| // Copyright 2014 The Chromium Authors. All rights reserved. |
| // Use of this source code is governed by a BSD-style license that can be |
| // found in the LICENSE file. |
| #ifndef NET_CERT_CERT_POLICY_ENFORCER_H |
| #define NET_CERT_CERT_POLICY_ENFORCER_H |
| |
| #include <stddef.h> |
| |
| #include "net/base/net_export.h" |
| #include "net/log/net_log.h" |
| |
| namespace net { |
| |
| namespace ct { |
| |
| struct CTVerifyResult; |
| class EVCertsWhitelist; |
| |
| } // namespace ct |
| |
| class X509Certificate; |
| |
| // Class for checking that a given certificate conforms to security-related |
| // policies. |
| class NET_EXPORT CertPolicyEnforcer { |
| public: |
| CertPolicyEnforcer() {} |
| virtual ~CertPolicyEnforcer() {} |
| |
| // Returns true if the collection of SCTs for the given certificate |
| // conforms with the CT/EV policy. Conformance details are logged to |
| // |net_log|. |
| // |cert| is the certificate for which the SCTs apply. |
| // |ct_result| must contain the result of verifying any SCTs associated with |
| // |cert| prior to invoking this method. |
| virtual bool DoesConformToCTEVPolicy(X509Certificate* cert, |
| const ct::EVCertsWhitelist* ev_whitelist, |
| const ct::CTVerifyResult& ct_result, |
| const BoundNetLog& net_log); |
| }; |
| |
| } // namespace net |
| |
| #endif // NET_CERT_CERT_POLICY_ENFORCER_H |