Chromium Code Reviews
chromiumcodereview-hr@appspot.gserviceaccount.com (chromiumcodereview-hr) | Please choose your nickname with Settings | Help | Chromium Project | Gerrit Changes | Sign out
(1668)

Issues Search
    My Issues | Starred     Open | Closed | All

Unified Diff: net/http/transport_security_state.h

Issue 2066603004: Return enum from TransportSecurityState::CheckPublicKeyPins (Closed) Base URL: https://chromium.googlesource.com/chromium/src.git@master
Patch Set: Created 4 years, 6 months ago
Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.
Jump to:
View side-by-side diff with in-line comments
Download patch
« no previous file with comments | « net/http/http_security_headers_unittest.cc ('k') | net/http/transport_security_state.cc » ('j') | net/http/transport_security_state.cc » ('J')
Expand Comments ('e') | Collapse Comments ('c') | Show Comments Hide Comments ('s')
Index: net/http/transport_security_state.h
diff --git a/net/http/transport_security_state.h b/net/http/transport_security_state.h
index 2988f3ad8a49e9fe072795af4c4b2b9654cb20e0..0415a8c766c26121b5bb3310fd7645ae58f88834 100644
--- a/net/http/transport_security_state.h
+++ b/net/http/transport_security_state.h
@@ -107,6 +107,9 @@ class NET_EXPORT TransportSecurityState
std::map<std::string, STSState>::const_iterator end_;
};
+ // PKPStatus describes the result of a pinning check.
+ enum class PKPStatus { VIOLATED = -1, OK = 0, BYPASSED = 1 };
Ryan Sleevi 2016/06/15 02:04:03 STYLE: No need to assign explicit values. STYLE: N
dadrian 2016/06/15 02:47:55 I went with violated because that's what I've hear
dadrian 2016/06/15 18:58:28 I left it with enum class because I think we want
Ryan Sleevi 2016/06/15 19:02:23 Scoping benefits? We don't gain anything in terms
dadrian 2016/06/15 19:33:16 Both? We're trying to represent the result of PKP
+
// A PKPState describes the public key pinning state.
class NET_EXPORT PKPState {
public:
@@ -259,13 +262,14 @@ class NET_EXPORT TransportSecurityState
// when is_issued_by_known_root is false.
bool ShouldSSLErrorsBeFatal(const std::string& host);
bool ShouldUpgradeToSSL(const std::string& host);
- bool CheckPublicKeyPins(const HostPortPair& host_port_pair,
- bool is_issued_by_known_root,
- const HashValueVector& hashes,
- const X509Certificate* served_certificate_chain,
- const X509Certificate* validated_certificate_chain,
- const PublicKeyPinReportStatus report_status,
- std::string* failure_log);
+ PKPStatus CheckPublicKeyPins(
+ const HostPortPair& host_port_pair,
+ bool is_issued_by_known_root,
+ const HashValueVector& hashes,
+ const X509Certificate* served_certificate_chain,
+ const X509Certificate* validated_certificate_chain,
+ const PublicKeyPinReportStatus report_status,
+ std::string* failure_log);
bool HasPublicKeyPins(const std::string& host);
// Assign a |Delegate| for persisting the transport security state. If
@@ -411,7 +415,7 @@ class NET_EXPORT TransportSecurityState
static bool IsBuildTimely();
// Helper method for actually checking pins.
- bool CheckPublicKeyPinsImpl(
+ PKPStatus CheckPublicKeyPinsImpl(
const HostPortPair& host_port_pair,
bool is_issued_by_known_root,
const HashValueVector& hashes,
@@ -452,7 +456,7 @@ class NET_EXPORT TransportSecurityState
// |report_status| says to), this method sends an HPKP violation
// report containing |served_certificate_chain| and
// |validated_certificate_chain|.
- bool CheckPinsAndMaybeSendReport(
+ PKPStatus CheckPinsAndMaybeSendReport(
const HostPortPair& host_port_pair,
bool is_issued_by_known_root,
const TransportSecurityState::PKPState& pkp_state,
« no previous file with comments | « net/http/http_security_headers_unittest.cc ('k') | net/http/transport_security_state.cc » ('j') | net/http/transport_security_state.cc » ('J')

Powered by Google App Engine
This is Rietveld 408576698