Chromium Code Reviews
chromiumcodereview-hr@appspot.gserviceaccount.com (chromiumcodereview-hr) | Please choose your nickname with Settings | Help | Chromium Project | Gerrit Changes | Sign out
(261)

Issues Search
    My Issues | Starred     Open | Closed | All

Side by Side Diff: net/http/transport_security_state.h

Issue 2052363002: Enable public key pinning of local trust anchors (Closed) Base URL: https://chromium.googlesource.com/chromium/src.git@master
Patch Set: Created 4 years, 6 months ago
Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.
Jump to:
View unified diff | Download patch
« components/cronet/android/cronet_url_request_context_adapter.cc ('K') | « components/cronet/url_request_context_config.cc ('k') | net/http/transport_security_state.cc » ('j') | no next file with comments »
Toggle Intra-line Diffs ('i') | Expand Comments ('e') | Collapse Comments ('c') | Show Comments Hide Comments ('s')
OLDNEW
1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. 1 // Copyright (c) 2012 The Chromium Authors. All rights reserved.
2 // Use of this source code is governed by a BSD-style license that can be 2 // Use of this source code is governed by a BSD-style license that can be
3 // found in the LICENSE file. 3 // found in the LICENSE file.
4 4
5 #ifndef NET_HTTP_TRANSPORT_SECURITY_STATE_H_ 5 #ifndef NET_HTTP_TRANSPORT_SECURITY_STATE_H_
6 #define NET_HTTP_TRANSPORT_SECURITY_STATE_H_ 6 #define NET_HTTP_TRANSPORT_SECURITY_STATE_H_
7 7
8 #include <stdint.h> 8 #include <stdint.h>
9 9
10 #include <map> 10 #include <map>
(...skipping 346 matching lines...) Expand 10 before | Expand all | Expand 10 after
357 // Adds explicitly-specified data as if it was processed from an HPKP header. 357 // Adds explicitly-specified data as if it was processed from an HPKP header.
358 // Note: This method will persist the HPKP if a Delegate is present. Make sure 358 // Note: This method will persist the HPKP if a Delegate is present. Make sure
359 // that the delegate is nullptr if the persistence is not desired. 359 // that the delegate is nullptr if the persistence is not desired.
360 // See |SetDelegate| method for more details. 360 // See |SetDelegate| method for more details.
361 void AddHPKP(const std::string& host, 361 void AddHPKP(const std::string& host,
362 const base::Time& expiry, 362 const base::Time& expiry,
363 bool include_subdomains, 363 bool include_subdomains,
364 const HashValueVector& hashes, 364 const HashValueVector& hashes,
365 const GURL& report_uri); 365 const GURL& report_uri);
366 366
367 // Enables pinning of local trust anchors.
368 void EnableLocalTrustAnchorPinning(bool value);
Ryan Sleevi 2016/06/13 17:03:11 Naming: This does not follow the style guide Docum
Ryan Sleevi 2016/06/13 17:03:12 DESIGN: See the discussion on https://codereview.c
kapishnikov 2016/06/15 00:56:20 Done.
kapishnikov 2016/06/15 00:56:20 I will take a look at the change.
369
367 // Parses |value| as a Public-Key-Pins-Report-Only header value and 370 // Parses |value| as a Public-Key-Pins-Report-Only header value and
368 // sends a HPKP report for |host_port_pair| if |ssl_info| violates the 371 // sends a HPKP report for |host_port_pair| if |ssl_info| violates the
369 // pin. Returns true if |value| parses and includes a valid 372 // pin. Returns true if |value| parses and includes a valid
370 // report-uri, and false otherwise. 373 // report-uri, and false otherwise.
371 bool ProcessHPKPReportOnlyHeader(const std::string& value, 374 bool ProcessHPKPReportOnlyHeader(const std::string& value,
372 const HostPortPair& host_port_pair, 375 const HostPortPair& host_port_pair,
373 const SSLInfo& ssl_info); 376 const SSLInfo& ssl_info);
374 377
375 // Parses |value| as a Expect CT header value and sends an Expect CT 378 // Parses |value| as a Expect CT header value and sends an Expect CT
376 // report for |host_port_pair| if the following conditions are true: 379 // report for |host_port_pair| if the following conditions are true:
(...skipping 109 matching lines...) Expand 10 before | Expand all | Expand 10 after
486 489
487 // True if static pins should be used. 490 // True if static pins should be used.
488 bool enable_static_pins_; 491 bool enable_static_pins_;
489 492
490 // True if static expect-CT state should be used. 493 // True if static expect-CT state should be used.
491 bool enable_static_expect_ct_; 494 bool enable_static_expect_ct_;
492 495
493 // True if static expect-staple state should be used. 496 // True if static expect-staple state should be used.
494 bool enable_static_expect_staple_; 497 bool enable_static_expect_staple_;
495 498
499 // True if pinning of local trust anchors is enabled
500 bool enable_local_trust_anchor_pinning_;
501
496 ExpectCTReporter* expect_ct_reporter_; 502 ExpectCTReporter* expect_ct_reporter_;
497 503
498 // Keeps track of reports that have been sent recently for 504 // Keeps track of reports that have been sent recently for
499 // rate-limiting. 505 // rate-limiting.
500 ExpiringCache<std::string, bool, base::TimeTicks, std::less<base::TimeTicks>> 506 ExpiringCache<std::string, bool, base::TimeTicks, std::less<base::TimeTicks>>
501 sent_reports_cache_; 507 sent_reports_cache_;
502 508
503 DISALLOW_COPY_AND_ASSIGN(TransportSecurityState); 509 DISALLOW_COPY_AND_ASSIGN(TransportSecurityState);
504 }; 510 };
505 511
506 } // namespace net 512 } // namespace net
507 513
508 #endif // NET_HTTP_TRANSPORT_SECURITY_STATE_H_ 514 #endif // NET_HTTP_TRANSPORT_SECURITY_STATE_H_
OLDNEW
« components/cronet/android/cronet_url_request_context_adapter.cc ('K') | « components/cronet/url_request_context_config.cc ('k') | net/http/transport_security_state.cc » ('j') | no next file with comments »

Powered by Google App Engine
This is Rietveld 408576698