1*6777b538SAndroid Build Coastguard Worker // Copyright 2013 The Chromium Authors 2*6777b538SAndroid Build Coastguard Worker // Use of this source code is governed by a BSD-style license that can be 3*6777b538SAndroid Build Coastguard Worker // found in the LICENSE file. 4*6777b538SAndroid Build Coastguard Worker 5*6777b538SAndroid Build Coastguard Worker #ifndef NET_CERT_CT_VERIFIER_H_ 6*6777b538SAndroid Build Coastguard Worker #define NET_CERT_CT_VERIFIER_H_ 7*6777b538SAndroid Build Coastguard Worker 8*6777b538SAndroid Build Coastguard Worker #include <string_view> 9*6777b538SAndroid Build Coastguard Worker 10*6777b538SAndroid Build Coastguard Worker #include "net/base/net_export.h" 11*6777b538SAndroid Build Coastguard Worker #include "net/cert/signed_certificate_timestamp_and_status.h" 12*6777b538SAndroid Build Coastguard Worker 13*6777b538SAndroid Build Coastguard Worker namespace net { 14*6777b538SAndroid Build Coastguard Worker 15*6777b538SAndroid Build Coastguard Worker class NetLogWithSource; 16*6777b538SAndroid Build Coastguard Worker class X509Certificate; 17*6777b538SAndroid Build Coastguard Worker 18*6777b538SAndroid Build Coastguard Worker // Interface for verifying Signed Certificate Timestamps over a certificate. 19*6777b538SAndroid Build Coastguard Worker class NET_EXPORT CTVerifier { 20*6777b538SAndroid Build Coastguard Worker public: 21*6777b538SAndroid Build Coastguard Worker virtual ~CTVerifier() = default; 22*6777b538SAndroid Build Coastguard Worker 23*6777b538SAndroid Build Coastguard Worker // Verifies SCTs embedded in the certificate itself, SCTs embedded in a 24*6777b538SAndroid Build Coastguard Worker // stapled OCSP response, and SCTs obtained via the 25*6777b538SAndroid Build Coastguard Worker // signed_certificate_timestamp TLS extension on the given |cert|. 26*6777b538SAndroid Build Coastguard Worker // A certificate is permitted but not required to use multiple sources for 27*6777b538SAndroid Build Coastguard Worker // SCTs. It is expected that most certificates will use only one source 28*6777b538SAndroid Build Coastguard Worker // (embedding, TLS extension or OCSP stapling). If no stapled OCSP response 29*6777b538SAndroid Build Coastguard Worker // is available, |stapled_ocsp_response| should be an empty string. If no SCT 30*6777b538SAndroid Build Coastguard Worker // TLS extension was negotiated, |sct_list_from_tls_extension| should be an 31*6777b538SAndroid Build Coastguard Worker // empty string. |output_scts| will be cleared and filled with the SCTs 32*6777b538SAndroid Build Coastguard Worker // present, if any, along with their verification results. 33*6777b538SAndroid Build Coastguard Worker virtual void Verify(X509Certificate* cert, 34*6777b538SAndroid Build Coastguard Worker std::string_view stapled_ocsp_response, 35*6777b538SAndroid Build Coastguard Worker std::string_view sct_list_from_tls_extension, 36*6777b538SAndroid Build Coastguard Worker SignedCertificateTimestampAndStatusList* output_scts, 37*6777b538SAndroid Build Coastguard Worker const NetLogWithSource& net_log) const = 0; 38*6777b538SAndroid Build Coastguard Worker }; 39*6777b538SAndroid Build Coastguard Worker 40*6777b538SAndroid Build Coastguard Worker } // namespace net 41*6777b538SAndroid Build Coastguard Worker 42*6777b538SAndroid Build Coastguard Worker #endif // NET_CERT_CT_VERIFIER_H_ 43