OLD | NEW |
(Empty) | |
| 1 // Copyright 2014 The Chromium Authors. All rights reserved. |
| 2 // Use of this source code is governed by a BSD-style license that can be |
| 3 // found in the LICENSE file. |
| 4 #ifndef NET_CERT_CERT_POLICY_ENFORCER_H |
| 5 #define NET_CERT_CERT_POLICY_ENFORCER_H |
| 6 |
| 7 #include <stddef.h> |
| 8 |
| 9 #include "net/base/net_export.h" |
| 10 |
| 11 namespace net { |
| 12 |
| 13 namespace ct { |
| 14 |
| 15 struct CTVerifyResult; |
| 16 class EVCertsWhitelist; |
| 17 |
| 18 } // namespace ct |
| 19 |
| 20 class X509Certificate; |
| 21 |
| 22 // Class for checking that a given certificate conforms to security-related |
| 23 // policies. |
| 24 class NET_EXPORT CertPolicyEnforcer { |
| 25 public: |
| 26 // Set the parameters for this policy enforcer: |
| 27 // |num_ct_logs| is the number of Certificate Transparency log currently |
| 28 // known to Chrome. |
| 29 // |require_ct_for_ev| indicates whether Certificate Transparency presence |
| 30 // is required for EV certificates. |
| 31 CertPolicyEnforcer(size_t num_ct_logs, bool require_ct_for_ev); |
| 32 virtual ~CertPolicyEnforcer(); |
| 33 |
| 34 // Returns true if the collection of SCTs for the given certificate |
| 35 // conforms with the CT/EV policy. |
| 36 // |cert| is the certificate for which the SCTs apply. |
| 37 // |ct_result| must contain the result of verifying any SCTs associated with |
| 38 // |cert| prior to invoking this method. |
| 39 bool DoesConformToCTEVPolicy(X509Certificate* cert, |
| 40 const ct::EVCertsWhitelist* ev_whitelist, |
| 41 const ct::CTVerifyResult& ct_result); |
| 42 |
| 43 private: |
| 44 bool IsCertificateInWhitelist(X509Certificate* cert, |
| 45 const ct::EVCertsWhitelist* ev_whitelist); |
| 46 |
| 47 bool HasRequiredNumberOfSCTs(X509Certificate* cert, |
| 48 const ct::CTVerifyResult& ct_result); |
| 49 |
| 50 size_t num_ct_logs_; |
| 51 bool require_ct_for_ev_; |
| 52 }; |
| 53 |
| 54 } // namespace net |
| 55 |
| 56 #endif // NET_CERT_CERT_POLICY_ENFORCER_H |
OLD | NEW |