OLD | NEW |
---|---|
1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. | 1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. |
2 // Use of this source code is governed by a BSD-style license that can be | 2 // Use of this source code is governed by a BSD-style license that can be |
3 // found in the LICENSE file. | 3 // found in the LICENSE file. |
4 | 4 |
5 #ifndef NET_HTTP_TRANSPORT_SECURITY_STATE_H_ | 5 #ifndef NET_HTTP_TRANSPORT_SECURITY_STATE_H_ |
6 #define NET_HTTP_TRANSPORT_SECURITY_STATE_H_ | 6 #define NET_HTTP_TRANSPORT_SECURITY_STATE_H_ |
7 | 7 |
8 #include <map> | 8 #include <map> |
9 #include <string> | 9 #include <string> |
10 #include <utility> | 10 #include <utility> |
(...skipping 178 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... | |
189 const scoped_refptr<X509Certificate>& served_certificate_chain, | 189 const scoped_refptr<X509Certificate>& served_certificate_chain, |
190 const scoped_refptr<X509Certificate>& validated_certificate_chain, | 190 const scoped_refptr<X509Certificate>& validated_certificate_chain, |
191 const HashValueVector& spki_hashes, | 191 const HashValueVector& spki_hashes, |
192 std::string* serialized_report) = 0; | 192 std::string* serialized_report) = 0; |
193 | 193 |
194 // Sends the given serialized |report| to |report_uri|. | 194 // Sends the given serialized |report| to |report_uri|. |
195 virtual void SendHPKPReport(const GURL& report_uri, | 195 virtual void SendHPKPReport(const GURL& report_uri, |
196 const std::string& report) = 0; | 196 const std::string& report) = 0; |
197 }; | 197 }; |
198 | 198 |
199 // Indicates whether or not a public key pin check should send a | |
200 // report if a violation is detected. | |
201 enum PublicKeyPinReportStatus { | |
202 DO_NOT_SEND_PUBLIC_KEY_PIN_REPORT, | |
203 SEND_PUBLIC_KEY_PIN_REPORT | |
204 }; | |
205 | |
199 TransportSecurityState(); | 206 TransportSecurityState(); |
200 ~TransportSecurityState(); | 207 ~TransportSecurityState(); |
201 | 208 |
202 // These functions search for static and dynamic DomainStates, and invoke the | 209 // These functions search for static and dynamic DomainStates, and invoke the |
203 // functions of the same name on them. These functions are the primary public | 210 // functions of the same name on them. These functions are the primary public |
204 // interface; direct access to DomainStates is best left to tests. | 211 // interface; direct access to DomainStates is best left to tests. |
205 bool ShouldSSLErrorsBeFatal(const std::string& host); | 212 bool ShouldSSLErrorsBeFatal(const std::string& host); |
206 bool ShouldUpgradeToSSL(const std::string& host); | 213 bool ShouldUpgradeToSSL(const std::string& host); |
207 bool CheckPublicKeyPins(const std::string& host, | 214 bool CheckPublicKeyPins( |
208 bool is_issued_by_known_root, | 215 const std::string& host, |
209 const HashValueVector& hashes, | 216 bool is_issued_by_known_root, |
210 std::string* failure_log); | 217 const HashValueVector& hashes, |
218 uint16_t port, | |
219 const scoped_refptr<X509Certificate>& served_certificate_chain, | |
220 const scoped_refptr<X509Certificate>& validated_certificate_chain, | |
221 const PublicKeyPinReportStatus report_status, | |
Ryan Sleevi
2015/06/26 20:22:19
same comments re: raw pointers being cool
estark
2015/07/09 22:18:41
Done.
| |
222 std::string* failure_log); | |
211 bool HasPublicKeyPins(const std::string& host); | 223 bool HasPublicKeyPins(const std::string& host); |
212 | 224 |
213 // Assign a |Delegate| for persisting the transport security state. If | 225 // Assign a |Delegate| for persisting the transport security state. If |
214 // |NULL|, state will not be persisted. The caller retains | 226 // |NULL|, state will not be persisted. The caller retains |
215 // ownership of |delegate|. | 227 // ownership of |delegate|. |
216 // Note: This is only used for serializing/deserializing the | 228 // Note: This is only used for serializing/deserializing the |
217 // TransportSecurityState. | 229 // TransportSecurityState. |
218 void SetDelegate(Delegate* delegate); | 230 void SetDelegate(Delegate* delegate); |
219 | 231 |
220 void SetReporter(Reporter* reporter); | 232 void SetReporter(Reporter* reporter); |
(...skipping 99 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... | |
320 // representation of first-class DomainStates, and exposing the preloads | 332 // representation of first-class DomainStates, and exposing the preloads |
321 // to the caller with |GetStaticDomainState|. | 333 // to the caller with |GetStaticDomainState|. |
322 static void ReportUMAOnPinFailure(const std::string& host); | 334 static void ReportUMAOnPinFailure(const std::string& host); |
323 | 335 |
324 // IsBuildTimely returns true if the current build is new enough ensure that | 336 // IsBuildTimely returns true if the current build is new enough ensure that |
325 // built in security information (i.e. HSTS preloading and pinning | 337 // built in security information (i.e. HSTS preloading and pinning |
326 // information) is timely. | 338 // information) is timely. |
327 static bool IsBuildTimely(); | 339 static bool IsBuildTimely(); |
328 | 340 |
329 // Helper method for actually checking pins. | 341 // Helper method for actually checking pins. |
330 bool CheckPublicKeyPinsImpl(const std::string& host, | 342 bool CheckPublicKeyPinsImpl( |
331 const HashValueVector& hashes, | 343 const std::string& host, |
332 std::string* failure_log); | 344 const HashValueVector& hashes, |
345 uint16_t port, | |
346 const scoped_refptr<X509Certificate>& served_certificate_chain, | |
347 const scoped_refptr<X509Certificate>& validated_certificate_chain, | |
348 const PublicKeyPinReportStatus report_status, | |
Ryan Sleevi
2015/06/26 20:22:19
ditto
estark
2015/07/09 22:18:41
Done.
| |
349 std::string* failure_log); | |
333 | 350 |
334 // If a Delegate is present, notify it that the internal state has | 351 // If a Delegate is present, notify it that the internal state has |
335 // changed. | 352 // changed. |
336 void DirtyNotify(); | 353 void DirtyNotify(); |
337 | 354 |
338 // Adds HSTS state to |host|. | 355 // Adds HSTS state to |host|. |
339 void AddHSTSInternal(const std::string& host, | 356 void AddHSTSInternal(const std::string& host, |
340 DomainState::UpgradeMode upgrade_mode, | 357 DomainState::UpgradeMode upgrade_mode, |
341 const base::Time& expiry, | 358 const base::Time& expiry, |
342 bool include_subdomains); | 359 bool include_subdomains); |
(...skipping 23 matching lines...) Expand all Loading... | |
366 | 383 |
367 // True if static pins should be used. | 384 // True if static pins should be used. |
368 bool enable_static_pins_; | 385 bool enable_static_pins_; |
369 | 386 |
370 DISALLOW_COPY_AND_ASSIGN(TransportSecurityState); | 387 DISALLOW_COPY_AND_ASSIGN(TransportSecurityState); |
371 }; | 388 }; |
372 | 389 |
373 } // namespace net | 390 } // namespace net |
374 | 391 |
375 #endif // NET_HTTP_TRANSPORT_SECURITY_STATE_H_ | 392 #endif // NET_HTTP_TRANSPORT_SECURITY_STATE_H_ |
OLD | NEW |