Chromium Code Reviews
chromiumcodereview-hr@appspot.gserviceaccount.com (chromiumcodereview-hr) | Please choose your nickname with Settings | Help | Chromium Project | Gerrit Changes | Sign out
(191)

Issues Search
    My Issues | Starred     Open | Closed | All

Side by Side Diff: net/http/transport_security_state.cc

Issue 2102783003: Add enterprise policy to exempt hosts from Certificate Transparency (Closed) Base URL: https://chromium.googlesource.com/chromium/src.git@enterprise_ct
Patch Set: Fully shutdown prefs Created 4 years, 5 months ago
Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.
Jump to:
View unified diff | Download patch
« components/certificate_transparency/ct_policy_manager_unittest.cc ('K') | « net/http/transport_security_state.h ('k') | tools/metrics/histograms/histograms.xml » ('j') | no next file with comments »
Toggle Intra-line Diffs ('i') | Expand Comments ('e') | Collapse Comments ('c') | Show Comments Hide Comments ('s')
OLDNEW
1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. 1 // Copyright (c) 2012 The Chromium Authors. All rights reserved.
2 // Use of this source code is governed by a BSD-style license that can be 2 // Use of this source code is governed by a BSD-style license that can be
3 // found in the LICENSE file. 3 // found in the LICENSE file.
4 4
5 #include "net/http/transport_security_state.h" 5 #include "net/http/transport_security_state.h"
6 6
7 #include <algorithm> 7 #include <algorithm>
8 #include <memory> 8 #include <memory>
9 #include <utility> 9 #include <utility>
10 #include <vector> 10 #include <vector>
(...skipping 23 matching lines...) Expand all
34 namespace net { 34 namespace net {
35 35
36 namespace { 36 namespace {
37 37
38 #include "net/http/transport_security_state_static.h" 38 #include "net/http/transport_security_state_static.h"
39 39
40 const size_t kMaxHPKPReportCacheEntries = 50; 40 const size_t kMaxHPKPReportCacheEntries = 50;
41 const int kTimeToRememberHPKPReportsMins = 60; 41 const int kTimeToRememberHPKPReportsMins = 60;
42 const size_t kReportCacheKeyLength = 16; 42 const size_t kReportCacheKeyLength = 16;
43 43
44 // Override for ShouldRequireCT() for unit tests. Possible values:
45 // -1: Unless a delegate says otherwise, do not require CT.
46 // 0: Use the default implementation (e.g. production)
47 // 1: Unless a delegate says otherwise, require CT.
48 int g_ct_required_for_testing = 0;
49
44 void RecordUMAForHPKPReportFailure(const GURL& report_uri, int net_error) { 50 void RecordUMAForHPKPReportFailure(const GURL& report_uri, int net_error) {
45 UMA_HISTOGRAM_SPARSE_SLOWLY("Net.PublicKeyPinReportSendingFailure", 51 UMA_HISTOGRAM_SPARSE_SLOWLY("Net.PublicKeyPinReportSendingFailure",
46 net_error); 52 net_error);
47 } 53 }
48 54
49 std::string TimeToISO8601(const base::Time& t) { 55 std::string TimeToISO8601(const base::Time& t) {
50 base::Time::Exploded exploded; 56 base::Time::Exploded exploded;
51 t.UTCExplode(&exploded); 57 t.UTCExplode(&exploded);
52 return base::StringPrintf( 58 return base::StringPrintf(
53 "%04d-%02d-%02dT%02d:%02d:%02d.%03dZ", exploded.year, exploded.month, 59 "%04d-%02d-%02dT%02d:%02d:%02d.%03dZ", exploded.year, exploded.month,
(...skipping 651 matching lines...) Expand 10 before | Expand all | Expand 10 after
705 const X509Certificate* validated_certificate_chain, 711 const X509Certificate* validated_certificate_chain,
706 const HashValueVector& public_key_hashes) { 712 const HashValueVector& public_key_hashes) {
707 using CTRequirementLevel = RequireCTDelegate::CTRequirementLevel; 713 using CTRequirementLevel = RequireCTDelegate::CTRequirementLevel;
708 714
709 CTRequirementLevel ct_required = CTRequirementLevel::DEFAULT; 715 CTRequirementLevel ct_required = CTRequirementLevel::DEFAULT;
710 if (require_ct_delegate_) 716 if (require_ct_delegate_)
711 ct_required = require_ct_delegate_->IsCTRequiredForHost(hostname); 717 ct_required = require_ct_delegate_->IsCTRequiredForHost(hostname);
712 if (ct_required != CTRequirementLevel::DEFAULT) 718 if (ct_required != CTRequirementLevel::DEFAULT)
713 return ct_required == CTRequirementLevel::REQUIRED; 719 return ct_required == CTRequirementLevel::REQUIRED;
714 720
721 // Allow unittests to override the default result.
722 if (g_ct_required_for_testing)
723 return g_ct_required_for_testing == 1;
724
715 return false; 725 return false;
716 } 726 }
717 727
718 void TransportSecurityState::SetDelegate( 728 void TransportSecurityState::SetDelegate(
719 TransportSecurityState::Delegate* delegate) { 729 TransportSecurityState::Delegate* delegate) {
720 DCHECK(CalledOnValidThread()); 730 DCHECK(CalledOnValidThread());
721 delegate_ = delegate; 731 delegate_ = delegate;
722 } 732 }
723 733
724 void TransportSecurityState::SetReportSender( 734 void TransportSecurityState::SetReportSender(
(...skipping 403 matching lines...) Expand 10 before | Expand all | Expand 10 after
1128 return; 1138 return;
1129 } 1139 }
1130 1140
1131 DCHECK(result.domain_id != DOMAIN_NOT_PINNED); 1141 DCHECK(result.domain_id != DOMAIN_NOT_PINNED);
1132 1142
1133 UMA_HISTOGRAM_SPARSE_SLOWLY( 1143 UMA_HISTOGRAM_SPARSE_SLOWLY(
1134 "Net.PublicKeyPinFailureDomain", result.domain_id); 1144 "Net.PublicKeyPinFailureDomain", result.domain_id);
1135 } 1145 }
1136 1146
1137 // static 1147 // static
1148 void TransportSecurityState::SetShouldRequireCTForTesting(bool* required) {
1149 if (!required) {
1150 g_ct_required_for_testing = 0;
1151 return;
1152 }
1153 g_ct_required_for_testing = *required ? 1 : -1;
1154 }
1155
1156 // static
1138 bool TransportSecurityState::IsBuildTimely() { 1157 bool TransportSecurityState::IsBuildTimely() {
1139 const base::Time build_time = base::GetBuildTime(); 1158 const base::Time build_time = base::GetBuildTime();
1140 // We consider built-in information to be timely for 10 weeks. 1159 // We consider built-in information to be timely for 10 weeks.
1141 return (base::Time::Now() - build_time).InDays() < 70 /* 10 weeks */; 1160 return (base::Time::Now() - build_time).InDays() < 70 /* 10 weeks */;
1142 } 1161 }
1143 1162
1144 TransportSecurityState::PKPStatus 1163 TransportSecurityState::PKPStatus
1145 TransportSecurityState::CheckPublicKeyPinsImpl( 1164 TransportSecurityState::CheckPublicKeyPinsImpl(
1146 const HostPortPair& host_port_pair, 1165 const HostPortPair& host_port_pair,
1147 bool is_issued_by_known_root, 1166 bool is_issued_by_known_root,
(...skipping 269 matching lines...) Expand 10 before | Expand all | Expand 10 after
1417 TransportSecurityState::PKPStateIterator::PKPStateIterator( 1436 TransportSecurityState::PKPStateIterator::PKPStateIterator(
1418 const TransportSecurityState& state) 1437 const TransportSecurityState& state)
1419 : iterator_(state.enabled_pkp_hosts_.begin()), 1438 : iterator_(state.enabled_pkp_hosts_.begin()),
1420 end_(state.enabled_pkp_hosts_.end()) { 1439 end_(state.enabled_pkp_hosts_.end()) {
1421 } 1440 }
1422 1441
1423 TransportSecurityState::PKPStateIterator::~PKPStateIterator() { 1442 TransportSecurityState::PKPStateIterator::~PKPStateIterator() {
1424 } 1443 }
1425 1444
1426 } // namespace 1445 } // namespace
OLDNEW
« components/certificate_transparency/ct_policy_manager_unittest.cc ('K') | « net/http/transport_security_state.h ('k') | tools/metrics/histograms/histograms.xml » ('j') | no next file with comments »

Powered by Google App Engine
This is Rietveld 408576698