OLD | NEW |
1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. | 1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. |
2 // Use of this source code is governed by a BSD-style license that can be | 2 // Use of this source code is governed by a BSD-style license that can be |
3 // found in the LICENSE file. | 3 // found in the LICENSE file. |
4 | 4 |
5 #ifndef NET_HTTP_TRANSPORT_SECURITY_STATE_H_ | 5 #ifndef NET_HTTP_TRANSPORT_SECURITY_STATE_H_ |
6 #define NET_HTTP_TRANSPORT_SECURITY_STATE_H_ | 6 #define NET_HTTP_TRANSPORT_SECURITY_STATE_H_ |
7 | 7 |
8 #include <stdint.h> | 8 #include <stdint.h> |
9 | 9 |
10 #include <map> | 10 #include <map> |
(...skipping 180 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
191 ExpectCTState(); | 191 ExpectCTState(); |
192 ~ExpectCTState(); | 192 ~ExpectCTState(); |
193 | 193 |
194 // The domain which matched during a search for this DomainState entry. | 194 // The domain which matched during a search for this DomainState entry. |
195 std::string domain; | 195 std::string domain; |
196 // The URI to which reports should be sent if valid CT info is not | 196 // The URI to which reports should be sent if valid CT info is not |
197 // provided. | 197 // provided. |
198 GURL report_uri; | 198 GURL report_uri; |
199 }; | 199 }; |
200 | 200 |
| 201 // An ExpectStapleState describes a site that expects valid OCSP information |
| 202 // to be stapled to its certificate on every connection. |
| 203 class NET_EXPORT ExpectStapleState { |
| 204 public: |
| 205 ExpectStapleState(); |
| 206 ~ExpectStapleState(); |
| 207 |
| 208 // The domain which matched during a search for this Expect-Staple entry |
| 209 std::string domain; |
| 210 |
| 211 // The URI reports are sent to if a valid OCSP response is not stapled |
| 212 GURL report_uri; |
| 213 |
| 214 // True if subdomains are subject to this policy |
| 215 bool include_subdomains; |
| 216 }; |
| 217 |
201 // An interface for asynchronously sending HPKP violation reports. | 218 // An interface for asynchronously sending HPKP violation reports. |
202 class NET_EXPORT ReportSender { | 219 class NET_EXPORT ReportSender { |
203 public: | 220 public: |
204 // Sends the given serialized |report| to |report_uri|. | 221 // Sends the given serialized |report| to |report_uri|. |
205 virtual void Send(const GURL& report_uri, const std::string& report) = 0; | 222 virtual void Send(const GURL& report_uri, const std::string& report) = 0; |
206 | 223 |
207 // Sets a callback to be called when report sending fails. | 224 // Sets a callback to be called when report sending fails. |
208 virtual void SetErrorCallback( | 225 virtual void SetErrorCallback( |
209 const base::Callback<void(const GURL&, int)>& error_callback) = 0; | 226 const base::Callback<void(const GURL&, int)>& error_callback) = 0; |
210 | 227 |
(...skipping 229 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
440 const X509Certificate* served_certificate_chain, | 457 const X509Certificate* served_certificate_chain, |
441 const X509Certificate* validated_certificate_chain, | 458 const X509Certificate* validated_certificate_chain, |
442 const TransportSecurityState::PublicKeyPinReportStatus report_status, | 459 const TransportSecurityState::PublicKeyPinReportStatus report_status, |
443 std::string* failure_log); | 460 std::string* failure_log); |
444 | 461 |
445 // Returns true and updates |*expect_ct_result| iff there is a static | 462 // Returns true and updates |*expect_ct_result| iff there is a static |
446 // (built-in) state for |host| with expect_ct=true. | 463 // (built-in) state for |host| with expect_ct=true. |
447 bool GetStaticExpectCTState(const std::string& host, | 464 bool GetStaticExpectCTState(const std::string& host, |
448 ExpectCTState* expect_ct_result) const; | 465 ExpectCTState* expect_ct_result) const; |
449 | 466 |
| 467 // Returns true and updates |*expect_staple_result| iff there is a static |
| 468 // (built-in) state for |host| with expect_staple=true, or if |host| is a |
| 469 // subdomain of another domain with expect_staple=true and |
| 470 // include_subdomains_for_expect_staple=true. |
| 471 bool GetStaticExpectStapleState( |
| 472 const std::string& host, |
| 473 ExpectStapleState* expect_staple_result) const; |
| 474 |
450 // The sets of hosts that have enabled TransportSecurity. |domain| will always | 475 // The sets of hosts that have enabled TransportSecurity. |domain| will always |
451 // be empty for a STSState or PKPState in these maps; the domain | 476 // be empty for a STSState or PKPState in these maps; the domain |
452 // comes from the map keys instead. In addition, |upgrade_mode| in the | 477 // comes from the map keys instead. In addition, |upgrade_mode| in the |
453 // STSState is never MODE_DEFAULT and |HasPublicKeyPins| in the PKPState | 478 // STSState is never MODE_DEFAULT and |HasPublicKeyPins| in the PKPState |
454 // always returns true. | 479 // always returns true. |
455 STSStateMap enabled_sts_hosts_; | 480 STSStateMap enabled_sts_hosts_; |
456 PKPStateMap enabled_pkp_hosts_; | 481 PKPStateMap enabled_pkp_hosts_; |
457 | 482 |
458 Delegate* delegate_; | 483 Delegate* delegate_; |
459 | 484 |
460 ReportSender* report_sender_; | 485 ReportSender* report_sender_; |
461 | 486 |
462 // True if static pins should be used. | 487 // True if static pins should be used. |
463 bool enable_static_pins_; | 488 bool enable_static_pins_; |
464 | 489 |
465 // True if static expect-CT state should be used. | 490 // True if static expect-CT state should be used. |
466 bool enable_static_expect_ct_; | 491 bool enable_static_expect_ct_; |
467 | 492 |
| 493 // True if static expect-staple state should be used. |
| 494 bool enable_static_expect_staple_; |
| 495 |
468 ExpectCTReporter* expect_ct_reporter_; | 496 ExpectCTReporter* expect_ct_reporter_; |
469 | 497 |
470 // Keeps track of reports that have been sent recently for | 498 // Keeps track of reports that have been sent recently for |
471 // rate-limiting. | 499 // rate-limiting. |
472 ExpiringCache<std::string, bool, base::TimeTicks, std::less<base::TimeTicks>> | 500 ExpiringCache<std::string, bool, base::TimeTicks, std::less<base::TimeTicks>> |
473 sent_reports_cache_; | 501 sent_reports_cache_; |
474 | 502 |
475 DISALLOW_COPY_AND_ASSIGN(TransportSecurityState); | 503 DISALLOW_COPY_AND_ASSIGN(TransportSecurityState); |
476 }; | 504 }; |
477 | 505 |
478 } // namespace net | 506 } // namespace net |
479 | 507 |
480 #endif // NET_HTTP_TRANSPORT_SECURITY_STATE_H_ | 508 #endif // NET_HTTP_TRANSPORT_SECURITY_STATE_H_ |
OLD | NEW |