OLD | NEW |
---|---|
1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. | 1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. |
2 // Use of this source code is governed by a BSD-style license that can be | 2 // Use of this source code is governed by a BSD-style license that can be |
3 // found in the LICENSE file. | 3 // found in the LICENSE file. |
4 | 4 |
5 #ifndef NET_CERT_CERT_STATUS_FLAGS_H_ | 5 #ifndef NET_CERT_CERT_STATUS_FLAGS_H_ |
6 #define NET_CERT_CERT_STATUS_FLAGS_H_ | 6 #define NET_CERT_CERT_STATUS_FLAGS_H_ |
7 | 7 |
8 #include "base/basictypes.h" | 8 #include "base/basictypes.h" |
9 #include "net/base/net_export.h" | 9 #include "net/base/net_export.h" |
10 | 10 |
(...skipping 21 matching lines...) Expand all Loading... | |
32 // 1 << 9 was used for CERT_STATUS_NOT_IN_DNS | 32 // 1 << 9 was used for CERT_STATUS_NOT_IN_DNS |
33 static const CertStatus CERT_STATUS_NON_UNIQUE_NAME = 1 << 10; | 33 static const CertStatus CERT_STATUS_NON_UNIQUE_NAME = 1 << 10; |
34 static const CertStatus CERT_STATUS_WEAK_KEY = 1 << 11; | 34 static const CertStatus CERT_STATUS_WEAK_KEY = 1 << 11; |
35 static const CertStatus CERT_STATUS_WEAK_DH_KEY = 1 << 12; | 35 static const CertStatus CERT_STATUS_WEAK_DH_KEY = 1 << 12; |
36 static const CertStatus CERT_STATUS_PINNED_KEY_MISSING = 1 << 13; | 36 static const CertStatus CERT_STATUS_PINNED_KEY_MISSING = 1 << 13; |
37 | 37 |
38 // Bits 16 to 31 are for non-error statuses. | 38 // Bits 16 to 31 are for non-error statuses. |
39 static const CertStatus CERT_STATUS_IS_EV = 1 << 16; | 39 static const CertStatus CERT_STATUS_IS_EV = 1 << 16; |
40 static const CertStatus CERT_STATUS_REV_CHECKING_ENABLED = 1 << 17; | 40 static const CertStatus CERT_STATUS_REV_CHECKING_ENABLED = 1 << 17; |
41 // bit 18 was CERT_STATUS_IS_DNSSEC. | 41 // bit 18 was CERT_STATUS_IS_DNSSEC. |
42 // Bits 19 and 20 are for Certificate Transparency. | |
43 // The following states are represented: | |
44 // bit 20 | bit 19 | state | |
45 // 0 | 0 | No SCTs were present | |
46 // 0 | 1 | SCTs from unknown logs were present | |
wtc
2013/11/26 01:47:23
In this combination, are the SCTs verified? The na
Eran M. (Google)
2013/11/26 14:45:53
Done - used the two most-significant bits to store
| |
47 // 1 | 0 | SCTs from known logs present but cannot be unverified | |
wtc
2013/11/26 01:47:23
1. Is "unverified" a typo?
2. Does this combinati
Eran M. (Google)
2013/11/26 14:45:53
1. yes.
2. yes - but the CT state was now moved to
| |
48 // 1 | 1 | SCTs from known logs present, verified | |
49 // Bit 19 - indicates presence of SCTs. If set but bit 20 isn't, indicates | |
50 // SCTs from unknown logs. If set and bit 20 is net, indicates presence | |
51 // of validated SCTs. | |
52 static const CertStatus CERT_STATUS_HAS_GOOD_SCT = 1 << 19; | |
53 // Bit 20 - when set, indicates SCTs from known logs. When not set, indicates | |
54 // SCTs from unknown logs or no SCTs, depending on bit 19. | |
55 static const CertStatus CERT_STATUS_HAS_SCT_FROM_KNOWN_LOG = 1 << 20; | |
42 | 56 |
43 // Returns true if the specified cert status has an error set. | 57 // Returns true if the specified cert status has an error set. |
44 static inline bool IsCertStatusError(CertStatus status) { | 58 static inline bool IsCertStatusError(CertStatus status) { |
45 return (CERT_STATUS_ALL_ERRORS & status) != 0; | 59 return (CERT_STATUS_ALL_ERRORS & status) != 0; |
46 } | 60 } |
47 | 61 |
48 // IsCertStatusMinorError returns true iff |cert_status| indicates a condition | 62 // IsCertStatusMinorError returns true iff |cert_status| indicates a condition |
49 // that should typically be ignored by automated requests. (i.e. a revocation | 63 // that should typically be ignored by automated requests. (i.e. a revocation |
50 // check failure.) | 64 // check failure.) |
51 NET_EXPORT bool IsCertStatusMinorError(CertStatus cert_status); | 65 NET_EXPORT bool IsCertStatusMinorError(CertStatus cert_status); |
52 | 66 |
53 // Maps a network error code to the equivalent certificate status flag. If | 67 // Maps a network error code to the equivalent certificate status flag. If |
54 // the error code is not a certificate error, it is mapped to 0. | 68 // the error code is not a certificate error, it is mapped to 0. |
55 NET_EXPORT CertStatus MapNetErrorToCertStatus(int error); | 69 NET_EXPORT CertStatus MapNetErrorToCertStatus(int error); |
56 | 70 |
57 // Maps the most serious certificate error in the certificate status flags | 71 // Maps the most serious certificate error in the certificate status flags |
58 // to the equivalent network error code. | 72 // to the equivalent network error code. |
59 NET_EXPORT int MapCertStatusToNetError(CertStatus cert_status); | 73 NET_EXPORT int MapCertStatusToNetError(CertStatus cert_status); |
60 | 74 |
75 // Indicates whether there were *any* SCTs. | |
76 NET_EXPORT bool DoesCertHaveSignedCertificateTimestamps( | |
77 CertStatus cert_status); | |
78 // Indicates whether SCTs from known logs verified OK | |
79 NET_EXPORT bool DoesCertHaveVerifiedSignedCertificateTimestamps( | |
80 CertStatus cert_status); | |
wtc
2013/11/26 01:47:23
Add a blank line after this line, and between the
Eran M. (Google)
2013/11/26 14:45:53
Removed these two functions, added a function to e
| |
61 } // namespace net | 81 } // namespace net |
62 | 82 |
63 #endif // NET_CERT_CERT_STATUS_FLAGS_H_ | 83 #endif // NET_CERT_CERT_STATUS_FLAGS_H_ |
OLD | NEW |