Chromium Code Reviews Chromium Code Reviews
Issue 2906633003:
Add a build flag to configure bundling of HSTS preload list (Closed)
| OLD | NEW |
|---|---|
| 1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. | 1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. |
| 2 // Use of this source code is governed by a BSD-style license that can be | 2 // Use of this source code is governed by a BSD-style license that can be |
| 3 // found in the LICENSE file. | 3 // found in the LICENSE file. |
| 4 | 4 |
| 5 #include "net/http/transport_security_state.h" | 5 #include "net/http/transport_security_state.h" |
| 6 | 6 |
| 7 #include <memory> | 7 #include <memory> |
| 8 #include <utility> | 8 #include <utility> |
| 9 #include <vector> | 9 #include <vector> |
| 10 | 10 |
| (...skipping 22 matching lines...) Expand all Loading... | |
| 33 | 33 |
| 34 #if !defined(OS_NACL) | 34 #if !defined(OS_NACL) |
| 35 #include "base/metrics/field_trial.h" | 35 #include "base/metrics/field_trial.h" |
| 36 #endif | 36 #endif |
| 37 | 37 |
| 38 namespace net { | 38 namespace net { |
| 39 | 39 |
| 40 namespace { | 40 namespace { |
| 41 | 41 |
| 42 #include "net/http/transport_security_state_ct_policies.inc" | 42 #include "net/http/transport_security_state_ct_policies.inc" |
| 43 | |
| 44 #if BUILDFLAG(INCLUDE_TRANSPORT_SECURITY_STATE_PRELOAD_LIST) | |
| 43 #include "net/http/transport_security_state_static.h" | 45 #include "net/http/transport_security_state_static.h" |
| 46 // Points to the active transport security state source. | |
| 47 const TransportSecurityStateSource* g_hsts_source = &kHSTSSource; | |
| 48 #else | |
| 49 const TransportSecurityStateSource* g_hsts_source = nullptr; | |
|
xunjieli
2017/07/10 22:20:40
(This is needed now that |kHSTSSource| is not defi
Ryan Sleevi
2017/07/11 15:29:40
So you could probably abstract this a little, and
xunjieli
2017/07/11 16:45:21
Done. Good idea. Thanks!
| |
| 50 #endif | |
| 44 | 51 |
| 45 // Parameters for remembering sent HPKP and Expect-CT reports. | 52 // Parameters for remembering sent HPKP and Expect-CT reports. |
| 46 const size_t kMaxReportCacheEntries = 50; | 53 const size_t kMaxReportCacheEntries = 50; |
| 47 const int kTimeToRememberReportsMins = 60; | 54 const int kTimeToRememberReportsMins = 60; |
| 48 const size_t kReportCacheKeyLength = 16; | 55 const size_t kReportCacheKeyLength = 16; |
| 49 | 56 |
| 50 // Points to the active transport security state source. | |
| 51 const TransportSecurityStateSource* g_hsts_source = &kHSTSSource; | |
| 52 | |
| 53 // Override for CheckCTRequirements() for unit tests. Possible values: | 57 // Override for CheckCTRequirements() for unit tests. Possible values: |
| 54 // -1: Unless a delegate says otherwise, do not require CT. | 58 // -1: Unless a delegate says otherwise, do not require CT. |
| 55 // 0: Use the default implementation (e.g. production) | 59 // 0: Use the default implementation (e.g. production) |
| 56 // 1: Unless a delegate says otherwise, require CT. | 60 // 1: Unless a delegate says otherwise, require CT. |
| 57 int g_ct_required_for_testing = 0; | 61 int g_ct_required_for_testing = 0; |
| 58 | 62 |
| 59 bool IsDynamicExpectCTEnabled() { | 63 bool IsDynamicExpectCTEnabled() { |
| 60 return base::FeatureList::IsEnabled( | 64 return base::FeatureList::IsEnabled( |
| 61 TransportSecurityState::kDynamicExpectCTFeature); | 65 TransportSecurityState::kDynamicExpectCTFeature); |
| 62 } | 66 } |
| (...skipping 567 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... | |
| 630 if (hostname[hostname_offset - 1] == c) { | 634 if (hostname[hostname_offset - 1] == c) { |
| 631 bit_offset = current_offset; | 635 bit_offset = current_offset; |
| 632 hostname_offset--; | 636 hostname_offset--; |
| 633 break; | 637 break; |
| 634 } | 638 } |
| 635 } | 639 } |
| 636 } | 640 } |
| 637 } | 641 } |
| 638 | 642 |
| 639 bool DecodeHSTSPreload(const std::string& hostname, PreloadResult* out) { | 643 bool DecodeHSTSPreload(const std::string& hostname, PreloadResult* out) { |
| 644 #if !BUILDFLAG(INCLUDE_TRANSPORT_SECURITY_STATE_PRELOAD_LIST) | |
| 645 if (g_hsts_source == nullptr) | |
|
xunjieli
2017/07/10 22:20:40
(transport_security_state_unittest.cc can choose t
| |
| 646 return false; | |
| 647 #endif | |
| 648 | |
| 640 bool found; | 649 bool found; |
| 641 if (!DecodeHSTSPreloadRaw(hostname, &found, out)) { | 650 if (!DecodeHSTSPreloadRaw(hostname, &found, out)) { |
| 642 DCHECK(false) << "Internal error in DecodeHSTSPreloadRaw for hostname " | 651 DCHECK(false) << "Internal error in DecodeHSTSPreloadRaw for hostname " |
| 643 << hostname; | 652 << hostname; |
| 644 return false; | 653 return false; |
| 645 } | 654 } |
| 646 | 655 |
| 647 return found; | 656 return found; |
| 648 } | 657 } |
| 649 | 658 |
| (...skipping 77 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... | |
| 727 } | 736 } |
| 728 | 737 |
| 729 } // namespace | 738 } // namespace |
| 730 | 739 |
| 731 // static | 740 // static |
| 732 const base::Feature TransportSecurityState::kDynamicExpectCTFeature{ | 741 const base::Feature TransportSecurityState::kDynamicExpectCTFeature{ |
| 733 "DynamicExpectCT", base::FEATURE_DISABLED_BY_DEFAULT}; | 742 "DynamicExpectCT", base::FEATURE_DISABLED_BY_DEFAULT}; |
| 734 | 743 |
| 735 void SetTransportSecurityStateSourceForTesting( | 744 void SetTransportSecurityStateSourceForTesting( |
| 736 const TransportSecurityStateSource* source) { | 745 const TransportSecurityStateSource* source) { |
| 737 g_hsts_source = source ? source : &kHSTSSource; | 746 g_hsts_source = source; |
|
Ryan Sleevi
2017/07/11 15:29:40
And then here
g_hsts_source = source ? source : k
xunjieli
2017/07/11 16:45:21
Done.
| |
| 747 } | |
| 748 | |
| 749 const TransportSecurityStateSource* | |
| 750 GetTransportSecurityStateSourceForTesting() { | |
| 751 return g_hsts_source; | |
| 738 } | 752 } |
| 739 | 753 |
| 740 TransportSecurityState::TransportSecurityState() | 754 TransportSecurityState::TransportSecurityState() |
| 741 : enable_static_pins_(true), | 755 : enable_static_pins_(true), |
| 742 enable_static_expect_ct_(true), | 756 enable_static_expect_ct_(true), |
| 743 enable_static_expect_staple_(true), | 757 enable_static_expect_staple_(true), |
| 744 enable_pkp_bypass_for_local_trust_anchors_(true), | 758 enable_pkp_bypass_for_local_trust_anchors_(true), |
| 745 sent_hpkp_reports_cache_(kMaxReportCacheEntries), | 759 sent_hpkp_reports_cache_(kMaxReportCacheEntries), |
| 746 sent_expect_ct_reports_cache_(kMaxReportCacheEntries) { | 760 sent_expect_ct_reports_cache_(kMaxReportCacheEntries) { |
| 747 // Static pinning is only enabled for official builds to make sure that | 761 // Static pinning is only enabled for official builds to make sure that |
| (...skipping 1097 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... | |
| 1845 TransportSecurityState::PKPStateIterator::PKPStateIterator( | 1859 TransportSecurityState::PKPStateIterator::PKPStateIterator( |
| 1846 const TransportSecurityState& state) | 1860 const TransportSecurityState& state) |
| 1847 : iterator_(state.enabled_pkp_hosts_.begin()), | 1861 : iterator_(state.enabled_pkp_hosts_.begin()), |
| 1848 end_(state.enabled_pkp_hosts_.end()) { | 1862 end_(state.enabled_pkp_hosts_.end()) { |
| 1849 } | 1863 } |
| 1850 | 1864 |
| 1851 TransportSecurityState::PKPStateIterator::~PKPStateIterator() { | 1865 TransportSecurityState::PKPStateIterator::~PKPStateIterator() { |
| 1852 } | 1866 } |
| 1853 | 1867 |
| 1854 } // namespace net | 1868 } // namespace net |
| OLD | NEW |
