| Index: net/http/transport_security_state.h
|
| diff --git a/net/http/transport_security_state.h b/net/http/transport_security_state.h
|
| index 6109381dcb1840016a40f0600ba380ec5630e4ed..d59e79f48f6fd1912793865b5d455035fdc41549 100644
|
| --- a/net/http/transport_security_state.h
|
| +++ b/net/http/transport_security_state.h
|
| @@ -5,12 +5,13 @@
|
| #ifndef NET_HTTP_TRANSPORT_SECURITY_STATE_H_
|
| #define NET_HTTP_TRANSPORT_SECURITY_STATE_H_
|
|
|
| +#include <stdint.h>
|
| +
|
| #include <map>
|
| #include <string>
|
| #include <utility>
|
| #include <vector>
|
|
|
| -#include "base/basictypes.h"
|
| #include "base/gtest_prod_util.h"
|
| #include "base/threading/non_thread_safe.h"
|
| #include "base/time/time.h"
|
| @@ -19,8 +20,11 @@
|
| #include "net/cert/x509_certificate.h"
|
| #include "url/gurl.h"
|
|
|
| +class GURL;
|
| +
|
| namespace net {
|
|
|
| +class HostPortPair;
|
| class SSLInfo;
|
|
|
| // Tracks which hosts have enabled strict transport security and/or public
|
| @@ -46,19 +50,6 @@ class NET_EXPORT TransportSecurityState
|
| virtual ~Delegate() {}
|
| };
|
|
|
| - // An interface for asynchronously sending HPKP violation reports.
|
| - class ReportSender {
|
| - public:
|
| - // Sends the given serialized |report| to |report_uri|.
|
| - virtual void Send(const GURL& report_uri, const std::string& report) = 0;
|
| -
|
| - protected:
|
| - virtual ~ReportSender() {}
|
| - };
|
| -
|
| - TransportSecurityState();
|
| - ~TransportSecurityState();
|
| -
|
| // A STSState describes the strict transport security state (required
|
| // upgrade to HTTPS).
|
| class NET_EXPORT STSState {
|
| @@ -189,15 +180,35 @@ class NET_EXPORT TransportSecurityState
|
| std::map<std::string, PKPState>::const_iterator end_;
|
| };
|
|
|
| + // An interface for asynchronously sending HPKP violation reports.
|
| + class ReportSender {
|
| + public:
|
| + // Sends the given serialized |report| to |report_uri|.
|
| + virtual void Send(const GURL& report_uri, const std::string& report) = 0;
|
| +
|
| + protected:
|
| + virtual ~ReportSender() {}
|
| + };
|
| +
|
| + // Indicates whether or not a public key pin check should send a
|
| + // report if a violation is detected.
|
| + enum PublicKeyPinReportStatus { ENABLE_PIN_REPORTS, DISABLE_PIN_REPORTS };
|
| +
|
| + TransportSecurityState();
|
| + ~TransportSecurityState();
|
| +
|
| // These functions search for static and dynamic STS and PKP states, and
|
| - // invoke the
|
| - // functions of the same name on them. These functions are the primary public
|
| - // interface; direct access to STS and PKP states is best left to tests.
|
| + // invoke the functions of the same name on them. These functions are the
|
| + // primary public interface; direct access to STS and PKP states is best
|
| + // left to tests.
|
| bool ShouldSSLErrorsBeFatal(const std::string& host);
|
| bool ShouldUpgradeToSSL(const std::string& host);
|
| - bool CheckPublicKeyPins(const std::string& host,
|
| + bool CheckPublicKeyPins(const HostPortPair& host_port_pair,
|
| bool is_issued_by_known_root,
|
| const HashValueVector& hashes,
|
| + const X509Certificate* served_certificate_chain,
|
| + const X509Certificate* validated_certificate_chain,
|
| + const PublicKeyPinReportStatus report_status,
|
| std::string* failure_log);
|
| bool HasPublicKeyPins(const std::string& host);
|
|
|
| @@ -208,6 +219,8 @@ class NET_EXPORT TransportSecurityState
|
| // TransportSecurityState.
|
| void SetDelegate(Delegate* delegate);
|
|
|
| + void SetReportSender(ReportSender* report_sender);
|
| +
|
| // Clears all dynamic data (e.g. HSTS and HPKP data).
|
| //
|
| // Does NOT persist changes using the Delegate, as this function is only
|
| @@ -322,9 +335,13 @@ class NET_EXPORT TransportSecurityState
|
| static bool IsBuildTimely();
|
|
|
| // Helper method for actually checking pins.
|
| - bool CheckPublicKeyPinsImpl(const std::string& host,
|
| - const HashValueVector& hashes,
|
| - std::string* failure_log);
|
| + bool CheckPublicKeyPinsImpl(
|
| + const HostPortPair& host_port_pair,
|
| + const HashValueVector& hashes,
|
| + const X509Certificate* served_certificate_chain,
|
| + const X509Certificate* validated_certificate_chain,
|
| + const PublicKeyPinReportStatus report_status,
|
| + std::string* failure_log);
|
|
|
| // If a Delegate is present, notify it that the internal state has
|
| // changed.
|
| @@ -361,6 +378,8 @@ class NET_EXPORT TransportSecurityState
|
|
|
| Delegate* delegate_;
|
|
|
| + ReportSender* report_sender_;
|
| +
|
| // True if static pins should be used.
|
| bool enable_static_pins_;
|
|
|
|
|
Chromium Code Reviews
Issue 1212613004:
Build and send HPKP violation reports (Closed)
Base URL: https://chromium.googlesource.com/chromium/src.git@master