Chromium Code Reviews
chromiumcodereview-hr@appspot.gserviceaccount.com (chromiumcodereview-hr) | Please choose your nickname with Settings | Help | Chromium Project | Gerrit Changes | Sign out
(127)

Issues Search
    My Issues | Starred     Open | Closed | All

Unified Diff: net/cert/cert_policy_enforcer.h

Issue 422063004: Certificate Transparency: Require SCTs for EV certificates. (Closed) Base URL: https://chromium.googlesource.com/chromium/src.git@master
Patch Set: datatype issues addressed. Created 6 years, 2 months ago
Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.
Jump to:
View side-by-side diff with in-line comments
Download patch
« no previous file with comments | « chrome/common/chrome_switches.cc ('k') | net/cert/cert_policy_enforcer.cc » ('j') | net/cert/cert_policy_enforcer.cc » ('J')
Expand Comments ('e') | Collapse Comments ('c') | Show Comments Hide Comments ('s')
Index: net/cert/cert_policy_enforcer.h
diff --git a/net/cert/cert_policy_enforcer.h b/net/cert/cert_policy_enforcer.h
new file mode 100644
index 0000000000000000000000000000000000000000..c8e03acfc534f60e9459bd297d8afa53f8bfc74c
--- /dev/null
+++ b/net/cert/cert_policy_enforcer.h
@@ -0,0 +1,42 @@
+// Copyright 2014 The Chromium Authors. All rights reserved.
+// Use of this source code is governed by a BSD-style license that can be
+// found in the LICENSE file.
+#ifndef NET_CERT_CERT_POLICY_ENFORCER_H
+#define NET_CERT_CERT_POLICY_ENFORCER_H
+
+#include <stdint.h>
+
+#include "net/base/net_export.h"
+
+namespace net {
+
+namespace ct {
+struct CTVerifyResult;
+} // namespace ct
+
+class X509Certificate;
+
+class NET_EXPORT CertPolicyEnforcer {
Ryan Sleevi 2014/10/22 19:48:35 Document
Eran Messeri 2014/10/24 12:12:35 Done.
+ public:
+ explicit CertPolicyEnforcer(uint32_t num_ct_logs);
Ryan Sleevi 2014/10/22 19:48:35 Document
Eran Messeri 2014/10/24 12:12:35 Done.
+ virtual ~CertPolicyEnforcer();
+
+ // Returns true if the collection of SCTs for the given certificate
+ // conforms with the CT/EV policy, false otherwise.
+ // |cert| is the certificate for which the SCTs apply (this is needed
+ // to determine the certificate's lifetime).
+ // |ct_result| is the CTVerifyResult filled in by the Verify call.
+ bool DoesConformToCTEVPolicy(X509Certificate* cert,
+ const ct::CTVerifyResult& ct_result);
+
+ // Sets enforcement of the CT/EV Policy.
+ // TODO(eranm): Remove this for M41.
+ static void SetEnforceCTEVPolicy(bool enforce_policy);
Ryan Sleevi 2014/10/22 19:48:35 Why is this a static? Why is this just not an arti
Eran Messeri 2014/10/24 12:12:35 Removed in favour of a c'tor parameter.
+
+ private:
+ uint8_t num_ct_logs_;
Ryan Sleevi 2014/10/22 19:48:35 STYLE: Why these data type conversions? See http:/
Eran Messeri 2014/10/24 12:12:35 Done.
+};
+
+} // namespace net
+
+#endif // NET_CERT_CERT_POLICY_ENFORCER_H
« no previous file with comments | « chrome/common/chrome_switches.cc ('k') | net/cert/cert_policy_enforcer.cc » ('j') | net/cert/cert_policy_enforcer.cc » ('J')

Powered by Google App Engine
This is Rietveld 408576698