OLD | NEW |
1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. | 1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. |
2 // Use of this source code is governed by a BSD-style license that can be | 2 // Use of this source code is governed by a BSD-style license that can be |
3 // found in the LICENSE file. | 3 // found in the LICENSE file. |
4 | 4 |
5 #include "net/http/transport_security_state.h" | 5 #include "net/http/transport_security_state.h" |
6 | 6 |
7 #if defined(USE_OPENSSL) | 7 #if defined(USE_OPENSSL) |
8 #include <openssl/ecdsa.h> | 8 #include <openssl/ecdsa.h> |
9 #include <openssl/ssl.h> | 9 #include <openssl/ssl.h> |
10 #else // !defined(USE_OPENSSL) | 10 #else // !defined(USE_OPENSSL) |
(...skipping 557 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
568 sts_state.expiry = expiry; | 568 sts_state.expiry = expiry; |
569 sts_state.upgrade_mode = upgrade_mode; | 569 sts_state.upgrade_mode = upgrade_mode; |
570 | 570 |
571 EnableSTSHost(host, sts_state); | 571 EnableSTSHost(host, sts_state); |
572 } | 572 } |
573 | 573 |
574 void TransportSecurityState::AddHPKPInternal(const std::string& host, | 574 void TransportSecurityState::AddHPKPInternal(const std::string& host, |
575 const base::Time& last_observed, | 575 const base::Time& last_observed, |
576 const base::Time& expiry, | 576 const base::Time& expiry, |
577 bool include_subdomains, | 577 bool include_subdomains, |
578 const HashValueVector& hashes) { | 578 const HashValueVector& hashes, |
| 579 const GURL& report_uri) { |
579 DCHECK(CalledOnValidThread()); | 580 DCHECK(CalledOnValidThread()); |
580 | 581 |
581 PKPState pkp_state; | 582 PKPState pkp_state; |
582 pkp_state.last_observed = last_observed; | 583 pkp_state.last_observed = last_observed; |
583 pkp_state.expiry = expiry; | 584 pkp_state.expiry = expiry; |
584 pkp_state.include_subdomains = include_subdomains; | 585 pkp_state.include_subdomains = include_subdomains; |
585 pkp_state.spki_hashes = hashes; | 586 pkp_state.spki_hashes = hashes; |
| 587 pkp_state.report_uri = report_uri; |
586 | 588 |
587 EnablePKPHost(host, pkp_state); | 589 EnablePKPHost(host, pkp_state); |
588 } | 590 } |
589 | 591 |
590 void TransportSecurityState::EnableSTSHost(const std::string& host, | 592 void TransportSecurityState::EnableSTSHost(const std::string& host, |
591 const STSState& state) { | 593 const STSState& state) { |
592 DCHECK(CalledOnValidThread()); | 594 DCHECK(CalledOnValidThread()); |
593 | 595 |
594 const std::string canonicalized_host = CanonicalizeHost(host); | 596 const std::string canonicalized_host = CanonicalizeHost(host); |
595 if (canonicalized_host.empty()) | 597 if (canonicalized_host.empty()) |
(...skipping 139 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
735 | 737 |
736 bool TransportSecurityState::AddHPKPHeader(const std::string& host, | 738 bool TransportSecurityState::AddHPKPHeader(const std::string& host, |
737 const std::string& value, | 739 const std::string& value, |
738 const SSLInfo& ssl_info) { | 740 const SSLInfo& ssl_info) { |
739 DCHECK(CalledOnValidThread()); | 741 DCHECK(CalledOnValidThread()); |
740 | 742 |
741 base::Time now = base::Time::Now(); | 743 base::Time now = base::Time::Now(); |
742 base::TimeDelta max_age; | 744 base::TimeDelta max_age; |
743 bool include_subdomains; | 745 bool include_subdomains; |
744 HashValueVector spki_hashes; | 746 HashValueVector spki_hashes; |
| 747 GURL report_uri; |
| 748 |
745 if (!ParseHPKPHeader(value, ssl_info.public_key_hashes, &max_age, | 749 if (!ParseHPKPHeader(value, ssl_info.public_key_hashes, &max_age, |
746 &include_subdomains, &spki_hashes)) { | 750 &include_subdomains, &spki_hashes, &report_uri)) { |
747 return false; | 751 return false; |
748 } | 752 } |
749 // Handle max-age == 0. | 753 // Handle max-age == 0. |
750 if (max_age.InSeconds() == 0) | 754 if (max_age.InSeconds() == 0) |
751 spki_hashes.clear(); | 755 spki_hashes.clear(); |
752 AddHPKPInternal(host, now, now + max_age, include_subdomains, spki_hashes); | 756 AddHPKPInternal(host, now, now + max_age, include_subdomains, spki_hashes, |
| 757 report_uri); |
753 return true; | 758 return true; |
754 } | 759 } |
755 | 760 |
756 void TransportSecurityState::AddHSTS(const std::string& host, | 761 void TransportSecurityState::AddHSTS(const std::string& host, |
757 const base::Time& expiry, | 762 const base::Time& expiry, |
758 bool include_subdomains) { | 763 bool include_subdomains) { |
759 DCHECK(CalledOnValidThread()); | 764 DCHECK(CalledOnValidThread()); |
760 AddHSTSInternal(host, STSState::MODE_FORCE_HTTPS, expiry, include_subdomains); | 765 AddHSTSInternal(host, STSState::MODE_FORCE_HTTPS, expiry, include_subdomains); |
761 } | 766 } |
762 | 767 |
763 void TransportSecurityState::AddHPKP(const std::string& host, | 768 void TransportSecurityState::AddHPKP(const std::string& host, |
764 const base::Time& expiry, | 769 const base::Time& expiry, |
765 bool include_subdomains, | 770 bool include_subdomains, |
766 const HashValueVector& hashes) { | 771 const HashValueVector& hashes, |
| 772 const GURL& report_uri) { |
767 DCHECK(CalledOnValidThread()); | 773 DCHECK(CalledOnValidThread()); |
768 AddHPKPInternal(host, base::Time::Now(), expiry, include_subdomains, hashes); | 774 AddHPKPInternal(host, base::Time::Now(), expiry, include_subdomains, hashes, |
| 775 report_uri); |
769 } | 776 } |
770 | 777 |
771 // static | 778 // static |
772 bool TransportSecurityState::IsGooglePinnedProperty(const std::string& host) { | 779 bool TransportSecurityState::IsGooglePinnedProperty(const std::string& host) { |
773 PreloadResult result; | 780 PreloadResult result; |
774 return DecodeHSTSPreload(host, &result) && result.has_pins && | 781 return DecodeHSTSPreload(host, &result) && result.has_pins && |
775 kPinsets[result.pinset_id].accepted_pins == kGoogleAcceptableCerts; | 782 kPinsets[result.pinset_id].accepted_pins == kGoogleAcceptableCerts; |
776 } | 783 } |
777 | 784 |
778 // static | 785 // static |
(...skipping 270 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
1049 TransportSecurityState::PKPStateIterator::PKPStateIterator( | 1056 TransportSecurityState::PKPStateIterator::PKPStateIterator( |
1050 const TransportSecurityState& state) | 1057 const TransportSecurityState& state) |
1051 : iterator_(state.enabled_pkp_hosts_.begin()), | 1058 : iterator_(state.enabled_pkp_hosts_.begin()), |
1052 end_(state.enabled_pkp_hosts_.end()) { | 1059 end_(state.enabled_pkp_hosts_.end()) { |
1053 } | 1060 } |
1054 | 1061 |
1055 TransportSecurityState::PKPStateIterator::~PKPStateIterator() { | 1062 TransportSecurityState::PKPStateIterator::~PKPStateIterator() { |
1056 } | 1063 } |
1057 | 1064 |
1058 } // namespace | 1065 } // namespace |
OLD | NEW |