Index: net/http/transport_security_state.h |
diff --git a/net/http/transport_security_state.h b/net/http/transport_security_state.h |
index b74b78d64fdb60664dfd3de3b0c2cd41e420b0dc..c4e861e520c5c800b3050adef288136e5df29ce9 100644 |
--- a/net/http/transport_security_state.h |
+++ b/net/http/transport_security_state.h |
@@ -19,6 +19,7 @@ |
#include "base/time/time.h" |
#include "net/base/expiring_cache.h" |
#include "net/base/net_export.h" |
+#include "net/cert/ocsp_staple.h" |
#include "net/cert/x509_cert_types.h" |
#include "net/cert/x509_certificate.h" |
#include "url/gurl.h" |
@@ -384,8 +385,16 @@ class NET_EXPORT TransportSecurityState |
const HostPortPair& host_port_pair, |
const SSLInfo& ssl_info); |
+ void CheckExpectStaple(const HostPortPair& host_port_pair, |
+ const X509Certificate& verified_certificate, |
+ const X509Certificate& unverified_certificate, |
+ const base::Time& verify_time, |
+ const base::TimeDelta& max_age, |
+ const std::string& ocsp_response); |
+ |
private: |
friend class TransportSecurityStateTest; |
+ friend class ExpectStapleTest; |
FRIEND_TEST_ALL_PREFIXES(HttpSecurityHeadersTest, UpdateDynamicPKPOnly); |
FRIEND_TEST_ALL_PREFIXES(HttpSecurityHeadersTest, UpdateDynamicPKPMaxAge0); |
FRIEND_TEST_ALL_PREFIXES(HttpSecurityHeadersTest, NoClobberPins); |
@@ -409,6 +418,13 @@ class NET_EXPORT TransportSecurityState |
// information) is timely. |
static bool IsBuildTimely(); |
+ // Helper method for serilizing an ExpectStaple report. |
estark
2016/06/14 02:10:28
typo: serializing
dadrian
2016/06/14 18:40:01
Done.
|
+ static bool SerializeExpectStapleReport( |
+ const HostPortPair& host_port_pair, |
+ const X509Certificate& unverified_certificate, |
+ const ExpectStapleReport& report, |
+ std::string* serialized_report); |
+ |
// Helper method for actually checking pins. |
bool CheckPublicKeyPinsImpl( |
const HostPortPair& host_port_pair, |
@@ -472,7 +488,8 @@ class NET_EXPORT TransportSecurityState |
const std::string& host, |
ExpectStapleState* expect_staple_result) const; |
- // The sets of hosts that have enabled TransportSecurity. |domain| will always |
+ // The sets of hosts that have enabled TransportSecurity. |domain| will |
+ // always |
estark
2016/06/14 02:10:28
unintentional?
dadrian
2016/06/14 18:40:01
Done.
|
// be empty for a STSState or PKPState in these maps; the domain |
// comes from the map keys instead. In addition, |upgrade_mode| in the |
// STSState is never MODE_DEFAULT and |HasPublicKeyPins| in the PKPState |