Chromium Code Reviews
chromiumcodereview-hr@appspot.gserviceaccount.com (chromiumcodereview-hr) | Please choose your nickname with Settings | Help | Chromium Project | Gerrit Changes | Sign out
(402)

Issues Search
    My Issues | Starred     Open | Closed | All

Side by Side Diff: net/http/transport_security_state.h

Issue 2052363002: Enable public key pinning of local trust anchors (Closed) Base URL: https://chromium.googlesource.com/chromium/src.git@master
Patch Set: Addressed Ryan's comments + unit tests Created 4 years, 6 months ago
Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.
Jump to:
View unified diff | Download patch
« components/cronet/url_request_context_config.h ('K') | « components/cronet/url_request_context_config.cc ('k') | net/http/transport_security_state.cc » ('j') | no next file with comments »
Toggle Intra-line Diffs ('i') | Expand Comments ('e') | Collapse Comments ('c') | Show Comments Hide Comments ('s')
OLDNEW
1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. 1 // Copyright (c) 2012 The Chromium Authors. All rights reserved.
2 // Use of this source code is governed by a BSD-style license that can be 2 // Use of this source code is governed by a BSD-style license that can be
3 // found in the LICENSE file. 3 // found in the LICENSE file.
4 4
5 #ifndef NET_HTTP_TRANSPORT_SECURITY_STATE_H_ 5 #ifndef NET_HTTP_TRANSPORT_SECURITY_STATE_H_
6 #define NET_HTTP_TRANSPORT_SECURITY_STATE_H_ 6 #define NET_HTTP_TRANSPORT_SECURITY_STATE_H_
7 7
8 #include <stdint.h> 8 #include <stdint.h>
9 9
10 #include <map> 10 #include <map>
(...skipping 346 matching lines...) Expand 10 before | Expand all | Expand 10 after
357 // Adds explicitly-specified data as if it was processed from an HPKP header. 357 // Adds explicitly-specified data as if it was processed from an HPKP header.
358 // Note: This method will persist the HPKP if a Delegate is present. Make sure 358 // Note: This method will persist the HPKP if a Delegate is present. Make sure
359 // that the delegate is nullptr if the persistence is not desired. 359 // that the delegate is nullptr if the persistence is not desired.
360 // See |SetDelegate| method for more details. 360 // See |SetDelegate| method for more details.
361 void AddHPKP(const std::string& host, 361 void AddHPKP(const std::string& host,
362 const base::Time& expiry, 362 const base::Time& expiry,
363 bool include_subdomains, 363 bool include_subdomains,
364 const HashValueVector& hashes, 364 const HashValueVector& hashes,
365 const GURL& report_uri); 365 const GURL& report_uri);
366 366
367 // Enables pinning of local trust anchors. This method is used by Cronet only
368 // and *** MUST NOT *** be used by any other consumer. For more information
369 // see "How does key pinning interact with local proxies and filters?" at
370 // https://www.chromium.org/Home/chromium-security/security-faq
Ryan Sleevi 2016/06/21 00:52:26 This should get a second-pass over with the overal
kapishnikov 2016/06/29 23:04:32 Done.
371 void SetEnableHPKPForLocalTrustAnchors(bool value);
372
367 // Parses |value| as a Public-Key-Pins-Report-Only header value and 373 // Parses |value| as a Public-Key-Pins-Report-Only header value and
368 // sends a HPKP report for |host_port_pair| if |ssl_info| violates the 374 // sends a HPKP report for |host_port_pair| if |ssl_info| violates the
369 // pin. Returns true if |value| parses and includes a valid 375 // pin. Returns true if |value| parses and includes a valid
370 // report-uri, and false otherwise. 376 // report-uri, and false otherwise.
371 bool ProcessHPKPReportOnlyHeader(const std::string& value, 377 bool ProcessHPKPReportOnlyHeader(const std::string& value,
372 const HostPortPair& host_port_pair, 378 const HostPortPair& host_port_pair,
373 const SSLInfo& ssl_info); 379 const SSLInfo& ssl_info);
374 380
375 // Parses |value| as a Expect CT header value and sends an Expect CT 381 // Parses |value| as a Expect CT header value and sends an Expect CT
376 // report for |host_port_pair| if the following conditions are true: 382 // report for |host_port_pair| if the following conditions are true:
(...skipping 109 matching lines...) Expand 10 before | Expand all | Expand 10 after
486 492
487 // True if static pins should be used. 493 // True if static pins should be used.
488 bool enable_static_pins_; 494 bool enable_static_pins_;
489 495
490 // True if static expect-CT state should be used. 496 // True if static expect-CT state should be used.
491 bool enable_static_expect_ct_; 497 bool enable_static_expect_ct_;
492 498
493 // True if static expect-staple state should be used. 499 // True if static expect-staple state should be used.
494 bool enable_static_expect_staple_; 500 bool enable_static_expect_staple_;
495 501
502 // True if pinning of local trust anchors is enabled
503 bool enable_hpkp_for_local_trust_anchors_;
504
496 ExpectCTReporter* expect_ct_reporter_; 505 ExpectCTReporter* expect_ct_reporter_;
497 506
498 // Keeps track of reports that have been sent recently for 507 // Keeps track of reports that have been sent recently for
499 // rate-limiting. 508 // rate-limiting.
500 ExpiringCache<std::string, bool, base::TimeTicks, std::less<base::TimeTicks>> 509 ExpiringCache<std::string, bool, base::TimeTicks, std::less<base::TimeTicks>>
501 sent_reports_cache_; 510 sent_reports_cache_;
502 511
503 DISALLOW_COPY_AND_ASSIGN(TransportSecurityState); 512 DISALLOW_COPY_AND_ASSIGN(TransportSecurityState);
504 }; 513 };
505 514
506 } // namespace net 515 } // namespace net
507 516
508 #endif // NET_HTTP_TRANSPORT_SECURITY_STATE_H_ 517 #endif // NET_HTTP_TRANSPORT_SECURITY_STATE_H_
OLDNEW
« components/cronet/url_request_context_config.h ('K') | « components/cronet/url_request_context_config.cc ('k') | net/http/transport_security_state.cc » ('j') | no next file with comments »

Powered by Google App Engine
This is Rietveld 408576698