Chromium Code Reviews
chromiumcodereview-hr@appspot.gserviceaccount.com (chromiumcodereview-hr) | Please choose your nickname with Settings | Help | Chromium Project | Gerrit Changes | Sign out
(205)

Issues Search
    My Issues | Starred     Open | Closed | All

Side by Side Diff: net/http/transport_security_state.h

Issue 2052363002: Enable public key pinning of local trust anchors (Closed) Base URL: https://chromium.googlesource.com/chromium/src.git@master
Patch Set: Fixed CronetPerfTestActivity test Created 4 years, 5 months ago
Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.
Jump to:
View unified diff | Download patch
« no previous file with comments | « components/cronet/url_request_context_config_unittest.cc ('k') | net/http/transport_security_state.cc » ('j') | no next file with comments »
Toggle Intra-line Diffs ('i') | Expand Comments ('e') | Collapse Comments ('c') | Show Comments Hide Comments ('s')
OLDNEW
1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. 1 // Copyright (c) 2012 The Chromium Authors. All rights reserved.
2 // Use of this source code is governed by a BSD-style license that can be 2 // Use of this source code is governed by a BSD-style license that can be
3 // found in the LICENSE file. 3 // found in the LICENSE file.
4 4
5 #ifndef NET_HTTP_TRANSPORT_SECURITY_STATE_H_ 5 #ifndef NET_HTTP_TRANSPORT_SECURITY_STATE_H_
6 #define NET_HTTP_TRANSPORT_SECURITY_STATE_H_ 6 #define NET_HTTP_TRANSPORT_SECURITY_STATE_H_
7 7
8 #include <stdint.h> 8 #include <stdint.h>
9 9
10 #include <map> 10 #include <map>
(...skipping 403 matching lines...) Expand 10 before | Expand all | Expand 10 after
414 // Adds explicitly-specified data as if it was processed from an HPKP header. 414 // Adds explicitly-specified data as if it was processed from an HPKP header.
415 // Note: This method will persist the HPKP if a Delegate is present. Make sure 415 // Note: This method will persist the HPKP if a Delegate is present. Make sure
416 // that the delegate is nullptr if the persistence is not desired. 416 // that the delegate is nullptr if the persistence is not desired.
417 // See |SetDelegate| method for more details. 417 // See |SetDelegate| method for more details.
418 void AddHPKP(const std::string& host, 418 void AddHPKP(const std::string& host,
419 const base::Time& expiry, 419 const base::Time& expiry,
420 bool include_subdomains, 420 bool include_subdomains,
421 const HashValueVector& hashes, 421 const HashValueVector& hashes,
422 const GURL& report_uri); 422 const GURL& report_uri);
423 423
424 // Enables or disables public key pinning bypass for local trust anchors.
425 // Disabling the bypass for local trust anchors is highly discouraged.
426 // This method is used by Cronet only and *** MUST NOT *** be used by any
427 // other consumer. For more information see "How does key pinning interact
428 // with local proxies and filters?" at
429 // https://www.chromium.org/Home/chromium-security/security-faq
430 void SetEnablePublicKeyPinningBypassForLocalTrustAnchors(bool value);
431
424 // Parses |value| as a Public-Key-Pins-Report-Only header value and 432 // Parses |value| as a Public-Key-Pins-Report-Only header value and
425 // sends a HPKP report for |host_port_pair| if |ssl_info| violates the 433 // sends a HPKP report for |host_port_pair| if |ssl_info| violates the
426 // pin. Returns true if |value| parses and includes a valid 434 // pin. Returns true if |value| parses and includes a valid
427 // report-uri, and false otherwise. 435 // report-uri, and false otherwise.
428 bool ProcessHPKPReportOnlyHeader(const std::string& value, 436 bool ProcessHPKPReportOnlyHeader(const std::string& value,
429 const HostPortPair& host_port_pair, 437 const HostPortPair& host_port_pair,
430 const SSLInfo& ssl_info); 438 const SSLInfo& ssl_info);
431 439
432 // Parses |value| as a Expect CT header value and sends an Expect CT 440 // Parses |value| as a Expect CT header value and sends an Expect CT
433 // report for |host_port_pair| if the following conditions are true: 441 // report for |host_port_pair| if the following conditions are true:
(...skipping 116 matching lines...) Expand 10 before | Expand all | Expand 10 after
550 558
551 // True if static pins should be used. 559 // True if static pins should be used.
552 bool enable_static_pins_; 560 bool enable_static_pins_;
553 561
554 // True if static expect-CT state should be used. 562 // True if static expect-CT state should be used.
555 bool enable_static_expect_ct_; 563 bool enable_static_expect_ct_;
556 564
557 // True if static expect-staple state should be used. 565 // True if static expect-staple state should be used.
558 bool enable_static_expect_staple_; 566 bool enable_static_expect_staple_;
559 567
568 // True if public key pinning bypass is enabled for local trust anchors.
569 bool enable_pkp_bypass_for_local_trust_anchors_;
570
560 ExpectCTReporter* expect_ct_reporter_ = nullptr; 571 ExpectCTReporter* expect_ct_reporter_ = nullptr;
561 572
562 RequireCTDelegate* require_ct_delegate_ = nullptr; 573 RequireCTDelegate* require_ct_delegate_ = nullptr;
563 574
564 // Keeps track of reports that have been sent recently for 575 // Keeps track of reports that have been sent recently for
565 // rate-limiting. 576 // rate-limiting.
566 ExpiringCache<std::string, bool, base::TimeTicks, std::less<base::TimeTicks>> 577 ExpiringCache<std::string, bool, base::TimeTicks, std::less<base::TimeTicks>>
567 sent_reports_cache_; 578 sent_reports_cache_;
568 579
569 DISALLOW_COPY_AND_ASSIGN(TransportSecurityState); 580 DISALLOW_COPY_AND_ASSIGN(TransportSecurityState);
570 }; 581 };
571 582
572 } // namespace net 583 } // namespace net
573 584
574 #endif // NET_HTTP_TRANSPORT_SECURITY_STATE_H_ 585 #endif // NET_HTTP_TRANSPORT_SECURITY_STATE_H_
OLDNEW
« no previous file with comments | « components/cronet/url_request_context_config_unittest.cc ('k') | net/http/transport_security_state.cc » ('j') | no next file with comments »

Powered by Google App Engine
This is Rietveld 408576698