author Kershaw Chang <>
Thu, 27 Jul 2017 23:41:00 +0200
changeset 420412 43a17f4d5399bcca8f67b3756aadf670792873d2
parent 377825 9faf10e794e61d45e42246f101681ceb9f10cced
permissions -rw-r--r--
Bug 1366822 - Part1: Modify NetworkPrioritizer to only update selected tab's window ID, r=dao The original NetworkPrioritizer tracks each browser window and give the high priority to the selected tab. This patch is based on the NetworkPrioritizer, but only send a notification of the current selected tab's content outer window ID to network module.

/* -*- Mode: C++; tab-width: 8; indent-tabs-mode: nil; c-basic-offset: 2 -*- */
/* vim: set ts=8 sts=2 et sw=2 tw=80: */
/* This Source Code Form is subject to the terms of the Mozilla Public
 * License, v. 2.0. If a copy of the MPL was not distributed with this
 * file, You can obtain one at */

#ifndef CTPolicyEnforcer_h
#define CTPolicyEnforcer_h

#include "CTLog.h"
#include "CTVerifyResult.h"
#include "pkix/Result.h"

namespace mozilla { namespace ct {

// Information about the compliance of the TLS connection with the
// Certificate Transparency policy.
enum class CTPolicyCompliance
  // Compliance not checked or not applicable.
  // The connection complied with the certificate policy
  // by including SCTs that satisfy the policy.
  // The connection did not have enough valid SCTs to comply.
  // The connection had enough valid SCTs, but the diversity requirement
  // was not met (the number of CT log operators independent of the CA
  // and of each other is too low).

// Checks whether a TLS connection complies with the current CT policy.
// The implemented policy is based on the Mozilla CT Policy draft 0.1.0
// (see
// 1rnqYYwscAx8WhS-MCdTiNzYQus9e37HuVyafQvEeNro/edit).
// OF MOZILLA CT POLICY. Specifically:
// 1. CT log operators being CA-dependent is not currently taken into account
// (see CTDiversityPolicy.h).
// 2. The grandfathering provision of the operator diversity requirement
// is not implemented (see "CT Qualified" section of the policy and
// CheckOperatorDiversityCompliance in CTPolicyEnforcer.cpp).
class CTPolicyEnforcer
  // |verifiedSct| - SCTs present on the connection along with their
  // verification status.
  // |certLifetimeInCalendarMonths| - certificate lifetime in full calendar
  // months (i.e. rounded down), based on the notBefore/notAfter fields.
  // |dependentOperators| - which CT log operators are dependent on the CA
  // that issued the certificate. SCTs issued by logs associated with such
  // operators are treated differenly when evaluating the policy.
  // See CTDiversityPolicy class.
  // |compliance| - the result of the compliance check.
  pkix::Result CheckCompliance(const VerifiedSCTList& verifiedScts,
                               size_t certLifetimeInCalendarMonths,
                               const CTLogOperatorList& dependentOperators,
                               CTPolicyCompliance& compliance);

} } // namespace mozilla::ct

#endif // CTPolicyEnforcer_h