diff options
Diffstat (limited to 'net/socket/dns_cert_provenance_checker.h')
| -rw-r--r-- | net/socket/dns_cert_provenance_checker.h | 60 |
1 files changed, 60 insertions, 0 deletions
diff --git a/net/socket/dns_cert_provenance_checker.h b/net/socket/dns_cert_provenance_checker.h new file mode 100644 index 0000000..8fef60f --- /dev/null +++ b/net/socket/dns_cert_provenance_checker.h @@ -0,0 +1,60 @@ +// Copyright (c) 2010 The Chromium Authors. All rights reserved. +// Use of this source code is governed by a BSD-style license that can be +// found in the LICENSE file. + +#ifndef NET_SOCKET_DNS_CERT_PROVENANCE_CHECKER_H +#define NET_SOCKET_DNS_CERT_PROVENANCE_CHECKER_H + +#include <string> +#include <vector> + +#include "base/string_piece.h" + +namespace net { + +class DnsRRResolver; + +// DnsCertProvenanceChecker is an interface for asynchronously checking HTTPS +// certificates via a DNS side-channel. +class DnsCertProvenanceChecker { + public: + class Delegate { + public: + virtual ~Delegate(); + + virtual void OnDnsCertLookupFailed( + const std::string& hostname, + const std::vector<std::string>& der_certs) = 0; + }; + + virtual ~DnsCertProvenanceChecker(); + + // DoAsyncVerification starts an asynchronous check for the given certificate + // chain. It must be run on the network thread. + virtual void DoAsyncVerification( + const std::string& hostname, + const std::vector<base::StringPiece>& der_certs) = 0; + + + protected: + // DoAsyncLookup performs a DNS lookup for the given name and certificate + // chain. In the event that the lookup reports a failure, the Delegate is + // called back. + static void DoAsyncLookup( + const std::string& hostname, + const std::vector<base::StringPiece>& der_certs, + DnsRRResolver* dnsrr_resolver, + Delegate* delegate); + + // BuildEncryptedRecord encrypts the certificate chain to a fixed public key + // and returns the encrypted blob. Since this code is reporting a possible + // HTTPS failure, it would seem silly to use HTTPS to protect the uploaded + // report. + static std::string BuildEncryptedReport( + const std::string& hostname, + const std::vector<std::string>& der_certs); +}; + +} // namespace net + +#endif // NET_SOCKET_DNS_CERT_PROVENANCE_CHECK_H |