Chromium Code Reviews
chromiumcodereview-hr@appspot.gserviceaccount.com (chromiumcodereview-hr) | Please choose your nickname with Settings | Help | Chromium Project | Gerrit Changes | Sign out
(535)

Side by Side Diff: net/http/transport_security_state.h

Issue 2117763004: Revert of Enable public key pinning of local trust anchors (Closed) Base URL: https://chromium.googlesource.com/chromium/src.git@master
Patch Set: Created 4 years, 5 months ago
Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.
Jump to:
View unified diff | Download patch
OLDNEW
1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. 1 // Copyright (c) 2012 The Chromium Authors. All rights reserved.
2 // Use of this source code is governed by a BSD-style license that can be 2 // Use of this source code is governed by a BSD-style license that can be
3 // found in the LICENSE file. 3 // found in the LICENSE file.
4 4
5 #ifndef NET_HTTP_TRANSPORT_SECURITY_STATE_H_ 5 #ifndef NET_HTTP_TRANSPORT_SECURITY_STATE_H_
6 #define NET_HTTP_TRANSPORT_SECURITY_STATE_H_ 6 #define NET_HTTP_TRANSPORT_SECURITY_STATE_H_
7 7
8 #include <stdint.h> 8 #include <stdint.h>
9 9
10 #include <map> 10 #include <map>
(...skipping 403 matching lines...) Expand 10 before | Expand all | Expand 10 after
414 // Adds explicitly-specified data as if it was processed from an HPKP header. 414 // Adds explicitly-specified data as if it was processed from an HPKP header.
415 // Note: This method will persist the HPKP if a Delegate is present. Make sure 415 // Note: This method will persist the HPKP if a Delegate is present. Make sure
416 // that the delegate is nullptr if the persistence is not desired. 416 // that the delegate is nullptr if the persistence is not desired.
417 // See |SetDelegate| method for more details. 417 // See |SetDelegate| method for more details.
418 void AddHPKP(const std::string& host, 418 void AddHPKP(const std::string& host,
419 const base::Time& expiry, 419 const base::Time& expiry,
420 bool include_subdomains, 420 bool include_subdomains,
421 const HashValueVector& hashes, 421 const HashValueVector& hashes,
422 const GURL& report_uri); 422 const GURL& report_uri);
423 423
424 // Enables or disables public key pinning bypass for local trust anchors.
425 // Disabling the bypass for local trust anchors is highly discouraged.
426 // This method is used by Cronet only and *** MUST NOT *** be used by any
427 // other consumer. For more information see "How does key pinning interact
428 // with local proxies and filters?" at
429 // https://www.chromium.org/Home/chromium-security/security-faq
430 void SetEnablePublicKeyPinningBypassForLocalTrustAnchors(bool value);
431
432 // Parses |value| as a Public-Key-Pins-Report-Only header value and 424 // Parses |value| as a Public-Key-Pins-Report-Only header value and
433 // sends a HPKP report for |host_port_pair| if |ssl_info| violates the 425 // sends a HPKP report for |host_port_pair| if |ssl_info| violates the
434 // pin. Returns true if |value| parses and includes a valid 426 // pin. Returns true if |value| parses and includes a valid
435 // report-uri, and false otherwise. 427 // report-uri, and false otherwise.
436 bool ProcessHPKPReportOnlyHeader(const std::string& value, 428 bool ProcessHPKPReportOnlyHeader(const std::string& value,
437 const HostPortPair& host_port_pair, 429 const HostPortPair& host_port_pair,
438 const SSLInfo& ssl_info); 430 const SSLInfo& ssl_info);
439 431
440 // Parses |value| as a Expect CT header value and sends an Expect CT 432 // Parses |value| as a Expect CT header value and sends an Expect CT
441 // report for |host_port_pair| if the following conditions are true: 433 // report for |host_port_pair| if the following conditions are true:
(...skipping 111 matching lines...) Expand 10 before | Expand all | Expand 10 after
553 545
554 // True if static pins should be used. 546 // True if static pins should be used.
555 bool enable_static_pins_; 547 bool enable_static_pins_;
556 548
557 // True if static expect-CT state should be used. 549 // True if static expect-CT state should be used.
558 bool enable_static_expect_ct_; 550 bool enable_static_expect_ct_;
559 551
560 // True if static expect-staple state should be used. 552 // True if static expect-staple state should be used.
561 bool enable_static_expect_staple_; 553 bool enable_static_expect_staple_;
562 554
563 // True if public key pinning bypass is enabled for local trust anchors.
564 bool enable_pkp_bypass_for_local_trust_anchors_;
565
566 ExpectCTReporter* expect_ct_reporter_ = nullptr; 555 ExpectCTReporter* expect_ct_reporter_ = nullptr;
567 556
568 RequireCTDelegate* require_ct_delegate_ = nullptr; 557 RequireCTDelegate* require_ct_delegate_ = nullptr;
569 558
570 // Keeps track of reports that have been sent recently for 559 // Keeps track of reports that have been sent recently for
571 // rate-limiting. 560 // rate-limiting.
572 ExpiringCache<std::string, bool, base::TimeTicks, std::less<base::TimeTicks>> 561 ExpiringCache<std::string, bool, base::TimeTicks, std::less<base::TimeTicks>>
573 sent_reports_cache_; 562 sent_reports_cache_;
574 563
575 DISALLOW_COPY_AND_ASSIGN(TransportSecurityState); 564 DISALLOW_COPY_AND_ASSIGN(TransportSecurityState);
576 }; 565 };
577 566
578 } // namespace net 567 } // namespace net
579 568
580 #endif // NET_HTTP_TRANSPORT_SECURITY_STATE_H_ 569 #endif // NET_HTTP_TRANSPORT_SECURITY_STATE_H_
OLDNEW
« no previous file with comments | « components/cronet/url_request_context_config_unittest.cc ('k') | net/http/transport_security_state.cc » ('j') | no next file with comments »

Powered by Google App Engine
This is Rietveld 408576698