OLD | NEW |
---|---|
1 // Copyright (c) 2011 The Chromium Authors. All rights reserved. | 1 // Copyright (c) 2011 The Chromium Authors. All rights reserved. |
2 // Use of this source code is governed by a BSD-style license that can be | 2 // Use of this source code is governed by a BSD-style license that can be |
3 // found in the LICENSE file. | 3 // found in the LICENSE file. |
4 | 4 |
5 #ifndef NET_BASE_TRANSPORT_SECURITY_STATE_H_ | 5 #ifndef NET_BASE_TRANSPORT_SECURITY_STATE_H_ |
6 #define NET_BASE_TRANSPORT_SECURITY_STATE_H_ | 6 #define NET_BASE_TRANSPORT_SECURITY_STATE_H_ |
7 #pragma once | 7 #pragma once |
8 | 8 |
9 #include <map> | 9 #include <map> |
10 #include <string> | 10 #include <string> |
11 #include <vector> | |
11 | 12 |
12 #include "base/basictypes.h" | 13 #include "base/basictypes.h" |
13 #include "base/gtest_prod_util.h" | 14 #include "base/gtest_prod_util.h" |
14 #include "base/memory/ref_counted.h" | 15 #include "base/memory/ref_counted.h" |
15 #include "base/time.h" | 16 #include "base/time.h" |
16 | 17 |
17 namespace net { | 18 namespace net { |
18 | 19 |
20 class X509Certificate; | |
21 | |
19 // TransportSecurityState | 22 // TransportSecurityState |
20 // | 23 // |
21 // Tracks which hosts have enabled *-Transport-Security. This object manages | 24 // Tracks which hosts have enabled *-Transport-Security. This object manages |
22 // the in-memory store. A separate object must register itself with this object | 25 // the in-memory store. A separate object must register itself with this object |
23 // in order to persist the state to disk. | 26 // in order to persist the state to disk. |
24 class TransportSecurityState : | 27 class TransportSecurityState : |
25 public base::RefCountedThreadSafe<TransportSecurityState> { | 28 public base::RefCountedThreadSafe<TransportSecurityState> { |
26 public: | 29 public: |
27 TransportSecurityState(); | 30 TransportSecurityState(); |
28 | 31 |
(...skipping 18 matching lines...) Expand all Loading... | |
47 DomainState() | 50 DomainState() |
48 : mode(MODE_STRICT), | 51 : mode(MODE_STRICT), |
49 created(base::Time::Now()), | 52 created(base::Time::Now()), |
50 include_subdomains(false), | 53 include_subdomains(false), |
51 preloaded(false) { } | 54 preloaded(false) { } |
52 | 55 |
53 Mode mode; | 56 Mode mode; |
54 base::Time created; // when this host entry was first created | 57 base::Time created; // when this host entry was first created |
55 base::Time expiry; // the absolute time (UTC) when this record expires | 58 base::Time expiry; // the absolute time (UTC) when this record expires |
56 bool include_subdomains; // subdomains included? | 59 bool include_subdomains; // subdomains included? |
60 std::vector<std::string> cert_locks; // optional: fingerprint locking | |
abarth-chromium
2011/04/04 22:49:36
People seem to like the name "pinning" better than
| |
57 | 61 |
58 // The follow members are not valid when stored in |enabled_hosts_|. | 62 // The follow members are not valid when stored in |enabled_hosts_|. |
59 bool preloaded; // is this a preloaded entry? | 63 bool preloaded; // is this a preloaded entry? |
60 std::string domain; // the domain which matched | 64 std::string domain; // the domain which matched |
61 }; | 65 }; |
62 | 66 |
63 // Enable TransportSecurity for |host|. | 67 // Enable TransportSecurity for |host|. |
64 void EnableHost(const std::string& host, const DomainState& state); | 68 void EnableHost(const std::string& host, const DomainState& state); |
65 | 69 |
66 // Delete any entry for |host|. If |host| doesn't have an exact entry then no | 70 // Delete any entry for |host|. If |host| doesn't have an exact entry then no |
67 // action is taken. Returns true iff an entry was deleted. | 71 // action is taken. Returns true iff an entry was deleted. |
68 bool DeleteHost(const std::string& host); | 72 bool DeleteHost(const std::string& host); |
69 | 73 |
70 // Returns true if |host| has TransportSecurity enabled. If that case, | 74 // Returns true if |host| has TransportSecurity enabled. If that case, |
71 // *result is filled out. | 75 // *result is filled out. |
72 bool IsEnabledForHost(DomainState* result, const std::string& host); | 76 bool IsEnabledForHost(DomainState* result, const std::string& host); |
73 | 77 |
78 // Returns true if our (optional) stronger certificate authority checks | |
79 // will accept this signature chain for this domain. | |
80 bool IsAcceptableCertificate(const std::string& host, X509Certificate* cert); | |
81 | |
74 // Deletes all records created since a given time. | 82 // Deletes all records created since a given time. |
75 void DeleteSince(const base::Time& time); | 83 void DeleteSince(const base::Time& time); |
76 | 84 |
77 // Returns |true| if |value| parses as a valid *-Transport-Security | 85 // Returns |true| if |value| parses as a valid *-Transport-Security |
78 // header value. The values of max-age and and includeSubDomains are | 86 // header value. The values of max-age and and includeSubDomains are |
79 // returned in |max_age| and |include_subdomains|, respectively. The out | 87 // returned in |max_age| and |include_subdomains|, respectively. The out |
80 // parameters are not modified if the function returns |false|. | 88 // parameters are not modified if the function returns |false|. |
81 static bool ParseHeader(const std::string& value, | 89 static bool ParseHeader(const std::string& value, |
82 int* max_age, | 90 int* max_age, |
83 bool* include_subdomains); | 91 bool* include_subdomains); |
(...skipping 37 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... | |
121 | 129 |
122 // Our delegate who gets notified when we are dirtied, or NULL. | 130 // Our delegate who gets notified when we are dirtied, or NULL. |
123 Delegate* delegate_; | 131 Delegate* delegate_; |
124 | 132 |
125 DISALLOW_COPY_AND_ASSIGN(TransportSecurityState); | 133 DISALLOW_COPY_AND_ASSIGN(TransportSecurityState); |
126 }; | 134 }; |
127 | 135 |
128 } // namespace net | 136 } // namespace net |
129 | 137 |
130 #endif // NET_BASE_TRANSPORT_SECURITY_STATE_H_ | 138 #endif // NET_BASE_TRANSPORT_SECURITY_STATE_H_ |
OLD | NEW |