Chromium Code Reviews
chromiumcodereview-hr@appspot.gserviceaccount.com (chromiumcodereview-hr) | Please choose your nickname with Settings | Help | Chromium Project | Gerrit Changes | Sign out
(52)

Issues Search
    My Issues | Starred     Open | Closed | All

Side by Side Diff: net/http/transport_security_state.cc

Issue 2604513002: Optimize CT & OCSP handling code (Closed)
Patch Set: Actually optimize for OCSP Created 4 years ago
Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.
Jump to:
View unified diff | Download patch
« net/cert/multi_log_ct_verifier_unittest.cc ('K') | « net/http/transport_security_state.h ('k') | net/socket/ssl_client_socket_impl.h » ('j') | net/socket/ssl_client_socket_impl.cc » ('J')
Toggle Intra-line Diffs ('i') | Expand Comments ('e') | Collapse Comments ('c') | Show Comments Hide Comments ('s')
OLDNEW
1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. 1 // Copyright (c) 2012 The Chromium Authors. All rights reserved.
2 // Use of this source code is governed by a BSD-style license that can be 2 // Use of this source code is governed by a BSD-style license that can be
3 // found in the LICENSE file. 3 // found in the LICENSE file.
4 4
5 #include "net/http/transport_security_state.h" 5 #include "net/http/transport_security_state.h"
6 6
7 #include <algorithm> 7 #include <algorithm>
8 #include <memory> 8 #include <memory>
9 #include <utility> 9 #include <utility>
10 #include <vector> 10 #include <vector>
(...skipping 664 matching lines...) Expand 10 before | Expand all | Expand 10 after
675 case OCSPRevocationStatus::REVOKED: 675 case OCSPRevocationStatus::REVOKED:
676 return "REVOKED"; 676 return "REVOKED";
677 case OCSPRevocationStatus::UNKNOWN: 677 case OCSPRevocationStatus::UNKNOWN:
678 return "UNKNOWN"; 678 return "UNKNOWN";
679 } 679 }
680 return std::string(); 680 return std::string();
681 } 681 }
682 682
683 bool SerializeExpectStapleReport(const HostPortPair& host_port_pair, 683 bool SerializeExpectStapleReport(const HostPortPair& host_port_pair,
684 const SSLInfo& ssl_info, 684 const SSLInfo& ssl_info,
685 const std::string& ocsp_response, 685 base::StringPiece ocsp_response,
686 std::string* out_serialized_report) { 686 std::string* out_serialized_report) {
687 DCHECK(ssl_info.is_issued_by_known_root); 687 DCHECK(ssl_info.is_issued_by_known_root);
688 base::DictionaryValue report; 688 base::DictionaryValue report;
689 report.SetString("date-time", TimeToISO8601(base::Time::Now())); 689 report.SetString("date-time", TimeToISO8601(base::Time::Now()));
690 report.SetString("hostname", host_port_pair.host()); 690 report.SetString("hostname", host_port_pair.host());
691 report.SetInteger("port", host_port_pair.port()); 691 report.SetInteger("port", host_port_pair.port());
692 report.SetString("response-status", 692 report.SetString("response-status",
693 SerializeExpectStapleResponseStatus( 693 SerializeExpectStapleResponseStatus(
694 ssl_info.ocsp_result.response_status)); 694 ssl_info.ocsp_result.response_status));
695 695
(...skipping 86 matching lines...) Expand 10 before | Expand all | Expand 10 after
782 return pin_validity; 782 return pin_validity;
783 783
784 UMA_HISTOGRAM_BOOLEAN("Net.PublicKeyPinSuccess", 784 UMA_HISTOGRAM_BOOLEAN("Net.PublicKeyPinSuccess",
785 pin_validity == PKPStatus::OK); 785 pin_validity == PKPStatus::OK);
786 return pin_validity; 786 return pin_validity;
787 } 787 }
788 788
789 void TransportSecurityState::CheckExpectStaple( 789 void TransportSecurityState::CheckExpectStaple(
790 const HostPortPair& host_port_pair, 790 const HostPortPair& host_port_pair,
791 const SSLInfo& ssl_info, 791 const SSLInfo& ssl_info,
792 const std::string& ocsp_response) { 792 base::StringPiece ocsp_response) {
793 DCHECK(CalledOnValidThread()); 793 DCHECK(CalledOnValidThread());
794 if (!enable_static_expect_staple_ || !report_sender_ || 794 if (!enable_static_expect_staple_ || !report_sender_ ||
795 !ssl_info.is_issued_by_known_root) { 795 !ssl_info.is_issued_by_known_root) {
796 return; 796 return;
797 } 797 }
798 798
799 // Determine if the host is on the Expect-Staple preload list. If the build is 799 // Determine if the host is on the Expect-Staple preload list. If the build is
800 // not timely (i.e. the preload list is not fresh), this will fail and return 800 // not timely (i.e. the preload list is not fresh), this will fail and return
801 // false. 801 // false.
802 ExpectStapleState expect_staple_state; 802 ExpectStapleState expect_staple_state;
(...skipping 842 matching lines...) Expand 10 before | Expand all | Expand 10 after
1645 TransportSecurityState::PKPStateIterator::PKPStateIterator( 1645 TransportSecurityState::PKPStateIterator::PKPStateIterator(
1646 const TransportSecurityState& state) 1646 const TransportSecurityState& state)
1647 : iterator_(state.enabled_pkp_hosts_.begin()), 1647 : iterator_(state.enabled_pkp_hosts_.begin()),
1648 end_(state.enabled_pkp_hosts_.end()) { 1648 end_(state.enabled_pkp_hosts_.end()) {
1649 } 1649 }
1650 1650
1651 TransportSecurityState::PKPStateIterator::~PKPStateIterator() { 1651 TransportSecurityState::PKPStateIterator::~PKPStateIterator() {
1652 } 1652 }
1653 1653
1654 } // namespace 1654 } // namespace
OLDNEW
« net/cert/multi_log_ct_verifier_unittest.cc ('K') | « net/http/transport_security_state.h ('k') | net/socket/ssl_client_socket_impl.h » ('j') | net/socket/ssl_client_socket_impl.cc » ('J')

Powered by Google App Engine
This is Rietveld 408576698