OLD | NEW |
---|---|
(Empty) | |
1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. | |
2 // Use of this source code is governed by a BSD-style license that can be | |
3 // found in the LICENSE file. | |
4 | |
5 #ifndef NET_HTTP_HTTP_SECURITY_HEADERS_H_ | |
6 #define NET_HTTP_HTTP_SECURITY_HEADERS_H_ | |
7 | |
8 #include <string> | |
9 | |
10 #include "base/basictypes.h" | |
11 #include "base/gtest_prod_util.h" | |
12 #include "base/time.h" | |
13 #include "base/values.h" | |
14 #include "net/base/hash_value.h" | |
15 #include "net/base/net_export.h" | |
16 | |
17 namespace net { | |
18 | |
19 const int64 kMaxHSTSAgeSecs = 86400 * 365; // 1 year | |
20 | |
21 // Parses |value| as a Strict-Transport-Security header value. If successful, | |
22 // returns true and sets |*expiry| and |*include_subdomains|. | |
23 // Otherwise returns false and leaves the output parameters unchanged. | |
24 // Interprets the max-age directive relative to |now|. | |
25 // | |
26 // value is the right-hand side of: | |
27 // | |
28 // "Strict-Transport-Security" ":" | |
29 // [ directive ] *( ";" [ directive ] ) | |
30 bool NET_EXPORT_PRIVATE ParseHSTSHeader(const base::Time& now, | |
31 const std::string& value, | |
32 base::Time* expiry, | |
33 bool* include_subdomains); | |
34 | |
35 // Parses |value| as a Public-Key-Pins header value. If successful, | |
36 // returns true and populates the expiry and hashes values. | |
37 // Otherwise returns false and leaves the output parameters unchanged. | |
38 // Interprets the max-age directive relative to |now|. | |
39 // | |
40 // value is the right-hand side of: | |
41 // | |
42 // "Public-Key-Pins" ":" | |
43 // "max-age" "=" delta-seconds ";" | |
44 // "pin-" algo "=" base64 [ ";" ... ] | |
45 // | |
46 // For this function to return true, the key hashes specified by the HPKP | |
47 // header must pass two additional checks. There MUST be at least one | |
48 // key hash which matches the SSL certificate chain of the current site | |
49 // (as specified by the chain_hashes) parameter. In addition, there MUST | |
50 // be at least one key hash which does NOT match the site's SSL certificate | |
51 // chain (this is the "backup pin"). | |
52 bool NET_EXPORT_PRIVATE ParseHPKPHeader(const base::Time& now, | |
53 const std::string& value, | |
54 const HashValueVector& chain_hashes, | |
55 base::Time* expiry, | |
56 HashValueVector* hashes); | |
57 | |
58 } // namespace net | |
59 | |
agl
2012/12/10 17:13:44
extra blank line.
unsafe
2012/12/10 20:59:18
Done.
| |
60 | |
61 #endif // NET_HTTP_HTTP_SECURITY_HEADERS_H_ | |
62 | |
agl
2012/12/10 17:13:44
extra blank line at end of file.
unsafe
2012/12/10 20:59:18
Done.
| |
OLD | NEW |