Chromium Code Reviews Chromium Code Reviews
Issue 1580583002:
Add a whitelist for QUIC hosts. (Closed)
Base URL: https://chromium.googlesource.com/chromium/src.git@master| OLD | NEW |
|---|---|
| 1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. | 1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. |
| 2 // Use of this source code is governed by a BSD-style license that can be | 2 // Use of this source code is governed by a BSD-style license that can be |
| 3 // found in the LICENSE file. | 3 // found in the LICENSE file. |
| 4 | 4 |
| 5 #include "net/http/transport_security_state.h" | 5 #include "net/http/transport_security_state.h" |
| 6 | 6 |
| 7 #include <algorithm> | 7 #include <algorithm> |
| 8 #include <utility> | 8 #include <utility> |
| 9 | 9 |
| 10 #include "base/base64.h" | 10 #include "base/base64.h" |
| (...skipping 1082 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... | |
| 1093 while (*sha256_hash) { | 1093 while (*sha256_hash) { |
| 1094 AddHash(*sha256_hash, &pkp_state->bad_spki_hashes); | 1094 AddHash(*sha256_hash, &pkp_state->bad_spki_hashes); |
| 1095 sha256_hash++; | 1095 sha256_hash++; |
| 1096 } | 1096 } |
| 1097 } | 1097 } |
| 1098 } | 1098 } |
| 1099 | 1099 |
| 1100 return true; | 1100 return true; |
| 1101 } | 1101 } |
| 1102 | 1102 |
| 1103 bool TransportSecurityState::IsGooglePinnedHost(const std::string& host) const { | |
| 1104 DCHECK(CalledOnValidThread()); | |
| 1105 | |
| 1106 if (!IsBuildTimely()) | |
| 1107 return false; | |
| 1108 | |
| 1109 PreloadResult result; | |
| 1110 if (!DecodeHSTSPreload(host, &result)) | |
| 1111 return false; | |
| 1112 | |
| 1113 if (!result.has_pins) | |
|
Ryan Sleevi
2016/01/12 00:29:39
BUG? You should be checking enable_static_pins_, r
Ryan Hamilton
2016/01/12 01:21:24
I think this is a feature. In the initial version
| |
| 1114 return false; | |
| 1115 | |
| 1116 return kPinsets[result.pinset_id].accepted_pins == kGoogleAcceptableCerts; | |
|
Ryan Sleevi
2016/01/12 00:29:39
BUG? The original code defends against corruption
Ryan Hamilton
2016/01/12 01:21:24
It's defending against corruption? Interesting. I
| |
| 1117 } | |
| 1118 | |
| 1103 bool TransportSecurityState::GetStaticExpectCTState( | 1119 bool TransportSecurityState::GetStaticExpectCTState( |
| 1104 const std::string& host, | 1120 const std::string& host, |
| 1105 ExpectCTState* expect_ct_state) const { | 1121 ExpectCTState* expect_ct_state) const { |
| 1106 DCHECK(CalledOnValidThread()); | 1122 DCHECK(CalledOnValidThread()); |
| 1107 | 1123 |
| 1108 if (!IsBuildTimely()) | 1124 if (!IsBuildTimely()) |
| 1109 return false; | 1125 return false; |
| 1110 | 1126 |
| 1111 PreloadResult result; | 1127 PreloadResult result; |
| 1112 if (!DecodeHSTSPreload(host, &result)) | 1128 if (!DecodeHSTSPreload(host, &result)) |
| (...skipping 186 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... | |
| 1299 TransportSecurityState::PKPStateIterator::PKPStateIterator( | 1315 TransportSecurityState::PKPStateIterator::PKPStateIterator( |
| 1300 const TransportSecurityState& state) | 1316 const TransportSecurityState& state) |
| 1301 : iterator_(state.enabled_pkp_hosts_.begin()), | 1317 : iterator_(state.enabled_pkp_hosts_.begin()), |
| 1302 end_(state.enabled_pkp_hosts_.end()) { | 1318 end_(state.enabled_pkp_hosts_.end()) { |
| 1303 } | 1319 } |
| 1304 | 1320 |
| 1305 TransportSecurityState::PKPStateIterator::~PKPStateIterator() { | 1321 TransportSecurityState::PKPStateIterator::~PKPStateIterator() { |
| 1306 } | 1322 } |
| 1307 | 1323 |
| 1308 } // namespace | 1324 } // namespace |
| OLD | NEW |
