net/cert/do_nothing_ct_verifier.h - cobalt - Git at Google

 // Copyright 2016 The Chromium Authors. All rights reserved.
 // Use of this source code is governed by a BSD-style license that can be
 // found in the LICENSE file.

 #ifndef NET_CERT_DO_NOTHING_CT_VERIFIER_H_
 #define NET_CERT_DO_NOTHING_CT_VERIFIER_H_

 #include "base/macros.h"
 #include "net/base/net_export.h"
 #include "net/cert/ct_verifier.h"

 namespace net {

 // An implementation of CTVerifier that does not validate SCTs.
 //
 // SECURITY NOTE:
 // As Certificate Transparency is an essential part in safeguarding TLS
 // connections, disabling Certificate Transparency enforcement is a decision
 // that should not be taken lightly, and it should be made an explicit
 // decision rather than a potentially accidental decision (such as allowing
 // for a nullptr instance). By checking Certificate Transparency information,
 // typically via a net::MultiLogCTVerifier, and enforcing policies related
 // to Certificate Transparency provided by a net::CTPolicyEnforcer, developers
 // can help protect their users by ensuring that misissued TLS certificates
 // are detected.
 //
 // However, not every consumer of TLS certificates is using the Web PKI. For
 // example, they may be using connections authenticated out of band, or may
 // be using private or local PKIs for which Certificate Transparency is not
 // relevant. Alternatively, much like how a robust and secure TLS client
 // requires a regularly updated root certificate store, a robust and secure
 // Certificate Transparency client requires regular updates. However, since
 // some clients may not support regular updates, it may be intentional to
 // disable Certificate Transparency and choose a less-secure default
 // behavior.
 //
 // Consumers of this class should generally try to get a security or design
 // to discuss the type of net::X509Certificates they will be validating,
 // and determine whether or not Certificate Transparency is right for the
 // particular use case.
 //
 // Because of the complex nuances related to security tradeoffs, it is
 // expected that classes which expect a CTVerifier will require one to be
 // supplied, forcing the caller to make an intentional and explicit decision
 // about the appropriate security policy, rather than leaving it ambiguous,
 // such as via a nullptr. This class is intended to indicate an intentional
 // consideration of CT, and a decision to not support it.
 class NET_EXPORT DoNothingCTVerifier : public CTVerifier {
  public:
   DoNothingCTVerifier();
   ~DoNothingCTVerifier() override;

   void Verify(base::StringPiece hostname,
               X509Certificate* cert,
               base::StringPiece stapled_ocsp_response,
               base::StringPiece sct_list_from_tls_extension,
               SignedCertificateTimestampAndStatusList* output_scts,
               const NetLogWithSource& net_log) override;

   void SetObserver(Observer* observer) override;
   Observer* GetObserver() const override;

  private:
   DISALLOW_COPY_AND_ASSIGN(DoNothingCTVerifier);
 };

 }  // namespace net

 #endif  // NET_CERT_DO_NOTHING_CT_VERIFIER_H_
	// Copyright 2016 The Chromium Authors. All rights reserved.
	// Use of this source code is governed by a BSD-style license that can be
	// found in the LICENSE file.

	#ifndef NET_CERT_DO_NOTHING_CT_VERIFIER_H_
	#define NET_CERT_DO_NOTHING_CT_VERIFIER_H_

	#include "base/macros.h"
	#include "net/base/net_export.h"
	#include "net/cert/ct_verifier.h"

	namespace net {

	// An implementation of CTVerifier that does not validate SCTs.
	//
	// SECURITY NOTE:
	// As Certificate Transparency is an essential part in safeguarding TLS
	// connections, disabling Certificate Transparency enforcement is a decision
	// that should not be taken lightly, and it should be made an explicit
	// decision rather than a potentially accidental decision (such as allowing
	// for a nullptr instance). By checking Certificate Transparency information,
	// typically via a net::MultiLogCTVerifier, and enforcing policies related
	// to Certificate Transparency provided by a net::CTPolicyEnforcer, developers
	// can help protect their users by ensuring that misissued TLS certificates
	// are detected.
	//
	// However, not every consumer of TLS certificates is using the Web PKI. For
	// example, they may be using connections authenticated out of band, or may
	// be using private or local PKIs for which Certificate Transparency is not
	// relevant. Alternatively, much like how a robust and secure TLS client
	// requires a regularly updated root certificate store, a robust and secure
	// Certificate Transparency client requires regular updates. However, since
	// some clients may not support regular updates, it may be intentional to
	// disable Certificate Transparency and choose a less-secure default
	// behavior.
	//
	// Consumers of this class should generally try to get a security or design
	// to discuss the type of net::X509Certificates they will be validating,
	// and determine whether or not Certificate Transparency is right for the
	// particular use case.
	//
	// Because of the complex nuances related to security tradeoffs, it is
	// expected that classes which expect a CTVerifier will require one to be
	// supplied, forcing the caller to make an intentional and explicit decision
	// about the appropriate security policy, rather than leaving it ambiguous,
	// such as via a nullptr. This class is intended to indicate an intentional
	// consideration of CT, and a decision to not support it.
	class NET_EXPORT DoNothingCTVerifier : public CTVerifier {
	public:
	DoNothingCTVerifier();
	~DoNothingCTVerifier() override;

	void Verify(base::StringPiece hostname,
	X509Certificate* cert,
	base::StringPiece stapled_ocsp_response,
	base::StringPiece sct_list_from_tls_extension,
	SignedCertificateTimestampAndStatusList* output_scts,
	const NetLogWithSource& net_log) override;

	void SetObserver(Observer* observer) override;
	Observer* GetObserver() const override;

	private:
	DISALLOW_COPY_AND_ASSIGN(DoNothingCTVerifier);
	};

	} // namespace net

	#endif // NET_CERT_DO_NOTHING_CT_VERIFIER_H_