mirror of
https://github.com/klzgrad/naiveproxy.git
synced 2024-11-24 22:36:09 +03:00
56 lines
2.0 KiB
PHP
56 lines
2.0 KiB
PHP
|
// Copyright 2016 The Chromium Authors. All rights reserved.
|
||
|
// Use of this source code is governed by a BSD-style license that can be
|
||
|
// found in the LICENSE file.
|
||
|
|
||
|
// This file contains a set of root CAs which are required to disclose
|
||
|
// all certificates via Certificate Transparency, as well as exceptions
|
||
|
// for independent and disclosed sub-CAs.
|
||
|
//
|
||
|
// It is meant to be directly included in transport_security_state.cc
|
||
|
// within an unnamed namespace.
|
||
|
|
||
|
struct CTRequiredPolicy {
|
||
|
// A certificate MUST be disclosed via Certificate Transparency if it
|
||
|
// chains to or through one of the values contained in |roots|, which
|
||
|
// contains the SHA-256 hash of the issuing CA's SubjectPublicKeyInfo,
|
||
|
// the same format as HTTP Public Key Pinning.
|
||
|
const SHA256HashValue* roots;
|
||
|
|
||
|
// The number of entries in |roots|.
|
||
|
size_t roots_length;
|
||
|
|
||
|
// The date at which enforcement should begin, relative to the Unix
|
||
|
// Epoch. If equivalent to zero (base::TimeDelta()), then it is enforced
|
||
|
// for all certificates.
|
||
|
base::TimeDelta effective_date;
|
||
|
|
||
|
// However, if a certificate ALSO chains to or through one of
|
||
|
// |exceptions|, which also contains the SHA-256 hashes of the
|
||
|
// issuing CA's SubjectPublicKeyInfo, then even though it chained
|
||
|
// through |roots|, it will be exempt from CT requirements.
|
||
|
const SHA256HashValue* exceptions;
|
||
|
|
||
|
// The number of entries in |exceptions|.
|
||
|
size_t exceptions_length;
|
||
|
};
|
||
|
|
||
|
typedef CTRequiredPolicy CTRequiredPolicies[2];
|
||
|
|
||
|
const CTRequiredPolicies& GetCTRequiredPolicies() {
|
||
|
static const CTRequiredPolicy kCTRequiredPolicies[] = {
|
||
|
// See net/data/ssl/symantec/README.md
|
||
|
{
|
||
|
kSymantecRoots, kSymantecRootsLength,
|
||
|
// 1 June 2016, 00:00:00 GMT.
|
||
|
base::TimeDelta::FromSeconds(1464739200),
|
||
|
kSymantecExceptions, kSymantecExceptionsLength,
|
||
|
},
|
||
|
{
|
||
|
kSymantecManagedCAs, kSymantecManagedCAsLength,
|
||
|
base::TimeDelta(), nullptr, 0
|
||
|
},
|
||
|
};
|
||
|
|
||
|
return kCTRequiredPolicies;
|
||
|
}
|