Run app_shell_browsertests on Win waterfall and trybots.
[chromium-blink-merge.git] / net / cert / ct_verifier.h
blob290a0474a649138733c902fdc5a8e47b6210f12d
1 // Copyright 2013 The Chromium Authors. All rights reserved.
2 // Use of this source code is governed by a BSD-style license that can be
3 // found in the LICENSE file.
5 #ifndef NET_CERT_CT_VERIFIER_H_
6 #define NET_CERT_CT_VERIFIER_H_
8 #include "net/base/net_export.h"
10 namespace net {
12 namespace ct {
13 struct CTVerifyResult;
14 } // namespace ct
16 class BoundNetLog;
17 class X509Certificate;
19 // Interface for verifying Signed Certificate Timestamps over a certificate.
20 class NET_EXPORT CTVerifier {
21 public:
22 virtual ~CTVerifier() {}
24 // Verifies SCTs embedded in the certificate itself, SCTs embedded in a
25 // stapled OCSP response, and SCTs obtained via the
26 // signed_certificate_timestamp TLS extension on the given |cert|.
27 // A certificate is permitted but not required to use multiple sources for
28 // SCTs. It is expected that most certificates will use only one source
29 // (embedding, TLS extension or OCSP stapling). If no stapled OCSP response
30 // is available, |stapled_ocsp_response| should be an empty string. If no SCT
31 // TLS extension was negotiated, |sct_list_from_tls_extension| should be an
32 // empty string. |result| will be filled with the SCTs present, divided into
33 // categories based on the verification result.
34 virtual int Verify(X509Certificate* cert,
35 const std::string& stapled_ocsp_response,
36 const std::string& sct_list_from_tls_extension,
37 ct::CTVerifyResult* result,
38 const BoundNetLog& net_log) = 0;
41 } // namespace net
43 #endif // NET_CERT_CT_VERIFIER_H_