Chromium Code Reviews
chromiumcodereview-hr@appspot.gserviceaccount.com (chromiumcodereview-hr) | Please choose your nickname with Settings | Help | Chromium Project | Gerrit Changes | Sign out
(672)

Issues Search
    My Issues | Starred     Open | Closed | All

Unified Diff: net/http/http_security_headers.h

Issue 11274032: Separate http_security_headers from transport_security_state (Closed) Base URL: https://src.chromium.org/chrome/trunk/src/
Patch Set: Created 8 years ago
Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.
Jump to:
View side-by-side diff with in-line comments
Download patch
« net/base/transport_security_state_static_generate.go ('K') | « net/base/x509_cert_types.cc ('k') | net/http/http_security_headers.cc » ('j') | net/http/http_security_headers.cc » ('J')
Expand Comments ('e') | Collapse Comments ('c') | Show Comments Hide Comments ('s')
Index: net/http/http_security_headers.h
===================================================================
--- net/http/http_security_headers.h (revision 0)
+++ net/http/http_security_headers.h (revision 0)
@@ -0,0 +1,62 @@
+// Copyright (c) 2012 The Chromium Authors. All rights reserved.
+// Use of this source code is governed by a BSD-style license that can be
+// found in the LICENSE file.
+
+#ifndef NET_HTTP_HTTP_SECURITY_HEADERS_H_
+#define NET_HTTP_HTTP_SECURITY_HEADERS_H_
+
+#include <string>
+
+#include "base/basictypes.h"
+#include "base/gtest_prod_util.h"
+#include "base/time.h"
+#include "base/values.h"
+#include "net/base/hash_value.h"
+#include "net/base/net_export.h"
+
+namespace net {
+
+const int64 kMaxHSTSAgeSecs = 86400 * 365; // 1 year
+
+// Parses |value| as a Strict-Transport-Security header value. If successful,
+// returns true and sets |*expiry| and |*include_subdomains|.
+// Otherwise returns false and leaves the output parameters unchanged.
+// Interprets the max-age directive relative to |now|.
+//
+// value is the right-hand side of:
+//
+// "Strict-Transport-Security" ":"
+// [ directive ] *( ";" [ directive ] )
+bool NET_EXPORT_PRIVATE ParseHSTSHeader(const base::Time& now,
+ const std::string& value,
+ base::Time* expiry,
+ bool* include_subdomains);
+
+// Parses |value| as a Public-Key-Pins header value. If successful,
+// returns true and populates the expiry and hashes values.
+// Otherwise returns false and leaves the output parameters unchanged.
+// Interprets the max-age directive relative to |now|.
+//
+// value is the right-hand side of:
+//
+// "Public-Key-Pins" ":"
+// "max-age" "=" delta-seconds ";"
+// "pin-" algo "=" base64 [ ";" ... ]
+//
+// For this function to return true, the key hashes specified by the HPKP
+// header must pass two additional checks. There MUST be at least one
+// key hash which matches the SSL certificate chain of the current site
+// (as specified by the chain_hashes) parameter. In addition, there MUST
+// be at least one key hash which does NOT match the site's SSL certificate
+// chain (this is the "backup pin").
+bool NET_EXPORT_PRIVATE ParseHPKPHeader(const base::Time& now,
+ const std::string& value,
+ const HashValueVector& chain_hashes,
+ base::Time* expiry,
+ HashValueVector* hashes);
+
+} // namespace net
+
agl 2012/12/10 17:13:44 extra blank line.
unsafe 2012/12/10 20:59:18 Done.
+
+#endif // NET_HTTP_HTTP_SECURITY_HEADERS_H_
+
agl 2012/12/10 17:13:44 extra blank line at end of file.
unsafe 2012/12/10 20:59:18 Done.
« net/base/transport_security_state_static_generate.go ('K') | « net/base/x509_cert_types.cc ('k') | net/http/http_security_headers.cc » ('j') | net/http/http_security_headers.cc » ('J')

Powered by Google App Engine
This is Rietveld 408576698