OLD | NEW |
---|---|
1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. | 1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. |
2 // Use of this source code is governed by a BSD-style license that can be | 2 // Use of this source code is governed by a BSD-style license that can be |
3 // found in the LICENSE file. | 3 // found in the LICENSE file. |
4 | 4 |
5 #ifndef NET_HTTP_TRANSPORT_SECURITY_STATE_H_ | 5 #ifndef NET_HTTP_TRANSPORT_SECURITY_STATE_H_ |
6 #define NET_HTTP_TRANSPORT_SECURITY_STATE_H_ | 6 #define NET_HTTP_TRANSPORT_SECURITY_STATE_H_ |
7 | 7 |
8 #include <stdint.h> | 8 #include <stdint.h> |
9 | 9 |
10 #include <map> | 10 #include <map> |
(...skipping 209 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... | |
220 std::string* serialized_report) = 0; | 220 std::string* serialized_report) = 0; |
221 | 221 |
222 // Sends the given serialized |report| to |report_uri|. | 222 // Sends the given serialized |report| to |report_uri|. |
223 virtual void SendHPKPReport(const GURL& report_uri, | 223 virtual void SendHPKPReport(const GURL& report_uri, |
224 const std::string& report) = 0; | 224 const std::string& report) = 0; |
225 | 225 |
226 protected: | 226 protected: |
227 virtual ~Reporter() {} | 227 virtual ~Reporter() {} |
228 }; | 228 }; |
229 | 229 |
230 // Indicates whether or not a public key pin check should send a | |
231 // report if a violation is detected. | |
232 enum PublicKeyPinReportStatus { | |
233 DO_NOT_SEND_PUBLIC_KEY_PIN_REPORT, | |
234 SEND_PUBLIC_KEY_PIN_REPORT | |
Ryan Sleevi
2015/07/10 16:40:00
Perhaps for brevity/readability this should be
DI
estark
2015/07/10 19:33:30
Renamed to ENABLE_PIN_REPORTS/DISABLE_PIN_REPORTS?
| |
235 }; | |
236 | |
230 TransportSecurityState(); | 237 TransportSecurityState(); |
231 ~TransportSecurityState(); | 238 ~TransportSecurityState(); |
232 | 239 |
233 // These functions search for static and dynamic STS and PKP states, and | 240 // These functions search for static and dynamic STS and PKP states, and |
234 // invoke the functions of the same name on them. These functions are the | 241 // invoke the functions of the same name on them. These functions are the |
235 // primary public interface; direct access to STS and PKP states is best | 242 // primary public interface; direct access to STS and PKP states is best |
236 // left to tests. | 243 // left to tests. |
237 bool ShouldSSLErrorsBeFatal(const std::string& host); | 244 bool ShouldSSLErrorsBeFatal(const std::string& host); |
238 bool ShouldUpgradeToSSL(const std::string& host); | 245 bool ShouldUpgradeToSSL(const std::string& host); |
239 bool CheckPublicKeyPins(const std::string& host, | 246 bool CheckPublicKeyPins(const std::string& host, |
240 bool is_issued_by_known_root, | 247 bool is_issued_by_known_root, |
241 const HashValueVector& hashes, | 248 const HashValueVector& hashes, |
249 uint16_t port, | |
250 const X509Certificate* served_certificate_chain, | |
251 const X509Certificate* validated_certificate_chain, | |
252 const PublicKeyPinReportStatus report_status, | |
242 std::string* failure_log); | 253 std::string* failure_log); |
243 bool HasPublicKeyPins(const std::string& host); | 254 bool HasPublicKeyPins(const std::string& host); |
244 | 255 |
245 // Assign a |Delegate| for persisting the transport security state. If | 256 // Assign a |Delegate| for persisting the transport security state. If |
246 // |NULL|, state will not be persisted. The caller retains | 257 // |NULL|, state will not be persisted. The caller retains |
247 // ownership of |delegate|. | 258 // ownership of |delegate|. |
248 // Note: This is only used for serializing/deserializing the | 259 // Note: This is only used for serializing/deserializing the |
249 // TransportSecurityState. | 260 // TransportSecurityState. |
250 void SetDelegate(Delegate* delegate); | 261 void SetDelegate(Delegate* delegate); |
251 | 262 |
(...skipping 106 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... | |
358 // representation of first-class DomainStates, and exposing the preloads | 369 // representation of first-class DomainStates, and exposing the preloads |
359 // to the caller with |GetStaticDomainState|. | 370 // to the caller with |GetStaticDomainState|. |
360 static void ReportUMAOnPinFailure(const std::string& host); | 371 static void ReportUMAOnPinFailure(const std::string& host); |
361 | 372 |
362 // IsBuildTimely returns true if the current build is new enough ensure that | 373 // IsBuildTimely returns true if the current build is new enough ensure that |
363 // built in security information (i.e. HSTS preloading and pinning | 374 // built in security information (i.e. HSTS preloading and pinning |
364 // information) is timely. | 375 // information) is timely. |
365 static bool IsBuildTimely(); | 376 static bool IsBuildTimely(); |
366 | 377 |
367 // Helper method for actually checking pins. | 378 // Helper method for actually checking pins. |
368 bool CheckPublicKeyPinsImpl(const std::string& host, | 379 bool CheckPublicKeyPinsImpl( |
369 const HashValueVector& hashes, | 380 const std::string& host, |
370 std::string* failure_log); | 381 const HashValueVector& hashes, |
382 uint16_t port, | |
383 const X509Certificate* served_certificate_chain, | |
384 const X509Certificate* validated_certificate_chain, | |
385 const PublicKeyPinReportStatus report_status, | |
386 std::string* failure_log); | |
371 | 387 |
372 // If a Delegate is present, notify it that the internal state has | 388 // If a Delegate is present, notify it that the internal state has |
373 // changed. | 389 // changed. |
374 void DirtyNotify(); | 390 void DirtyNotify(); |
375 | 391 |
376 // Adds HSTS state to |host|. | 392 // Adds HSTS state to |host|. |
377 void AddHSTSInternal(const std::string& host, | 393 void AddHSTSInternal(const std::string& host, |
378 STSState::UpgradeMode upgrade_mode, | 394 STSState::UpgradeMode upgrade_mode, |
379 const base::Time& expiry, | 395 const base::Time& expiry, |
380 bool include_subdomains); | 396 bool include_subdomains); |
(...skipping 27 matching lines...) Expand all Loading... | |
408 | 424 |
409 // True if static pins should be used. | 425 // True if static pins should be used. |
410 bool enable_static_pins_; | 426 bool enable_static_pins_; |
411 | 427 |
412 DISALLOW_COPY_AND_ASSIGN(TransportSecurityState); | 428 DISALLOW_COPY_AND_ASSIGN(TransportSecurityState); |
413 }; | 429 }; |
414 | 430 |
415 } // namespace net | 431 } // namespace net |
416 | 432 |
417 #endif // NET_HTTP_TRANSPORT_SECURITY_STATE_H_ | 433 #endif // NET_HTTP_TRANSPORT_SECURITY_STATE_H_ |
OLD | NEW |