OLD | NEW |
1 // Copyright (c) 2011 The Chromium Authors. All rights reserved. | 1 // Copyright (c) 2011 The Chromium Authors. All rights reserved. |
2 // Use of this source code is governed by a BSD-style license that can be | 2 // Use of this source code is governed by a BSD-style license that can be |
3 // found in the LICENSE file. | 3 // found in the LICENSE file. |
4 | 4 |
5 #include "net/base/transport_security_state.h" | 5 #include "net/base/transport_security_state.h" |
6 | 6 |
7 #include "base/base64.h" | 7 #include "base/base64.h" |
8 #include "base/json/json_reader.h" | 8 #include "base/json/json_reader.h" |
9 #include "base/json/json_writer.h" | 9 #include "base/json/json_writer.h" |
10 #include "base/logging.h" | 10 #include "base/logging.h" |
(...skipping 14 matching lines...) Expand all Loading... |
25 | 25 |
26 TransportSecurityState::TransportSecurityState(const std::string& hsts_hosts) | 26 TransportSecurityState::TransportSecurityState(const std::string& hsts_hosts) |
27 : delegate_(NULL) { | 27 : delegate_(NULL) { |
28 if (!hsts_hosts.empty()) { | 28 if (!hsts_hosts.empty()) { |
29 bool dirty; | 29 bool dirty; |
30 Deserialise(hsts_hosts, &dirty, &forced_hosts_); | 30 Deserialise(hsts_hosts, &dirty, &forced_hosts_); |
31 } | 31 } |
32 } | 32 } |
33 | 33 |
34 static std::string HashHost(const std::string& canonicalized_host) { | 34 static std::string HashHost(const std::string& canonicalized_host) { |
35 char hashed[crypto::SHA256_LENGTH]; | 35 char hashed[crypto::kSHA256Length]; |
36 crypto::SHA256HashString(canonicalized_host, hashed, sizeof(hashed)); | 36 crypto::SHA256HashString(canonicalized_host, hashed, sizeof(hashed)); |
37 return std::string(hashed, sizeof(hashed)); | 37 return std::string(hashed, sizeof(hashed)); |
38 } | 38 } |
39 | 39 |
40 void TransportSecurityState::EnableHost(const std::string& host, | 40 void TransportSecurityState::EnableHost(const std::string& host, |
41 const DomainState& state) { | 41 const DomainState& state) { |
42 const std::string canonicalized_host = CanonicalizeHost(host); | 42 const std::string canonicalized_host = CanonicalizeHost(host); |
43 if (canonicalized_host.empty()) | 43 if (canonicalized_host.empty()) |
44 return; | 44 return; |
45 | 45 |
(...skipping 240 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
286 std::string out; | 286 std::string out; |
287 CHECK(base::Base64Encode(hashed, &out)); | 287 CHECK(base::Base64Encode(hashed, &out)); |
288 return out; | 288 return out; |
289 } | 289 } |
290 | 290 |
291 // This inverts |HashedDomainToExternalString|, above. It turns an external | 291 // This inverts |HashedDomainToExternalString|, above. It turns an external |
292 // string (from a JSON file) into an internal (binary) string. | 292 // string (from a JSON file) into an internal (binary) string. |
293 static std::string ExternalStringToHashedDomain(const std::string& external) { | 293 static std::string ExternalStringToHashedDomain(const std::string& external) { |
294 std::string out; | 294 std::string out; |
295 if (!base::Base64Decode(external, &out) || | 295 if (!base::Base64Decode(external, &out) || |
296 out.size() != crypto::SHA256_LENGTH) { | 296 out.size() != crypto::kSHA256Length) { |
297 return std::string(); | 297 return std::string(); |
298 } | 298 } |
299 | 299 |
300 return out; | 300 return out; |
301 } | 301 } |
302 | 302 |
303 bool TransportSecurityState::Serialise(std::string* output) { | 303 bool TransportSecurityState::Serialise(std::string* output) { |
304 DictionaryValue toplevel; | 304 DictionaryValue toplevel; |
305 for (std::map<std::string, DomainState>::const_iterator | 305 for (std::map<std::string, DomainState>::const_iterator |
306 i = enabled_hosts_.begin(); i != enabled_hosts_.end(); ++i) { | 306 i = enabled_hosts_.begin(); i != enabled_hosts_.end(); ++i) { |
(...skipping 441 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
748 } | 748 } |
749 | 749 |
750 LOG(ERROR) << "Rejecting public key chain for domain " << domain | 750 LOG(ERROR) << "Rejecting public key chain for domain " << domain |
751 << ". Validated chain: " << HashesToBase64String(hashes) | 751 << ". Validated chain: " << HashesToBase64String(hashes) |
752 << ", expected: " << HashesToBase64String(public_key_hashes); | 752 << ", expected: " << HashesToBase64String(public_key_hashes); |
753 | 753 |
754 return false; | 754 return false; |
755 } | 755 } |
756 | 756 |
757 } // namespace | 757 } // namespace |
OLD | NEW |