| OLD | NEW |
|---|
| 1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. | 1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. |
| 2 // Use of this source code is governed by a BSD-style license that can be | 2 // Use of this source code is governed by a BSD-style license that can be |
| 3 // found in the LICENSE file. | 3 // found in the LICENSE file. |
| 4 | 4 |
| 5 #ifndef NET_HTTP_TRANSPORT_SECURITY_STATE_H_ | 5 #ifndef NET_HTTP_TRANSPORT_SECURITY_STATE_H_ |
| 6 #define NET_HTTP_TRANSPORT_SECURITY_STATE_H_ | 6 #define NET_HTTP_TRANSPORT_SECURITY_STATE_H_ |
| 7 | 7 |
| 8 #include <map> | 8 #include <map> |
| 9 #include <string> | 9 #include <string> |
| 10 #include <utility> | 10 #include <utility> |
| (...skipping 95 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 106 // NOT intersect with the set of SPKIs in the TLS server's certificate | 106 // NOT intersect with the set of SPKIs in the TLS server's certificate |
| 107 // chain. | 107 // chain. |
| 108 HashValueVector bad_spki_hashes; | 108 HashValueVector bad_spki_hashes; |
| 109 | 109 |
| 110 // Are subdomains subject to this policy state? | 110 // Are subdomains subject to this policy state? |
| 111 bool include_subdomains; | 111 bool include_subdomains; |
| 112 | 112 |
| 113 // The domain which matched during a search for this DomainState entry. | 113 // The domain which matched during a search for this DomainState entry. |
| 114 // Updated by |GetDynamicDomainState| and |GetStaticDomainState|. | 114 // Updated by |GetDynamicDomainState| and |GetStaticDomainState|. |
| 115 std::string domain; | 115 std::string domain; |
| 116 |
| 117 // Optional; a uri-reference indicating where reports should be |
| 118 // sent when this pin is violated. |
| 119 std::string report_uri; |
| 116 }; | 120 }; |
| 117 | 121 |
| 118 // Takes a set of SubjectPublicKeyInfo |hashes| and returns true if: | 122 // Takes a set of SubjectPublicKeyInfo |hashes| and returns true if: |
| 119 // 1) |bad_static_spki_hashes| does not intersect |hashes|; AND | 123 // 1) |bad_static_spki_hashes| does not intersect |hashes|; AND |
| 120 // 2) Both |static_spki_hashes| and |dynamic_spki_hashes| are empty | 124 // 2) Both |static_spki_hashes| and |dynamic_spki_hashes| are empty |
| 121 // or at least one of them intersects |hashes|. | 125 // or at least one of them intersects |hashes|. |
| 122 // | 126 // |
| 123 // |{dynamic,static}_spki_hashes| contain trustworthy public key hashes, | 127 // |{dynamic,static}_spki_hashes| contain trustworthy public key hashes, |
| 124 // any one of which is sufficient to validate the certificate chain in | 128 // any one of which is sufficient to validate the certificate chain in |
| 125 // question. The public keys could be of a root CA, intermediate CA, or | 129 // question. The public keys could be of a root CA, intermediate CA, or |
| (...skipping 121 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 247 // HSTS header (used for net-internals and unit tests). | 251 // HSTS header (used for net-internals and unit tests). |
| 248 void AddHSTS(const std::string& host, | 252 void AddHSTS(const std::string& host, |
| 249 const base::Time& expiry, | 253 const base::Time& expiry, |
| 250 bool include_subdomains); | 254 bool include_subdomains); |
| 251 | 255 |
| 252 // Adds explicitly-specified data as if it was processed from an | 256 // Adds explicitly-specified data as if it was processed from an |
| 253 // HPKP header (used for net-internals and unit tests). | 257 // HPKP header (used for net-internals and unit tests). |
| 254 void AddHPKP(const std::string& host, | 258 void AddHPKP(const std::string& host, |
| 255 const base::Time& expiry, | 259 const base::Time& expiry, |
| 256 bool include_subdomains, | 260 bool include_subdomains, |
| 257 const HashValueVector& hashes); | 261 const HashValueVector& hashes, |
| 262 const std::string& report_uri); |
| 258 | 263 |
| 259 // Returns true iff we have any static public key pins for the |host| and | 264 // Returns true iff we have any static public key pins for the |host| and |
| 260 // iff its set of required pins is the set we expect for Google | 265 // iff its set of required pins is the set we expect for Google |
| 261 // properties. | 266 // properties. |
| 262 // | 267 // |
| 263 // If |host| matches both an exact entry and is a subdomain of another | 268 // If |host| matches both an exact entry and is a subdomain of another |
| 264 // entry, the exact match determines the return value. | 269 // entry, the exact match determines the return value. |
| 265 static bool IsGooglePinnedProperty(const std::string& host); | 270 static bool IsGooglePinnedProperty(const std::string& host); |
| 266 | 271 |
| 267 // The maximum number of seconds for which we'll cache an HSTS request. | 272 // The maximum number of seconds for which we'll cache an HSTS request. |
| (...skipping 35 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 303 void AddHSTSInternal(const std::string& host, | 308 void AddHSTSInternal(const std::string& host, |
| 304 DomainState::UpgradeMode upgrade_mode, | 309 DomainState::UpgradeMode upgrade_mode, |
| 305 const base::Time& expiry, | 310 const base::Time& expiry, |
| 306 bool include_subdomains); | 311 bool include_subdomains); |
| 307 | 312 |
| 308 // Adds HPKP state to |host|. | 313 // Adds HPKP state to |host|. |
| 309 void AddHPKPInternal(const std::string& host, | 314 void AddHPKPInternal(const std::string& host, |
| 310 const base::Time& last_observed, | 315 const base::Time& last_observed, |
| 311 const base::Time& expiry, | 316 const base::Time& expiry, |
| 312 bool include_subdomains, | 317 bool include_subdomains, |
| 313 const HashValueVector& hashes); | 318 const HashValueVector& hashes, |
| 319 const std::string& report_uri); |
| 314 | 320 |
| 315 // Enable TransportSecurity for |host|. |state| supercedes any previous | 321 // Enable TransportSecurity for |host|. |state| supercedes any previous |
| 316 // state for the |host|, including static entries. | 322 // state for the |host|, including static entries. |
| 317 // | 323 // |
| 318 // The new state for |host| is persisted using the Delegate (if any). | 324 // The new state for |host| is persisted using the Delegate (if any). |
| 319 void EnableHost(const std::string& host, const DomainState& state); | 325 void EnableHost(const std::string& host, const DomainState& state); |
| 320 | 326 |
| 321 // The set of hosts that have enabled TransportSecurity. |sts.domain| and | 327 // The set of hosts that have enabled TransportSecurity. |sts.domain| and |
| 322 // |pkp.domain| will always be empty for a DomainState in this map; the domain | 328 // |pkp.domain| will always be empty for a DomainState in this map; the domain |
| 323 // comes from the map key instead. | 329 // comes from the map key instead. |
| 324 DomainStateMap enabled_hosts_; | 330 DomainStateMap enabled_hosts_; |
| 325 | 331 |
| 326 Delegate* delegate_; | 332 Delegate* delegate_; |
| 327 | 333 |
| 328 // True if static pins should be used. | 334 // True if static pins should be used. |
| 329 bool enable_static_pins_; | 335 bool enable_static_pins_; |
| 330 | 336 |
| 331 DISALLOW_COPY_AND_ASSIGN(TransportSecurityState); | 337 DISALLOW_COPY_AND_ASSIGN(TransportSecurityState); |
| 332 }; | 338 }; |
| 333 | 339 |
| 334 } // namespace net | 340 } // namespace net |
| 335 | 341 |
| 336 #endif // NET_HTTP_TRANSPORT_SECURITY_STATE_H_ | 342 #endif // NET_HTTP_TRANSPORT_SECURITY_STATE_H_ |
| OLD | NEW |
|---|
Chromium Code Reviews
Issue 1211363005:
Parse HPKP report-uri and persist in TransportSecurityPersister (Closed)
Base URL: https://chromium.googlesource.com/chromium/src.git@master