OLD | NEW |
(Empty) | |
| 1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. |
| 2 // Use of this source code is governed by a BSD-style license that can be |
| 3 // found in the LICENSE file. |
| 4 |
| 5 #ifndef NET_HTTP_HTTP_SECURITY_HEADERS_H_ |
| 6 #define NET_HTTP_HTTP_SECURITY_HEADERS_H_ |
| 7 |
| 8 #include <string> |
| 9 |
| 10 #include "base/basictypes.h" |
| 11 #include "base/gtest_prod_util.h" |
| 12 #include "base/time.h" |
| 13 #include "base/values.h" |
| 14 #include "net/base/hash_value.h" |
| 15 #include "net/base/net_export.h" |
| 16 |
| 17 namespace net { |
| 18 |
| 19 const int64 kMaxHSTSAgeSecs = 86400 * 365; // 1 year |
| 20 |
| 21 // Parses |value| as a Strict-Transport-Security header value. If successful, |
| 22 // returns true and sets |*expiry| and |*include_subdomains|. |
| 23 // Otherwise returns false and leaves the output parameters unchanged. |
| 24 // Interprets the max-age directive relative to |now|. |
| 25 // |
| 26 // value is the right-hand side of: |
| 27 // |
| 28 // "Strict-Transport-Security" ":" |
| 29 // [ directive ] *( ";" [ directive ] ) |
| 30 bool NET_EXPORT_PRIVATE ParseHSTSHeader(const base::Time& now, |
| 31 const std::string& value, |
| 32 base::Time* expiry, |
| 33 bool* include_subdomains); |
| 34 |
| 35 // Parses |value| as a Public-Key-Pins header value. If successful, |
| 36 // returns true and populates the expiry and hashes values. |
| 37 // Otherwise returns false and leaves the output parameters unchanged. |
| 38 // Interprets the max-age directive relative to |now|. |
| 39 // |
| 40 // value is the right-hand side of: |
| 41 // |
| 42 // "Public-Key-Pins" ":" |
| 43 // "max-age" "=" delta-seconds ";" |
| 44 // "pin-" algo "=" base64 [ ";" ... ] |
| 45 // |
| 46 // For this function to return true, the key hashes specified by the HPKP |
| 47 // header must pass two additional checks. There MUST be at least one |
| 48 // key hash which matches the SSL certificate chain of the current site |
| 49 // (as specified by the chain_hashes) parameter. In addition, there MUST |
| 50 // be at least one key hash which does NOT match the site's SSL certificate |
| 51 // chain (this is the "backup pin"). |
| 52 bool NET_EXPORT_PRIVATE ParseHPKPHeader(const base::Time& now, |
| 53 const std::string& value, |
| 54 const HashValueVector& chain_hashes, |
| 55 base::Time* expiry, |
| 56 HashValueVector* hashes); |
| 57 |
| 58 } // namespace net |
| 59 |
| 60 #endif // NET_HTTP_HTTP_SECURITY_HEADERS_H_ |
OLD | NEW |