Chromium Code Reviews
chromiumcodereview-hr@appspot.gserviceaccount.com (chromiumcodereview-hr) | Please choose your nickname with Settings | Help | Chromium Project | Gerrit Changes | Sign out
(28)

Issues Search
    My Issues | Starred     Open | Closed | All

Side by Side Diff: net/base/force_tls_state.h

Issue 186014: ForceTLS: persist to disk (Closed)
Patch Set: ... Created 11 years, 3 months ago
Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.
Jump to:
View unified diff | Download patch
« no previous file with comments | « chrome/chrome.gyp ('k') | net/base/force_tls_state.cc » ('j') | net/base/force_tls_state.cc » ('J')
Toggle Intra-line Diffs ('i') | Expand Comments ('e') | Collapse Comments ('c') | Show Comments Hide Comments ('s')
OLDNEW
1 // Copyright (c) 2009 The Chromium Authors. All rights reserved. 1 // Copyright (c) 2009 The Chromium Authors. All rights reserved.
2 // Use of this source code is governed by a BSD-style license that can be 2 // Use of this source code is governed by a BSD-style license that can be
3 // found in the LICENSE file. 3 // found in the LICENSE file.
4 4
5 #ifndef NET_BASE_FORCE_TLS_STATE_H_ 5 #ifndef NET_BASE_FORCE_TLS_STATE_H_
6 #define NET_BASE_FORCE_TLS_STATE_H_ 6 #define NET_BASE_FORCE_TLS_STATE_H_
7 7
8 #include <set> 8 #include <map>
9 #include <string> 9 #include <string>
10 10
11 #include "base/basictypes.h" 11 #include "base/basictypes.h"
12 #include "base/lock.h" 12 #include "base/lock.h"
13 #include "base/ref_counted.h"
14 #include "base/time.h"
13 15
14 class GURL; 16 class GURL;
15 17
16 namespace net { 18 namespace net {
17 19
18 // ForceTLSState 20 // ForceTLSState
19 // 21 //
20 // Tracks which hosts have enabled ForceTLS. After a host enables ForceTLS, 22 // Tracks which hosts have enabled ForceTLS. After a host enables ForceTLS,
21 // then we refuse to talk to the host over HTTP, treat all certificate errors as 23 // then we refuse to talk to the host over HTTP, treat all certificate errors as
22 // fatal, and refuse to load any mixed content. 24 // fatal, and refuse to load any mixed content.
23 // 25 //
24 class ForceTLSState { 26 class ForceTLSState : public base::RefCountedThreadSafe<ForceTLSState> {
25 public: 27 public:
26 ForceTLSState(); 28 ForceTLSState();
27 29
28 // Called when we see an X-Force-TLS header that we should process. Modifies 30 // Called when we see an X-Force-TLS header that we should process. Modifies
29 // our state as instructed by the header. 31 // our state as instructed by the header.
30 void DidReceiveHeader(const GURL& url, const std::string& value); 32 void DidReceiveHeader(const GURL& url, const std::string& value);
31 33
32 // Enable ForceTLS for |host|. 34 // Enable ForceTLS for |host|.
33 void EnableHost(const std::string& host); 35 void EnableHost(const std::string& host, base::Time expiry,
36 bool include_subdomains);
34 37
35 // Returns whether |host| has had ForceTLS enabled. 38 // Returns whether |host| has had ForceTLS enabled.
36 bool IsEnabledForHost(const std::string& host); 39 bool IsEnabledForHost(const std::string& host);
37 40
38 // Returns |true| if |value| parses as a valid X-Force-TLS header value. 41 // Returns |true| if |value| parses as a valid X-Force-TLS header value.
39 // The values of max-age and and includeSubDomains are returned in |max_age| 42 // The values of max-age and and includeSubDomains are returned in |max_age|
40 // and |include_subdomains|, respectively. The out parameters are not 43 // and |include_subdomains|, respectively. The out parameters are not
41 // modified if the function returns |false|. 44 // modified if the function returns |false|.
42 static bool ParseHeader(const std::string& value, 45 static bool ParseHeader(const std::string& value,
43 int* max_age, 46 int* max_age,
44 bool* include_subdomains); 47 bool* include_subdomains);
45 48
49 struct State {
50 base::Time expiry; // the absolute time (UTC) when this record expires
51 bool include_subdomains; // subdomains included?
52 };
53
54 // Set a callback which is called on an arbitary thread when the state of
55 // this object is updated. The callback may not block and may not reenter
56 // this object.
57 void SetDirtyCallback(void (*callback) (void*), void* userdata);
58
59 bool Serialise(std::string* output);
60 bool Deserialise(const std::string& state);
61
46 private: 62 private:
63 // If we have a callback configured, call it to let our serialiser know that
64 // our state is dirty.
65 void DirtyNotify();
66
47 // The set of hosts that have enabled ForceTLS. 67 // The set of hosts that have enabled ForceTLS.
48 std::set<std::string> enabled_hosts_; 68 std::map<std::string, State> enabled_hosts_;
49 69
50 // Protect access to our data members with this lock. 70 // Protect access to our data members with this lock.
51 Lock lock_; 71 Lock lock_;
52 72
73 void (*callback_) (void*);
74 void* callback_userdata_;
75
53 DISALLOW_COPY_AND_ASSIGN(ForceTLSState); 76 DISALLOW_COPY_AND_ASSIGN(ForceTLSState);
54 }; 77 };
55 78
56 } // namespace net 79 } // namespace net
57 80
58 #endif // NET_BASE_FORCE_TLS_STATE_H_ 81 #endif // NET_BASE_FORCE_TLS_STATE_H_
OLDNEW
« no previous file with comments | « chrome/chrome.gyp ('k') | net/base/force_tls_state.cc » ('j') | net/base/force_tls_state.cc » ('J')

Powered by Google App Engine
This is Rietveld 408576698