Index: net/http/transport_security_state.cc |
diff --git a/net/http/transport_security_state.cc b/net/http/transport_security_state.cc |
index 6bbe0b032a5997b6c90e90898453410dfa7ae138..ab3bb5c3c7ff63a4be71383bc2c54d9eb7d92547 100644 |
--- a/net/http/transport_security_state.cc |
+++ b/net/http/transport_security_state.cc |
@@ -375,6 +375,9 @@ struct PreloadResult { |
bool has_pins; |
bool expect_ct; |
uint32_t expect_ct_report_uri_id; |
+ bool expect_staple; |
+ bool es_include_subdomains; |
estark
2016/06/02 22:41:51
nit: even though it's long my preference would be
dadrian
2016/06/02 23:17:24
Done.
|
+ uint32_t expect_staple_report_uri_id; |
}; |
// DecodeHSTSPreloadRaw resolves |hostname| in the preloaded data. It returns |
@@ -510,10 +513,21 @@ bool DecodeHSTSPreloadRaw(const std::string& search_hostname, |
return false; |
} |
+ if (!reader.Next(&tmp.expect_staple)) |
+ return false; |
+ tmp.es_include_subdomains = false; |
+ if (tmp.expect_staple) { |
+ if (!reader.Next(&tmp.es_include_subdomains)) |
+ return false; |
+ if (!reader.Read(4, &tmp.expect_staple_report_uri_id)) |
+ return false; |
+ } |
+ |
tmp.hostname_offset = hostname_offset; |
if (hostname_offset == 0 || hostname[hostname_offset - 1] == '.') { |
- *out_found = tmp.sts_include_subdomains || tmp.pkp_include_subdomains; |
+ *out_found = tmp.sts_include_subdomains || |
+ tmp.pkp_include_subdomains || tmp.es_include_subdomains; |
*out = tmp; |
if (hostname_offset > 0) { |
@@ -856,6 +870,28 @@ bool TransportSecurityState::GetStaticExpectCTState( |
return true; |
} |
+bool TransportSecurityState::GetStaticExpectStapleState( |
+ const std::string& host, |
+ ExpectStapleState* expect_staple_state) const { |
+ DCHECK(CalledOnValidThread()); |
+ |
+ if (!IsBuildTimely()) |
+ return false; |
+ |
+ PreloadResult result; |
+ if (!DecodeHSTSPreload(host, &result)) |
+ return false; |
+ |
+ if (!enable_static_expect_staple_ || !result.expect_staple) |
+ return false; |
+ |
+ expect_staple_state->domain = host.substr(result.hostname_offset); |
+ expect_staple_state->include_subdomains = result.es_include_subdomains; |
+ expect_staple_state->report_uri = |
+ GURL(kExpectStapleReportURIs[result.expect_staple_report_uri_id]); |
+ return true; |
+} |
+ |
bool TransportSecurityState::DeleteDynamicDataForHost(const std::string& host) { |
DCHECK(CalledOnValidThread()); |
@@ -1310,6 +1346,11 @@ TransportSecurityState::ExpectCTState::ExpectCTState() {} |
TransportSecurityState::ExpectCTState::~ExpectCTState() {} |
+TransportSecurityState::ExpectStapleState::ExpectStapleState() |
+ : include_subdomains(false) {} |
+ |
+TransportSecurityState::ExpectStapleState::~ExpectStapleState() {} |
+ |
bool TransportSecurityState::PKPState::CheckPublicKeyPins( |
const HashValueVector& hashes, |
std::string* failure_log) const { |