OLD | NEW |
1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. | 1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. |
2 // Use of this source code is governed by a BSD-style license that can be | 2 // Use of this source code is governed by a BSD-style license that can be |
3 // found in the LICENSE file. | 3 // found in the LICENSE file. |
4 | 4 |
5 #include "net/http/transport_security_state.h" | 5 #include "net/http/transport_security_state.h" |
6 | 6 |
7 #if defined(USE_OPENSSL) | 7 #if defined(USE_OPENSSL) |
8 #include <openssl/ecdsa.h> | 8 #include <openssl/ecdsa.h> |
9 #include <openssl/ssl.h> | 9 #include <openssl/ssl.h> |
10 #else // !defined(USE_OPENSSL) | 10 #else // !defined(USE_OPENSSL) |
(...skipping 119 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
130 if (i != enabled_hosts_.end()) { | 130 if (i != enabled_hosts_.end()) { |
131 enabled_hosts_.erase(i); | 131 enabled_hosts_.erase(i); |
132 DirtyNotify(); | 132 DirtyNotify(); |
133 return true; | 133 return true; |
134 } | 134 } |
135 return false; | 135 return false; |
136 } | 136 } |
137 | 137 |
138 bool TransportSecurityState::GetDomainState(const std::string& host, | 138 bool TransportSecurityState::GetDomainState(const std::string& host, |
139 bool sni_enabled, | 139 bool sni_enabled, |
140 bool allow_dynamic, | |
141 DomainState* result) { | 140 DomainState* result) { |
142 DCHECK(CalledOnValidThread()); | 141 DCHECK(CalledOnValidThread()); |
143 | 142 |
144 DomainState state; | 143 DomainState state; |
145 const std::string canonicalized_host = CanonicalizeHost(host); | 144 const std::string canonicalized_host = CanonicalizeHost(host); |
146 if (canonicalized_host.empty()) | 145 if (canonicalized_host.empty()) |
147 return false; | 146 return false; |
148 | 147 |
149 bool has_preload = GetStaticDomainState(canonicalized_host, sni_enabled, | 148 bool has_preload = GetStaticDomainState(canonicalized_host, sni_enabled, |
150 &state); | 149 &state); |
151 // If |allow_dynamic| is false, then return static state to the caller. | |
152 if (!allow_dynamic) { | |
153 if (has_preload) | |
154 *result = state; | |
155 return has_preload; | |
156 } | |
157 std::string canonicalized_preload = CanonicalizeHost(state.domain); | 150 std::string canonicalized_preload = CanonicalizeHost(state.domain); |
158 GetDynamicDomainState(host, &state); | 151 GetDynamicDomainState(host, &state); |
159 | 152 |
160 base::Time current_time(base::Time::Now()); | 153 base::Time current_time(base::Time::Now()); |
161 | 154 |
162 for (size_t i = 0; canonicalized_host[i]; i += canonicalized_host[i] + 1) { | 155 for (size_t i = 0; canonicalized_host[i]; i += canonicalized_host[i] + 1) { |
163 std::string host_sub_chunk(&canonicalized_host[i], | 156 std::string host_sub_chunk(&canonicalized_host[i], |
164 canonicalized_host.size() - i); | 157 canonicalized_host.size() - i); |
165 // Exact match of a preload always wins. | 158 // Exact match of a preload always wins. |
166 if (has_preload && host_sub_chunk == canonicalized_preload) { | 159 if (has_preload && host_sub_chunk == canonicalized_preload) { |
(...skipping 669 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
836 void TransportSecurityState::AddOrUpdateEnabledHosts( | 829 void TransportSecurityState::AddOrUpdateEnabledHosts( |
837 const std::string& hashed_host, const DomainState& state) { | 830 const std::string& hashed_host, const DomainState& state) { |
838 DCHECK(CalledOnValidThread()); | 831 DCHECK(CalledOnValidThread()); |
839 enabled_hosts_[hashed_host] = state; | 832 enabled_hosts_[hashed_host] = state; |
840 } | 833 } |
841 | 834 |
842 TransportSecurityState::DomainState::DomainState() | 835 TransportSecurityState::DomainState::DomainState() |
843 : upgrade_mode(MODE_DEFAULT), | 836 : upgrade_mode(MODE_DEFAULT), |
844 created(base::Time::Now()), | 837 created(base::Time::Now()), |
845 sts_include_subdomains(false), | 838 sts_include_subdomains(false), |
846 pkp_include_subdomains(false) {} | 839 pkp_include_subdomains(false) { |
| 840 } |
847 | 841 |
848 TransportSecurityState::DomainState::~DomainState() { | 842 TransportSecurityState::DomainState::~DomainState() { |
849 } | 843 } |
850 | 844 |
851 bool TransportSecurityState::DomainState::CheckPublicKeyPins( | 845 bool TransportSecurityState::DomainState::CheckPublicKeyPins( |
852 const HashValueVector& hashes) const { | 846 const HashValueVector& hashes) const { |
853 // Validate that hashes is not empty. By the time this code is called (in | 847 // Validate that hashes is not empty. By the time this code is called (in |
854 // production), that should never happen, but it's good to be defensive. | 848 // production), that should never happen, but it's good to be defensive. |
855 // And, hashes *can* be empty in some test scenarios. | 849 // And, hashes *can* be empty in some test scenarios. |
856 if (hashes.empty()) { | 850 if (hashes.empty()) { |
(...skipping 34 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
891 return true; | 885 return true; |
892 } | 886 } |
893 | 887 |
894 bool TransportSecurityState::DomainState::HasPublicKeyPins() const { | 888 bool TransportSecurityState::DomainState::HasPublicKeyPins() const { |
895 return static_spki_hashes.size() > 0 || | 889 return static_spki_hashes.size() > 0 || |
896 bad_static_spki_hashes.size() > 0 || | 890 bad_static_spki_hashes.size() > 0 || |
897 dynamic_spki_hashes.size() > 0; | 891 dynamic_spki_hashes.size() > 0; |
898 } | 892 } |
899 | 893 |
900 } // namespace | 894 } // namespace |
OLD | NEW |