Chromium Code Reviews
chromiumcodereview-hr@appspot.gserviceaccount.com (chromiumcodereview-hr) | Please choose your nickname with Settings | Help | Chromium Project | Gerrit Changes | Sign out
(108)

Issues Search
    My Issues | Starred     Open | Closed | All

Side by Side Diff: net/url_request/url_request_http_job.cc

Issue 8467031: net: make pinning enforcement timeout after ten weeks. (Closed) Base URL: svn://svn.chromium.org/chrome/trunk/src
Patch Set: Created 9 years, 1 month ago
Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.
Jump to:
View unified diff | Download patch | Annotate | Revision Log
« net/base/build_time.cc ('K') | « net/net.gyp ('k') | no next file » | no next file with comments »
Toggle Intra-line Diffs ('i') | Expand Comments ('e') | Collapse Comments ('c') | Show Comments Hide Comments ('s')
OLDNEW
1 // Copyright (c) 2011 The Chromium Authors. All rights reserved. 1 // Copyright (c) 2011 The Chromium Authors. All rights reserved.
2 // Use of this source code is governed by a BSD-style license that can be 2 // Use of this source code is governed by a BSD-style license that can be
3 // found in the LICENSE file. 3 // found in the LICENSE file.
4 4
5 #include "net/url_request/url_request_http_job.h" 5 #include "net/url_request/url_request_http_job.h"
6 6
7 #include "base/bind.h" 7 #include "base/bind.h"
8 #include "base/base_switches.h" 8 #include "base/base_switches.h"
9 #include "base/command_line.h" 9 #include "base/command_line.h"
10 #include "base/compiler_specific.h" 10 #include "base/compiler_specific.h"
11 #include "base/file_util.h" 11 #include "base/file_util.h"
12 #include "base/file_version_info.h" 12 #include "base/file_version_info.h"
13 #include "base/message_loop.h" 13 #include "base/message_loop.h"
14 #include "base/metrics/field_trial.h" 14 #include "base/metrics/field_trial.h"
15 #include "base/metrics/histogram.h" 15 #include "base/metrics/histogram.h"
16 #include "base/rand_util.h" 16 #include "base/rand_util.h"
17 #include "base/string_util.h" 17 #include "base/string_util.h"
18 #include "base/time.h" 18 #include "base/time.h"
19 #include "net/base/build_time.h"
19 #include "net/base/cert_status_flags.h" 20 #include "net/base/cert_status_flags.h"
20 #include "net/base/cookie_monster.h" 21 #include "net/base/cookie_monster.h"
21 #include "net/base/filter.h" 22 #include "net/base/filter.h"
22 #include "net/base/host_port_pair.h" 23 #include "net/base/host_port_pair.h"
23 #include "net/base/load_flags.h" 24 #include "net/base/load_flags.h"
24 #include "net/base/mime_util.h" 25 #include "net/base/mime_util.h"
25 #include "net/base/net_errors.h" 26 #include "net/base/net_errors.h"
26 #include "net/base/net_util.h" 27 #include "net/base/net_util.h"
27 #include "net/base/network_delegate.h" 28 #include "net/base/network_delegate.h"
28 #include "net/base/sdch_manager.h" 29 #include "net/base/sdch_manager.h"
(...skipping 646 matching lines...) Expand 10 before | Expand all | Expand 10 after
675 ssl_info.is_issued_by_known_root && 676 ssl_info.is_issued_by_known_root &&
676 context_->transport_security_state()) { 677 context_->transport_security_state()) {
677 TransportSecurityState::DomainState domain_state; 678 TransportSecurityState::DomainState domain_state;
678 bool sni_available = SSLConfigService::IsSNIAvailable( 679 bool sni_available = SSLConfigService::IsSNIAvailable(
679 context_->ssl_config_service()); 680 context_->ssl_config_service());
680 std::string host = request_->url().host(); 681 std::string host = request_->url().host();
681 682
682 if (context_->transport_security_state()->HasPinsForHost( 683 if (context_->transport_security_state()->HasPinsForHost(
683 &domain_state, host, sni_available)) { 684 &domain_state, host, sni_available)) {
684 if (!domain_state.IsChainOfPublicKeysPermitted( 685 if (!domain_state.IsChainOfPublicKeysPermitted(
685 ssl_info.public_key_hashes)) { 686 ssl_info.public_key_hashes) &&
687 GetDaysSinceBuild() < 70 /* 10 weeks */) {
686 result = ERR_SSL_PINNED_KEY_NOT_IN_CERT_CHAIN; 688 result = ERR_SSL_PINNED_KEY_NOT_IN_CERT_CHAIN;
687 UMA_HISTOGRAM_BOOLEAN("Net.PublicKeyPinSuccess", false); 689 UMA_HISTOGRAM_BOOLEAN("Net.PublicKeyPinSuccess", false);
688 TransportSecurityState::ReportUMAOnPinFailure(host); 690 TransportSecurityState::ReportUMAOnPinFailure(host);
689 FraudulentCertificateReporter* reporter = 691 FraudulentCertificateReporter* reporter =
690 context_->fraudulent_certificate_reporter(); 692 context_->fraudulent_certificate_reporter();
691 if (reporter != NULL) 693 if (reporter != NULL)
692 reporter->SendReport(host, ssl_info, sni_available); 694 reporter->SendReport(host, ssl_info, sni_available);
693 } else { 695 } else {
694 UMA_HISTOGRAM_BOOLEAN("Net.PublicKeyPinSuccess", true); 696 UMA_HISTOGRAM_BOOLEAN("Net.PublicKeyPinSuccess", true);
695 } 697 }
(...skipping 730 matching lines...) Expand 10 before | Expand all | Expand 10 after
1426 return override_response_headers_.get() ? 1428 return override_response_headers_.get() ?
1427 override_response_headers_ : 1429 override_response_headers_ :
1428 transaction_->GetResponseInfo()->headers; 1430 transaction_->GetResponseInfo()->headers;
1429 } 1431 }
1430 1432
1431 void URLRequestHttpJob::NotifyURLRequestDestroyed() { 1433 void URLRequestHttpJob::NotifyURLRequestDestroyed() {
1432 awaiting_callback_ = false; 1434 awaiting_callback_ = false;
1433 } 1435 }
1434 1436
1435 } // namespace net 1437 } // namespace net
OLDNEW
« net/base/build_time.cc ('K') | « net/net.gyp ('k') | no next file » | no next file with comments »

Powered by Google App Engine
This is Rietveld 408576698