skipping 11 matching lines...) Expand all Loading... | |
29 // (embedding, TLS extension or OCSP stapling). If no stapled OCSP response | 31 // (embedding, TLS extension or OCSP stapling). If no stapled OCSP response |
30 // is available, |stapled_ocsp_response| should be an empty string. If no SCT | 32 // is available, |stapled_ocsp_response| should be an empty string. If no SCT |
31 // TLS extension was negotiated, |sct_list_from_tls_extension| should be an | 33 // TLS extension was negotiated, |sct_list_from_tls_extension| should be an |
32 // empty string. |result| will be filled with the SCTs present, divided into | 34 // empty string. |result| will be filled with the SCTs present, divided into |
33 // categories based on the verification result. | 35 // categories based on the verification result. |
34 virtual int Verify(X509Certificate* cert, | 36 virtual int Verify(X509Certificate* cert, |
35 const std::string& stapled_ocsp_response, | 37 const std::string& stapled_ocsp_response, |
36 const std::string& sct_list_from_tls_extension, | 38 const std::string& sct_list_from_tls_extension, |
37 ct::CTVerifyResult* result, | 39 ct::CTVerifyResult* result, |
38 const BoundNetLog& net_log) = 0; | 40 const BoundNetLog& net_log) = 0; |
41 | |
42 // Returns true if the collection of SCTs for the given certificate | |
43 // conforms with the CT/EV policy, false otherwise. | |
44 // |cert| is the certificate for which the SCTs apply (this is needed | |
45 // to determine the certificate's lifetime). | |
46 // |ct_result| is the CTVerifyResult filled in by the Verify call. | |
47 virtual bool DoesConformToCTEVPolicy(X509Certificate* cert, | |
48 const ct::CTVerifyResult& ct_result) = 0; | |
Ryan Sleevi
2014/08/05 22:19:10
Comments elsewhere regarding layering, but you can
Eran Messeri
2014/10/20 17:26:30
Moved to a separate class (this interface now only
| |
39 }; | 49 }; |
40 | 50 |
41 } // namespace net | 51 } // namespace net |
42 | 52 |
43 #endif // NET_CERT_CT_VERIFIER_H_ | 53 #endif // NET_CERT_CT_VERIFIER_H_ |
OLD | NEW |