| OLD | NEW |
|---|
| 1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. | 1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. |
| 2 // Use of this source code is governed by a BSD-style license that can be | 2 // Use of this source code is governed by a BSD-style license that can be |
| 3 // found in the LICENSE file. | 3 // found in the LICENSE file. |
| 4 | 4 |
| 5 #include "net/http/transport_security_state.h" | 5 #include "net/http/transport_security_state.h" |
| 6 | 6 |
| 7 #if defined(USE_OPENSSL) | 7 #if defined(USE_OPENSSL) |
| 8 #include <openssl/ecdsa.h> | 8 #include <openssl/ecdsa.h> |
| 9 #include <openssl/ssl.h> | 9 #include <openssl/ssl.h> |
| 10 #else // !defined(USE_OPENSSL) | 10 #else // !defined(USE_OPENSSL) |
| (...skipping 119 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 130 if (i != enabled_hosts_.end()) { | 130 if (i != enabled_hosts_.end()) { |
| 131 enabled_hosts_.erase(i); | 131 enabled_hosts_.erase(i); |
| 132 DirtyNotify(); | 132 DirtyNotify(); |
| 133 return true; | 133 return true; |
| 134 } | 134 } |
| 135 return false; | 135 return false; |
| 136 } | 136 } |
| 137 | 137 |
| 138 bool TransportSecurityState::GetDomainState(const std::string& host, | 138 bool TransportSecurityState::GetDomainState(const std::string& host, |
| 139 bool sni_enabled, | 139 bool sni_enabled, |
| 140 bool allow_dynamic, | |
| 141 DomainState* result) { | 140 DomainState* result) { |
| 142 DCHECK(CalledOnValidThread()); | 141 DCHECK(CalledOnValidThread()); |
| 143 | 142 |
| 144 DomainState state; | 143 DomainState state; |
| 145 const std::string canonicalized_host = CanonicalizeHost(host); | 144 const std::string canonicalized_host = CanonicalizeHost(host); |
| 146 if (canonicalized_host.empty()) | 145 if (canonicalized_host.empty()) |
| 147 return false; | 146 return false; |
| 148 | 147 |
| 149 bool has_preload = GetStaticDomainState(canonicalized_host, sni_enabled, | 148 bool has_preload = GetStaticDomainState(canonicalized_host, sni_enabled, |
| 150 &state); | 149 &state); |
| 151 // If |allow_dynamic| is false, then return static state to the caller. | |
| 152 if (!allow_dynamic) { | |
| 153 if (has_preload) | |
| 154 *result = state; | |
| 155 return has_preload; | |
| 156 } | |
| 157 std::string canonicalized_preload = CanonicalizeHost(state.domain); | 150 std::string canonicalized_preload = CanonicalizeHost(state.domain); |
| 158 GetDynamicDomainState(host, &state); | 151 GetDynamicDomainState(host, &state); |
| 159 | 152 |
| 160 base::Time current_time(base::Time::Now()); | 153 base::Time current_time(base::Time::Now()); |
| 161 | 154 |
| 162 for (size_t i = 0; canonicalized_host[i]; i += canonicalized_host[i] + 1) { | 155 for (size_t i = 0; canonicalized_host[i]; i += canonicalized_host[i] + 1) { |
| 163 std::string host_sub_chunk(&canonicalized_host[i], | 156 std::string host_sub_chunk(&canonicalized_host[i], |
| 164 canonicalized_host.size() - i); | 157 canonicalized_host.size() - i); |
| 165 // Exact match of a preload always wins. | 158 // Exact match of a preload always wins. |
| 166 if (has_preload && host_sub_chunk == canonicalized_preload) { | 159 if (has_preload && host_sub_chunk == canonicalized_preload) { |
| (...skipping 669 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 836 void TransportSecurityState::AddOrUpdateEnabledHosts( | 829 void TransportSecurityState::AddOrUpdateEnabledHosts( |
| 837 const std::string& hashed_host, const DomainState& state) { | 830 const std::string& hashed_host, const DomainState& state) { |
| 838 DCHECK(CalledOnValidThread()); | 831 DCHECK(CalledOnValidThread()); |
| 839 enabled_hosts_[hashed_host] = state; | 832 enabled_hosts_[hashed_host] = state; |
| 840 } | 833 } |
| 841 | 834 |
| 842 TransportSecurityState::DomainState::DomainState() | 835 TransportSecurityState::DomainState::DomainState() |
| 843 : upgrade_mode(MODE_DEFAULT), | 836 : upgrade_mode(MODE_DEFAULT), |
| 844 created(base::Time::Now()), | 837 created(base::Time::Now()), |
| 845 sts_include_subdomains(false), | 838 sts_include_subdomains(false), |
| 846 pkp_include_subdomains(false) {} | 839 pkp_include_subdomains(false) { |
| 840 } |
| 847 | 841 |
| 848 TransportSecurityState::DomainState::~DomainState() { | 842 TransportSecurityState::DomainState::~DomainState() { |
| 849 } | 843 } |
| 850 | 844 |
| 851 bool TransportSecurityState::DomainState::CheckPublicKeyPins( | 845 bool TransportSecurityState::DomainState::CheckPublicKeyPins( |
| 852 const HashValueVector& hashes) const { | 846 const HashValueVector& hashes) const { |
| 853 // Validate that hashes is not empty. By the time this code is called (in | 847 // Validate that hashes is not empty. By the time this code is called (in |
| 854 // production), that should never happen, but it's good to be defensive. | 848 // production), that should never happen, but it's good to be defensive. |
| 855 // And, hashes *can* be empty in some test scenarios. | 849 // And, hashes *can* be empty in some test scenarios. |
| 856 if (hashes.empty()) { | 850 if (hashes.empty()) { |
| (...skipping 34 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 891 return true; | 885 return true; |
| 892 } | 886 } |
| 893 | 887 |
| 894 bool TransportSecurityState::DomainState::HasPublicKeyPins() const { | 888 bool TransportSecurityState::DomainState::HasPublicKeyPins() const { |
| 895 return static_spki_hashes.size() > 0 || | 889 return static_spki_hashes.size() > 0 || |
| 896 bad_static_spki_hashes.size() > 0 || | 890 bad_static_spki_hashes.size() > 0 || |
| 897 dynamic_spki_hashes.size() > 0; | 891 dynamic_spki_hashes.size() > 0; |
| 898 } | 892 } |
| 899 | 893 |
| 900 } // namespace | 894 } // namespace |
| OLD | NEW |
|---|
Chromium Code Reviews
Issue 24251011:
Revert 224269 "Don't persist HPKP if PrivacyMode is enabled." (Closed)
Base URL: svn://svn.chromium.org/chrome/