Chromium Code Reviews
chromiumcodereview-hr@appspot.gserviceaccount.com (chromiumcodereview-hr) | Please choose your nickname with Settings | Help | Chromium Project | Gerrit Changes | Sign out
(986)

Unified Diff: net/http/transport_security_state.h

Issue 1212613004: Build and send HPKP violation reports (Closed) Base URL: https://chromium.googlesource.com/chromium/src.git@master
Patch Set: combine GetHPKPReportUri() and BuildHPKPReport() into GetHPKPReport() Created 5 years, 5 months ago
Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.
Jump to:
View side-by-side diff with in-line comments
Download patch
Index: net/http/transport_security_state.h
diff --git a/net/http/transport_security_state.h b/net/http/transport_security_state.h
index 2f97d9d34e5a6a20be27b1bcb1b96bbbad56c187..441e576c5b65d2a0bbf703fc5b924066452a0b87 100644
--- a/net/http/transport_security_state.h
+++ b/net/http/transport_security_state.h
@@ -5,12 +5,13 @@
#ifndef NET_HTTP_TRANSPORT_SECURITY_STATE_H_
#define NET_HTTP_TRANSPORT_SECURITY_STATE_H_
+#include <stdint.h>
+
#include <map>
#include <string>
#include <utility>
#include <vector>
-#include "base/basictypes.h"
#include "base/gtest_prod_util.h"
#include "base/threading/non_thread_safe.h"
#include "base/time/time.h"
@@ -19,6 +20,8 @@
#include "net/cert/x509_certificate.h"
#include "url/gurl.h"
+class GURL;
+
namespace net {
class SSLInfo;
@@ -46,9 +49,6 @@ class NET_EXPORT TransportSecurityState
virtual ~Delegate() {}
};
- TransportSecurityState();
- ~TransportSecurityState();
-
// A STSState describes the strict transport security state (required
// upgrade to HTTPS).
class NET_EXPORT STSState {
@@ -179,10 +179,47 @@ class NET_EXPORT TransportSecurityState
std::map<std::string, PKPState>::const_iterator end_;
};
+ class NET_EXPORT Reporter {
+ public:
+ // Determines if a HPKP violation report should be sent for the
+ // given |hostname|, which was found to violate the pins in
+ // |pkp_state|. Returns true if the report should be sent, with the
+ // report URI in |report_uri| and the serialized report in
+ // |serialized_report|, and false otherwise. Allows embedders to
+ // override the report uri and/or format for some pins.
+ //
+ // Additional information to be included in the report (beyond
+ // fields in |pkp_state|):
+ //
+ // - The |port| of the request that violated the pin.
+ // - |served_certificate_chain| and |validated_certificate_chain|,
+ // the certificate chains as received by the client and as built
+ // during certificate verification.
+ virtual bool GetHPKPReport(
+ const std::string& hostname,
+ const PKPState& pkp_state,
+ bool is_static_pin,
+ uint16_t port,
davidben 2015/07/22 21:36:43 hostname and port can be folded together to a Host
estark 2015/07/23 00:03:57 Done.
+ const X509Certificate* served_certificate_chain,
+ const X509Certificate* validated_certificate_chain,
+ GURL* report_uri,
+ std::string* serialized_report) = 0;
+
+ // Sends the given serialized |report| to |report_uri|.
+ virtual void SendHPKPReport(const GURL& report_uri,
+ const std::string& report) = 0;
+
+ protected:
+ virtual ~Reporter() {}
+ };
+
+ TransportSecurityState();
+ ~TransportSecurityState();
+
// These functions search for static and dynamic STS and PKP states, and
- // invoke the
- // functions of the same name on them. These functions are the primary public
- // interface; direct access to STS and PKP states is best left to tests.
+ // invoke the functions of the same name on them. These functions are the
+ // primary public interface; direct access to STS and PKP states is best
+ // left to tests.
bool ShouldSSLErrorsBeFatal(const std::string& host);
bool ShouldUpgradeToSSL(const std::string& host);
bool CheckPublicKeyPins(const std::string& host,
@@ -198,6 +235,8 @@ class NET_EXPORT TransportSecurityState
// TransportSecurityState.
void SetDelegate(Delegate* delegate);
+ void SetReporter(Reporter* reporter);
+
// Clears all dynamic data (e.g. HSTS and HPKP data).
//
// Does NOT persist changes using the Delegate, as this function is only
@@ -351,6 +390,8 @@ class NET_EXPORT TransportSecurityState
Delegate* delegate_;
+ Reporter* reporter_;
+
// True if static pins should be used.
bool enable_static_pins_;

Powered by Google App Engine
This is Rietveld 408576698