net/http/transport_security_state_ct_policies.inc - cobalt - Git at Google

 // Copyright 2016 The Chromium Authors. All rights reserved.
 // Use of this source code is governed by a BSD-style license that can be
 // found in the LICENSE file.

 // This file contains a set of root CAs which are required to disclose
 // all certificates via Certificate Transparency, as well as exceptions
 // for independent and disclosed sub-CAs.
 //
 // It is meant to be directly included in transport_security_state.cc
 // within an unnamed namespace.

 struct CTRequiredPolicy {
   // A certificate MUST be disclosed via Certificate Transparency if it
   // chains to or through one of the values contained in |roots|, which
   // contains the SHA-256 hash of the issuing CA's SubjectPublicKeyInfo,
   // the same format as HTTP Public Key Pinning.
   const SHA256HashValue* roots;

   // The number of entries in |roots|.
   size_t roots_length;

   // The date at which enforcement should begin, relative to the Unix
   // Epoch. If equivalent to zero (base::TimeDelta()), then it is enforced
   // for all certificates.
   base::TimeDelta effective_date;

   // However, if a certificate ALSO chains to or through one of
   // |exceptions|, which also contains the SHA-256 hashes of the
   // issuing CA's SubjectPublicKeyInfo, then even though it chained
   // through |roots|, it will be exempt from CT requirements.
   const SHA256HashValue* exceptions;

   // The number of entries in |exceptions|.
   size_t exceptions_length;
 };

 typedef CTRequiredPolicy CTRequiredPolicies[2];

 const CTRequiredPolicies& GetCTRequiredPolicies() {
   static const CTRequiredPolicy kCTRequiredPolicies[] = {
       // See net/data/ssl/symantec/README.md
       {
           kSymantecRoots, kSymantecRootsLength,
           // 1 June 2016, 00:00:00 GMT.
           base::TimeDelta::FromSeconds(1464739200),
           kSymantecExceptions, kSymantecExceptionsLength,
       },
       {
           kSymantecManagedCAs, kSymantecManagedCAsLength,
           base::TimeDelta(), nullptr, 0
       },
   };

   return kCTRequiredPolicies;
 }
	// Copyright 2016 The Chromium Authors. All rights reserved.
	// Use of this source code is governed by a BSD-style license that can be
	// found in the LICENSE file.

	// This file contains a set of root CAs which are required to disclose
	// all certificates via Certificate Transparency, as well as exceptions
	// for independent and disclosed sub-CAs.
	//
	// It is meant to be directly included in transport_security_state.cc
	// within an unnamed namespace.

	struct CTRequiredPolicy {
	// A certificate MUST be disclosed via Certificate Transparency if it
	// chains to or through one of the values contained in \|roots\|, which
	// contains the SHA-256 hash of the issuing CA's SubjectPublicKeyInfo,
	// the same format as HTTP Public Key Pinning.
	const SHA256HashValue* roots;

	// The number of entries in \|roots\|.
	size_t roots_length;

	// The date at which enforcement should begin, relative to the Unix
	// Epoch. If equivalent to zero (base::TimeDelta()), then it is enforced
	// for all certificates.
	base::TimeDelta effective_date;

	// However, if a certificate ALSO chains to or through one of
	// \|exceptions\|, which also contains the SHA-256 hashes of the
	// issuing CA's SubjectPublicKeyInfo, then even though it chained
	// through \|roots\|, it will be exempt from CT requirements.
	const SHA256HashValue* exceptions;

	// The number of entries in \|exceptions\|.
	size_t exceptions_length;
	};

	typedef CTRequiredPolicy CTRequiredPolicies[2];

	const CTRequiredPolicies& GetCTRequiredPolicies() {
	static const CTRequiredPolicy kCTRequiredPolicies[] = {
	// See net/data/ssl/symantec/README.md
	{
	kSymantecRoots, kSymantecRootsLength,
	// 1 June 2016, 00:00:00 GMT.
	base::TimeDelta::FromSeconds(1464739200),
	kSymantecExceptions, kSymantecExceptionsLength,
	},
	{
	kSymantecManagedCAs, kSymantecManagedCAsLength,
	base::TimeDelta(), nullptr, 0
	},
	};

	return kCTRequiredPolicies;
	}