Chromium Code Reviews
chromiumcodereview-hr@appspot.gserviceaccount.com (chromiumcodereview-hr) | Please choose your nickname with Settings | Help | Chromium Project | Gerrit Changes | Sign out
(173)

Issues Search
    My Issues | Starred     Open | Closed | All

Side by Side Diff: net/http/transport_security_state.h

Issue 1213783005: Send HPKP violation reports when a pin check fails (Closed) Base URL: https://chromium.googlesource.com/chromium/src.git@master
Patch Set: Created 5 years, 5 months ago
Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.
Jump to:
View unified diff | Download patch
« no previous file with comments | « net/http/http_security_headers_unittest.cc ('k') | net/http/transport_security_state.cc » ('j') | net/http/transport_security_state_unittest.cc » ('J')
Toggle Intra-line Diffs ('i') | Expand Comments ('e') | Collapse Comments ('c') | Show Comments Hide Comments ('s')
OLDNEW
1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. 1 // Copyright (c) 2012 The Chromium Authors. All rights reserved.
2 // Use of this source code is governed by a BSD-style license that can be 2 // Use of this source code is governed by a BSD-style license that can be
3 // found in the LICENSE file. 3 // found in the LICENSE file.
4 4
5 #ifndef NET_HTTP_TRANSPORT_SECURITY_STATE_H_ 5 #ifndef NET_HTTP_TRANSPORT_SECURITY_STATE_H_
6 #define NET_HTTP_TRANSPORT_SECURITY_STATE_H_ 6 #define NET_HTTP_TRANSPORT_SECURITY_STATE_H_
7 7
8 #include <map> 8 #include <map>
9 #include <string> 9 #include <string>
10 #include <utility> 10 #include <utility>
(...skipping 178 matching lines...) Expand 10 before | Expand all | Expand 10 after
189 const scoped_refptr<X509Certificate>& served_certificate_chain, 189 const scoped_refptr<X509Certificate>& served_certificate_chain,
190 const scoped_refptr<X509Certificate>& validated_certificate_chain, 190 const scoped_refptr<X509Certificate>& validated_certificate_chain,
191 const HashValueVector& spki_hashes, 191 const HashValueVector& spki_hashes,
192 std::string* serialized_report) = 0; 192 std::string* serialized_report) = 0;
193 193
194 // Sends the given serialized |report| to |report_uri|. 194 // Sends the given serialized |report| to |report_uri|.
195 virtual void SendHPKPReport(const GURL& report_uri, 195 virtual void SendHPKPReport(const GURL& report_uri,
196 const std::string& report) = 0; 196 const std::string& report) = 0;
197 }; 197 };
198 198
199 // Indicates whether or not a public key pin check should send a
200 // report if a violation is detected.
201 enum PublicKeyPinReportStatus {
202 DO_NOT_SEND_PUBLIC_KEY_PIN_REPORT,
203 SEND_PUBLIC_KEY_PIN_REPORT
204 };
205
199 TransportSecurityState(); 206 TransportSecurityState();
200 ~TransportSecurityState(); 207 ~TransportSecurityState();
201 208
202 // These functions search for static and dynamic DomainStates, and invoke the 209 // These functions search for static and dynamic DomainStates, and invoke the
203 // functions of the same name on them. These functions are the primary public 210 // functions of the same name on them. These functions are the primary public
204 // interface; direct access to DomainStates is best left to tests. 211 // interface; direct access to DomainStates is best left to tests.
205 bool ShouldSSLErrorsBeFatal(const std::string& host); 212 bool ShouldSSLErrorsBeFatal(const std::string& host);
206 bool ShouldUpgradeToSSL(const std::string& host); 213 bool ShouldUpgradeToSSL(const std::string& host);
207 bool CheckPublicKeyPins(const std::string& host, 214 bool CheckPublicKeyPins(
208 bool is_issued_by_known_root, 215 const std::string& host,
209 const HashValueVector& hashes, 216 bool is_issued_by_known_root,
210 std::string* failure_log); 217 const HashValueVector& hashes,
218 uint16_t port,
219 const scoped_refptr<X509Certificate>& served_certificate_chain,
220 const scoped_refptr<X509Certificate>& validated_certificate_chain,
221 const PublicKeyPinReportStatus report_status,
Ryan Sleevi 2015/06/26 20:22:19 same comments re: raw pointers being cool
estark 2015/07/09 22:18:41 Done.
222 std::string* failure_log);
211 bool HasPublicKeyPins(const std::string& host); 223 bool HasPublicKeyPins(const std::string& host);
212 224
213 // Assign a |Delegate| for persisting the transport security state. If 225 // Assign a |Delegate| for persisting the transport security state. If
214 // |NULL|, state will not be persisted. The caller retains 226 // |NULL|, state will not be persisted. The caller retains
215 // ownership of |delegate|. 227 // ownership of |delegate|.
216 // Note: This is only used for serializing/deserializing the 228 // Note: This is only used for serializing/deserializing the
217 // TransportSecurityState. 229 // TransportSecurityState.
218 void SetDelegate(Delegate* delegate); 230 void SetDelegate(Delegate* delegate);
219 231
220 void SetReporter(Reporter* reporter); 232 void SetReporter(Reporter* reporter);
(...skipping 99 matching lines...) Expand 10 before | Expand all | Expand 10 after
320 // representation of first-class DomainStates, and exposing the preloads 332 // representation of first-class DomainStates, and exposing the preloads
321 // to the caller with |GetStaticDomainState|. 333 // to the caller with |GetStaticDomainState|.
322 static void ReportUMAOnPinFailure(const std::string& host); 334 static void ReportUMAOnPinFailure(const std::string& host);
323 335
324 // IsBuildTimely returns true if the current build is new enough ensure that 336 // IsBuildTimely returns true if the current build is new enough ensure that
325 // built in security information (i.e. HSTS preloading and pinning 337 // built in security information (i.e. HSTS preloading and pinning
326 // information) is timely. 338 // information) is timely.
327 static bool IsBuildTimely(); 339 static bool IsBuildTimely();
328 340
329 // Helper method for actually checking pins. 341 // Helper method for actually checking pins.
330 bool CheckPublicKeyPinsImpl(const std::string& host, 342 bool CheckPublicKeyPinsImpl(
331 const HashValueVector& hashes, 343 const std::string& host,
332 std::string* failure_log); 344 const HashValueVector& hashes,
345 uint16_t port,
346 const scoped_refptr<X509Certificate>& served_certificate_chain,
347 const scoped_refptr<X509Certificate>& validated_certificate_chain,
348 const PublicKeyPinReportStatus report_status,
Ryan Sleevi 2015/06/26 20:22:19 ditto
estark 2015/07/09 22:18:41 Done.
349 std::string* failure_log);
333 350
334 // If a Delegate is present, notify it that the internal state has 351 // If a Delegate is present, notify it that the internal state has
335 // changed. 352 // changed.
336 void DirtyNotify(); 353 void DirtyNotify();
337 354
338 // Adds HSTS state to |host|. 355 // Adds HSTS state to |host|.
339 void AddHSTSInternal(const std::string& host, 356 void AddHSTSInternal(const std::string& host,
340 DomainState::UpgradeMode upgrade_mode, 357 DomainState::UpgradeMode upgrade_mode,
341 const base::Time& expiry, 358 const base::Time& expiry,
342 bool include_subdomains); 359 bool include_subdomains);
(...skipping 23 matching lines...) Expand all
366 383
367 // True if static pins should be used. 384 // True if static pins should be used.
368 bool enable_static_pins_; 385 bool enable_static_pins_;
369 386
370 DISALLOW_COPY_AND_ASSIGN(TransportSecurityState); 387 DISALLOW_COPY_AND_ASSIGN(TransportSecurityState);
371 }; 388 };
372 389
373 } // namespace net 390 } // namespace net
374 391
375 #endif // NET_HTTP_TRANSPORT_SECURITY_STATE_H_ 392 #endif // NET_HTTP_TRANSPORT_SECURITY_STATE_H_
OLDNEW
« no previous file with comments | « net/http/http_security_headers_unittest.cc ('k') | net/http/transport_security_state.cc » ('j') | net/http/transport_security_state_unittest.cc » ('J')

Powered by Google App Engine
This is Rietveld 408576698