Chromium Code Reviews
chromiumcodereview-hr@appspot.gserviceaccount.com (chromiumcodereview-hr) | Please choose your nickname with Settings | Help | Chromium Project | Gerrit Changes | Sign out
(790)

Issues Search
    My Issues | Starred     Open | Closed | All

Side by Side Diff: net/http/transport_security_state.h

Issue 2084783002: Cleanup HPKP error handling and weak DH key handling (Closed) Base URL: https://chromium.googlesource.com/chromium/src.git@require_ct_enforcer
Patch Set: Fix bad test Created 4 years, 6 months ago
Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.
Jump to:
View unified diff | Download patch
« no previous file with comments | « components/ssl_errors/error_info.cc ('k') | net/http/transport_security_state.cc » ('j') | no next file with comments »
Toggle Intra-line Diffs ('i') | Expand Comments ('e') | Collapse Comments ('c') | Show Comments Hide Comments ('s')
OLDNEW
1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. 1 // Copyright (c) 2012 The Chromium Authors. All rights reserved.
2 // Use of this source code is governed by a BSD-style license that can be 2 // Use of this source code is governed by a BSD-style license that can be
3 // found in the LICENSE file. 3 // found in the LICENSE file.
4 4
5 #ifndef NET_HTTP_TRANSPORT_SECURITY_STATE_H_ 5 #ifndef NET_HTTP_TRANSPORT_SECURITY_STATE_H_
6 #define NET_HTTP_TRANSPORT_SECURITY_STATE_H_ 6 #define NET_HTTP_TRANSPORT_SECURITY_STATE_H_
7 7
8 #include <stdint.h> 8 #include <stdint.h>
9 9
10 #include <map> 10 #include <map>
(...skipping 68 matching lines...) Expand 10 before | Expand all | Expand 10 after
79 // Are subdomains subject to this policy state? 79 // Are subdomains subject to this policy state?
80 bool include_subdomains; 80 bool include_subdomains;
81 81
82 // The domain which matched during a search for this STSState entry. 82 // The domain which matched during a search for this STSState entry.
83 // Updated by |GetDynamicSTSState| and |GetStaticDomainState|. 83 // Updated by |GetDynamicSTSState| and |GetStaticDomainState|.
84 std::string domain; 84 std::string domain;
85 85
86 // ShouldUpgradeToSSL returns true iff HTTP requests should be internally 86 // ShouldUpgradeToSSL returns true iff HTTP requests should be internally
87 // redirected to HTTPS (also if WS should be upgraded to WSS). 87 // redirected to HTTPS (also if WS should be upgraded to WSS).
88 bool ShouldUpgradeToSSL() const; 88 bool ShouldUpgradeToSSL() const;
89
90 // ShouldSSLErrorsBeFatal returns true iff HTTPS errors should cause
91 // hard-fail behavior (e.g. if HSTS is set for the domain).
92 bool ShouldSSLErrorsBeFatal() const;
93 }; 89 };
94 90
95 class NET_EXPORT STSStateIterator { 91 class NET_EXPORT STSStateIterator {
96 public: 92 public:
97 explicit STSStateIterator(const TransportSecurityState& state); 93 explicit STSStateIterator(const TransportSecurityState& state);
98 ~STSStateIterator(); 94 ~STSStateIterator();
99 95
100 bool HasNext() const { return iterator_ != end_; } 96 bool HasNext() const { return iterator_ != end_; }
101 void Advance() { ++iterator_; } 97 void Advance() { ++iterator_; }
102 const std::string& hostname() const { return iterator_->first; } 98 const std::string& hostname() const { return iterator_->first; }
(...skipping 53 matching lines...) Expand 10 before | Expand all | Expand 10 after
156 // 152 //
157 // |bad_static_spki_hashes| contains public keys that we don't want to 153 // |bad_static_spki_hashes| contains public keys that we don't want to
158 // trust. 154 // trust.
159 bool CheckPublicKeyPins(const HashValueVector& hashes, 155 bool CheckPublicKeyPins(const HashValueVector& hashes,
160 std::string* failure_log) const; 156 std::string* failure_log) const;
161 157
162 // Returns true if any of the HashValueVectors |static_spki_hashes|, 158 // Returns true if any of the HashValueVectors |static_spki_hashes|,
163 // |bad_static_spki_hashes|, or |dynamic_spki_hashes| contains any 159 // |bad_static_spki_hashes|, or |dynamic_spki_hashes| contains any
164 // items. 160 // items.
165 bool HasPublicKeyPins() const; 161 bool HasPublicKeyPins() const;
166
167 // ShouldSSLErrorsBeFatal returns true iff HTTPS errors should cause
168 // hard-fail behavior (e.g. if HSTS is set for the domain).
169 bool ShouldSSLErrorsBeFatal() const;
170 }; 162 };
171 163
172 class NET_EXPORT PKPStateIterator { 164 class NET_EXPORT PKPStateIterator {
173 public: 165 public:
174 explicit PKPStateIterator(const TransportSecurityState& state); 166 explicit PKPStateIterator(const TransportSecurityState& state);
175 ~PKPStateIterator(); 167 ~PKPStateIterator();
176 168
177 bool HasNext() const { return iterator_ != end_; } 169 bool HasNext() const { return iterator_ != end_; }
178 void Advance() { ++iterator_; } 170 void Advance() { ++iterator_; }
179 const std::string& hostname() const { return iterator_->first; } 171 const std::string& hostname() const { return iterator_->first; }
(...skipping 322 matching lines...) Expand 10 before | Expand all | Expand 10 after
502 // rate-limiting. 494 // rate-limiting.
503 ExpiringCache<std::string, bool, base::TimeTicks, std::less<base::TimeTicks>> 495 ExpiringCache<std::string, bool, base::TimeTicks, std::less<base::TimeTicks>>
504 sent_reports_cache_; 496 sent_reports_cache_;
505 497
506 DISALLOW_COPY_AND_ASSIGN(TransportSecurityState); 498 DISALLOW_COPY_AND_ASSIGN(TransportSecurityState);
507 }; 499 };
508 500
509 } // namespace net 501 } // namespace net
510 502
511 #endif // NET_HTTP_TRANSPORT_SECURITY_STATE_H_ 503 #endif // NET_HTTP_TRANSPORT_SECURITY_STATE_H_
OLDNEW
« no previous file with comments | « components/ssl_errors/error_info.cc ('k') | net/http/transport_security_state.cc » ('j') | no next file with comments »

Powered by Google App Engine
This is Rietveld 408576698