OLD | NEW |
1 // Copyright 2013 The Chromium Authors. All rights reserved. | 1 // Copyright 2013 The Chromium Authors. All rights reserved. |
2 // Use of this source code is governed by a BSD-style license that can be | 2 // Use of this source code is governed by a BSD-style license that can be |
3 // found in the LICENSE file. | 3 // found in the LICENSE file. |
4 | 4 |
5 #ifndef NET_CERT_CT_VERIFIER_H_ | 5 #ifndef NET_CERT_CT_VERIFIER_H_ |
6 #define NET_CERT_CT_VERIFIER_H_ | 6 #define NET_CERT_CT_VERIFIER_H_ |
7 | 7 |
8 #include "net/base/net_export.h" | 8 #include "net/base/net_export.h" |
9 | 9 |
10 namespace net { | 10 namespace net { |
11 | 11 |
12 namespace ct { | 12 namespace ct { |
13 struct CTVerifyResult; | 13 struct CTVerifyResult; |
14 } // namespace ct | 14 } // namespace ct |
15 | 15 |
16 class BoundNetLog; | 16 class BoundNetLog; |
17 class X509Certificate; | 17 class X509Certificate; |
18 | 18 |
19 // Interface for verifying Signed Certificate Timestamps over a certificate. | 19 // Interface for verifying Signed Certificate Timestamps over a certificate. |
20 class NET_EXPORT CTVerifier { | 20 class NET_EXPORT CTVerifier { |
21 public: | 21 public: |
22 virtual ~CTVerifier() {} | 22 virtual ~CTVerifier() {} |
23 | 23 |
24 // Verifies either embedded SCTs or SCTs obtained via the | 24 // Verifies SCTs embedded in the certificate itself, SCTs embedded in a |
25 // signed_certificate_timestamp TLS extension or OCSP on the given |cert| | 25 // stapled OCSP response, and SCTs obtained via the |
26 // |result| will be filled with these SCTs, divided into categories based on | 26 // signed_certificate_timestamp TLS extension on the given |cert|. |
27 // the verification result. | 27 // A certificate is permitted but not required to use multiple sources for |
| 28 // SCTs. It is expected that most certificates will use only one source |
| 29 // (embedding, TLS extension or OCSP stapling). If no stapled OCSP response |
| 30 // is available, |stapled_ocsp_response| should be an empty string. If no SCT |
| 31 // TLS extension was negotiated, |sct_list_from_tls_extension| should be an |
| 32 // empty string. |result| will be filled with the SCTs present, divided into |
| 33 // categories based on the verification result. |
28 virtual int Verify(X509Certificate* cert, | 34 virtual int Verify(X509Certificate* cert, |
29 const std::string& sct_list_from_ocsp, | 35 const std::string& stapled_ocsp_response, |
30 const std::string& sct_list_from_tls_extension, | 36 const std::string& sct_list_from_tls_extension, |
31 ct::CTVerifyResult* result, | 37 ct::CTVerifyResult* result, |
32 const BoundNetLog& net_log) = 0; | 38 const BoundNetLog& net_log) = 0; |
33 }; | 39 }; |
34 | 40 |
35 } // namespace net | 41 } // namespace net |
36 | 42 |
37 #endif // NET_CERT_CT_VERIFIER_H_ | 43 #endif // NET_CERT_CT_VERIFIER_H_ |
OLD | NEW |