xref: /aosp_15_r20/external/cronet/net/cert/do_nothing_ct_verifier.h (revision 6777b5387eb2ff775bb5750e3f5d96f37fb7352b) 
1 // Copyright 2016 The Chromium Authors
2 // Use of this source code is governed by a BSD-style license that can be
3 // found in the LICENSE file.
4 
5 #ifndef NET_CERT_DO_NOTHING_CT_VERIFIER_H_
6 #define NET_CERT_DO_NOTHING_CT_VERIFIER_H_
7 
8 #include <string_view>
9 
10 #include "net/base/net_export.h"
11 #include "net/cert/ct_verifier.h"
12 
13 namespace net {
14 
15 // An implementation of CTVerifier that does not validate SCTs.
16 //
17 // SECURITY NOTE:
18 // As Certificate Transparency is an essential part in safeguarding TLS
19 // connections, disabling Certificate Transparency enforcement is a decision
20 // that should not be taken lightly, and it should be made an explicit
21 // decision rather than a potentially accidental decision (such as allowing
22 // for a nullptr instance). By checking Certificate Transparency information,
23 // typically via a net::MultiLogCTVerifier, and enforcing policies related
24 // to Certificate Transparency provided by a net::CTPolicyEnforcer, developers
25 // can help protect their users by ensuring that misissued TLS certificates
26 // are detected.
27 //
28 // However, not every consumer of TLS certificates is using the Web PKI. For
29 // example, they may be using connections authenticated out of band, or may
30 // be using private or local PKIs for which Certificate Transparency is not
31 // relevant. Alternatively, much like how a robust and secure TLS client
32 // requires a regularly updated root certificate store, a robust and secure
33 // Certificate Transparency client requires regular updates. However, since
34 // some clients may not support regular updates, it may be intentional to
35 // disable Certificate Transparency and choose a less-secure default
36 // behavior.
37 //
38 // Consumers of this class should generally try to get a security or design
39 // to discuss the type of net::X509Certificates they will be validating,
40 // and determine whether or not Certificate Transparency is right for the
41 // particular use case.
42 //
43 // Because of the complex nuances related to security tradeoffs, it is
44 // expected that classes which expect a CTVerifier will require one to be
45 // supplied, forcing the caller to make an intentional and explicit decision
46 // about the appropriate security policy, rather than leaving it ambiguous,
47 // such as via a nullptr. This class is intended to indicate an intentional
48 // consideration of CT, and a decision to not support it.
49 class NET_EXPORT DoNothingCTVerifier : public CTVerifier {
50  public:
51   DoNothingCTVerifier();
52 
53   DoNothingCTVerifier(const DoNothingCTVerifier&) = delete;
54   DoNothingCTVerifier& operator=(const DoNothingCTVerifier&) = delete;
55 
56   ~DoNothingCTVerifier() override;
57 
58   void Verify(X509Certificate* cert,
59               std::string_view stapled_ocsp_response,
60               std::string_view sct_list_from_tls_extension,
61               SignedCertificateTimestampAndStatusList* output_scts,
62               const NetLogWithSource& net_log) const override;
63 };
64 
65 }  // namespace net
66 
67 #endif  // NET_CERT_DO_NOTHING_CT_VERIFIER_H_
68