net/cert/cert_verify_proc_whitelist.h - chromium/src - Git at Google

 // Copyright (c) 2015 The Chromium Authors. All rights reserved.
 // Use of this source code is governed by a BSD-style license that can be
 // found in the LICENSE file.

 #ifndef NET_CERT_CERT_VERIFY_PROC_WHITELIST_H_
 #define NET_CERT_CERT_VERIFY_PROC_WHITELIST_H_

 #include <stddef.h>
 #include <stdint.h>

 #include "crypto/sha2.h"
 #include "net/base/hash_value.h"
 #include "net/base/net_export.h"

 namespace net {

 class X509Certificate;

 // PublicKeyWhitelist contains a SHA-256 SPKI hash and a pointer to an array
 // of SHA-256 certificate hashes that have been publicly disclosed and
 // whitelisted.
 struct PublicKeyWhitelist {
   uint8_t public_key[crypto::kSHA256Length];
   const uint8_t (*whitelist)[crypto::kSHA256Length];
   size_t whitelist_size;
 };

 // Returns true if |cert| has been issued by a CA that is constrained from
 // issuing new certificates and |cert| is not within the whitelist of
 // existing certificates. Returns false if |cert| was issued by an
 // unconstrained CA or if it was in the whitelist for that
 // CA.
 // |cert| should be the verified certificate chain, with |public_key_hashes|
 // being the set of hashes of the SPKIs within the verified chain.
 bool NET_EXPORT_PRIVATE
 IsNonWhitelistedCertificate(const X509Certificate& cert,
                             const HashValueVector& public_key_hashes);

 // Sets the certificate whitelist for testing. Supply nullptr/0 to reset to
 // the built-in whitelist.
 void NET_EXPORT_PRIVATE
 SetCertificateWhitelistForTesting(const PublicKeyWhitelist* whitelist,
                                   size_t whitelist_size);

 }  // namespace net

 #endif  // NET_CERT_CERT_VERIFY_PROC_WHITELIST
	// Copyright (c) 2015 The Chromium Authors. All rights reserved.
	// Use of this source code is governed by a BSD-style license that can be
	// found in the LICENSE file.

	#ifndef NET_CERT_CERT_VERIFY_PROC_WHITELIST_H_
	#define NET_CERT_CERT_VERIFY_PROC_WHITELIST_H_

	#include <stddef.h>
	#include <stdint.h>

	#include "crypto/sha2.h"
	#include "net/base/hash_value.h"
	#include "net/base/net_export.h"

	namespace net {

	class X509Certificate;

	// PublicKeyWhitelist contains a SHA-256 SPKI hash and a pointer to an array
	// of SHA-256 certificate hashes that have been publicly disclosed and
	// whitelisted.
	struct PublicKeyWhitelist {
	uint8_t public_key[crypto::kSHA256Length];
	const uint8_t (*whitelist)[crypto::kSHA256Length];
	size_t whitelist_size;
	};

	// Returns true if \|cert\| has been issued by a CA that is constrained from
	// issuing new certificates and \|cert\| is not within the whitelist of
	// existing certificates. Returns false if \|cert\| was issued by an
	// unconstrained CA or if it was in the whitelist for that
	// CA.
	// \|cert\| should be the verified certificate chain, with \|public_key_hashes\|
	// being the set of hashes of the SPKIs within the verified chain.
	bool NET_EXPORT_PRIVATE
	IsNonWhitelistedCertificate(const X509Certificate& cert,
	const HashValueVector& public_key_hashes);

	// Sets the certificate whitelist for testing. Supply nullptr/0 to reset to
	// the built-in whitelist.
	void NET_EXPORT_PRIVATE
	SetCertificateWhitelistForTesting(const PublicKeyWhitelist* whitelist,
	size_t whitelist_size);

	} // namespace net

	#endif // NET_CERT_CERT_VERIFY_PROC_WHITELIST