Chromium Code Reviews
chromiumcodereview-hr@appspot.gserviceaccount.com (chromiumcodereview-hr) | Please choose your nickname with Settings | Help | Chromium Project | Gerrit Changes | Sign out
(213)

Side by Side Diff: net/http/transport_security_state.cc

Issue 2102783003: Add enterprise policy to exempt hosts from Certificate Transparency (Closed) Base URL: https://chromium.googlesource.com/chromium/src.git@enterprise_ct
Patch Set: Combine with https://codereview.chromium.org/2087743002 Created 4 years, 5 months ago
Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.
Jump to:
View unified diff | Download patch
OLDNEW
1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. 1 // Copyright (c) 2012 The Chromium Authors. All rights reserved.
2 // Use of this source code is governed by a BSD-style license that can be 2 // Use of this source code is governed by a BSD-style license that can be
3 // found in the LICENSE file. 3 // found in the LICENSE file.
4 4
5 #include "net/http/transport_security_state.h" 5 #include "net/http/transport_security_state.h"
6 6
7 #include <algorithm> 7 #include <algorithm>
8 #include <memory> 8 #include <memory>
9 #include <utility> 9 #include <utility>
10 #include <vector> 10 #include <vector>
(...skipping 22 matching lines...) Expand all
33 33
34 namespace net { 34 namespace net {
35 35
36 namespace { 36 namespace {
37 37
38 #include "net/http/transport_security_state_static.h" 38 #include "net/http/transport_security_state_static.h"
39 39
40 const size_t kMaxHPKPReportCacheEntries = 50; 40 const size_t kMaxHPKPReportCacheEntries = 50;
41 const int kTimeToRememberHPKPReportsMins = 60; 41 const int kTimeToRememberHPKPReportsMins = 60;
42 const size_t kReportCacheKeyLength = 16; 42 const size_t kReportCacheKeyLength = 16;
43 int g_ct_required_for_testing = 0;
battre 2016/06/28 08:33:14 Can you please document the values?
43 44
44 void RecordUMAForHPKPReportFailure(const GURL& report_uri, int net_error) { 45 void RecordUMAForHPKPReportFailure(const GURL& report_uri, int net_error) {
45 UMA_HISTOGRAM_SPARSE_SLOWLY("Net.PublicKeyPinReportSendingFailure", 46 UMA_HISTOGRAM_SPARSE_SLOWLY("Net.PublicKeyPinReportSendingFailure",
46 net_error); 47 net_error);
47 } 48 }
48 49
49 std::string TimeToISO8601(const base::Time& t) { 50 std::string TimeToISO8601(const base::Time& t) {
50 base::Time::Exploded exploded; 51 base::Time::Exploded exploded;
51 t.UTCExplode(&exploded); 52 t.UTCExplode(&exploded);
52 return base::StringPrintf( 53 return base::StringPrintf(
(...skipping 652 matching lines...) Expand 10 before | Expand all | Expand 10 after
705 const X509Certificate* validated_certificate_chain, 706 const X509Certificate* validated_certificate_chain,
706 const HashValueVector& public_key_hashes) { 707 const HashValueVector& public_key_hashes) {
707 using CTRequirementLevel = RequireCTDelegate::CTRequirementLevel; 708 using CTRequirementLevel = RequireCTDelegate::CTRequirementLevel;
708 709
709 CTRequirementLevel ct_required = CTRequirementLevel::DEFAULT; 710 CTRequirementLevel ct_required = CTRequirementLevel::DEFAULT;
710 if (require_ct_delegate_) 711 if (require_ct_delegate_)
711 ct_required = require_ct_delegate_->IsCTRequiredForHost(hostname); 712 ct_required = require_ct_delegate_->IsCTRequiredForHost(hostname);
712 if (ct_required != CTRequirementLevel::DEFAULT) 713 if (ct_required != CTRequirementLevel::DEFAULT)
713 return ct_required == CTRequirementLevel::REQUIRED; 714 return ct_required == CTRequirementLevel::REQUIRED;
714 715
716 // Allow unittests to override the default result.
717 if (g_ct_required_for_testing)
718 return g_ct_required_for_testing == 1;
719
715 return false; 720 return false;
716 } 721 }
717 722
718 void TransportSecurityState::SetDelegate( 723 void TransportSecurityState::SetDelegate(
719 TransportSecurityState::Delegate* delegate) { 724 TransportSecurityState::Delegate* delegate) {
720 DCHECK(CalledOnValidThread()); 725 DCHECK(CalledOnValidThread());
721 delegate_ = delegate; 726 delegate_ = delegate;
722 } 727 }
723 728
724 void TransportSecurityState::SetReportSender( 729 void TransportSecurityState::SetReportSender(
(...skipping 403 matching lines...) Expand 10 before | Expand all | Expand 10 after
1128 return; 1133 return;
1129 } 1134 }
1130 1135
1131 DCHECK(result.domain_id != DOMAIN_NOT_PINNED); 1136 DCHECK(result.domain_id != DOMAIN_NOT_PINNED);
1132 1137
1133 UMA_HISTOGRAM_SPARSE_SLOWLY( 1138 UMA_HISTOGRAM_SPARSE_SLOWLY(
1134 "Net.PublicKeyPinFailureDomain", result.domain_id); 1139 "Net.PublicKeyPinFailureDomain", result.domain_id);
1135 } 1140 }
1136 1141
1137 // static 1142 // static
1143 void TransportSecurityState::SetShouldRequireCTForTesting(bool* required) {
1144 if (!required) {
1145 g_ct_required_for_testing = 0;
1146 return;
1147 }
1148 g_ct_required_for_testing = *required ? 1 : -1;
1149 }
1150
1151 // static
1138 bool TransportSecurityState::IsBuildTimely() { 1152 bool TransportSecurityState::IsBuildTimely() {
1139 const base::Time build_time = base::GetBuildTime(); 1153 const base::Time build_time = base::GetBuildTime();
1140 // We consider built-in information to be timely for 10 weeks. 1154 // We consider built-in information to be timely for 10 weeks.
1141 return (base::Time::Now() - build_time).InDays() < 70 /* 10 weeks */; 1155 return (base::Time::Now() - build_time).InDays() < 70 /* 10 weeks */;
1142 } 1156 }
1143 1157
1144 TransportSecurityState::PKPStatus 1158 TransportSecurityState::PKPStatus
1145 TransportSecurityState::CheckPublicKeyPinsImpl( 1159 TransportSecurityState::CheckPublicKeyPinsImpl(
1146 const HostPortPair& host_port_pair, 1160 const HostPortPair& host_port_pair,
1147 bool is_issued_by_known_root, 1161 bool is_issued_by_known_root,
(...skipping 269 matching lines...) Expand 10 before | Expand all | Expand 10 after
1417 TransportSecurityState::PKPStateIterator::PKPStateIterator( 1431 TransportSecurityState::PKPStateIterator::PKPStateIterator(
1418 const TransportSecurityState& state) 1432 const TransportSecurityState& state)
1419 : iterator_(state.enabled_pkp_hosts_.begin()), 1433 : iterator_(state.enabled_pkp_hosts_.begin()),
1420 end_(state.enabled_pkp_hosts_.end()) { 1434 end_(state.enabled_pkp_hosts_.end()) {
1421 } 1435 }
1422 1436
1423 TransportSecurityState::PKPStateIterator::~PKPStateIterator() { 1437 TransportSecurityState::PKPStateIterator::~PKPStateIterator() {
1424 } 1438 }
1425 1439
1426 } // namespace 1440 } // namespace
OLDNEW

Powered by Google App Engine
This is Rietveld 408576698