Chromium Code Reviews
chromiumcodereview-hr@appspot.gserviceaccount.com (chromiumcodereview-hr) | Please choose your nickname with Settings | Help | Chromium Project | Gerrit Changes | Sign out
(1221)

Issues Search
    My Issues | Starred     Open | Closed | All

Side by Side Diff: net/http/transport_security_state.cc

Issue 1211363005: Parse HPKP report-uri and persist in TransportSecurityPersister (Closed) Base URL: https://chromium.googlesource.com/chromium/src.git@master
Patch Set: GetNext() fix Created 5 years, 4 months ago
Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.
Jump to:
View unified diff | Download patch
« no previous file with comments | « net/http/transport_security_state.h ('k') | net/http/transport_security_state_unittest.cc » ('j') | no next file with comments »
Toggle Intra-line Diffs ('i') | Expand Comments ('e') | Collapse Comments ('c') | Show Comments Hide Comments ('s')
OLDNEW
1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. 1 // Copyright (c) 2012 The Chromium Authors. All rights reserved.
2 // Use of this source code is governed by a BSD-style license that can be 2 // Use of this source code is governed by a BSD-style license that can be
3 // found in the LICENSE file. 3 // found in the LICENSE file.
4 4
5 #include "net/http/transport_security_state.h" 5 #include "net/http/transport_security_state.h"
6 6
7 #if defined(USE_OPENSSL) 7 #if defined(USE_OPENSSL)
8 #include <openssl/ecdsa.h> 8 #include <openssl/ecdsa.h>
9 #include <openssl/ssl.h> 9 #include <openssl/ssl.h>
10 #else // !defined(USE_OPENSSL) 10 #else // !defined(USE_OPENSSL)
(...skipping 557 matching lines...) Expand 10 before | Expand all | Expand 10 after
568 sts_state.expiry = expiry; 568 sts_state.expiry = expiry;
569 sts_state.upgrade_mode = upgrade_mode; 569 sts_state.upgrade_mode = upgrade_mode;
570 570
571 EnableSTSHost(host, sts_state); 571 EnableSTSHost(host, sts_state);
572 } 572 }
573 573
574 void TransportSecurityState::AddHPKPInternal(const std::string& host, 574 void TransportSecurityState::AddHPKPInternal(const std::string& host,
575 const base::Time& last_observed, 575 const base::Time& last_observed,
576 const base::Time& expiry, 576 const base::Time& expiry,
577 bool include_subdomains, 577 bool include_subdomains,
578 const HashValueVector& hashes) { 578 const HashValueVector& hashes,
579 const GURL& report_uri) {
579 DCHECK(CalledOnValidThread()); 580 DCHECK(CalledOnValidThread());
580 581
581 PKPState pkp_state; 582 PKPState pkp_state;
582 pkp_state.last_observed = last_observed; 583 pkp_state.last_observed = last_observed;
583 pkp_state.expiry = expiry; 584 pkp_state.expiry = expiry;
584 pkp_state.include_subdomains = include_subdomains; 585 pkp_state.include_subdomains = include_subdomains;
585 pkp_state.spki_hashes = hashes; 586 pkp_state.spki_hashes = hashes;
587 pkp_state.report_uri = report_uri;
586 588
587 EnablePKPHost(host, pkp_state); 589 EnablePKPHost(host, pkp_state);
588 } 590 }
589 591
590 void TransportSecurityState::EnableSTSHost(const std::string& host, 592 void TransportSecurityState::EnableSTSHost(const std::string& host,
591 const STSState& state) { 593 const STSState& state) {
592 DCHECK(CalledOnValidThread()); 594 DCHECK(CalledOnValidThread());
593 595
594 const std::string canonicalized_host = CanonicalizeHost(host); 596 const std::string canonicalized_host = CanonicalizeHost(host);
595 if (canonicalized_host.empty()) 597 if (canonicalized_host.empty())
(...skipping 139 matching lines...) Expand 10 before | Expand all | Expand 10 after
735 737
736 bool TransportSecurityState::AddHPKPHeader(const std::string& host, 738 bool TransportSecurityState::AddHPKPHeader(const std::string& host,
737 const std::string& value, 739 const std::string& value,
738 const SSLInfo& ssl_info) { 740 const SSLInfo& ssl_info) {
739 DCHECK(CalledOnValidThread()); 741 DCHECK(CalledOnValidThread());
740 742
741 base::Time now = base::Time::Now(); 743 base::Time now = base::Time::Now();
742 base::TimeDelta max_age; 744 base::TimeDelta max_age;
743 bool include_subdomains; 745 bool include_subdomains;
744 HashValueVector spki_hashes; 746 HashValueVector spki_hashes;
747 GURL report_uri;
748
745 if (!ParseHPKPHeader(value, ssl_info.public_key_hashes, &max_age, 749 if (!ParseHPKPHeader(value, ssl_info.public_key_hashes, &max_age,
746 &include_subdomains, &spki_hashes)) { 750 &include_subdomains, &spki_hashes, &report_uri)) {
747 return false; 751 return false;
748 } 752 }
749 // Handle max-age == 0. 753 // Handle max-age == 0.
750 if (max_age.InSeconds() == 0) 754 if (max_age.InSeconds() == 0)
751 spki_hashes.clear(); 755 spki_hashes.clear();
752 AddHPKPInternal(host, now, now + max_age, include_subdomains, spki_hashes); 756 AddHPKPInternal(host, now, now + max_age, include_subdomains, spki_hashes,
757 report_uri);
753 return true; 758 return true;
754 } 759 }
755 760
756 void TransportSecurityState::AddHSTS(const std::string& host, 761 void TransportSecurityState::AddHSTS(const std::string& host,
757 const base::Time& expiry, 762 const base::Time& expiry,
758 bool include_subdomains) { 763 bool include_subdomains) {
759 DCHECK(CalledOnValidThread()); 764 DCHECK(CalledOnValidThread());
760 AddHSTSInternal(host, STSState::MODE_FORCE_HTTPS, expiry, include_subdomains); 765 AddHSTSInternal(host, STSState::MODE_FORCE_HTTPS, expiry, include_subdomains);
761 } 766 }
762 767
763 void TransportSecurityState::AddHPKP(const std::string& host, 768 void TransportSecurityState::AddHPKP(const std::string& host,
764 const base::Time& expiry, 769 const base::Time& expiry,
765 bool include_subdomains, 770 bool include_subdomains,
766 const HashValueVector& hashes) { 771 const HashValueVector& hashes,
772 const GURL& report_uri) {
767 DCHECK(CalledOnValidThread()); 773 DCHECK(CalledOnValidThread());
768 AddHPKPInternal(host, base::Time::Now(), expiry, include_subdomains, hashes); 774 AddHPKPInternal(host, base::Time::Now(), expiry, include_subdomains, hashes,
775 report_uri);
769 } 776 }
770 777
771 // static 778 // static
772 bool TransportSecurityState::IsGooglePinnedProperty(const std::string& host) { 779 bool TransportSecurityState::IsGooglePinnedProperty(const std::string& host) {
773 PreloadResult result; 780 PreloadResult result;
774 return DecodeHSTSPreload(host, &result) && result.has_pins && 781 return DecodeHSTSPreload(host, &result) && result.has_pins &&
775 kPinsets[result.pinset_id].accepted_pins == kGoogleAcceptableCerts; 782 kPinsets[result.pinset_id].accepted_pins == kGoogleAcceptableCerts;
776 } 783 }
777 784
778 // static 785 // static
(...skipping 270 matching lines...) Expand 10 before | Expand all | Expand 10 after
1049 TransportSecurityState::PKPStateIterator::PKPStateIterator( 1056 TransportSecurityState::PKPStateIterator::PKPStateIterator(
1050 const TransportSecurityState& state) 1057 const TransportSecurityState& state)
1051 : iterator_(state.enabled_pkp_hosts_.begin()), 1058 : iterator_(state.enabled_pkp_hosts_.begin()),
1052 end_(state.enabled_pkp_hosts_.end()) { 1059 end_(state.enabled_pkp_hosts_.end()) {
1053 } 1060 }
1054 1061
1055 TransportSecurityState::PKPStateIterator::~PKPStateIterator() { 1062 TransportSecurityState::PKPStateIterator::~PKPStateIterator() {
1056 } 1063 }
1057 1064
1058 } // namespace 1065 } // namespace
OLDNEW
« no previous file with comments | « net/http/transport_security_state.h ('k') | net/http/transport_security_state_unittest.cc » ('j') | no next file with comments »

Powered by Google App Engine
This is Rietveld 408576698