Send HPKP violation reports when a pin check fails

net/http/transport_security_state.h

 // Copyright (c) 2012 The Chromium Authors. All rights reserved.
 // Use of this source code is governed by a BSD-style license that can be
 // found in the LICENSE file.
 
 #ifndef NET_HTTP_TRANSPORT_SECURITY_STATE_H_
 #define NET_HTTP_TRANSPORT_SECURITY_STATE_H_
 
 #include <stdint.h>
 
 #include <map>
 #include <string>
 #include <utility>
 #include <vector>
 
 #include "base/gtest_prod_util.h"
 #include "base/threading/non_thread_safe.h"
 #include "base/time/time.h"
 #include "net/base/net_export.h"
 #include "net/cert/x509_cert_types.h"
 #include "net/cert/x509_certificate.h"
 #include "url/gurl.h"
 
 class GURL;
 
+class GURL;
+
 namespace net {
 
 class SSLInfo;
 
 // Tracks which hosts have enabled strict transport security and/or public
 // key pins.
 //
 // This object manages the in-memory store. Register a Delegate with
 // |SetDelegate| to persist the state to disk.
 //
@@ skipping 143 matching lines @@
     std::map<std::string, PKPState>::const_iterator iterator_;
     std::map<std::string, PKPState>::const_iterator end_;
   };
 
   class NET_EXPORT Reporter {
    public:
     // Determines if a HPKP violation report should be sent for the
     // given |hostname|, which was found to violate the pins in
     // |pkp_state|. Returns true if the report should be sent, with the
     // report URI in |report_uri| and the serialized report in
-    // |serialized_report|, and false otherwise. Allows embedders to
-    // override the report uri and/or format for some pins.
+    // |serialized_report|, and false otherwise. Allows the reporter to
+    // override the reporting state in some cases (for example, if
+    // reports should always be sent for certain hostnames regardless of
+    // the HPKP state).
     //
     // Additional information to be included in the report (beyond
     // fields in |pkp_state|):
     //
     // - The |port| of the request that violated the pin.
     // - |served_certificate_chain| and |validated_certificate_chain|,
     //   the certificate chains as received by the client and as built
     //   during certificate verification.
     virtual bool GetHPKPReport(
         const std::string& hostname,
         const PKPState& pkp_state,
         bool is_static_pin,
         uint16_t port,
         const X509Certificate* served_certificate_chain,
         const X509Certificate* validated_certificate_chain,
         GURL* report_uri,
         std::string* serialized_report) = 0;
 
     // Sends the given serialized |report| to |report_uri|.
     virtual void SendHPKPReport(const GURL& report_uri,
                                 const std::string& report) = 0;
 
    protected:
     virtual ~Reporter() {}
   };
 
+  // Indicates whether or not a public key pin check should send a
+  // report if a violation is detected.
+  enum PublicKeyPinReportStatus { ENABLE_PIN_REPORTS, DISABLE_PIN_REPORTS };
+
   TransportSecurityState();
   ~TransportSecurityState();
 
   // These functions search for static and dynamic STS and PKP states, and
   // invoke the functions of the same name on them. These functions are the
   // primary public interface; direct access to STS and PKP states is best
   // left to tests.
   bool ShouldSSLErrorsBeFatal(const std::string& host);
   bool ShouldUpgradeToSSL(const std::string& host);
   bool CheckPublicKeyPins(const std::string& host,
                           bool is_issued_by_known_root,
                           const HashValueVector& hashes,
+                          uint16_t port,
+                          const X509Certificate* served_certificate_chain,
+                          const X509Certificate* validated_certificate_chain,
+                          const PublicKeyPinReportStatus report_status,
                           std::string* failure_log);
   bool HasPublicKeyPins(const std::string& host);
 
   // Assign a |Delegate| for persisting the transport security state. If
   // |NULL|, state will not be persisted. The caller retains
   // ownership of |delegate|.
   // Note: This is only used for serializing/deserializing the
   // TransportSecurityState.
   void SetDelegate(Delegate* delegate);
 
@@ skipping 106 matching lines @@
   // representation of first-class DomainStates, and exposing the preloads
   // to the caller with |GetStaticDomainState|.
   static void ReportUMAOnPinFailure(const std::string& host);
 
   // IsBuildTimely returns true if the current build is new enough ensure that
   // built in security information (i.e. HSTS preloading and pinning
   // information) is timely.
   static bool IsBuildTimely();
 
   // Helper method for actually checking pins.
-  bool CheckPublicKeyPinsImpl(const std::string& host,
-                              const HashValueVector& hashes,
-                              std::string* failure_log);
+  bool CheckPublicKeyPinsImpl(
+      const std::string& host,
+      const HashValueVector& hashes,
+      uint16_t port,
+      const X509Certificate* served_certificate_chain,
+      const X509Certificate* validated_certificate_chain,
+      const PublicKeyPinReportStatus report_status,
+      std::string* failure_log);
 
   // If a Delegate is present, notify it that the internal state has
   // changed.
   void DirtyNotify();
 
   // Adds HSTS state to |host|.
   void AddHSTSInternal(const std::string& host,
                        STSState::UpgradeMode upgrade_mode,
                        const base::Time& expiry,
                        bool include_subdomains);
@@ skipping 27 matching lines @@
 
   // True if static pins should be used.
   bool enable_static_pins_;
 
   DISALLOW_COPY_AND_ASSIGN(TransportSecurityState);
 };
 
 }  // namespace net
 
 #endif  // NET_HTTP_TRANSPORT_SECURITY_STATE_H_