Chromium Code Reviews
chromiumcodereview-hr@appspot.gserviceaccount.com (chromiumcodereview-hr) | Please choose your nickname with Settings | Help | Chromium Project | Gerrit Changes | Sign out
(199)

Unified Diff: net/http/transport_security_state.cc

Issue 2102783003: Add enterprise policy to exempt hosts from Certificate Transparency (Closed) Base URL: https://chromium.googlesource.com/chromium/src.git@enterprise_ct
Patch Set: Combine with https://codereview.chromium.org/2087743002 Created 4 years, 6 months ago
Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.
Jump to:
View side-by-side diff with in-line comments
Download patch
Index: net/http/transport_security_state.cc
diff --git a/net/http/transport_security_state.cc b/net/http/transport_security_state.cc
index 34039cecb05775f0e2ee3c57c6925ffdc80b5736..fe11d34e9159d0f141129264899bfe7ac8abafc0 100644
--- a/net/http/transport_security_state.cc
+++ b/net/http/transport_security_state.cc
@@ -40,6 +40,7 @@ namespace {
const size_t kMaxHPKPReportCacheEntries = 50;
const int kTimeToRememberHPKPReportsMins = 60;
const size_t kReportCacheKeyLength = 16;
+int g_ct_required_for_testing = 0;
battre 2016/06/28 08:33:14 Can you please document the values?
void RecordUMAForHPKPReportFailure(const GURL& report_uri, int net_error) {
UMA_HISTOGRAM_SPARSE_SLOWLY("Net.PublicKeyPinReportSendingFailure",
@@ -712,6 +713,10 @@ bool TransportSecurityState::ShouldRequireCT(
if (ct_required != CTRequirementLevel::DEFAULT)
return ct_required == CTRequirementLevel::REQUIRED;
+ // Allow unittests to override the default result.
+ if (g_ct_required_for_testing)
+ return g_ct_required_for_testing == 1;
+
return false;
}
@@ -1135,6 +1140,15 @@ void TransportSecurityState::ReportUMAOnPinFailure(const std::string& host) {
}
// static
+void TransportSecurityState::SetShouldRequireCTForTesting(bool* required) {
+ if (!required) {
+ g_ct_required_for_testing = 0;
+ return;
+ }
+ g_ct_required_for_testing = *required ? 1 : -1;
+}
+
+// static
bool TransportSecurityState::IsBuildTimely() {
const base::Time build_time = base::GetBuildTime();
// We consider built-in information to be timely for 10 weeks.

Powered by Google App Engine
This is Rietveld 408576698