Chromium Code Reviews
chromiumcodereview-hr@appspot.gserviceaccount.com (chromiumcodereview-hr) | Please choose your nickname with Settings | Help | Chromium Project | Gerrit Changes | Sign out
(231)

Issues Search
    My Issues | Starred     Open | Closed | All

Unified Diff: net/http/transport_security_state.cc

Issue 2034843003: Add Expect-Staple to preload list (Closed) Base URL: https://chromium.googlesource.com/chromium/src.git@master
Patch Set: Created 4 years, 7 months ago
Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.
Jump to:
View side-by-side diff with in-line comments
Download patch
« no previous file with comments | « net/http/transport_security_state.h ('k') | net/http/transport_security_state_static.json » ('j') | net/http/transport_security_state_static.json » ('J')
Expand Comments ('e') | Collapse Comments ('c') | Show Comments Hide Comments ('s')
Index: net/http/transport_security_state.cc
diff --git a/net/http/transport_security_state.cc b/net/http/transport_security_state.cc
index 6bbe0b032a5997b6c90e90898453410dfa7ae138..ab3bb5c3c7ff63a4be71383bc2c54d9eb7d92547 100644
--- a/net/http/transport_security_state.cc
+++ b/net/http/transport_security_state.cc
@@ -375,6 +375,9 @@ struct PreloadResult {
bool has_pins;
bool expect_ct;
uint32_t expect_ct_report_uri_id;
+ bool expect_staple;
+ bool es_include_subdomains;
estark 2016/06/02 22:41:51 nit: even though it's long my preference would be
dadrian 2016/06/02 23:17:24 Done.
+ uint32_t expect_staple_report_uri_id;
};
// DecodeHSTSPreloadRaw resolves |hostname| in the preloaded data. It returns
@@ -510,10 +513,21 @@ bool DecodeHSTSPreloadRaw(const std::string& search_hostname,
return false;
}
+ if (!reader.Next(&tmp.expect_staple))
+ return false;
+ tmp.es_include_subdomains = false;
+ if (tmp.expect_staple) {
+ if (!reader.Next(&tmp.es_include_subdomains))
+ return false;
+ if (!reader.Read(4, &tmp.expect_staple_report_uri_id))
+ return false;
+ }
+
tmp.hostname_offset = hostname_offset;
if (hostname_offset == 0 || hostname[hostname_offset - 1] == '.') {
- *out_found = tmp.sts_include_subdomains || tmp.pkp_include_subdomains;
+ *out_found = tmp.sts_include_subdomains ||
+ tmp.pkp_include_subdomains || tmp.es_include_subdomains;
*out = tmp;
if (hostname_offset > 0) {
@@ -856,6 +870,28 @@ bool TransportSecurityState::GetStaticExpectCTState(
return true;
}
+bool TransportSecurityState::GetStaticExpectStapleState(
+ const std::string& host,
+ ExpectStapleState* expect_staple_state) const {
+ DCHECK(CalledOnValidThread());
+
+ if (!IsBuildTimely())
+ return false;
+
+ PreloadResult result;
+ if (!DecodeHSTSPreload(host, &result))
+ return false;
+
+ if (!enable_static_expect_staple_ || !result.expect_staple)
+ return false;
+
+ expect_staple_state->domain = host.substr(result.hostname_offset);
+ expect_staple_state->include_subdomains = result.es_include_subdomains;
+ expect_staple_state->report_uri =
+ GURL(kExpectStapleReportURIs[result.expect_staple_report_uri_id]);
+ return true;
+}
+
bool TransportSecurityState::DeleteDynamicDataForHost(const std::string& host) {
DCHECK(CalledOnValidThread());
@@ -1310,6 +1346,11 @@ TransportSecurityState::ExpectCTState::ExpectCTState() {}
TransportSecurityState::ExpectCTState::~ExpectCTState() {}
+TransportSecurityState::ExpectStapleState::ExpectStapleState()
+ : include_subdomains(false) {}
+
+TransportSecurityState::ExpectStapleState::~ExpectStapleState() {}
+
bool TransportSecurityState::PKPState::CheckPublicKeyPins(
const HashValueVector& hashes,
std::string* failure_log) const {
« no previous file with comments | « net/http/transport_security_state.h ('k') | net/http/transport_security_state_static.json » ('j') | net/http/transport_security_state_static.json » ('J')

Powered by Google App Engine
This is Rietveld 408576698