net/base/transport_security_state.h - Issue 11274032: Separate http_security_headers from transport_security_state

Keyboard Shortcuts

	File
u :	up to issue
j / k :	jump to file after / before current file
J / K :	jump to next file with a comment after / before current file
	Side-by-side diff
i :	toggle intra-line diffs
e :	expand all comments
c :	collapse all comments
s :	toggle showing all comments
n / p :	next / previous diff chunk or comment
N / P :	next / previous comment
<Up> / <Down> :	next / previous line

	Issue
u :	up to list of issues
j / k :	jump to patch after / before current patch
o / <Enter> :	open current patch in side-by-side view
i :	open current patch in unified diff view

	Issue List
j / k :	jump to issue after / before current issue
o / <Enter> :	open current issue

Unified Diff: net/base/transport_security_state.h

Issue 11274032: Separate http_security_headers from transport_security_state (Closed) Base URL: https://src.chromium.org/chrome/trunk/src/

Patch Set: Created 8 years ago

Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.

Jump to:

View side-by-side diff with in-line comments

Download patch

Index: net/base/transport_security_state.h

===================================================================

--- net/base/transport_security_state.h (revision 165283)

+++ net/base/transport_security_state.h (working copy)

@@ -61,20 +61,6 @@

DomainState();

~DomainState();

- // Parses |value| as a Public-Key-Pins header. If successful, returns true

- // and updates the |dynamic_spki_hashes| and |dynamic_spki_hashes_expiry|

- // fields; otherwise, returns false without updating any fields.

- // Interprets the max-age directive relative to |now|.

- bool ParsePinsHeader(const base::Time& now,

- const std::string& value,

- const SSLInfo& ssl_info);

- // Parses |value| as a Strict-Transport-Security header. If successful,

- // returns true and updates the |upgrade_mode|, |upgrade_expiry| and

- // |include_subdomains| fields; otherwise, returns false without updating

- // any fields. Interprets the max-age directive relative to |now|.

- bool ParseSTSHeader(const base::Time& now, const std::string& value);

// Takes a set of SubjectPublicKeyInfo |hashes| and returns true if:

// 1) |bad_static_spki_hashes| does not intersect |hashes|; AND

// 2) Both |static_spki_hashes| and |dynamic_spki_hashes| are empty

@@ -237,6 +223,16 @@

void AddOrUpdateForcedHosts(const std::string& hashed_host,

const DomainState& state);

+ // Processes an HSTS header value from the host, adding entries to

+ // dynamic state if necessary.

+ bool AddHSTSHeader(const std::string& host, const std::string& value);

+ // Processes an HPKP header value from the host, adding entries to

+ // dynamic state if necessary. ssl_info is used to check that

+ // the specified pins overlap with the certificate chain.

+ bool AddHPKPHeader(const std::string& host, const std::string& value,

+ const SSLInfo& ssl_info);

// Returns true iff we have any static public key pins for the |host| and

// iff its set of required pins is the set we expect for Google

// properties.

@@ -249,11 +245,6 @@

static bool IsGooglePinnedProperty(const std::string& host,

bool sni_enabled);

- // Decodes a pin string |value| (e.g. "sha1/hvfkN/qlp/zhXR3cuerq6jd2Z7g=").

- // If parsing succeeded, updates |*out| and returns true; otherwise returns

- // false without updating |*out|.

- static bool ParsePin(const std::string& value, HashValue* out);

// The maximum number of seconds for which we'll cache an HSTS request.

static const long int kMaxHSTSAgeSecs;

« net/base/hash_value.cc ('K') | « net/base/hash_value.cc ('k') | net/base/transport_security_state.cc » ('j') | net/base/transport_security_state.cc » ('J')