| OLD | NEW |
|---|
| 1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. | 1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. |
| 2 // Use of this source code is governed by a BSD-style license that can be | 2 // Use of this source code is governed by a BSD-style license that can be |
| 3 // found in the LICENSE file. | 3 // found in the LICENSE file. |
| 4 | 4 |
| 5 #ifndef NET_HTTP_TRANSPORT_SECURITY_STATE_H_ | 5 #ifndef NET_HTTP_TRANSPORT_SECURITY_STATE_H_ |
| 6 #define NET_HTTP_TRANSPORT_SECURITY_STATE_H_ | 6 #define NET_HTTP_TRANSPORT_SECURITY_STATE_H_ |
| 7 | 7 |
| 8 #include <stdint.h> | 8 #include <stdint.h> |
| 9 | 9 |
| 10 #include <map> | 10 #include <map> |
| (...skipping 394 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 405 static void ReportUMAOnPinFailure(const std::string& host); | 405 static void ReportUMAOnPinFailure(const std::string& host); |
| 406 | 406 |
| 407 // IsBuildTimely returns true if the current build is new enough ensure that | 407 // IsBuildTimely returns true if the current build is new enough ensure that |
| 408 // built in security information (i.e. HSTS preloading and pinning | 408 // built in security information (i.e. HSTS preloading and pinning |
| 409 // information) is timely. | 409 // information) is timely. |
| 410 static bool IsBuildTimely(); | 410 static bool IsBuildTimely(); |
| 411 | 411 |
| 412 // Helper method for actually checking pins. | 412 // Helper method for actually checking pins. |
| 413 bool CheckPublicKeyPinsImpl( | 413 bool CheckPublicKeyPinsImpl( |
| 414 const HostPortPair& host_port_pair, | 414 const HostPortPair& host_port_pair, |
| 415 bool is_issued_by_known_root, |
| 415 const HashValueVector& hashes, | 416 const HashValueVector& hashes, |
| 416 const X509Certificate* served_certificate_chain, | 417 const X509Certificate* served_certificate_chain, |
| 417 const X509Certificate* validated_certificate_chain, | 418 const X509Certificate* validated_certificate_chain, |
| 418 const PublicKeyPinReportStatus report_status, | 419 const PublicKeyPinReportStatus report_status, |
| 419 std::string* failure_log); | 420 std::string* failure_log); |
| 420 | 421 |
| 421 // If a Delegate is present, notify it that the internal state has | 422 // If a Delegate is present, notify it that the internal state has |
| 422 // changed. | 423 // changed. |
| 423 void DirtyNotify(); | 424 void DirtyNotify(); |
| 424 | 425 |
| (...skipping 20 matching lines...) Expand all Loading... |
| 445 | 446 |
| 446 // Returns true if a request to |host_port_pair| with the given | 447 // Returns true if a request to |host_port_pair| with the given |
| 447 // SubjectPublicKeyInfo |hashes| satisfies the pins in |pkp_state|, | 448 // SubjectPublicKeyInfo |hashes| satisfies the pins in |pkp_state|, |
| 448 // and false otherwise. If a violation is found and reporting is | 449 // and false otherwise. If a violation is found and reporting is |
| 449 // configured (i.e. there is a report URI in |pkp_state| and | 450 // configured (i.e. there is a report URI in |pkp_state| and |
| 450 // |report_status| says to), this method sends an HPKP violation | 451 // |report_status| says to), this method sends an HPKP violation |
| 451 // report containing |served_certificate_chain| and | 452 // report containing |served_certificate_chain| and |
| 452 // |validated_certificate_chain|. | 453 // |validated_certificate_chain|. |
| 453 bool CheckPinsAndMaybeSendReport( | 454 bool CheckPinsAndMaybeSendReport( |
| 454 const HostPortPair& host_port_pair, | 455 const HostPortPair& host_port_pair, |
| 456 bool is_issued_by_known_root, |
| 455 const TransportSecurityState::PKPState& pkp_state, | 457 const TransportSecurityState::PKPState& pkp_state, |
| 456 const HashValueVector& hashes, | 458 const HashValueVector& hashes, |
| 457 const X509Certificate* served_certificate_chain, | 459 const X509Certificate* served_certificate_chain, |
| 458 const X509Certificate* validated_certificate_chain, | 460 const X509Certificate* validated_certificate_chain, |
| 459 const TransportSecurityState::PublicKeyPinReportStatus report_status, | 461 const TransportSecurityState::PublicKeyPinReportStatus report_status, |
| 460 std::string* failure_log); | 462 std::string* failure_log); |
| 461 | 463 |
| 462 // Returns true and updates |*expect_ct_result| iff there is a static | 464 // Returns true and updates |*expect_ct_result| iff there is a static |
| 463 // (built-in) state for |host| with expect_ct=true. | 465 // (built-in) state for |host| with expect_ct=true. |
| 464 bool GetStaticExpectCTState(const std::string& host, | 466 bool GetStaticExpectCTState(const std::string& host, |
| (...skipping 34 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 499 // rate-limiting. | 501 // rate-limiting. |
| 500 ExpiringCache<std::string, bool, base::TimeTicks, std::less<base::TimeTicks>> | 502 ExpiringCache<std::string, bool, base::TimeTicks, std::less<base::TimeTicks>> |
| 501 sent_reports_cache_; | 503 sent_reports_cache_; |
| 502 | 504 |
| 503 DISALLOW_COPY_AND_ASSIGN(TransportSecurityState); | 505 DISALLOW_COPY_AND_ASSIGN(TransportSecurityState); |
| 504 }; | 506 }; |
| 505 | 507 |
| 506 } // namespace net | 508 } // namespace net |
| 507 | 509 |
| 508 #endif // NET_HTTP_TRANSPORT_SECURITY_STATE_H_ | 510 #endif // NET_HTTP_TRANSPORT_SECURITY_STATE_H_ |
| OLD | NEW |
|---|
Chromium Code Reviews
Issue 2016143002:
Expose when PKP is bypassed in SSLInfo. (Closed)
Base URL: https://chromium.googlesource.com/chromium/src.git@master