Index: net/http/transport_security_state.h |
diff --git a/net/http/transport_security_state.h b/net/http/transport_security_state.h |
index 2f97d9d34e5a6a20be27b1bcb1b96bbbad56c187..441e576c5b65d2a0bbf703fc5b924066452a0b87 100644 |
--- a/net/http/transport_security_state.h |
+++ b/net/http/transport_security_state.h |
@@ -5,12 +5,13 @@ |
#ifndef NET_HTTP_TRANSPORT_SECURITY_STATE_H_ |
#define NET_HTTP_TRANSPORT_SECURITY_STATE_H_ |
+#include <stdint.h> |
+ |
#include <map> |
#include <string> |
#include <utility> |
#include <vector> |
-#include "base/basictypes.h" |
#include "base/gtest_prod_util.h" |
#include "base/threading/non_thread_safe.h" |
#include "base/time/time.h" |
@@ -19,6 +20,8 @@ |
#include "net/cert/x509_certificate.h" |
#include "url/gurl.h" |
+class GURL; |
+ |
namespace net { |
class SSLInfo; |
@@ -46,9 +49,6 @@ class NET_EXPORT TransportSecurityState |
virtual ~Delegate() {} |
}; |
- TransportSecurityState(); |
- ~TransportSecurityState(); |
- |
// A STSState describes the strict transport security state (required |
// upgrade to HTTPS). |
class NET_EXPORT STSState { |
@@ -179,10 +179,47 @@ class NET_EXPORT TransportSecurityState |
std::map<std::string, PKPState>::const_iterator end_; |
}; |
+ class NET_EXPORT Reporter { |
+ public: |
+ // Determines if a HPKP violation report should be sent for the |
+ // given |hostname|, which was found to violate the pins in |
+ // |pkp_state|. Returns true if the report should be sent, with the |
+ // report URI in |report_uri| and the serialized report in |
+ // |serialized_report|, and false otherwise. Allows embedders to |
+ // override the report uri and/or format for some pins. |
+ // |
+ // Additional information to be included in the report (beyond |
+ // fields in |pkp_state|): |
+ // |
+ // - The |port| of the request that violated the pin. |
+ // - |served_certificate_chain| and |validated_certificate_chain|, |
+ // the certificate chains as received by the client and as built |
+ // during certificate verification. |
+ virtual bool GetHPKPReport( |
+ const std::string& hostname, |
+ const PKPState& pkp_state, |
+ bool is_static_pin, |
+ uint16_t port, |
davidben
2015/07/22 21:36:43
hostname and port can be folded together to a Host
estark
2015/07/23 00:03:57
Done.
|
+ const X509Certificate* served_certificate_chain, |
+ const X509Certificate* validated_certificate_chain, |
+ GURL* report_uri, |
+ std::string* serialized_report) = 0; |
+ |
+ // Sends the given serialized |report| to |report_uri|. |
+ virtual void SendHPKPReport(const GURL& report_uri, |
+ const std::string& report) = 0; |
+ |
+ protected: |
+ virtual ~Reporter() {} |
+ }; |
+ |
+ TransportSecurityState(); |
+ ~TransportSecurityState(); |
+ |
// These functions search for static and dynamic STS and PKP states, and |
- // invoke the |
- // functions of the same name on them. These functions are the primary public |
- // interface; direct access to STS and PKP states is best left to tests. |
+ // invoke the functions of the same name on them. These functions are the |
+ // primary public interface; direct access to STS and PKP states is best |
+ // left to tests. |
bool ShouldSSLErrorsBeFatal(const std::string& host); |
bool ShouldUpgradeToSSL(const std::string& host); |
bool CheckPublicKeyPins(const std::string& host, |
@@ -198,6 +235,8 @@ class NET_EXPORT TransportSecurityState |
// TransportSecurityState. |
void SetDelegate(Delegate* delegate); |
+ void SetReporter(Reporter* reporter); |
+ |
// Clears all dynamic data (e.g. HSTS and HPKP data). |
// |
// Does NOT persist changes using the Delegate, as this function is only |
@@ -351,6 +390,8 @@ class NET_EXPORT TransportSecurityState |
Delegate* delegate_; |
+ Reporter* reporter_; |
+ |
// True if static pins should be used. |
bool enable_static_pins_; |