OLD | NEW |
1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. | 1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. |
2 // Use of this source code is governed by a BSD-style license that can be | 2 // Use of this source code is governed by a BSD-style license that can be |
3 // found in the LICENSE file. | 3 // found in the LICENSE file. |
4 | 4 |
5 #include "net/http/transport_security_state.h" | 5 #include "net/http/transport_security_state.h" |
6 | 6 |
7 #include <algorithm> | 7 #include <algorithm> |
8 #include <memory> | 8 #include <memory> |
9 #include <utility> | 9 #include <utility> |
10 #include <vector> | 10 #include <vector> |
(...skipping 23 matching lines...) Expand all Loading... |
34 namespace net { | 34 namespace net { |
35 | 35 |
36 namespace { | 36 namespace { |
37 | 37 |
38 #include "net/http/transport_security_state_static.h" | 38 #include "net/http/transport_security_state_static.h" |
39 | 39 |
40 const size_t kMaxHPKPReportCacheEntries = 50; | 40 const size_t kMaxHPKPReportCacheEntries = 50; |
41 const int kTimeToRememberHPKPReportsMins = 60; | 41 const int kTimeToRememberHPKPReportsMins = 60; |
42 const size_t kReportCacheKeyLength = 16; | 42 const size_t kReportCacheKeyLength = 16; |
43 | 43 |
| 44 // Override for ShouldRequireCT() for unit tests. Possible values: |
| 45 // -1: Unless a delegate says otherwise, do not require CT. |
| 46 // 0: Use the default implementation (e.g. production) |
| 47 // 1: Unless a delegate says otherwise, require CT. |
| 48 int g_ct_required_for_testing = 0; |
| 49 |
44 void RecordUMAForHPKPReportFailure(const GURL& report_uri, int net_error) { | 50 void RecordUMAForHPKPReportFailure(const GURL& report_uri, int net_error) { |
45 UMA_HISTOGRAM_SPARSE_SLOWLY("Net.PublicKeyPinReportSendingFailure", | 51 UMA_HISTOGRAM_SPARSE_SLOWLY("Net.PublicKeyPinReportSendingFailure", |
46 net_error); | 52 net_error); |
47 } | 53 } |
48 | 54 |
49 std::string TimeToISO8601(const base::Time& t) { | 55 std::string TimeToISO8601(const base::Time& t) { |
50 base::Time::Exploded exploded; | 56 base::Time::Exploded exploded; |
51 t.UTCExplode(&exploded); | 57 t.UTCExplode(&exploded); |
52 return base::StringPrintf( | 58 return base::StringPrintf( |
53 "%04d-%02d-%02dT%02d:%02d:%02d.%03dZ", exploded.year, exploded.month, | 59 "%04d-%02d-%02dT%02d:%02d:%02d.%03dZ", exploded.year, exploded.month, |
(...skipping 651 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
705 const X509Certificate* validated_certificate_chain, | 711 const X509Certificate* validated_certificate_chain, |
706 const HashValueVector& public_key_hashes) { | 712 const HashValueVector& public_key_hashes) { |
707 using CTRequirementLevel = RequireCTDelegate::CTRequirementLevel; | 713 using CTRequirementLevel = RequireCTDelegate::CTRequirementLevel; |
708 | 714 |
709 CTRequirementLevel ct_required = CTRequirementLevel::DEFAULT; | 715 CTRequirementLevel ct_required = CTRequirementLevel::DEFAULT; |
710 if (require_ct_delegate_) | 716 if (require_ct_delegate_) |
711 ct_required = require_ct_delegate_->IsCTRequiredForHost(hostname); | 717 ct_required = require_ct_delegate_->IsCTRequiredForHost(hostname); |
712 if (ct_required != CTRequirementLevel::DEFAULT) | 718 if (ct_required != CTRequirementLevel::DEFAULT) |
713 return ct_required == CTRequirementLevel::REQUIRED; | 719 return ct_required == CTRequirementLevel::REQUIRED; |
714 | 720 |
| 721 // Allow unittests to override the default result. |
| 722 if (g_ct_required_for_testing) |
| 723 return g_ct_required_for_testing == 1; |
| 724 |
715 return false; | 725 return false; |
716 } | 726 } |
717 | 727 |
718 void TransportSecurityState::SetDelegate( | 728 void TransportSecurityState::SetDelegate( |
719 TransportSecurityState::Delegate* delegate) { | 729 TransportSecurityState::Delegate* delegate) { |
720 DCHECK(CalledOnValidThread()); | 730 DCHECK(CalledOnValidThread()); |
721 delegate_ = delegate; | 731 delegate_ = delegate; |
722 } | 732 } |
723 | 733 |
724 void TransportSecurityState::SetReportSender( | 734 void TransportSecurityState::SetReportSender( |
(...skipping 403 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
1128 return; | 1138 return; |
1129 } | 1139 } |
1130 | 1140 |
1131 DCHECK(result.domain_id != DOMAIN_NOT_PINNED); | 1141 DCHECK(result.domain_id != DOMAIN_NOT_PINNED); |
1132 | 1142 |
1133 UMA_HISTOGRAM_SPARSE_SLOWLY( | 1143 UMA_HISTOGRAM_SPARSE_SLOWLY( |
1134 "Net.PublicKeyPinFailureDomain", result.domain_id); | 1144 "Net.PublicKeyPinFailureDomain", result.domain_id); |
1135 } | 1145 } |
1136 | 1146 |
1137 // static | 1147 // static |
| 1148 void TransportSecurityState::SetShouldRequireCTForTesting(bool* required) { |
| 1149 if (!required) { |
| 1150 g_ct_required_for_testing = 0; |
| 1151 return; |
| 1152 } |
| 1153 g_ct_required_for_testing = *required ? 1 : -1; |
| 1154 } |
| 1155 |
| 1156 // static |
1138 bool TransportSecurityState::IsBuildTimely() { | 1157 bool TransportSecurityState::IsBuildTimely() { |
1139 const base::Time build_time = base::GetBuildTime(); | 1158 const base::Time build_time = base::GetBuildTime(); |
1140 // We consider built-in information to be timely for 10 weeks. | 1159 // We consider built-in information to be timely for 10 weeks. |
1141 return (base::Time::Now() - build_time).InDays() < 70 /* 10 weeks */; | 1160 return (base::Time::Now() - build_time).InDays() < 70 /* 10 weeks */; |
1142 } | 1161 } |
1143 | 1162 |
1144 TransportSecurityState::PKPStatus | 1163 TransportSecurityState::PKPStatus |
1145 TransportSecurityState::CheckPublicKeyPinsImpl( | 1164 TransportSecurityState::CheckPublicKeyPinsImpl( |
1146 const HostPortPair& host_port_pair, | 1165 const HostPortPair& host_port_pair, |
1147 bool is_issued_by_known_root, | 1166 bool is_issued_by_known_root, |
(...skipping 269 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
1417 TransportSecurityState::PKPStateIterator::PKPStateIterator( | 1436 TransportSecurityState::PKPStateIterator::PKPStateIterator( |
1418 const TransportSecurityState& state) | 1437 const TransportSecurityState& state) |
1419 : iterator_(state.enabled_pkp_hosts_.begin()), | 1438 : iterator_(state.enabled_pkp_hosts_.begin()), |
1420 end_(state.enabled_pkp_hosts_.end()) { | 1439 end_(state.enabled_pkp_hosts_.end()) { |
1421 } | 1440 } |
1422 | 1441 |
1423 TransportSecurityState::PKPStateIterator::~PKPStateIterator() { | 1442 TransportSecurityState::PKPStateIterator::~PKPStateIterator() { |
1424 } | 1443 } |
1425 | 1444 |
1426 } // namespace | 1445 } // namespace |
OLD | NEW |