Chromium Code Reviews
chromiumcodereview-hr@appspot.gserviceaccount.com (chromiumcodereview-hr) | Please choose your nickname with Settings | Help | Chromium Project | Gerrit Changes | Sign out
(281)

Issues Search
    My Issues | Starred     Open | Closed | All

Side by Side Diff: net/http/http_security_headers.h

Issue 12974003: Improve TransportSecurityState data storage. (Closed) Base URL: https://src.chromium.org/chrome/trunk/src/
Patch Set: Created 7 years, 7 months ago
Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.
Jump to:
View unified diff | Download patch
« no previous file with comments | « net/base/transport_security_state_static_generate.go ('k') | net/http/http_security_headers.cc » ('j') | no next file with comments »
Toggle Intra-line Diffs ('i') | Expand Comments ('e') | Collapse Comments ('c') | Show Comments Hide Comments ('s')
OLDNEW
1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. 1 // Copyright (c) 2012 The Chromium Authors. All rights reserved.
2 // Use of this source code is governed by a BSD-style license that can be 2 // Use of this source code is governed by a BSD-style license that can be
3 // found in the LICENSE file. 3 // found in the LICENSE file.
4 4
5 #ifndef NET_HTTP_HTTP_SECURITY_HEADERS_H_ 5 #ifndef NET_HTTP_HTTP_SECURITY_HEADERS_H_
6 #define NET_HTTP_HTTP_SECURITY_HEADERS_H_ 6 #define NET_HTTP_HTTP_SECURITY_HEADERS_H_
7 7
8 #include <string> 8 #include <string>
9 9
10 #include "base/basictypes.h" 10 #include "base/basictypes.h"
11 #include "base/gtest_prod_util.h" 11 #include "base/gtest_prod_util.h"
12 #include "base/time.h" 12 #include "base/time.h"
13 #include "base/values.h" 13 #include "base/values.h"
14 #include "net/base/hash_value.h" 14 #include "net/base/hash_value.h"
15 #include "net/base/net_export.h" 15 #include "net/base/net_export.h"
16 16
17 namespace net { 17 namespace net {
18 18
19 const int64 kMaxHSTSAgeSecs = 86400 * 365; // 1 year 19 const int64 kMaxHSTSAgeSecs = 86400 * 365; // 1 year
20 20
21 // Parses |value| as a Strict-Transport-Security header value. If successful, 21 // Parses |value| as a Strict-Transport-Security header value. If successful,
22 // returns true and sets |*expiry| and |*include_subdomains|. 22 // returns true and sets |*max_age| and |*include_subdomains|.
23 // Otherwise returns false and leaves the output parameters unchanged. 23 // Otherwise returns false and leaves the output parameters unchanged.
24 // Interprets the max-age directive relative to |now|.
25 // 24 //
26 // value is the right-hand side of: 25 // value is the right-hand side of:
27 // 26 //
28 // "Strict-Transport-Security" ":" 27 // "Strict-Transport-Security" ":"
29 // [ directive ] *( ";" [ directive ] ) 28 // [ directive ] *( ";" [ directive ] )
30 bool NET_EXPORT_PRIVATE ParseHSTSHeader(const base::Time& now, 29 bool NET_EXPORT_PRIVATE ParseHSTSHeader(const std::string& value,
31 const std::string& value, 30 base::TimeDelta* max_age,
32 base::Time* expiry,
33 bool* include_subdomains); 31 bool* include_subdomains);
34 32
35 // Parses |value| as a Public-Key-Pins header value. If successful, 33 // Parses |value| as a Public-Key-Pins header value. If successful,
36 // returns true and populates the expiry and hashes values. 34 // returns true and populates the |*max_age| and hashes values.
37 // Otherwise returns false and leaves the output parameters unchanged. 35 // Otherwise returns false and leaves the output parameters unchanged.
38 // Interprets the max-age directive relative to |now|.
39 // 36 //
40 // value is the right-hand side of: 37 // value is the right-hand side of:
41 // 38 //
42 // "Public-Key-Pins" ":" 39 // "Public-Key-Pins" ":"
43 // "max-age" "=" delta-seconds ";" 40 // "max-age" "=" delta-seconds ";"
44 // "pin-" algo "=" base64 [ ";" ... ] 41 // "pin-" algo "=" base64 [ ";" ... ]
45 // 42 //
46 // For this function to return true, the key hashes specified by the HPKP 43 // For this function to return true, the key hashes specified by the HPKP
47 // header must pass two additional checks. There MUST be at least one 44 // header must pass two additional checks. There MUST be at least one
48 // key hash which matches the SSL certificate chain of the current site 45 // key hash which matches the SSL certificate chain of the current site
49 // (as specified by the chain_hashes) parameter. In addition, there MUST 46 // (as specified by the chain_hashes) parameter. In addition, there MUST
50 // be at least one key hash which does NOT match the site's SSL certificate 47 // be at least one key hash which does NOT match the site's SSL certificate
51 // chain (this is the "backup pin"). 48 // chain (this is the "backup pin").
52 bool NET_EXPORT_PRIVATE ParseHPKPHeader(const base::Time& now, 49 bool NET_EXPORT_PRIVATE ParseHPKPHeader(const std::string& value,
53 const std::string& value,
54 const HashValueVector& chain_hashes, 50 const HashValueVector& chain_hashes,
55 base::Time* expiry, 51 base::TimeDelta* max_age,
56 HashValueVector* hashes); 52 HashValueVector* hashes);
57 53
58 } // namespace net 54 } // namespace net
59 55
60 #endif // NET_HTTP_HTTP_SECURITY_HEADERS_H_ 56 #endif // NET_HTTP_HTTP_SECURITY_HEADERS_H_
OLDNEW
« no previous file with comments | « net/base/transport_security_state_static_generate.go ('k') | net/http/http_security_headers.cc » ('j') | no next file with comments »

Powered by Google App Engine
This is Rietveld 408576698