| OLD | NEW |
|---|
| 1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. | 1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. |
| 2 // Use of this source code is governed by a BSD-style license that can be | 2 // Use of this source code is governed by a BSD-style license that can be |
| 3 // found in the LICENSE file. | 3 // found in the LICENSE file. |
| 4 | 4 |
| 5 #include "net/http/transport_security_state.h" | 5 #include "net/http/transport_security_state.h" |
| 6 | 6 |
| 7 #include <memory> | 7 #include <memory> |
| 8 #include <utility> | 8 #include <utility> |
| 9 #include <vector> | 9 #include <vector> |
| 10 | 10 |
| (...skipping 22 matching lines...) Expand all Loading... |
| 33 | 33 |
| 34 #if !defined(OS_NACL) | 34 #if !defined(OS_NACL) |
| 35 #include "base/metrics/field_trial.h" | 35 #include "base/metrics/field_trial.h" |
| 36 #endif | 36 #endif |
| 37 | 37 |
| 38 namespace net { | 38 namespace net { |
| 39 | 39 |
| 40 namespace { | 40 namespace { |
| 41 | 41 |
| 42 #include "net/http/transport_security_state_ct_policies.inc" | 42 #include "net/http/transport_security_state_ct_policies.inc" |
| 43 |
| 44 #if BUILDFLAG(INCLUDE_TRANSPORT_SECURITY_STATE_PRELOAD_LIST) |
| 43 #include "net/http/transport_security_state_static.h" | 45 #include "net/http/transport_security_state_static.h" |
| 46 // Points to the active transport security state source. |
| 47 const TransportSecurityStateSource* const kDefaultHSTSSource = &kHSTSSource; |
| 48 #else |
| 49 const TransportSecurityStateSource* const kDefaultHSTSSource = nullptr; |
| 50 #endif |
| 51 |
| 52 const TransportSecurityStateSource* g_hsts_source = kDefaultHSTSSource; |
| 44 | 53 |
| 45 // Parameters for remembering sent HPKP and Expect-CT reports. | 54 // Parameters for remembering sent HPKP and Expect-CT reports. |
| 46 const size_t kMaxReportCacheEntries = 50; | 55 const size_t kMaxReportCacheEntries = 50; |
| 47 const int kTimeToRememberReportsMins = 60; | 56 const int kTimeToRememberReportsMins = 60; |
| 48 const size_t kReportCacheKeyLength = 16; | 57 const size_t kReportCacheKeyLength = 16; |
| 49 | 58 |
| 50 // Points to the active transport security state source. | |
| 51 const TransportSecurityStateSource* g_hsts_source = &kHSTSSource; | |
| 52 | |
| 53 // Override for CheckCTRequirements() for unit tests. Possible values: | 59 // Override for CheckCTRequirements() for unit tests. Possible values: |
| 54 // -1: Unless a delegate says otherwise, do not require CT. | 60 // -1: Unless a delegate says otherwise, do not require CT. |
| 55 // 0: Use the default implementation (e.g. production) | 61 // 0: Use the default implementation (e.g. production) |
| 56 // 1: Unless a delegate says otherwise, require CT. | 62 // 1: Unless a delegate says otherwise, require CT. |
| 57 int g_ct_required_for_testing = 0; | 63 int g_ct_required_for_testing = 0; |
| 58 | 64 |
| 59 bool IsDynamicExpectCTEnabled() { | 65 bool IsDynamicExpectCTEnabled() { |
| 60 return base::FeatureList::IsEnabled( | 66 return base::FeatureList::IsEnabled( |
| 61 TransportSecurityState::kDynamicExpectCTFeature); | 67 TransportSecurityState::kDynamicExpectCTFeature); |
| 62 } | 68 } |
| (...skipping 567 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 630 if (hostname[hostname_offset - 1] == c) { | 636 if (hostname[hostname_offset - 1] == c) { |
| 631 bit_offset = current_offset; | 637 bit_offset = current_offset; |
| 632 hostname_offset--; | 638 hostname_offset--; |
| 633 break; | 639 break; |
| 634 } | 640 } |
| 635 } | 641 } |
| 636 } | 642 } |
| 637 } | 643 } |
| 638 | 644 |
| 639 bool DecodeHSTSPreload(const std::string& hostname, PreloadResult* out) { | 645 bool DecodeHSTSPreload(const std::string& hostname, PreloadResult* out) { |
| 646 #if !BUILDFLAG(INCLUDE_TRANSPORT_SECURITY_STATE_PRELOAD_LIST) |
| 647 if (g_hsts_source == nullptr) |
| 648 return false; |
| 649 #endif |
| 650 |
| 640 bool found; | 651 bool found; |
| 641 if (!DecodeHSTSPreloadRaw(hostname, &found, out)) { | 652 if (!DecodeHSTSPreloadRaw(hostname, &found, out)) { |
| 642 DCHECK(false) << "Internal error in DecodeHSTSPreloadRaw for hostname " | 653 DCHECK(false) << "Internal error in DecodeHSTSPreloadRaw for hostname " |
| 643 << hostname; | 654 << hostname; |
| 644 return false; | 655 return false; |
| 645 } | 656 } |
| 646 | 657 |
| 647 return found; | 658 return found; |
| 648 } | 659 } |
| 649 | 660 |
| (...skipping 77 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 727 } | 738 } |
| 728 | 739 |
| 729 } // namespace | 740 } // namespace |
| 730 | 741 |
| 731 // static | 742 // static |
| 732 const base::Feature TransportSecurityState::kDynamicExpectCTFeature{ | 743 const base::Feature TransportSecurityState::kDynamicExpectCTFeature{ |
| 733 "DynamicExpectCT", base::FEATURE_DISABLED_BY_DEFAULT}; | 744 "DynamicExpectCT", base::FEATURE_DISABLED_BY_DEFAULT}; |
| 734 | 745 |
| 735 void SetTransportSecurityStateSourceForTesting( | 746 void SetTransportSecurityStateSourceForTesting( |
| 736 const TransportSecurityStateSource* source) { | 747 const TransportSecurityStateSource* source) { |
| 737 g_hsts_source = source ? source : &kHSTSSource; | 748 g_hsts_source = source ? source : kDefaultHSTSSource; |
| 738 } | 749 } |
| 739 | 750 |
| 740 TransportSecurityState::TransportSecurityState() | 751 TransportSecurityState::TransportSecurityState() |
| 741 : enable_static_pins_(true), | 752 : enable_static_pins_(true), |
| 742 enable_static_expect_ct_(true), | 753 enable_static_expect_ct_(true), |
| 743 enable_static_expect_staple_(true), | 754 enable_static_expect_staple_(true), |
| 744 enable_pkp_bypass_for_local_trust_anchors_(true), | 755 enable_pkp_bypass_for_local_trust_anchors_(true), |
| 745 sent_hpkp_reports_cache_(kMaxReportCacheEntries), | 756 sent_hpkp_reports_cache_(kMaxReportCacheEntries), |
| 746 sent_expect_ct_reports_cache_(kMaxReportCacheEntries) { | 757 sent_expect_ct_reports_cache_(kMaxReportCacheEntries) { |
| 747 // Static pinning is only enabled for official builds to make sure that | 758 // Static pinning is only enabled for official builds to make sure that |
| (...skipping 1097 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 1845 TransportSecurityState::PKPStateIterator::PKPStateIterator( | 1856 TransportSecurityState::PKPStateIterator::PKPStateIterator( |
| 1846 const TransportSecurityState& state) | 1857 const TransportSecurityState& state) |
| 1847 : iterator_(state.enabled_pkp_hosts_.begin()), | 1858 : iterator_(state.enabled_pkp_hosts_.begin()), |
| 1848 end_(state.enabled_pkp_hosts_.end()) { | 1859 end_(state.enabled_pkp_hosts_.end()) { |
| 1849 } | 1860 } |
| 1850 | 1861 |
| 1851 TransportSecurityState::PKPStateIterator::~PKPStateIterator() { | 1862 TransportSecurityState::PKPStateIterator::~PKPStateIterator() { |
| 1852 } | 1863 } |
| 1853 | 1864 |
| 1854 } // namespace net | 1865 } // namespace net |
| OLD | NEW |
|---|
Chromium Code Reviews
Issue 2906633003:
Add a build flag to configure bundling of HSTS preload list (Closed)
