Chromium Code Reviews
chromiumcodereview-hr@appspot.gserviceaccount.com (chromiumcodereview-hr) | Please choose your nickname with Settings | Help | Chromium Project | Gerrit Changes | Sign out
(507)

Issues Search
    My Issues | Starred     Open | Closed | All

Side by Side Diff: net/http/transport_security_state.cc

Issue 282873003: Handle max-age in HPKP. (Closed) Base URL: svn://svn.chromium.org/chrome/trunk/src
Patch Set: Test bad hashes to force a pin validation failure. Created 6 years, 7 months ago
Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.
Jump to:
View unified diff | Download patch | Annotate | Revision Log
« net/http/http_security_headers_unittest.cc ('K') | « net/http/http_security_headers_unittest.cc ('k') | no next file » | no next file with comments »
Toggle Intra-line Diffs ('i') | Expand Comments ('e') | Collapse Comments ('c') | Show Comments Hide Comments ('s')
OLDNEW
1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. 1 // Copyright (c) 2012 The Chromium Authors. All rights reserved.
2 // Use of this source code is governed by a BSD-style license that can be 2 // Use of this source code is governed by a BSD-style license that can be
3 // found in the LICENSE file. 3 // found in the LICENSE file.
4 4
5 #include "net/http/transport_security_state.h" 5 #include "net/http/transport_security_state.h"
6 6
7 #if defined(USE_OPENSSL) 7 #if defined(USE_OPENSSL)
8 #include <openssl/ecdsa.h> 8 #include <openssl/ecdsa.h>
9 #include <openssl/ssl.h> 9 #include <openssl/ssl.h>
10 #else // !defined(USE_OPENSSL) 10 #else // !defined(USE_OPENSSL)
(...skipping 608 matching lines...) Expand 10 before | Expand all | Expand 10 after
619 619
620 bool TransportSecurityState::AddHSTSHeader(const std::string& host, 620 bool TransportSecurityState::AddHSTSHeader(const std::string& host,
621 const std::string& value) { 621 const std::string& value) {
622 DCHECK(CalledOnValidThread()); 622 DCHECK(CalledOnValidThread());
623 623
624 base::Time now = base::Time::Now(); 624 base::Time now = base::Time::Now();
625 base::TimeDelta max_age; 625 base::TimeDelta max_age;
626 TransportSecurityState::DomainState domain_state; 626 TransportSecurityState::DomainState domain_state;
627 GetDynamicDomainState(host, &domain_state); 627 GetDynamicDomainState(host, &domain_state);
628 if (ParseHSTSHeader(value, &max_age, &domain_state.sts.include_subdomains)) { 628 if (ParseHSTSHeader(value, &max_age, &domain_state.sts.include_subdomains)) {
629 // Handle max-age == 0 629 // Handle max-age == 0.
630 if (max_age.InSeconds() == 0) 630 if (max_age.InSeconds() == 0)
631 domain_state.sts.upgrade_mode = DomainState::MODE_DEFAULT; 631 domain_state.sts.upgrade_mode = DomainState::MODE_DEFAULT;
632 else 632 else
633 domain_state.sts.upgrade_mode = DomainState::MODE_FORCE_HTTPS; 633 domain_state.sts.upgrade_mode = DomainState::MODE_FORCE_HTTPS;
634 domain_state.sts.last_observed = now; 634 domain_state.sts.last_observed = now;
635 domain_state.sts.expiry = now + max_age; 635 domain_state.sts.expiry = now + max_age;
636 EnableHost(host, domain_state); 636 EnableHost(host, domain_state);
637 return true; 637 return true;
638 } 638 }
639 return false; 639 return false;
640 } 640 }
641 641
642 bool TransportSecurityState::AddHPKPHeader(const std::string& host, 642 bool TransportSecurityState::AddHPKPHeader(const std::string& host,
643 const std::string& value, 643 const std::string& value,
644 const SSLInfo& ssl_info) { 644 const SSLInfo& ssl_info) {
645 DCHECK(CalledOnValidThread()); 645 DCHECK(CalledOnValidThread());
646 646
647 base::Time now = base::Time::Now(); 647 base::Time now = base::Time::Now();
648 base::TimeDelta max_age; 648 base::TimeDelta max_age;
649 TransportSecurityState::DomainState domain_state; 649 TransportSecurityState::DomainState domain_state;
650 GetDynamicDomainState(host, &domain_state); 650 GetDynamicDomainState(host, &domain_state);
651 if (ParseHPKPHeader(value, 651 if (ParseHPKPHeader(value,
652 ssl_info.public_key_hashes, 652 ssl_info.public_key_hashes,
653 &max_age, 653 &max_age,
654 &domain_state.pkp.include_subdomains, 654 &domain_state.pkp.include_subdomains,
655 &domain_state.pkp.spki_hashes)) { 655 &domain_state.pkp.spki_hashes)) {
656 // TODO(palmer): http://crbug.com/243865 handle max-age == 0. 656 // Handle max-age == 0.
657 if (max_age.InSeconds() == 0)
658 domain_state.pkp.spki_hashes.clear();
657 domain_state.pkp.last_observed = now; 659 domain_state.pkp.last_observed = now;
658 domain_state.pkp.expiry = now + max_age; 660 domain_state.pkp.expiry = now + max_age;
659 EnableHost(host, domain_state); 661 EnableHost(host, domain_state);
660 return true; 662 return true;
661 } 663 }
662 return false; 664 return false;
663 } 665 }
664 666
665 bool TransportSecurityState::AddHSTS(const std::string& host, 667 bool TransportSecurityState::AddHSTS(const std::string& host,
666 const base::Time& expiry, 668 const base::Time& expiry,
(...skipping 230 matching lines...) Expand 10 before | Expand all | Expand 10 after
897 return pkp.spki_hashes.size() > 0 || pkp.bad_spki_hashes.size() > 0; 899 return pkp.spki_hashes.size() > 0 || pkp.bad_spki_hashes.size() > 0;
898 } 900 }
899 901
900 TransportSecurityState::DomainState::PKPState::PKPState() { 902 TransportSecurityState::DomainState::PKPState::PKPState() {
901 } 903 }
902 904
903 TransportSecurityState::DomainState::PKPState::~PKPState() { 905 TransportSecurityState::DomainState::PKPState::~PKPState() {
904 } 906 }
905 907
906 } // namespace 908 } // namespace
OLDNEW
« net/http/http_security_headers_unittest.cc ('K') | « net/http/http_security_headers_unittest.cc ('k') | no next file » | no next file with comments »

Powered by Google App Engine
This is Rietveld 408576698