OLD | NEW |
---|---|
1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. | 1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. |
2 // Use of this source code is governed by a BSD-style license that can be | 2 // Use of this source code is governed by a BSD-style license that can be |
3 // found in the LICENSE file. | 3 // found in the LICENSE file. |
4 | 4 |
5 #include "net/http/transport_security_state.h" | 5 #include "net/http/transport_security_state.h" |
6 | 6 |
7 #include <algorithm> | 7 #include <algorithm> |
8 #include <memory> | 8 #include <memory> |
9 #include <utility> | 9 #include <utility> |
10 #include <vector> | 10 #include <vector> |
(...skipping 22 matching lines...) Expand all Loading... | |
33 | 33 |
34 namespace net { | 34 namespace net { |
35 | 35 |
36 namespace { | 36 namespace { |
37 | 37 |
38 #include "net/http/transport_security_state_static.h" | 38 #include "net/http/transport_security_state_static.h" |
39 | 39 |
40 const size_t kMaxHPKPReportCacheEntries = 50; | 40 const size_t kMaxHPKPReportCacheEntries = 50; |
41 const int kTimeToRememberHPKPReportsMins = 60; | 41 const int kTimeToRememberHPKPReportsMins = 60; |
42 const size_t kReportCacheKeyLength = 16; | 42 const size_t kReportCacheKeyLength = 16; |
43 int g_ct_required_for_testing = 0; | |
battre
2016/06/28 08:33:14
Can you please document the values?
| |
43 | 44 |
44 void RecordUMAForHPKPReportFailure(const GURL& report_uri, int net_error) { | 45 void RecordUMAForHPKPReportFailure(const GURL& report_uri, int net_error) { |
45 UMA_HISTOGRAM_SPARSE_SLOWLY("Net.PublicKeyPinReportSendingFailure", | 46 UMA_HISTOGRAM_SPARSE_SLOWLY("Net.PublicKeyPinReportSendingFailure", |
46 net_error); | 47 net_error); |
47 } | 48 } |
48 | 49 |
49 std::string TimeToISO8601(const base::Time& t) { | 50 std::string TimeToISO8601(const base::Time& t) { |
50 base::Time::Exploded exploded; | 51 base::Time::Exploded exploded; |
51 t.UTCExplode(&exploded); | 52 t.UTCExplode(&exploded); |
52 return base::StringPrintf( | 53 return base::StringPrintf( |
(...skipping 652 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... | |
705 const X509Certificate* validated_certificate_chain, | 706 const X509Certificate* validated_certificate_chain, |
706 const HashValueVector& public_key_hashes) { | 707 const HashValueVector& public_key_hashes) { |
707 using CTRequirementLevel = RequireCTDelegate::CTRequirementLevel; | 708 using CTRequirementLevel = RequireCTDelegate::CTRequirementLevel; |
708 | 709 |
709 CTRequirementLevel ct_required = CTRequirementLevel::DEFAULT; | 710 CTRequirementLevel ct_required = CTRequirementLevel::DEFAULT; |
710 if (require_ct_delegate_) | 711 if (require_ct_delegate_) |
711 ct_required = require_ct_delegate_->IsCTRequiredForHost(hostname); | 712 ct_required = require_ct_delegate_->IsCTRequiredForHost(hostname); |
712 if (ct_required != CTRequirementLevel::DEFAULT) | 713 if (ct_required != CTRequirementLevel::DEFAULT) |
713 return ct_required == CTRequirementLevel::REQUIRED; | 714 return ct_required == CTRequirementLevel::REQUIRED; |
714 | 715 |
716 // Allow unittests to override the default result. | |
717 if (g_ct_required_for_testing) | |
718 return g_ct_required_for_testing == 1; | |
719 | |
715 return false; | 720 return false; |
716 } | 721 } |
717 | 722 |
718 void TransportSecurityState::SetDelegate( | 723 void TransportSecurityState::SetDelegate( |
719 TransportSecurityState::Delegate* delegate) { | 724 TransportSecurityState::Delegate* delegate) { |
720 DCHECK(CalledOnValidThread()); | 725 DCHECK(CalledOnValidThread()); |
721 delegate_ = delegate; | 726 delegate_ = delegate; |
722 } | 727 } |
723 | 728 |
724 void TransportSecurityState::SetReportSender( | 729 void TransportSecurityState::SetReportSender( |
(...skipping 403 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... | |
1128 return; | 1133 return; |
1129 } | 1134 } |
1130 | 1135 |
1131 DCHECK(result.domain_id != DOMAIN_NOT_PINNED); | 1136 DCHECK(result.domain_id != DOMAIN_NOT_PINNED); |
1132 | 1137 |
1133 UMA_HISTOGRAM_SPARSE_SLOWLY( | 1138 UMA_HISTOGRAM_SPARSE_SLOWLY( |
1134 "Net.PublicKeyPinFailureDomain", result.domain_id); | 1139 "Net.PublicKeyPinFailureDomain", result.domain_id); |
1135 } | 1140 } |
1136 | 1141 |
1137 // static | 1142 // static |
1143 void TransportSecurityState::SetShouldRequireCTForTesting(bool* required) { | |
1144 if (!required) { | |
1145 g_ct_required_for_testing = 0; | |
1146 return; | |
1147 } | |
1148 g_ct_required_for_testing = *required ? 1 : -1; | |
1149 } | |
1150 | |
1151 // static | |
1138 bool TransportSecurityState::IsBuildTimely() { | 1152 bool TransportSecurityState::IsBuildTimely() { |
1139 const base::Time build_time = base::GetBuildTime(); | 1153 const base::Time build_time = base::GetBuildTime(); |
1140 // We consider built-in information to be timely for 10 weeks. | 1154 // We consider built-in information to be timely for 10 weeks. |
1141 return (base::Time::Now() - build_time).InDays() < 70 /* 10 weeks */; | 1155 return (base::Time::Now() - build_time).InDays() < 70 /* 10 weeks */; |
1142 } | 1156 } |
1143 | 1157 |
1144 TransportSecurityState::PKPStatus | 1158 TransportSecurityState::PKPStatus |
1145 TransportSecurityState::CheckPublicKeyPinsImpl( | 1159 TransportSecurityState::CheckPublicKeyPinsImpl( |
1146 const HostPortPair& host_port_pair, | 1160 const HostPortPair& host_port_pair, |
1147 bool is_issued_by_known_root, | 1161 bool is_issued_by_known_root, |
(...skipping 269 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... | |
1417 TransportSecurityState::PKPStateIterator::PKPStateIterator( | 1431 TransportSecurityState::PKPStateIterator::PKPStateIterator( |
1418 const TransportSecurityState& state) | 1432 const TransportSecurityState& state) |
1419 : iterator_(state.enabled_pkp_hosts_.begin()), | 1433 : iterator_(state.enabled_pkp_hosts_.begin()), |
1420 end_(state.enabled_pkp_hosts_.end()) { | 1434 end_(state.enabled_pkp_hosts_.end()) { |
1421 } | 1435 } |
1422 | 1436 |
1423 TransportSecurityState::PKPStateIterator::~PKPStateIterator() { | 1437 TransportSecurityState::PKPStateIterator::~PKPStateIterator() { |
1424 } | 1438 } |
1425 | 1439 |
1426 } // namespace | 1440 } // namespace |
OLD | NEW |