Chromium Code Reviews
chromiumcodereview-hr@appspot.gserviceaccount.com (chromiumcodereview-hr) | Please choose your nickname with Settings | Help | Chromium Project | Gerrit Changes | Sign out
(443)

Issues Search
    My Issues | Starred     Open | Closed | All

Side by Side Diff: net/http/transport_security_state.cc

Issue 1249823002: Revert of Parse HPKP report-uri and persist in TransportSecurityPersister (Closed) Base URL: https://chromium.googlesource.com/chromium/src.git@master
Patch Set: Created 5 years, 5 months ago
Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.
Jump to:
View unified diff | Download patch
« no previous file with comments | « net/http/transport_security_state.h ('k') | net/http/transport_security_state_unittest.cc » ('j') | no next file with comments »
Toggle Intra-line Diffs ('i') | Expand Comments ('e') | Collapse Comments ('c') | Show Comments Hide Comments ('s')
OLDNEW
1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. 1 // Copyright (c) 2012 The Chromium Authors. All rights reserved.
2 // Use of this source code is governed by a BSD-style license that can be 2 // Use of this source code is governed by a BSD-style license that can be
3 // found in the LICENSE file. 3 // found in the LICENSE file.
4 4
5 #include "net/http/transport_security_state.h" 5 #include "net/http/transport_security_state.h"
6 6
7 #if defined(USE_OPENSSL) 7 #if defined(USE_OPENSSL)
8 #include <openssl/ecdsa.h> 8 #include <openssl/ecdsa.h>
9 #include <openssl/ssl.h> 9 #include <openssl/ssl.h>
10 #else // !defined(USE_OPENSSL) 10 #else // !defined(USE_OPENSSL)
(...skipping 557 matching lines...) Expand 10 before | Expand all | Expand 10 after
568 sts_state.expiry = expiry; 568 sts_state.expiry = expiry;
569 sts_state.upgrade_mode = upgrade_mode; 569 sts_state.upgrade_mode = upgrade_mode;
570 570
571 EnableSTSHost(host, sts_state); 571 EnableSTSHost(host, sts_state);
572 } 572 }
573 573
574 void TransportSecurityState::AddHPKPInternal(const std::string& host, 574 void TransportSecurityState::AddHPKPInternal(const std::string& host,
575 const base::Time& last_observed, 575 const base::Time& last_observed,
576 const base::Time& expiry, 576 const base::Time& expiry,
577 bool include_subdomains, 577 bool include_subdomains,
578 const HashValueVector& hashes, 578 const HashValueVector& hashes) {
579 const GURL& report_uri) {
580 DCHECK(CalledOnValidThread()); 579 DCHECK(CalledOnValidThread());
581 580
582 PKPState pkp_state; 581 PKPState pkp_state;
583 pkp_state.last_observed = last_observed; 582 pkp_state.last_observed = last_observed;
584 pkp_state.expiry = expiry; 583 pkp_state.expiry = expiry;
585 pkp_state.include_subdomains = include_subdomains; 584 pkp_state.include_subdomains = include_subdomains;
586 pkp_state.spki_hashes = hashes; 585 pkp_state.spki_hashes = hashes;
587 pkp_state.report_uri = report_uri;
588 586
589 EnablePKPHost(host, pkp_state); 587 EnablePKPHost(host, pkp_state);
590 } 588 }
591 589
592 void TransportSecurityState::EnableSTSHost(const std::string& host, 590 void TransportSecurityState::EnableSTSHost(const std::string& host,
593 const STSState& state) { 591 const STSState& state) {
594 DCHECK(CalledOnValidThread()); 592 DCHECK(CalledOnValidThread());
595 593
596 const std::string canonicalized_host = CanonicalizeHost(host); 594 const std::string canonicalized_host = CanonicalizeHost(host);
597 if (canonicalized_host.empty()) 595 if (canonicalized_host.empty())
(...skipping 139 matching lines...) Expand 10 before | Expand all | Expand 10 after
737 735
738 bool TransportSecurityState::AddHPKPHeader(const std::string& host, 736 bool TransportSecurityState::AddHPKPHeader(const std::string& host,
739 const std::string& value, 737 const std::string& value,
740 const SSLInfo& ssl_info) { 738 const SSLInfo& ssl_info) {
741 DCHECK(CalledOnValidThread()); 739 DCHECK(CalledOnValidThread());
742 740
743 base::Time now = base::Time::Now(); 741 base::Time now = base::Time::Now();
744 base::TimeDelta max_age; 742 base::TimeDelta max_age;
745 bool include_subdomains; 743 bool include_subdomains;
746 HashValueVector spki_hashes; 744 HashValueVector spki_hashes;
747 GURL report_uri;
748
749 if (!ParseHPKPHeader(value, ssl_info.public_key_hashes, &max_age, 745 if (!ParseHPKPHeader(value, ssl_info.public_key_hashes, &max_age,
750 &include_subdomains, &spki_hashes, &report_uri)) { 746 &include_subdomains, &spki_hashes)) {
751 return false; 747 return false;
752 } 748 }
753 // Handle max-age == 0. 749 // Handle max-age == 0.
754 if (max_age.InSeconds() == 0) 750 if (max_age.InSeconds() == 0)
755 spki_hashes.clear(); 751 spki_hashes.clear();
756 AddHPKPInternal(host, now, now + max_age, include_subdomains, spki_hashes, 752 AddHPKPInternal(host, now, now + max_age, include_subdomains, spki_hashes);
757 report_uri);
758 return true; 753 return true;
759 } 754 }
760 755
761 void TransportSecurityState::AddHSTS(const std::string& host, 756 void TransportSecurityState::AddHSTS(const std::string& host,
762 const base::Time& expiry, 757 const base::Time& expiry,
763 bool include_subdomains) { 758 bool include_subdomains) {
764 DCHECK(CalledOnValidThread()); 759 DCHECK(CalledOnValidThread());
765 AddHSTSInternal(host, STSState::MODE_FORCE_HTTPS, expiry, include_subdomains); 760 AddHSTSInternal(host, STSState::MODE_FORCE_HTTPS, expiry, include_subdomains);
766 } 761 }
767 762
768 void TransportSecurityState::AddHPKP(const std::string& host, 763 void TransportSecurityState::AddHPKP(const std::string& host,
769 const base::Time& expiry, 764 const base::Time& expiry,
770 bool include_subdomains, 765 bool include_subdomains,
771 const HashValueVector& hashes, 766 const HashValueVector& hashes) {
772 const GURL& report_uri) {
773 DCHECK(CalledOnValidThread()); 767 DCHECK(CalledOnValidThread());
774 AddHPKPInternal(host, base::Time::Now(), expiry, include_subdomains, hashes, 768 AddHPKPInternal(host, base::Time::Now(), expiry, include_subdomains, hashes);
775 report_uri);
776 } 769 }
777 770
778 // static 771 // static
779 bool TransportSecurityState::IsGooglePinnedProperty(const std::string& host) { 772 bool TransportSecurityState::IsGooglePinnedProperty(const std::string& host) {
780 PreloadResult result; 773 PreloadResult result;
781 return DecodeHSTSPreload(host, &result) && result.has_pins && 774 return DecodeHSTSPreload(host, &result) && result.has_pins &&
782 kPinsets[result.pinset_id].accepted_pins == kGoogleAcceptableCerts; 775 kPinsets[result.pinset_id].accepted_pins == kGoogleAcceptableCerts;
783 } 776 }
784 777
785 // static 778 // static
(...skipping 270 matching lines...) Expand 10 before | Expand all | Expand 10 after
1056 TransportSecurityState::PKPStateIterator::PKPStateIterator( 1049 TransportSecurityState::PKPStateIterator::PKPStateIterator(
1057 const TransportSecurityState& state) 1050 const TransportSecurityState& state)
1058 : iterator_(state.enabled_pkp_hosts_.begin()), 1051 : iterator_(state.enabled_pkp_hosts_.begin()),
1059 end_(state.enabled_pkp_hosts_.end()) { 1052 end_(state.enabled_pkp_hosts_.end()) {
1060 } 1053 }
1061 1054
1062 TransportSecurityState::PKPStateIterator::~PKPStateIterator() { 1055 TransportSecurityState::PKPStateIterator::~PKPStateIterator() {
1063 } 1056 }
1064 1057
1065 } // namespace 1058 } // namespace
OLDNEW
« no previous file with comments | « net/http/transport_security_state.h ('k') | net/http/transport_security_state_unittest.cc » ('j') | no next file with comments »

Powered by Google App Engine
This is Rietveld 408576698