Chromium Code Reviews Chromium Code Reviews
Issue 18554002:
Distinguish STS observation times from PKP observation times. (Closed)
Base URL: svn://svn.chromium.org/chrome/trunk/src| OLD | NEW |
|---|---|
| 1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. | 1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. |
| 2 // Use of this source code is governed by a BSD-style license that can be | 2 // Use of this source code is governed by a BSD-style license that can be |
| 3 // found in the LICENSE file. | 3 // found in the LICENSE file. |
| 4 | 4 |
| 5 #ifndef NET_HTTP_TRANSPORT_SECURITY_STATE_H_ | 5 #ifndef NET_HTTP_TRANSPORT_SECURITY_STATE_H_ |
| 6 #define NET_HTTP_TRANSPORT_SECURITY_STATE_H_ | 6 #define NET_HTTP_TRANSPORT_SECURITY_STATE_H_ |
| 7 | 7 |
| 8 #include <map> | 8 #include <map> |
| 9 #include <string> | 9 #include <string> |
| 10 #include <utility> | 10 #include <utility> |
| (...skipping 77 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... | |
| 88 // DomainState, HTTP requests should be internally redirected to HTTPS | 88 // DomainState, HTTP requests should be internally redirected to HTTPS |
| 89 // (also if the "ws" WebSocket request should be upgraded to "wss") | 89 // (also if the "ws" WebSocket request should be upgraded to "wss") |
| 90 bool ShouldUpgradeToSSL() const; | 90 bool ShouldUpgradeToSSL() const; |
| 91 | 91 |
| 92 // ShouldSSLErrorsBeFatal returns true iff HTTPS errors should cause | 92 // ShouldSSLErrorsBeFatal returns true iff HTTPS errors should cause |
| 93 // hard-fail behavior (e.g. if HSTS is set for the domain) | 93 // hard-fail behavior (e.g. if HSTS is set for the domain) |
| 94 bool ShouldSSLErrorsBeFatal() const; | 94 bool ShouldSSLErrorsBeFatal() const; |
| 95 | 95 |
| 96 UpgradeMode upgrade_mode; | 96 UpgradeMode upgrade_mode; |
| 97 | 97 |
| 98 // The absolute time (UTC) when this DomainState was first created. | 98 // The absolute time (UTC) when the |upgrade_mode| was observed. |
| 99 // | 99 // |
| 100 // Static entries do not have a created time. | 100 // TODO(palmer): Perhaps static entries should have an "observed" time. |
| 101 base::Time created; | 101 base::Time sts_observed; |
| 102 | |
| 103 // The absolute time (UTC) when the |dynamic_spki_hashes| (and other | |
| 104 // |dynamic_*| state) were observed. | |
| 105 // | |
| 106 // TODO(palmer): Perhaps static entries should have an "observed" time. | |
| 107 base::Time pkp_observed; | |
|
Ryan Sleevi
2013/07/02 23:41:10
FWIW, should you also add these fields to net-inte
palmer
2013/07/08 22:48:16
I was debating it. Yeah I will if you think I shou
| |
| 102 | 108 |
| 103 // The absolute time (UTC) when the |upgrade_mode|, if set to | 109 // The absolute time (UTC) when the |upgrade_mode|, if set to |
| 104 // UPGRADE_ALWAYS, downgrades to UPGRADE_NEVER. | 110 // UPGRADE_ALWAYS, downgrades to UPGRADE_NEVER. |
| 105 base::Time upgrade_expiry; | 111 base::Time upgrade_expiry; |
| 106 | 112 |
| 107 // Are subdomains subject to this DomainState, for the purposes of | 113 // Are subdomains subject to this DomainState, for the purposes of |
| 108 // upgrading to HTTPS? | 114 // upgrading to HTTPS? |
| 109 bool sts_include_subdomains; | 115 bool sts_include_subdomains; |
| 110 | 116 |
| 111 // Are subdomains subject to this DomainState, for the purposes of | 117 // Are subdomains subject to this DomainState, for the purposes of |
| (...skipping 207 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... | |
| 319 DomainStateMap enabled_hosts_; | 325 DomainStateMap enabled_hosts_; |
| 320 | 326 |
| 321 Delegate* delegate_; | 327 Delegate* delegate_; |
| 322 | 328 |
| 323 DISALLOW_COPY_AND_ASSIGN(TransportSecurityState); | 329 DISALLOW_COPY_AND_ASSIGN(TransportSecurityState); |
| 324 }; | 330 }; |
| 325 | 331 |
| 326 } // namespace net | 332 } // namespace net |
| 327 | 333 |
| 328 #endif // NET_HTTP_TRANSPORT_SECURITY_STATE_H_ | 334 #endif // NET_HTTP_TRANSPORT_SECURITY_STATE_H_ |
| OLD | NEW |
