Revert "Reland c91b178b07b0d - Delete dead signin code (SigninGlobalError)"
[chromium-blink-merge.git] / net / cert / cert_verify_proc_whitelist.h
blobc4a5aae0c6a11c81e73aa57c55ecec38b5f734cf
1 // Copyright (c) 2015 The Chromium Authors. All rights reserved.
2 // Use of this source code is governed by a BSD-style license that can be
3 // found in the LICENSE file.
5 #ifndef NET_CERT_CERT_VERIFY_PROC_WHITELIST_H_
6 #define NET_CERT_CERT_VERIFY_PROC_WHITELIST_H_
8 #include <stdint.h>
10 #include "crypto/sha2.h"
11 #include "net/base/hash_value.h"
12 #include "net/base/net_export.h"
14 namespace net {
16 class X509Certificate;
18 // PublicKeyWhitelist contains a SHA-256 SPKI hash and a pointer to an array
19 // of SHA-256 certificate hashes that have been publicly disclosed and
20 // whitelisted.
21 struct PublicKeyWhitelist {
22 uint8_t public_key[crypto::kSHA256Length];
23 const uint8_t (*whitelist)[crypto::kSHA256Length];
24 size_t whitelist_size;
27 // Returns true if |cert| has been issued by a CA that is constrained from
28 // issuing new certificates and |cert| is not within the whitelist of
29 // existing certificates. Returns false if |cert| was issued by an
30 // unconstrained CA or if it was in the whitelist for that
31 // CA.
32 // |cert| should be the verified certificate chain, with |public_key_hashes|
33 // being the set of hashes of the SPKIs within the verified chain.
34 bool NET_EXPORT_PRIVATE
35 IsNonWhitelistedCertificate(const X509Certificate& cert,
36 const HashValueVector& public_key_hashes);
38 // Sets the certificate whitelist for testing. Supply nullptr/0 to reset to
39 // the built-in whitelist.
40 void NET_EXPORT_PRIVATE
41 SetCertificateWhitelistForTesting(const PublicKeyWhitelist* whitelist,
42 size_t whitelist_size);
44 } // namespace net
46 #endif // NET_CERT_CERT_VERIFY_PROC_WHITELIST