Index: components/certificate_transparency/single_tree_tracker.h |
diff --git a/components/certificate_transparency/single_tree_tracker.h b/components/certificate_transparency/single_tree_tracker.h |
index 16342e1b1ee8cbaae375cec55b361ec28160997a..a3ca1be23f5edf99752cc9cbdc194000ecd0dbb4 100644 |
--- a/components/certificate_transparency/single_tree_tracker.h |
+++ b/components/certificate_transparency/single_tree_tracker.h |
@@ -14,6 +14,7 @@ |
#include "base/memory/ref_counted.h" |
#include "base/memory/weak_ptr.h" |
#include "net/base/hash_value.h" |
+#include "net/base/network_change_notifier.h" |
#include "net/cert/ct_verifier.h" |
#include "net/cert/signed_tree_head.h" |
#include "net/cert/sth_observer.h" |
@@ -113,6 +114,8 @@ class SingleTreeTracker : public net::CTVerifier::Observer, |
struct EntryToAudit; |
struct EntryAuditState; |
struct EntryAuditResult {}; |
+ class NetworkObserver; |
+ friend class NetworkObserver; |
// Less-than comparator that sorts EntryToAudits based on the SCT timestamp, |
// with smaller (older) SCTs appearing less than larger (newer) SCTs. |
@@ -140,6 +143,12 @@ class SingleTreeTracker : public net::CTVerifier::Observer, |
// has not been observed. |
void OnAuditProofObtained(const EntryToAudit& entry, int net_error); |
+ // Discards all entries pending inclusion check on network change. |
+ // That is done to prevent the client looking up inclusion proofs for |
+ // certificates received from one network, on another network, thus |
+ // leaking state between networks. |
+ void ResetPendingQueue(); |
+ |
// Clears entries to reduce memory overhead. |
void OnMemoryPressure( |
base::MemoryPressureListener::MemoryPressureLevel memory_pressure_level); |
@@ -173,6 +182,8 @@ class SingleTreeTracker : public net::CTVerifier::Observer, |
net::NetLogWithSource net_log_; |
+ std::unique_ptr<NetworkObserver> network_observer_; |
+ |
base::WeakPtrFactory<SingleTreeTracker> weak_factory_; |
DISALLOW_COPY_AND_ASSIGN(SingleTreeTracker); |