net/http/transport_security_state.h - Issue 2040513003: Implement Expect-Staple

Keyboard Shortcuts

	File
u :	up to issue
j / k :	jump to file after / before current file
J / K :	jump to next file with a comment after / before current file
	Side-by-side diff
i :	toggle intra-line diffs
e :	expand all comments
c :	collapse all comments
s :	toggle showing all comments
n / p :	next / previous diff chunk or comment
N / P :	next / previous comment
<Up> / <Down> :	next / previous line

	Issue
u :	up to list of issues
j / k :	jump to patch after / before current patch
o / <Enter> :	open current patch in side-by-side view
i :	open current patch in unified diff view

	Issue List
j / k :	jump to issue after / before current issue
o / <Enter> :	open current issue

Unified Diff: net/http/transport_security_state.h

Issue 2040513003: Implement Expect-Staple (Closed) Base URL: https://chromium.googlesource.com/chromium/src.git@master

Patch Set: Don't report private certificates Created 4 years, 6 months ago

Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.

Jump to:

View side-by-side diff with in-line comments

Download patch

« net/cert/expect_staple_report_unittest.cc ('K') | « net/cert/expect_staple_report_unittest.cc ('k') | net/http/transport_security_state.cc » ('j') | net/http/transport_security_state.cc » ('J')
Expand Comments ('e') | Collapse Comments ('c') | Hide Comments ('s')

Index: net/http/transport_security_state.h

diff --git a/net/http/transport_security_state.h b/net/http/transport_security_state.h

index 2988f3ad8a49e9fe072795af4c4b2b9654cb20e0..f50eb83d1034ac61e19f9caa6067c105709c783e 100644

--- a/net/http/transport_security_state.h

+++ b/net/http/transport_security_state.h

@@ -19,6 +19,7 @@

#include "base/time/time.h"

#include "net/base/expiring_cache.h"

#include "net/base/net_export.h"

+#include "net/cert/expect_staple_report.h"

estark 2016/06/15 23:51:46 Should be able to forward-declare this and do the

dadrian 2016/06/16 03:27:23 Done.

#include "net/cert/x509_cert_types.h"

#include "net/cert/x509_certificate.h"

#include "url/gurl.h"

@@ -385,8 +386,17 @@ class NET_EXPORT TransportSecurityState

const HostPortPair& host_port_pair,

const SSLInfo& ssl_info);

+ void CheckExpectStaple(const HostPortPair& host_port_pair,

+ const X509Certificate& verified_certificate,

+ const X509Certificate& unverified_certificate,

+ bool is_issued_by_known_root,

+ const base::Time& verify_time,

+ const base::TimeDelta& max_age,

+ const std::string& ocsp_response);

private:

friend class TransportSecurityStateTest;

+ friend class ExpectStapleTest;

FRIEND_TEST_ALL_PREFIXES(HttpSecurityHeadersTest, UpdateDynamicPKPOnly);

FRIEND_TEST_ALL_PREFIXES(HttpSecurityHeadersTest, UpdateDynamicPKPMaxAge0);

FRIEND_TEST_ALL_PREFIXES(HttpSecurityHeadersTest, NoClobberPins);

@@ -410,6 +420,14 @@ class NET_EXPORT TransportSecurityState

// information) is timely.

static bool IsBuildTimely();

+ // Helper method for serializing an ExpectStaple report.

+ static bool SerializeExpectStapleReport(

+ const HostPortPair& host_port_pair,

+ const X509Certificate& unverified_certificate,

+ bool is_issued_by_known_root,

+ const ExpectStapleReport& report,

+ std::string* serialized_report);

// Helper method for actually checking pins.

bool CheckPublicKeyPinsImpl(

const HostPortPair& host_port_pair,

« net/cert/expect_staple_report_unittest.cc ('K') | « net/cert/expect_staple_report_unittest.cc ('k') | net/http/transport_security_state.cc » ('j') | net/http/transport_security_state.cc » ('J')