net/cert/ct_verifier.h - platform/external/chromium_org - Git at Google

 // Copyright 2013 The Chromium Authors. All rights reserved.
 // Use of this source code is governed by a BSD-style license that can be
 // found in the LICENSE file.

 #ifndef NET_CERT_CT_VERIFIER_H_
 #define NET_CERT_CT_VERIFIER_H_

 #include "net/base/net_export.h"

 namespace net {

 namespace ct {
 struct CTVerifyResult;
 }  // namespace ct

 class BoundNetLog;
 class X509Certificate;

 // Interface for verifying Signed Certificate Timestamps over a certificate.
 class NET_EXPORT CTVerifier {
  public:
   virtual ~CTVerifier() {}

   // Verifies SCTs embedded in the certificate itself, SCTs embedded in a
   // stapled OCSP response, and SCTs obtained via the
   // signed_certificate_timestamp TLS extension on the given |cert|.
   // A certificate is permitted but not required to use multiple sources for
   // SCTs. It is expected that most certificates will use only one source
   // (embedding, TLS extension or OCSP stapling). If no stapled OCSP response
   // is available, |stapled_ocsp_response| should be an empty string. If no SCT
   // TLS extension was negotiated, |sct_list_from_tls_extension| should be an
   // empty string. |result| will be filled with the SCTs present, divided into
   // categories based on the verification result.
   virtual int Verify(X509Certificate* cert,
                      const std::string& stapled_ocsp_response,
                      const std::string& sct_list_from_tls_extension,
                      ct::CTVerifyResult* result,
                      const BoundNetLog& net_log) = 0;
 };

 }  // namespace net

 #endif  // NET_CERT_CT_VERIFIER_H_
	// Copyright 2013 The Chromium Authors. All rights reserved.
	// Use of this source code is governed by a BSD-style license that can be
	// found in the LICENSE file.

	#ifndef NET_CERT_CT_VERIFIER_H_
	#define NET_CERT_CT_VERIFIER_H_

	#include "net/base/net_export.h"

	namespace net {

	namespace ct {
	struct CTVerifyResult;
	} // namespace ct

	class BoundNetLog;
	class X509Certificate;

	// Interface for verifying Signed Certificate Timestamps over a certificate.
	class NET_EXPORT CTVerifier {
	public:
	virtual ~CTVerifier() {}

	// Verifies SCTs embedded in the certificate itself, SCTs embedded in a
	// stapled OCSP response, and SCTs obtained via the
	// signed_certificate_timestamp TLS extension on the given \|cert\|.
	// A certificate is permitted but not required to use multiple sources for
	// SCTs. It is expected that most certificates will use only one source
	// (embedding, TLS extension or OCSP stapling). If no stapled OCSP response
	// is available, \|stapled_ocsp_response\| should be an empty string. If no SCT
	// TLS extension was negotiated, \|sct_list_from_tls_extension\| should be an
	// empty string. \|result\| will be filled with the SCTs present, divided into
	// categories based on the verification result.
	virtual int Verify(X509Certificate* cert,
	const std::string& stapled_ocsp_response,
	const std::string& sct_list_from_tls_extension,
	ct::CTVerifyResult* result,
	const BoundNetLog& net_log) = 0;
	};

	} // namespace net

	#endif // NET_CERT_CT_VERIFIER_H_