| OLD | NEW |
|---|
| 1 // Copyright (c) 2010 The Chromium Authors. All rights reserved. | 1 // Copyright (c) 2010 The Chromium Authors. All rights reserved. |
| 2 // Use of this source code is governed by a BSD-style license that can be | 2 // Use of this source code is governed by a BSD-style license that can be |
| 3 // found in the LICENSE file. | 3 // found in the LICENSE file. |
| 4 | 4 |
| 5 #ifndef NET_BASE_TRANSPORT_SECURITY_STATE_H_ | 5 #ifndef NET_BASE_TRANSPORT_SECURITY_STATE_H_ |
| 6 #define NET_BASE_TRANSPORT_SECURITY_STATE_H_ | 6 #define NET_BASE_TRANSPORT_SECURITY_STATE_H_ |
| 7 #pragma once | 7 #pragma once |
| 8 | 8 |
| 9 #include <map> | 9 #include <map> |
| 10 #include <string> | 10 #include <string> |
| (...skipping 29 matching lines...) Expand all Loading... |
| 40 // SPDY_ONLY (aka X-Bodge-Transport-Security) is a hopefully temporary | 40 // SPDY_ONLY (aka X-Bodge-Transport-Security) is a hopefully temporary |
| 41 // measure. It implies: | 41 // measure. It implies: |
| 42 // * We'll request HTTP URLs over HTTPS iff we have SPDY support. | 42 // * We'll request HTTP URLs over HTTPS iff we have SPDY support. |
| 43 // * Certificate issues are fatal. | 43 // * Certificate issues are fatal. |
| 44 MODE_SPDY_ONLY = 2, | 44 MODE_SPDY_ONLY = 2, |
| 45 }; | 45 }; |
| 46 | 46 |
| 47 DomainState() | 47 DomainState() |
| 48 : mode(MODE_STRICT), | 48 : mode(MODE_STRICT), |
| 49 created(base::Time::Now()), | 49 created(base::Time::Now()), |
| 50 include_subdomains(false) { } | 50 include_subdomains(false), |
| 51 preloaded(false) { } |
| 51 | 52 |
| 52 Mode mode; | 53 Mode mode; |
| 53 base::Time created; // when this host entry was first created | 54 base::Time created; // when this host entry was first created |
| 54 base::Time expiry; // the absolute time (UTC) when this record expires | 55 base::Time expiry; // the absolute time (UTC) when this record expires |
| 55 bool include_subdomains; // subdomains included? | 56 bool include_subdomains; // subdomains included? |
| 57 |
| 58 // The follow members are not valid when stored in |enabled_hosts_|. |
| 59 bool preloaded; // is this a preloaded entry? |
| 60 std::string domain; // the domain which matched |
| 56 }; | 61 }; |
| 57 | 62 |
| 58 // Enable TransportSecurity for |host|. | 63 // Enable TransportSecurity for |host|. |
| 59 void EnableHost(const std::string& host, const DomainState& state); | 64 void EnableHost(const std::string& host, const DomainState& state); |
| 60 | 65 |
| 66 // Delete any entry for |host|. If |host| doesn't have an exact entry then no |
| 67 // action is taken. Returns true iff an entry was deleted. |
| 68 bool DeleteHost(const std::string& host); |
| 69 |
| 61 // Returns true if |host| has TransportSecurity enabled. If that case, | 70 // Returns true if |host| has TransportSecurity enabled. If that case, |
| 62 // *result is filled out. | 71 // *result is filled out. |
| 63 bool IsEnabledForHost(DomainState* result, const std::string& host); | 72 bool IsEnabledForHost(DomainState* result, const std::string& host); |
| 64 | 73 |
| 65 // Deletes all records created since a given time. | 74 // Deletes all records created since a given time. |
| 66 void DeleteSince(const base::Time& time); | 75 void DeleteSince(const base::Time& time); |
| 67 | 76 |
| 68 // Returns |true| if |value| parses as a valid *-Transport-Security | 77 // Returns |true| if |value| parses as a valid *-Transport-Security |
| 69 // header value. The values of max-age and and includeSubDomains are | 78 // header value. The values of max-age and and includeSubDomains are |
| 70 // returned in |max_age| and |include_subdomains|, respectively. The out | 79 // returned in |max_age| and |include_subdomains|, respectively. The out |
| (...skipping 23 matching lines...) Expand all Loading... |
| 94 private: | 103 private: |
| 95 friend class base::RefCountedThreadSafe<TransportSecurityState>; | 104 friend class base::RefCountedThreadSafe<TransportSecurityState>; |
| 96 FRIEND_TEST_ALL_PREFIXES(TransportSecurityStateTest, IsPreloaded); | 105 FRIEND_TEST_ALL_PREFIXES(TransportSecurityStateTest, IsPreloaded); |
| 97 | 106 |
| 98 ~TransportSecurityState(); | 107 ~TransportSecurityState(); |
| 99 | 108 |
| 100 // If we have a callback configured, call it to let our serialiser know that | 109 // If we have a callback configured, call it to let our serialiser know that |
| 101 // our state is dirty. | 110 // our state is dirty. |
| 102 void DirtyNotify(); | 111 void DirtyNotify(); |
| 103 | 112 |
| 104 static std::string CanonicaliseHost(const std::string& host); | 113 static std::string CanonicalizeHost(const std::string& host); |
| 105 static bool IsPreloadedSTS(const std::string& canonicalised_host, | 114 static bool IsPreloadedSTS(const std::string& canonicalized_host, |
| 106 bool* out_include_subdomains); | 115 bool* out_include_subdomains); |
| 107 | 116 |
| 108 // The set of hosts that have enabled TransportSecurity. The keys here | 117 // The set of hosts that have enabled TransportSecurity. The keys here |
| 109 // are SHA256(DNSForm(domain)) where DNSForm converts from dotted form | 118 // are SHA256(DNSForm(domain)) where DNSForm converts from dotted form |
| 110 // ('www.google.com') to the form used in DNS: "\x03www\x06google\x03com" | 119 // ('www.google.com') to the form used in DNS: "\x03www\x06google\x03com" |
| 111 std::map<std::string, DomainState> enabled_hosts_; | 120 std::map<std::string, DomainState> enabled_hosts_; |
| 112 | 121 |
| 113 // Our delegate who gets notified when we are dirtied, or NULL. | 122 // Our delegate who gets notified when we are dirtied, or NULL. |
| 114 Delegate* delegate_; | 123 Delegate* delegate_; |
| 115 | 124 |
| 116 DISALLOW_COPY_AND_ASSIGN(TransportSecurityState); | 125 DISALLOW_COPY_AND_ASSIGN(TransportSecurityState); |
| 117 }; | 126 }; |
| 118 | 127 |
| 119 } // namespace net | 128 } // namespace net |
| 120 | 129 |
| 121 #endif // NET_BASE_TRANSPORT_SECURITY_STATE_H_ | 130 #endif // NET_BASE_TRANSPORT_SECURITY_STATE_H_ |
| OLD | NEW |
|---|
Chromium Code Reviews
Issue 6500010:
HSTS: add net-internals UI. (Closed)
Base URL: svn://svn.chromium.org/chrome/trunk/src