Chromium Code Reviews
chromiumcodereview-hr@appspot.gserviceaccount.com (chromiumcodereview-hr) | Please choose your nickname with Settings | Help | Chromium Project | Gerrit Changes | Sign out
(570)

Unified Diff: net/base/transport_security_state.h

Issue 11274032: Separate http_security_headers from transport_security_state (Closed) Base URL: https://src.chromium.org/chrome/trunk/src/
Patch Set: Created 7 years, 11 months ago
Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.
Jump to:
View side-by-side diff with in-line comments
Download patch
« no previous file with comments | « net/base/hash_value.cc ('k') | net/base/transport_security_state.cc » ('j') | no next file with comments »
Expand Comments ('e') | Collapse Comments ('c') | Show Comments Hide Comments ('s')
Index: net/base/transport_security_state.h
===================================================================
--- net/base/transport_security_state.h (revision 175486)
+++ net/base/transport_security_state.h (working copy)
@@ -61,20 +61,6 @@
DomainState();
~DomainState();
- // Parses |value| as a Public-Key-Pins header. If successful, returns true
- // and updates the |dynamic_spki_hashes| and |dynamic_spki_hashes_expiry|
- // fields; otherwise, returns false without updating any fields.
- // Interprets the max-age directive relative to |now|.
- bool ParsePinsHeader(const base::Time& now,
- const std::string& value,
- const SSLInfo& ssl_info);
-
- // Parses |value| as a Strict-Transport-Security header. If successful,
- // returns true and updates the |upgrade_mode|, |upgrade_expiry| and
- // |include_subdomains| fields; otherwise, returns false without updating
- // any fields. Interprets the max-age directive relative to |now|.
- bool ParseSTSHeader(const base::Time& now, const std::string& value);
-
// Takes a set of SubjectPublicKeyInfo |hashes| and returns true if:
// 1) |bad_static_spki_hashes| does not intersect |hashes|; AND
// 2) Both |static_spki_hashes| and |dynamic_spki_hashes| are empty
@@ -237,6 +223,16 @@
void AddOrUpdateForcedHosts(const std::string& hashed_host,
const DomainState& state);
+ // Processes an HSTS header value from the host, adding entries to
+ // dynamic state if necessary.
+ bool AddHSTSHeader(const std::string& host, const std::string& value);
+
+ // Processes an HPKP header value from the host, adding entries to
+ // dynamic state if necessary. ssl_info is used to check that
+ // the specified pins overlap with the certificate chain.
+ bool AddHPKPHeader(const std::string& host, const std::string& value,
+ const SSLInfo& ssl_info);
+
// Returns true iff we have any static public key pins for the |host| and
// iff its set of required pins is the set we expect for Google
// properties.
@@ -249,11 +245,6 @@
static bool IsGooglePinnedProperty(const std::string& host,
bool sni_enabled);
- // Decodes a pin string |value| (e.g. "sha1/hvfkN/qlp/zhXR3cuerq6jd2Z7g=").
- // If parsing succeeded, updates |*out| and returns true; otherwise returns
- // false without updating |*out|.
- static bool ParsePin(const std::string& value, HashValue* out);
-
// The maximum number of seconds for which we'll cache an HSTS request.
static const long int kMaxHSTSAgeSecs;
« no previous file with comments | « net/base/hash_value.cc ('k') | net/base/transport_security_state.cc » ('j') | no next file with comments »

Powered by Google App Engine
This is Rietveld 408576698