OLD | NEW |
1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. | 1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. |
2 // Use of this source code is governed by a BSD-style license that can be | 2 // Use of this source code is governed by a BSD-style license that can be |
3 // found in the LICENSE file. | 3 // found in the LICENSE file. |
4 | 4 |
5 #include "net/http/transport_security_state.h" | 5 #include "net/http/transport_security_state.h" |
6 | 6 |
7 #if defined(USE_OPENSSL) | 7 #if defined(USE_OPENSSL) |
8 #include <openssl/ecdsa.h> | 8 #include <openssl/ecdsa.h> |
9 #include <openssl/ssl.h> | 9 #include <openssl/ssl.h> |
10 #else // !defined(USE_OPENSSL) | 10 #else // !defined(USE_OPENSSL) |
(...skipping 557 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
568 sts_state.expiry = expiry; | 568 sts_state.expiry = expiry; |
569 sts_state.upgrade_mode = upgrade_mode; | 569 sts_state.upgrade_mode = upgrade_mode; |
570 | 570 |
571 EnableSTSHost(host, sts_state); | 571 EnableSTSHost(host, sts_state); |
572 } | 572 } |
573 | 573 |
574 void TransportSecurityState::AddHPKPInternal(const std::string& host, | 574 void TransportSecurityState::AddHPKPInternal(const std::string& host, |
575 const base::Time& last_observed, | 575 const base::Time& last_observed, |
576 const base::Time& expiry, | 576 const base::Time& expiry, |
577 bool include_subdomains, | 577 bool include_subdomains, |
578 const HashValueVector& hashes, | 578 const HashValueVector& hashes) { |
579 const GURL& report_uri) { | |
580 DCHECK(CalledOnValidThread()); | 579 DCHECK(CalledOnValidThread()); |
581 | 580 |
582 PKPState pkp_state; | 581 PKPState pkp_state; |
583 pkp_state.last_observed = last_observed; | 582 pkp_state.last_observed = last_observed; |
584 pkp_state.expiry = expiry; | 583 pkp_state.expiry = expiry; |
585 pkp_state.include_subdomains = include_subdomains; | 584 pkp_state.include_subdomains = include_subdomains; |
586 pkp_state.spki_hashes = hashes; | 585 pkp_state.spki_hashes = hashes; |
587 pkp_state.report_uri = report_uri; | |
588 | 586 |
589 EnablePKPHost(host, pkp_state); | 587 EnablePKPHost(host, pkp_state); |
590 } | 588 } |
591 | 589 |
592 void TransportSecurityState::EnableSTSHost(const std::string& host, | 590 void TransportSecurityState::EnableSTSHost(const std::string& host, |
593 const STSState& state) { | 591 const STSState& state) { |
594 DCHECK(CalledOnValidThread()); | 592 DCHECK(CalledOnValidThread()); |
595 | 593 |
596 const std::string canonicalized_host = CanonicalizeHost(host); | 594 const std::string canonicalized_host = CanonicalizeHost(host); |
597 if (canonicalized_host.empty()) | 595 if (canonicalized_host.empty()) |
(...skipping 139 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
737 | 735 |
738 bool TransportSecurityState::AddHPKPHeader(const std::string& host, | 736 bool TransportSecurityState::AddHPKPHeader(const std::string& host, |
739 const std::string& value, | 737 const std::string& value, |
740 const SSLInfo& ssl_info) { | 738 const SSLInfo& ssl_info) { |
741 DCHECK(CalledOnValidThread()); | 739 DCHECK(CalledOnValidThread()); |
742 | 740 |
743 base::Time now = base::Time::Now(); | 741 base::Time now = base::Time::Now(); |
744 base::TimeDelta max_age; | 742 base::TimeDelta max_age; |
745 bool include_subdomains; | 743 bool include_subdomains; |
746 HashValueVector spki_hashes; | 744 HashValueVector spki_hashes; |
747 GURL report_uri; | |
748 | |
749 if (!ParseHPKPHeader(value, ssl_info.public_key_hashes, &max_age, | 745 if (!ParseHPKPHeader(value, ssl_info.public_key_hashes, &max_age, |
750 &include_subdomains, &spki_hashes, &report_uri)) { | 746 &include_subdomains, &spki_hashes)) { |
751 return false; | 747 return false; |
752 } | 748 } |
753 // Handle max-age == 0. | 749 // Handle max-age == 0. |
754 if (max_age.InSeconds() == 0) | 750 if (max_age.InSeconds() == 0) |
755 spki_hashes.clear(); | 751 spki_hashes.clear(); |
756 AddHPKPInternal(host, now, now + max_age, include_subdomains, spki_hashes, | 752 AddHPKPInternal(host, now, now + max_age, include_subdomains, spki_hashes); |
757 report_uri); | |
758 return true; | 753 return true; |
759 } | 754 } |
760 | 755 |
761 void TransportSecurityState::AddHSTS(const std::string& host, | 756 void TransportSecurityState::AddHSTS(const std::string& host, |
762 const base::Time& expiry, | 757 const base::Time& expiry, |
763 bool include_subdomains) { | 758 bool include_subdomains) { |
764 DCHECK(CalledOnValidThread()); | 759 DCHECK(CalledOnValidThread()); |
765 AddHSTSInternal(host, STSState::MODE_FORCE_HTTPS, expiry, include_subdomains); | 760 AddHSTSInternal(host, STSState::MODE_FORCE_HTTPS, expiry, include_subdomains); |
766 } | 761 } |
767 | 762 |
768 void TransportSecurityState::AddHPKP(const std::string& host, | 763 void TransportSecurityState::AddHPKP(const std::string& host, |
769 const base::Time& expiry, | 764 const base::Time& expiry, |
770 bool include_subdomains, | 765 bool include_subdomains, |
771 const HashValueVector& hashes, | 766 const HashValueVector& hashes) { |
772 const GURL& report_uri) { | |
773 DCHECK(CalledOnValidThread()); | 767 DCHECK(CalledOnValidThread()); |
774 AddHPKPInternal(host, base::Time::Now(), expiry, include_subdomains, hashes, | 768 AddHPKPInternal(host, base::Time::Now(), expiry, include_subdomains, hashes); |
775 report_uri); | |
776 } | 769 } |
777 | 770 |
778 // static | 771 // static |
779 bool TransportSecurityState::IsGooglePinnedProperty(const std::string& host) { | 772 bool TransportSecurityState::IsGooglePinnedProperty(const std::string& host) { |
780 PreloadResult result; | 773 PreloadResult result; |
781 return DecodeHSTSPreload(host, &result) && result.has_pins && | 774 return DecodeHSTSPreload(host, &result) && result.has_pins && |
782 kPinsets[result.pinset_id].accepted_pins == kGoogleAcceptableCerts; | 775 kPinsets[result.pinset_id].accepted_pins == kGoogleAcceptableCerts; |
783 } | 776 } |
784 | 777 |
785 // static | 778 // static |
(...skipping 270 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
1056 TransportSecurityState::PKPStateIterator::PKPStateIterator( | 1049 TransportSecurityState::PKPStateIterator::PKPStateIterator( |
1057 const TransportSecurityState& state) | 1050 const TransportSecurityState& state) |
1058 : iterator_(state.enabled_pkp_hosts_.begin()), | 1051 : iterator_(state.enabled_pkp_hosts_.begin()), |
1059 end_(state.enabled_pkp_hosts_.end()) { | 1052 end_(state.enabled_pkp_hosts_.end()) { |
1060 } | 1053 } |
1061 | 1054 |
1062 TransportSecurityState::PKPStateIterator::~PKPStateIterator() { | 1055 TransportSecurityState::PKPStateIterator::~PKPStateIterator() { |
1063 } | 1056 } |
1064 | 1057 |
1065 } // namespace | 1058 } // namespace |
OLD | NEW |