Index: net/http/transport_security_state.cc |
diff --git a/net/http/transport_security_state.cc b/net/http/transport_security_state.cc |
index c372d83123dfc2df882904743f8d51c5851ec011..e03e13b5f57e738f6c88d3c212225137cab47f69 100644 |
--- a/net/http/transport_security_state.cc |
+++ b/net/http/transport_security_state.cc |
@@ -513,6 +513,10 @@ bool TransportSecurityState::CheckPublicKeyPins( |
const std::string& host, |
bool is_issued_by_known_root, |
const HashValueVector& public_key_hashes, |
+ uint16_t port, |
+ const X509Certificate* served_certificate_chain, |
+ const X509Certificate* validated_certificate_chain, |
+ const PublicKeyPinReportStatus report_status, |
std::string* pinning_failure_log) { |
// Perform pin validation if, and only if, all these conditions obtain: |
// |
@@ -523,8 +527,9 @@ bool TransportSecurityState::CheckPublicKeyPins( |
return true; |
} |
- bool pins_are_valid = |
- CheckPublicKeyPinsImpl(host, public_key_hashes, pinning_failure_log); |
+ bool pins_are_valid = CheckPublicKeyPinsImpl( |
+ host, public_key_hashes, port, served_certificate_chain, |
+ validated_certificate_chain, report_status, pinning_failure_log); |
if (!pins_are_valid) { |
LOG(ERROR) << *pinning_failure_log; |
ReportUMAOnPinFailure(host); |
@@ -821,19 +826,41 @@ bool TransportSecurityState::IsBuildTimely() { |
bool TransportSecurityState::CheckPublicKeyPinsImpl( |
const std::string& host, |
const HashValueVector& hashes, |
+ uint16_t port, |
+ const X509Certificate* served_certificate_chain, |
+ const X509Certificate* validated_certificate_chain, |
+ const PublicKeyPinReportStatus report_status, |
std::string* failure_log) { |
- PKPState dynamic_state; |
- if (GetDynamicPKPState(host, &dynamic_state)) |
- return dynamic_state.CheckPublicKeyPins(hashes, failure_log); |
- |
- PKPState static_pkp_state; |
+ bool used_static_state = false; |
+ PKPState pkp_state; |
STSState unused; |
- if (GetStaticDomainState(host, &unused, &static_pkp_state)) |
- return static_pkp_state.CheckPublicKeyPins(hashes, failure_log); |
- // HasPublicKeyPins should have returned true in order for this method |
- // to have been called, so if we fall through to here, it's an error. |
- return false; |
+ if (!GetDynamicPKPState(host, &pkp_state)) { |
+ if (!GetStaticDomainState(host, &unused, &pkp_state)) { |
+ // HasPublicKeyPins should have returned true in order for this method |
+ // to have been called, so if we fall through to here, it's an error. |
+ return false; |
+ } |
+ used_static_state = true; |
+ } |
+ |
+ bool passed_pin_check = pkp_state.CheckPublicKeyPins(hashes, failure_log); |
+ |
+ if (passed_pin_check || !reporter_ || report_status != ENABLE_PIN_REPORTS) |
+ return passed_pin_check; |
+ |
+ GURL report_uri; |
+ std::string serialized_report; |
+ |
+ if (!reporter_->GetHPKPReport( |
+ host, pkp_state, used_static_state, port, served_certificate_chain, |
+ validated_certificate_chain, &report_uri, &serialized_report)) { |
+ return passed_pin_check; |
+ } |
+ |
+ reporter_->SendHPKPReport(report_uri, serialized_report); |
+ |
+ return passed_pin_check; |
} |
bool TransportSecurityState::GetStaticDomainState(const std::string& host, |