Certificate Transparency: Code for unpacking EV cert hashes whitelist

net/cert/ct_ev_whitelist.h

Index: net/cert/ct_ev_whitelist.h
diff --git a/net/cert/ct_ev_whitelist.h b/net/cert/ct_ev_whitelist.h
new file mode 100644
index 0000000000000000000000000000000000000000..52b7c2be84f9e2c6053d3fe5b1e134a5cd5647cd
--- /dev/null
+++ b/net/cert/ct_ev_whitelist.h
@@ -0,0 +1,45 @@
+// Copyright 2014 The Chromium Authors. All rights reserved.
+// Use of this source code is governed by a BSD-style license that can be
+// found in the LICENSE file.
+
+#ifndef NET_CERT_CT_EV_WHITELIST_H_
+#define NET_CERT_CT_EV_WHITELIST_H_
+
+#include <stdint.h>

[Ryan Sleevi, 2014/10/20 19:18:25]

Unused?

[Eran Messeri, 2014/10/21 14:59:59]

Done.

+
+#include <string>
+
+#include "base/memory/ref_counted.h"
+#include "net/base/net_export.h"
+
+namespace net {
+
+namespace ct {
+
+class NET_EXPORT EVCertsWhitelist
+    : public base::RefCountedThreadSafe<EVCertsWhitelist> {
+ public:
+  // Returns true if the |certificate_hash| appears in the EV certificate hashes
+  // whitelist.
+  virtual bool ContainsCertificateHash(
+      const std::string& certificate_hash) const = 0;
+
+  // Returns true if the global EV certificate hashes whitelist is non-empty,
+  // false otherwise.
+  virtual bool IsValid() const = 0;
+
+ protected:
+  virtual ~EVCertsWhitelist() {}
+
+ private:
+  friend class base::RefCountedThreadSafe<EVCertsWhitelist>;
+};
+
+// Default implementation for Chromium embedders.
+NET_EXPORT EVCertsWhitelist* GetDefaultEVCertsWhitelist();

[Ryan Sleevi, 2014/10/20 19:18:25]

I'd rather nuke this and let NULL be valid, if at all possible.

[Eran Messeri, 2014/10/21 14:59:59]

Done.

+
+}  // namespace ct
+
+}  // namespace net
+
+#endif  // NET_CERT_CT_EV_WHITELIST_H_