Chromium Code Reviews
chromiumcodereview-hr@appspot.gserviceaccount.com (chromiumcodereview-hr) | Please choose your nickname with Settings | Help | Chromium Project | Gerrit Changes | Sign out
(20)

Issues Search
    My Issues | Starred     Open | Closed | All

Side by Side Diff: net/http/transport_security_state.cc

Issue 103803012: Make HSTS headers not clobber preloaded pins. (Closed) Base URL: svn://svn.chromium.org/chrome/trunk/src
Patch Set: Created 7 years ago
Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.
Jump to:
View unified diff | Download patch | Annotate | Revision Log
« no previous file with comments | « no previous file | net/http/transport_security_state_unittest.cc » ('j') | no next file with comments »
Toggle Intra-line Diffs ('i') | Expand Comments ('e') | Collapse Comments ('c') | Show Comments Hide Comments ('s')
OLDNEW
1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. 1 // Copyright (c) 2012 The Chromium Authors. All rights reserved.
2 // Use of this source code is governed by a BSD-style license that can be 2 // Use of this source code is governed by a BSD-style license that can be
3 // found in the LICENSE file. 3 // found in the LICENSE file.
4 4
5 #include "net/http/transport_security_state.h" 5 #include "net/http/transport_security_state.h"
6 6
7 #if defined(USE_OPENSSL) 7 #if defined(USE_OPENSSL)
8 #include <openssl/ecdsa.h> 8 #include <openssl/ecdsa.h>
9 #include <openssl/ssl.h> 9 #include <openssl/ssl.h>
10 #else // !defined(USE_OPENSSL) 10 #else // !defined(USE_OPENSSL)
(...skipping 589 matching lines...) Expand 10 before | Expand all | Expand 10 after
600 return NULL; 600 return NULL;
601 } 601 }
602 602
603 bool TransportSecurityState::AddHSTSHeader(const std::string& host, 603 bool TransportSecurityState::AddHSTSHeader(const std::string& host,
604 const std::string& value) { 604 const std::string& value) {
605 DCHECK(CalledOnValidThread()); 605 DCHECK(CalledOnValidThread());
606 606
607 base::Time now = base::Time::Now(); 607 base::Time now = base::Time::Now();
608 base::TimeDelta max_age; 608 base::TimeDelta max_age;
609 TransportSecurityState::DomainState domain_state; 609 TransportSecurityState::DomainState domain_state;
610 GetDynamicDomainState(host, &domain_state); 610 GetDomainState(host, true, &domain_state);
agl 2013/12/18 15:49:19 GetDomainState(host, true /* SNI enabled */, &doma
palmer 2013/12/18 21:04:40 Done.
611 if (ParseHSTSHeader(value, &max_age, &domain_state.sts_include_subdomains)) { 611 if (ParseHSTSHeader(value, &max_age, &domain_state.sts_include_subdomains)) {
612 // Handle max-age == 0 612 // Handle max-age == 0
613 if (max_age.InSeconds() == 0) 613 if (max_age.InSeconds() == 0)
614 domain_state.upgrade_mode = DomainState::MODE_DEFAULT; 614 domain_state.upgrade_mode = DomainState::MODE_DEFAULT;
615 else 615 else
616 domain_state.upgrade_mode = DomainState::MODE_FORCE_HTTPS; 616 domain_state.upgrade_mode = DomainState::MODE_FORCE_HTTPS;
617 domain_state.created = now; 617 domain_state.created = now;
618 domain_state.upgrade_expiry = now + max_age; 618 domain_state.upgrade_expiry = now + max_age;
619 EnableHost(host, domain_state); 619 EnableHost(host, domain_state);
620 return true; 620 return true;
621 } 621 }
622 return false; 622 return false;
623 } 623 }
624 624
625 bool TransportSecurityState::AddHPKPHeader(const std::string& host, 625 bool TransportSecurityState::AddHPKPHeader(const std::string& host,
626 const std::string& value, 626 const std::string& value,
627 const SSLInfo& ssl_info) { 627 const SSLInfo& ssl_info) {
628 DCHECK(CalledOnValidThread()); 628 DCHECK(CalledOnValidThread());
629 629
630 base::Time now = base::Time::Now(); 630 base::Time now = base::Time::Now();
631 base::TimeDelta max_age; 631 base::TimeDelta max_age;
632 TransportSecurityState::DomainState domain_state; 632 TransportSecurityState::DomainState domain_state;
633 GetDynamicDomainState(host, &domain_state); 633 GetDomainState(host, true, &domain_state);
634 if (ParseHPKPHeader(value, ssl_info.public_key_hashes, 634 if (ParseHPKPHeader(value, ssl_info.public_key_hashes,
635 &max_age, &domain_state.pkp_include_subdomains, 635 &max_age, &domain_state.pkp_include_subdomains,
636 &domain_state.dynamic_spki_hashes)) { 636 &domain_state.dynamic_spki_hashes)) {
637 // TODO(palmer): http://crbug.com/243865 handle max-age == 0. 637 // TODO(palmer): http://crbug.com/243865 handle max-age == 0.
638 domain_state.created = now; 638 domain_state.created = now;
639 domain_state.dynamic_spki_hashes_expiry = now + max_age; 639 domain_state.dynamic_spki_hashes_expiry = now + max_age;
640 EnableHost(host, domain_state); 640 EnableHost(host, domain_state);
641 return true; 641 return true;
642 } 642 }
643 return false; 643 return false;
(...skipping 232 matching lines...) Expand 10 before | Expand all | Expand 10 after
876 return true; 876 return true;
877 } 877 }
878 878
879 bool TransportSecurityState::DomainState::HasPublicKeyPins() const { 879 bool TransportSecurityState::DomainState::HasPublicKeyPins() const {
880 return static_spki_hashes.size() > 0 || 880 return static_spki_hashes.size() > 0 ||
881 bad_static_spki_hashes.size() > 0 || 881 bad_static_spki_hashes.size() > 0 ||
882 dynamic_spki_hashes.size() > 0; 882 dynamic_spki_hashes.size() > 0;
883 } 883 }
884 884
885 } // namespace 885 } // namespace
OLDNEW
« no previous file with comments | « no previous file | net/http/transport_security_state_unittest.cc » ('j') | no next file with comments »

Powered by Google App Engine
This is Rietveld 408576698