| OLD | NEW |
|---|
| 1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. | 1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. |
| 2 // Use of this source code is governed by a BSD-style license that can be | 2 // Use of this source code is governed by a BSD-style license that can be |
| 3 // found in the LICENSE file. | 3 // found in the LICENSE file. |
| 4 | 4 |
| 5 #ifndef NET_HTTP_TRANSPORT_SECURITY_STATE_H_ | 5 #ifndef NET_HTTP_TRANSPORT_SECURITY_STATE_H_ |
| 6 #define NET_HTTP_TRANSPORT_SECURITY_STATE_H_ | 6 #define NET_HTTP_TRANSPORT_SECURITY_STATE_H_ |
| 7 | 7 |
| 8 #include <stdint.h> | 8 #include <stdint.h> |
| 9 | 9 |
| 10 #include <map> | 10 #include <map> |
| (...skipping 377 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 388 static void ReportUMAOnPinFailure(const std::string& host); | 388 static void ReportUMAOnPinFailure(const std::string& host); |
| 389 | 389 |
| 390 // IsBuildTimely returns true if the current build is new enough ensure that | 390 // IsBuildTimely returns true if the current build is new enough ensure that |
| 391 // built in security information (i.e. HSTS preloading and pinning | 391 // built in security information (i.e. HSTS preloading and pinning |
| 392 // information) is timely. | 392 // information) is timely. |
| 393 static bool IsBuildTimely(); | 393 static bool IsBuildTimely(); |
| 394 | 394 |
| 395 // Helper method for actually checking pins. | 395 // Helper method for actually checking pins. |
| 396 bool CheckPublicKeyPinsImpl( | 396 bool CheckPublicKeyPinsImpl( |
| 397 const HostPortPair& host_port_pair, | 397 const HostPortPair& host_port_pair, |
| 398 bool is_issued_by_known_root, |
| 398 const HashValueVector& hashes, | 399 const HashValueVector& hashes, |
| 399 const X509Certificate* served_certificate_chain, | 400 const X509Certificate* served_certificate_chain, |
| 400 const X509Certificate* validated_certificate_chain, | 401 const X509Certificate* validated_certificate_chain, |
| 401 const PublicKeyPinReportStatus report_status, | 402 const PublicKeyPinReportStatus report_status, |
| 402 std::string* failure_log); | 403 std::string* failure_log); |
| 403 | 404 |
| 404 // If a Delegate is present, notify it that the internal state has | 405 // If a Delegate is present, notify it that the internal state has |
| 405 // changed. | 406 // changed. |
| 406 void DirtyNotify(); | 407 void DirtyNotify(); |
| 407 | 408 |
| (...skipping 20 matching lines...) Expand all Loading... |
| 428 | 429 |
| 429 // Returns true if a request to |host_port_pair| with the given | 430 // Returns true if a request to |host_port_pair| with the given |
| 430 // SubjectPublicKeyInfo |hashes| satisfies the pins in |pkp_state|, | 431 // SubjectPublicKeyInfo |hashes| satisfies the pins in |pkp_state|, |
| 431 // and false otherwise. If a violation is found and reporting is | 432 // and false otherwise. If a violation is found and reporting is |
| 432 // configured (i.e. there is a report URI in |pkp_state| and | 433 // configured (i.e. there is a report URI in |pkp_state| and |
| 433 // |report_status| says to), this method sends an HPKP violation | 434 // |report_status| says to), this method sends an HPKP violation |
| 434 // report containing |served_certificate_chain| and | 435 // report containing |served_certificate_chain| and |
| 435 // |validated_certificate_chain|. | 436 // |validated_certificate_chain|. |
| 436 bool CheckPinsAndMaybeSendReport( | 437 bool CheckPinsAndMaybeSendReport( |
| 437 const HostPortPair& host_port_pair, | 438 const HostPortPair& host_port_pair, |
| 439 bool is_issued_by_known_root, |
| 438 const TransportSecurityState::PKPState& pkp_state, | 440 const TransportSecurityState::PKPState& pkp_state, |
| 439 const HashValueVector& hashes, | 441 const HashValueVector& hashes, |
| 440 const X509Certificate* served_certificate_chain, | 442 const X509Certificate* served_certificate_chain, |
| 441 const X509Certificate* validated_certificate_chain, | 443 const X509Certificate* validated_certificate_chain, |
| 442 const TransportSecurityState::PublicKeyPinReportStatus report_status, | 444 const TransportSecurityState::PublicKeyPinReportStatus report_status, |
| 443 std::string* failure_log); | 445 std::string* failure_log); |
| 444 | 446 |
| 445 // Returns true and updates |*expect_ct_result| iff there is a static | 447 // Returns true and updates |*expect_ct_result| iff there is a static |
| 446 // (built-in) state for |host| with expect_ct=true. | 448 // (built-in) state for |host| with expect_ct=true. |
| 447 bool GetStaticExpectCTState(const std::string& host, | 449 bool GetStaticExpectCTState(const std::string& host, |
| (...skipping 23 matching lines...) Expand all Loading... |
| 471 // rate-limiting. | 473 // rate-limiting. |
| 472 ExpiringCache<std::string, bool, base::TimeTicks, std::less<base::TimeTicks>> | 474 ExpiringCache<std::string, bool, base::TimeTicks, std::less<base::TimeTicks>> |
| 473 sent_reports_cache_; | 475 sent_reports_cache_; |
| 474 | 476 |
| 475 DISALLOW_COPY_AND_ASSIGN(TransportSecurityState); | 477 DISALLOW_COPY_AND_ASSIGN(TransportSecurityState); |
| 476 }; | 478 }; |
| 477 | 479 |
| 478 } // namespace net | 480 } // namespace net |
| 479 | 481 |
| 480 #endif // NET_HTTP_TRANSPORT_SECURITY_STATE_H_ | 482 #endif // NET_HTTP_TRANSPORT_SECURITY_STATE_H_ |
| OLD | NEW |
|---|
Chromium Code Reviews
Issue 2016143002:
Expose when PKP is bypassed in SSLInfo. (Closed)
Base URL: https://chromium.googlesource.com/chromium/src.git@master