Chromium Code Reviews
chromiumcodereview-hr@appspot.gserviceaccount.com (chromiumcodereview-hr) | Please choose your nickname with Settings | Help | Chromium Project | Gerrit Changes | Sign out
(586)

Side by Side Diff: net/base/transport_security_state.h

Issue 6895039: Merge 82409 - Add command-line control of the HSTS preload list. (Closed) Base URL: svn://svn.chromium.org/chrome/branches/742/src/
Patch Set: Created 9 years, 8 months ago
Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.
Jump to:
View unified diff | Download patch | Annotate | Revision Log
« no previous file with comments | « net/base/net_switches.cc ('k') | net/base/transport_security_state.cc » ('j') | no next file with comments »
Toggle Intra-line Diffs ('i') | Expand Comments ('e') | Collapse Comments ('c') | Show Comments Hide Comments ('s')
OLDNEW
1 // Copyright (c) 2011 The Chromium Authors. All rights reserved. 1 // Copyright (c) 2011 The Chromium Authors. All rights reserved.
2 // Use of this source code is governed by a BSD-style license that can be 2 // Use of this source code is governed by a BSD-style license that can be
3 // found in the LICENSE file. 3 // found in the LICENSE file.
4 4
5 #ifndef NET_BASE_TRANSPORT_SECURITY_STATE_H_ 5 #ifndef NET_BASE_TRANSPORT_SECURITY_STATE_H_
6 #define NET_BASE_TRANSPORT_SECURITY_STATE_H_ 6 #define NET_BASE_TRANSPORT_SECURITY_STATE_H_
7 #pragma once 7 #pragma once
8 8
9 #include <map> 9 #include <map>
10 #include <string> 10 #include <string>
(...skipping 26 matching lines...) Expand all
37 MODE_STRICT = 0, 37 MODE_STRICT = 0,
38 // Opportunistic mode implies: 38 // Opportunistic mode implies:
39 // * We'll request HTTP URLs over HTTPS 39 // * We'll request HTTP URLs over HTTPS
40 // * Certificate issues are ignored. 40 // * Certificate issues are ignored.
41 MODE_OPPORTUNISTIC = 1, 41 MODE_OPPORTUNISTIC = 1,
42 // SPDY_ONLY (aka X-Bodge-Transport-Security) is a hopefully temporary 42 // SPDY_ONLY (aka X-Bodge-Transport-Security) is a hopefully temporary
43 // measure. It implies: 43 // measure. It implies:
44 // * We'll request HTTP URLs over HTTPS iff we have SPDY support. 44 // * We'll request HTTP URLs over HTTPS iff we have SPDY support.
45 // * Certificate issues are fatal. 45 // * Certificate issues are fatal.
46 MODE_SPDY_ONLY = 2, 46 MODE_SPDY_ONLY = 2,
47 // None means there is no HSTS for this domain.
48 MODE_NONE = 3,
47 }; 49 };
48 50
49 DomainState(); 51 DomainState();
50 ~DomainState(); 52 ~DomainState();
51 53
52 // IsChainOfPublicKeysPermitted takes a set of public key hashes and 54 // IsChainOfPublicKeysPermitted takes a set of public key hashes and
53 // returns true if: 55 // returns true if:
54 // 1) |public_key_hashes| is empty, i.e. no public keys have been pinned. 56 // 1) |public_key_hashes| is empty, i.e. no public keys have been pinned.
55 // 2) |hashes| and |public_key_hashes| are not disjoint. 57 // 2) |hashes| and |public_key_hashes| are not disjoint.
56 bool IsChainOfPublicKeysPermitted( 58 bool IsChainOfPublicKeysPermitted(
(...skipping 40 matching lines...) Expand 10 before | Expand all | Expand 10 after
97 // Thus it must not reenter the TransportSecurityState object. 99 // Thus it must not reenter the TransportSecurityState object.
98 virtual void StateIsDirty(TransportSecurityState* state) = 0; 100 virtual void StateIsDirty(TransportSecurityState* state) = 0;
99 101
100 protected: 102 protected:
101 virtual ~Delegate() {} 103 virtual ~Delegate() {}
102 }; 104 };
103 105
104 void SetDelegate(Delegate*); 106 void SetDelegate(Delegate*);
105 107
106 bool Serialise(std::string* output); 108 bool Serialise(std::string* output);
107 bool Deserialise(const std::string& state, bool* dirty); 109 // Existing non-preloaded entries are cleared and repopulated from the
110 // passed JSON string.
111 bool LoadEntries(const std::string& state, bool* dirty);
108 112
109 // The maximum number of seconds for which we'll cache an HSTS request. 113 // The maximum number of seconds for which we'll cache an HSTS request.
110 static const long int kMaxHSTSAgeSecs; 114 static const long int kMaxHSTSAgeSecs;
111 115
112 private: 116 private:
113 friend class base::RefCountedThreadSafe<TransportSecurityState>; 117 friend class base::RefCountedThreadSafe<TransportSecurityState>;
114 FRIEND_TEST_ALL_PREFIXES(TransportSecurityStateTest, IsPreloaded); 118 FRIEND_TEST_ALL_PREFIXES(TransportSecurityStateTest, IsPreloaded);
115 119
116 ~TransportSecurityState(); 120 ~TransportSecurityState();
117 121
118 // If we have a callback configured, call it to let our serialiser know that 122 // If we have a callback configured, call it to let our serialiser know that
119 // our state is dirty. 123 // our state is dirty.
120 void DirtyNotify(); 124 void DirtyNotify();
121 125
122 static std::string CanonicalizeHost(const std::string& host); 126 static std::string CanonicalizeHost(const std::string& host);
123 static bool IsPreloadedSTS(const std::string& canonicalized_host, 127 static bool IsPreloadedSTS(const std::string& canonicalized_host,
124 bool sni_available, 128 bool sni_available,
125 bool* out_include_subdomains); 129 DomainState* out);
130 static bool Deserialise(const std::string& state,
131 bool* dirty,
132 std::map<std::string, DomainState>* out);
126 133
127 // The set of hosts that have enabled TransportSecurity. The keys here 134 // The set of hosts that have enabled TransportSecurity. The keys here
128 // are SHA256(DNSForm(domain)) where DNSForm converts from dotted form 135 // are SHA256(DNSForm(domain)) where DNSForm converts from dotted form
129 // ('www.google.com') to the form used in DNS: "\x03www\x06google\x03com" 136 // ('www.google.com') to the form used in DNS: "\x03www\x06google\x03com"
130 std::map<std::string, DomainState> enabled_hosts_; 137 std::map<std::string, DomainState> enabled_hosts_;
131 138
132 // Our delegate who gets notified when we are dirtied, or NULL. 139 // Our delegate who gets notified when we are dirtied, or NULL.
133 Delegate* delegate_; 140 Delegate* delegate_;
134 141
135 DISALLOW_COPY_AND_ASSIGN(TransportSecurityState); 142 DISALLOW_COPY_AND_ASSIGN(TransportSecurityState);
136 }; 143 };
137 144
138 } // namespace net 145 } // namespace net
139 146
140 #endif // NET_BASE_TRANSPORT_SECURITY_STATE_H_ 147 #endif // NET_BASE_TRANSPORT_SECURITY_STATE_H_
OLDNEW
« no previous file with comments | « net/base/net_switches.cc ('k') | net/base/transport_security_state.cc » ('j') | no next file with comments »

Powered by Google App Engine
This is Rietveld 408576698