OLD | NEW |
1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. | 1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. |
2 // Use of this source code is governed by a BSD-style license that can be | 2 // Use of this source code is governed by a BSD-style license that can be |
3 // found in the LICENSE file. | 3 // found in the LICENSE file. |
4 | 4 |
5 #ifndef NET_HTTP_TRANSPORT_SECURITY_STATE_H_ | 5 #ifndef NET_HTTP_TRANSPORT_SECURITY_STATE_H_ |
6 #define NET_HTTP_TRANSPORT_SECURITY_STATE_H_ | 6 #define NET_HTTP_TRANSPORT_SECURITY_STATE_H_ |
7 | 7 |
8 #include <stdint.h> | 8 #include <stdint.h> |
9 | 9 |
10 #include <map> | 10 #include <map> |
(...skipping 377 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
388 static void ReportUMAOnPinFailure(const std::string& host); | 388 static void ReportUMAOnPinFailure(const std::string& host); |
389 | 389 |
390 // IsBuildTimely returns true if the current build is new enough ensure that | 390 // IsBuildTimely returns true if the current build is new enough ensure that |
391 // built in security information (i.e. HSTS preloading and pinning | 391 // built in security information (i.e. HSTS preloading and pinning |
392 // information) is timely. | 392 // information) is timely. |
393 static bool IsBuildTimely(); | 393 static bool IsBuildTimely(); |
394 | 394 |
395 // Helper method for actually checking pins. | 395 // Helper method for actually checking pins. |
396 bool CheckPublicKeyPinsImpl( | 396 bool CheckPublicKeyPinsImpl( |
397 const HostPortPair& host_port_pair, | 397 const HostPortPair& host_port_pair, |
| 398 bool is_issued_by_known_root, |
398 const HashValueVector& hashes, | 399 const HashValueVector& hashes, |
399 const X509Certificate* served_certificate_chain, | 400 const X509Certificate* served_certificate_chain, |
400 const X509Certificate* validated_certificate_chain, | 401 const X509Certificate* validated_certificate_chain, |
401 const PublicKeyPinReportStatus report_status, | 402 const PublicKeyPinReportStatus report_status, |
402 std::string* failure_log); | 403 std::string* failure_log); |
403 | 404 |
404 // If a Delegate is present, notify it that the internal state has | 405 // If a Delegate is present, notify it that the internal state has |
405 // changed. | 406 // changed. |
406 void DirtyNotify(); | 407 void DirtyNotify(); |
407 | 408 |
(...skipping 20 matching lines...) Expand all Loading... |
428 | 429 |
429 // Returns true if a request to |host_port_pair| with the given | 430 // Returns true if a request to |host_port_pair| with the given |
430 // SubjectPublicKeyInfo |hashes| satisfies the pins in |pkp_state|, | 431 // SubjectPublicKeyInfo |hashes| satisfies the pins in |pkp_state|, |
431 // and false otherwise. If a violation is found and reporting is | 432 // and false otherwise. If a violation is found and reporting is |
432 // configured (i.e. there is a report URI in |pkp_state| and | 433 // configured (i.e. there is a report URI in |pkp_state| and |
433 // |report_status| says to), this method sends an HPKP violation | 434 // |report_status| says to), this method sends an HPKP violation |
434 // report containing |served_certificate_chain| and | 435 // report containing |served_certificate_chain| and |
435 // |validated_certificate_chain|. | 436 // |validated_certificate_chain|. |
436 bool CheckPinsAndMaybeSendReport( | 437 bool CheckPinsAndMaybeSendReport( |
437 const HostPortPair& host_port_pair, | 438 const HostPortPair& host_port_pair, |
| 439 bool is_issued_by_known_root, |
438 const TransportSecurityState::PKPState& pkp_state, | 440 const TransportSecurityState::PKPState& pkp_state, |
439 const HashValueVector& hashes, | 441 const HashValueVector& hashes, |
440 const X509Certificate* served_certificate_chain, | 442 const X509Certificate* served_certificate_chain, |
441 const X509Certificate* validated_certificate_chain, | 443 const X509Certificate* validated_certificate_chain, |
442 const TransportSecurityState::PublicKeyPinReportStatus report_status, | 444 const TransportSecurityState::PublicKeyPinReportStatus report_status, |
443 std::string* failure_log); | 445 std::string* failure_log); |
444 | 446 |
445 // Returns true and updates |*expect_ct_result| iff there is a static | 447 // Returns true and updates |*expect_ct_result| iff there is a static |
446 // (built-in) state for |host| with expect_ct=true. | 448 // (built-in) state for |host| with expect_ct=true. |
447 bool GetStaticExpectCTState(const std::string& host, | 449 bool GetStaticExpectCTState(const std::string& host, |
(...skipping 23 matching lines...) Expand all Loading... |
471 // rate-limiting. | 473 // rate-limiting. |
472 ExpiringCache<std::string, bool, base::TimeTicks, std::less<base::TimeTicks>> | 474 ExpiringCache<std::string, bool, base::TimeTicks, std::less<base::TimeTicks>> |
473 sent_reports_cache_; | 475 sent_reports_cache_; |
474 | 476 |
475 DISALLOW_COPY_AND_ASSIGN(TransportSecurityState); | 477 DISALLOW_COPY_AND_ASSIGN(TransportSecurityState); |
476 }; | 478 }; |
477 | 479 |
478 } // namespace net | 480 } // namespace net |
479 | 481 |
480 #endif // NET_HTTP_TRANSPORT_SECURITY_STATE_H_ | 482 #endif // NET_HTTP_TRANSPORT_SECURITY_STATE_H_ |
OLD | NEW |