net/cert/cert_policy_enforcer.h - Issue 782333002: Certificate Transparency: Adding finch and NetLog logging for EV certs

Side by Side Diff: net/cert/cert_policy_enforcer.h

Issue 782333002: Certificate Transparency: Adding finch and NetLog logging for EV certs (Closed) Base URL: https://chromium.googlesource.com/chromium/src.git@master

Patch Set: Created 6 years ago

Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.

Jump to:

View unified diff | Download patch

OLD	NEW
1 // Copyright 2014 The Chromium Authors. All rights reserved.	1 // Copyright 2014 The Chromium Authors. All rights reserved.

2 // Use of this source code is governed by a BSD-style license that can be	2 // Use of this source code is governed by a BSD-style license that can be

3 // found in the LICENSE file.	3 // found in the LICENSE file.

4 #ifndef NET_CERT_CERT_POLICY_ENFORCER_H	4 #ifndef NET_CERT_CERT_POLICY_ENFORCER_H

5 #define NET_CERT_CERT_POLICY_ENFORCER_H	5 #define NET_CERT_CERT_POLICY_ENFORCER_H

6	6

7 #include <stddef.h>	7 #include <stddef.h>

8	8

9 #include "net/base/net_export.h"	9 #include "net/base/net_export.h"

	10 #include "net/base/net_log.h"

10	11

11 namespace net {	12 namespace net {

12	13

13 namespace ct {	14 namespace ct {

14	15

15 struct CTVerifyResult;	16 struct CTVerifyResult;

16 class EVCertsWhitelist;	17 class EVCertsWhitelist;

17	18

18 } // namespace ct	19 } // namespace ct

19	20

20 class X509Certificate;	21 class X509Certificate;

21	22

22 // Class for checking that a given certificate conforms to security-related	23 // Class for checking that a given certificate conforms to security-related

23 // policies.	24 // policies.

24 class NET_EXPORT CertPolicyEnforcer {	25 class NET_EXPORT CertPolicyEnforcer {

25 public:	26 public:

26 // Set the parameters for this policy enforcer:	27 // Set the parameters for this policy enforcer:

27 // \|num_ct_logs\| is the number of Certificate Transparency log currently	28 // \|num_ct_logs\| is the number of Certificate Transparency log currently

28 // known to Chrome.	29 // known to Chrome.

29 // \|require_ct_for_ev\| indicates whether Certificate Transparency presence	30 // \|require_ct_for_ev\| indicates whether Certificate Transparency presence

30 // is required for EV certificates.	31 // is required for EV certificates.

31 CertPolicyEnforcer(size_t num_ct_logs, bool require_ct_for_ev);	32 CertPolicyEnforcer(size_t num_ct_logs, bool require_ct_for_ev);

32 virtual ~CertPolicyEnforcer();	33 virtual ~CertPolicyEnforcer();

33	34

34 // Returns true if the collection of SCTs for the given certificate	35 // Returns true if the collection of SCTs for the given certificate

35 // conforms with the CT/EV policy.	36 // conforms with the CT/EV policy.

36 // \|cert\| is the certificate for which the SCTs apply.	37 // \|cert\| is the certificate for which the SCTs apply.

37 // \|ct_result\| must contain the result of verifying any SCTs associated with	38 // \|ct_result\| must contain the result of verifying any SCTs associated with

38 // \|cert\| prior to invoking this method.	39 // \|cert\| prior to invoking this method.
	davidben 2014/12/08 22:42:35 I'd add a sentence: If it is non-conforming, the c I'd add a sentence: If it is non-conforming, the certificate is logged to \|net_log\|. Eran Messeri 2014/12/09 19:58:15 Done. Show quoted text On 2014/12/08 22:42:35, David Benjamin wrote: > I'd add a sentence: If it is non-conforming, the certificate is logged to > \|net_log\|. Done.
39 bool DoesConformToCTEVPolicy(X509Certificate* cert,	40 bool DoesConformToCTEVPolicy(X509Certificate* cert,

40 const ct::EVCertsWhitelist* ev_whitelist,	41 const ct::EVCertsWhitelist* ev_whitelist,

41 const ct::CTVerifyResult& ct_result);	42 const ct::CTVerifyResult& ct_result,

	43 const BoundNetLog& net_log);

42	44

43 private:	45 private:

44 bool IsCertificateInWhitelist(X509Certificate* cert,	46 bool IsCertificateInWhitelist(X509Certificate* cert,

45 const ct::EVCertsWhitelist* ev_whitelist);	47 const ct::EVCertsWhitelist* ev_whitelist);

46	48

47 bool HasRequiredNumberOfSCTs(X509Certificate* cert,	49 bool HasRequiredNumberOfSCTs(X509Certificate* cert,

48 const ct::CTVerifyResult& ct_result);	50 const ct::CTVerifyResult& ct_result);

49	51

50 size_t num_ct_logs_;	52 size_t num_ct_logs_;

51 bool require_ct_for_ev_;	53 bool require_ct_for_ev_;

52 };	54 };

53	55

54 } // namespace net	56 } // namespace net

55	57

56 #endif // NET_CERT_CERT_POLICY_ENFORCER_H	58 #endif // NET_CERT_CERT_POLICY_ENFORCER_H

OLD	NEW

« net/base/net_log_event_type_list.h ('K') | « net/base/net_log_event_type_list.h ('k') | net/cert/cert_policy_enforcer.cc » ('j') | net/cert/cert_policy_enforcer.cc » ('J')