| OLD | NEW |
|---|
| 1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. | 1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. |
| 2 // Use of this source code is governed by a BSD-style license that can be | 2 // Use of this source code is governed by a BSD-style license that can be |
| 3 // found in the LICENSE file. | 3 // found in the LICENSE file. |
| 4 | 4 |
| 5 #include "net/http/transport_security_state.h" | 5 #include "net/http/transport_security_state.h" |
| 6 | 6 |
| 7 #include <algorithm> | 7 #include <algorithm> |
| 8 #include <memory> | 8 #include <memory> |
| 9 #include <utility> | 9 #include <utility> |
| 10 #include <vector> | 10 #include <vector> |
| (...skipping 731 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 742 enable_static_expect_ct_(true), | 742 enable_static_expect_ct_(true), |
| 743 enable_static_expect_staple_(true), | 743 enable_static_expect_staple_(true), |
| 744 enable_pkp_bypass_for_local_trust_anchors_(true), | 744 enable_pkp_bypass_for_local_trust_anchors_(true), |
| 745 sent_reports_cache_(kMaxHPKPReportCacheEntries) { | 745 sent_reports_cache_(kMaxHPKPReportCacheEntries) { |
| 746 // Static pinning is only enabled for official builds to make sure that | 746 // Static pinning is only enabled for official builds to make sure that |
| 747 // others don't end up with pins that cannot be easily updated. | 747 // others don't end up with pins that cannot be easily updated. |
| 748 #if !defined(GOOGLE_CHROME_BUILD) || defined(OS_ANDROID) || defined(OS_IOS) | 748 #if !defined(GOOGLE_CHROME_BUILD) || defined(OS_ANDROID) || defined(OS_IOS) |
| 749 enable_static_pins_ = false; | 749 enable_static_pins_ = false; |
| 750 enable_static_expect_ct_ = false; | 750 enable_static_expect_ct_ = false; |
| 751 #endif | 751 #endif |
| 752 DCHECK(CalledOnValidThread()); | 752 DCHECK_CALLED_ON_VALID_SEQUENCE(sequence_checker_); |
| 753 } | 753 } |
| 754 | 754 |
| 755 // Both HSTS and HPKP cause fatal SSL errors, so return true if a | 755 // Both HSTS and HPKP cause fatal SSL errors, so return true if a |
| 756 // host has either. | 756 // host has either. |
| 757 bool TransportSecurityState::ShouldSSLErrorsBeFatal(const std::string& host) { | 757 bool TransportSecurityState::ShouldSSLErrorsBeFatal(const std::string& host) { |
| 758 STSState sts_state; | 758 STSState sts_state; |
| 759 PKPState pkp_state; | 759 PKPState pkp_state; |
| 760 if (GetStaticDomainState(host, &sts_state, &pkp_state)) | 760 if (GetStaticDomainState(host, &sts_state, &pkp_state)) |
| 761 return true; | 761 return true; |
| 762 if (GetDynamicSTSState(host, &sts_state)) | 762 if (GetDynamicSTSState(host, &sts_state)) |
| (...skipping 41 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 804 | 804 |
| 805 UMA_HISTOGRAM_BOOLEAN("Net.PublicKeyPinSuccess", | 805 UMA_HISTOGRAM_BOOLEAN("Net.PublicKeyPinSuccess", |
| 806 pin_validity == PKPStatus::OK); | 806 pin_validity == PKPStatus::OK); |
| 807 return pin_validity; | 807 return pin_validity; |
| 808 } | 808 } |
| 809 | 809 |
| 810 void TransportSecurityState::CheckExpectStaple( | 810 void TransportSecurityState::CheckExpectStaple( |
| 811 const HostPortPair& host_port_pair, | 811 const HostPortPair& host_port_pair, |
| 812 const SSLInfo& ssl_info, | 812 const SSLInfo& ssl_info, |
| 813 base::StringPiece ocsp_response) { | 813 base::StringPiece ocsp_response) { |
| 814 DCHECK(CalledOnValidThread()); | 814 DCHECK_CALLED_ON_VALID_SEQUENCE(sequence_checker_); |
| 815 if (!enable_static_expect_staple_ || !report_sender_ || | 815 if (!enable_static_expect_staple_ || !report_sender_ || |
| 816 !ssl_info.is_issued_by_known_root) { | 816 !ssl_info.is_issued_by_known_root) { |
| 817 return; | 817 return; |
| 818 } | 818 } |
| 819 | 819 |
| 820 // Determine if the host is on the Expect-Staple preload list. If the build is | 820 // Determine if the host is on the Expect-Staple preload list. If the build is |
| 821 // not timely (i.e. the preload list is not fresh), this will fail and return | 821 // not timely (i.e. the preload list is not fresh), this will fail and return |
| 822 // false. | 822 // false. |
| 823 ExpectStapleState expect_staple_state; | 823 ExpectStapleState expect_staple_state; |
| 824 if (!GetStaticExpectStapleState(host_port_pair.host(), &expect_staple_state)) | 824 if (!GetStaticExpectStapleState(host_port_pair.host(), &expect_staple_state)) |
| (...skipping 142 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 967 // No exception found. This certificate must conform to the CT policy. | 967 // No exception found. This certificate must conform to the CT policy. |
| 968 return CT_REQUIREMENTS_NOT_MET; | 968 return CT_REQUIREMENTS_NOT_MET; |
| 969 } | 969 } |
| 970 } | 970 } |
| 971 | 971 |
| 972 return default_response; | 972 return default_response; |
| 973 } | 973 } |
| 974 | 974 |
| 975 void TransportSecurityState::SetDelegate( | 975 void TransportSecurityState::SetDelegate( |
| 976 TransportSecurityState::Delegate* delegate) { | 976 TransportSecurityState::Delegate* delegate) { |
| 977 DCHECK(CalledOnValidThread()); | 977 DCHECK_CALLED_ON_VALID_SEQUENCE(sequence_checker_); |
| 978 delegate_ = delegate; | 978 delegate_ = delegate; |
| 979 } | 979 } |
| 980 | 980 |
| 981 void TransportSecurityState::SetReportSender( | 981 void TransportSecurityState::SetReportSender( |
| 982 TransportSecurityState::ReportSenderInterface* report_sender) { | 982 TransportSecurityState::ReportSenderInterface* report_sender) { |
| 983 DCHECK(CalledOnValidThread()); | 983 DCHECK_CALLED_ON_VALID_SEQUENCE(sequence_checker_); |
| 984 report_sender_ = report_sender; | 984 report_sender_ = report_sender; |
| 985 } | 985 } |
| 986 | 986 |
| 987 void TransportSecurityState::SetExpectCTReporter( | 987 void TransportSecurityState::SetExpectCTReporter( |
| 988 ExpectCTReporter* expect_ct_reporter) { | 988 ExpectCTReporter* expect_ct_reporter) { |
| 989 DCHECK(CalledOnValidThread()); | 989 DCHECK_CALLED_ON_VALID_SEQUENCE(sequence_checker_); |
| 990 expect_ct_reporter_ = expect_ct_reporter; | 990 expect_ct_reporter_ = expect_ct_reporter; |
| 991 } | 991 } |
| 992 | 992 |
| 993 void TransportSecurityState::SetRequireCTDelegate(RequireCTDelegate* delegate) { | 993 void TransportSecurityState::SetRequireCTDelegate(RequireCTDelegate* delegate) { |
| 994 DCHECK(CalledOnValidThread()); | 994 DCHECK_CALLED_ON_VALID_SEQUENCE(sequence_checker_); |
| 995 require_ct_delegate_ = delegate; | 995 require_ct_delegate_ = delegate; |
| 996 } | 996 } |
| 997 | 997 |
| 998 void TransportSecurityState::AddHSTSInternal( | 998 void TransportSecurityState::AddHSTSInternal( |
| 999 const std::string& host, | 999 const std::string& host, |
| 1000 TransportSecurityState::STSState::UpgradeMode upgrade_mode, | 1000 TransportSecurityState::STSState::UpgradeMode upgrade_mode, |
| 1001 const base::Time& expiry, | 1001 const base::Time& expiry, |
| 1002 bool include_subdomains) { | 1002 bool include_subdomains) { |
| 1003 DCHECK(CalledOnValidThread()); | 1003 DCHECK_CALLED_ON_VALID_SEQUENCE(sequence_checker_); |
| 1004 | 1004 |
| 1005 STSState sts_state; | 1005 STSState sts_state; |
| 1006 sts_state.last_observed = base::Time::Now(); | 1006 sts_state.last_observed = base::Time::Now(); |
| 1007 sts_state.include_subdomains = include_subdomains; | 1007 sts_state.include_subdomains = include_subdomains; |
| 1008 sts_state.expiry = expiry; | 1008 sts_state.expiry = expiry; |
| 1009 sts_state.upgrade_mode = upgrade_mode; | 1009 sts_state.upgrade_mode = upgrade_mode; |
| 1010 | 1010 |
| 1011 EnableSTSHost(host, sts_state); | 1011 EnableSTSHost(host, sts_state); |
| 1012 } | 1012 } |
| 1013 | 1013 |
| 1014 void TransportSecurityState::AddHPKPInternal(const std::string& host, | 1014 void TransportSecurityState::AddHPKPInternal(const std::string& host, |
| 1015 const base::Time& last_observed, | 1015 const base::Time& last_observed, |
| 1016 const base::Time& expiry, | 1016 const base::Time& expiry, |
| 1017 bool include_subdomains, | 1017 bool include_subdomains, |
| 1018 const HashValueVector& hashes, | 1018 const HashValueVector& hashes, |
| 1019 const GURL& report_uri) { | 1019 const GURL& report_uri) { |
| 1020 DCHECK(CalledOnValidThread()); | 1020 DCHECK_CALLED_ON_VALID_SEQUENCE(sequence_checker_); |
| 1021 | 1021 |
| 1022 PKPState pkp_state; | 1022 PKPState pkp_state; |
| 1023 pkp_state.last_observed = last_observed; | 1023 pkp_state.last_observed = last_observed; |
| 1024 pkp_state.expiry = expiry; | 1024 pkp_state.expiry = expiry; |
| 1025 pkp_state.include_subdomains = include_subdomains; | 1025 pkp_state.include_subdomains = include_subdomains; |
| 1026 pkp_state.spki_hashes = hashes; | 1026 pkp_state.spki_hashes = hashes; |
| 1027 pkp_state.report_uri = report_uri; | 1027 pkp_state.report_uri = report_uri; |
| 1028 | 1028 |
| 1029 EnablePKPHost(host, pkp_state); | 1029 EnablePKPHost(host, pkp_state); |
| 1030 } | 1030 } |
| 1031 | 1031 |
| 1032 void TransportSecurityState::AddExpectCTInternal( | 1032 void TransportSecurityState::AddExpectCTInternal( |
| 1033 const std::string& host, | 1033 const std::string& host, |
| 1034 const base::Time& last_observed, | 1034 const base::Time& last_observed, |
| 1035 const base::Time& expiry, | 1035 const base::Time& expiry, |
| 1036 bool enforce, | 1036 bool enforce, |
| 1037 const GURL& report_uri) { | 1037 const GURL& report_uri) { |
| 1038 DCHECK(CalledOnValidThread()); | 1038 DCHECK_CALLED_ON_VALID_SEQUENCE(sequence_checker_); |
| 1039 | 1039 |
| 1040 ExpectCTState expect_ct_state; | 1040 ExpectCTState expect_ct_state; |
| 1041 expect_ct_state.last_observed = last_observed; | 1041 expect_ct_state.last_observed = last_observed; |
| 1042 expect_ct_state.expiry = expiry; | 1042 expect_ct_state.expiry = expiry; |
| 1043 expect_ct_state.enforce = enforce; | 1043 expect_ct_state.enforce = enforce; |
| 1044 expect_ct_state.report_uri = report_uri; | 1044 expect_ct_state.report_uri = report_uri; |
| 1045 | 1045 |
| 1046 EnableExpectCTHost(host, expect_ct_state); | 1046 EnableExpectCTHost(host, expect_ct_state); |
| 1047 } | 1047 } |
| 1048 | 1048 |
| 1049 void TransportSecurityState:: | 1049 void TransportSecurityState:: |
| 1050 SetEnablePublicKeyPinningBypassForLocalTrustAnchors(bool value) { | 1050 SetEnablePublicKeyPinningBypassForLocalTrustAnchors(bool value) { |
| 1051 enable_pkp_bypass_for_local_trust_anchors_ = value; | 1051 enable_pkp_bypass_for_local_trust_anchors_ = value; |
| 1052 } | 1052 } |
| 1053 | 1053 |
| 1054 void TransportSecurityState::EnableSTSHost(const std::string& host, | 1054 void TransportSecurityState::EnableSTSHost(const std::string& host, |
| 1055 const STSState& state) { | 1055 const STSState& state) { |
| 1056 DCHECK(CalledOnValidThread()); | 1056 DCHECK_CALLED_ON_VALID_SEQUENCE(sequence_checker_); |
| 1057 | 1057 |
| 1058 const std::string canonicalized_host = CanonicalizeHost(host); | 1058 const std::string canonicalized_host = CanonicalizeHost(host); |
| 1059 if (canonicalized_host.empty()) | 1059 if (canonicalized_host.empty()) |
| 1060 return; | 1060 return; |
| 1061 | 1061 |
| 1062 // Only store new state when HSTS is explicitly enabled. If it is | 1062 // Only store new state when HSTS is explicitly enabled. If it is |
| 1063 // disabled, remove the state from the enabled hosts. | 1063 // disabled, remove the state from the enabled hosts. |
| 1064 if (state.ShouldUpgradeToSSL()) { | 1064 if (state.ShouldUpgradeToSSL()) { |
| 1065 STSState sts_state(state); | 1065 STSState sts_state(state); |
| 1066 // No need to store this value since it is redundant. (|canonicalized_host| | 1066 // No need to store this value since it is redundant. (|canonicalized_host| |
| 1067 // is the map key.) | 1067 // is the map key.) |
| 1068 sts_state.domain.clear(); | 1068 sts_state.domain.clear(); |
| 1069 | 1069 |
| 1070 enabled_sts_hosts_[HashHost(canonicalized_host)] = sts_state; | 1070 enabled_sts_hosts_[HashHost(canonicalized_host)] = sts_state; |
| 1071 } else { | 1071 } else { |
| 1072 const std::string hashed_host = HashHost(canonicalized_host); | 1072 const std::string hashed_host = HashHost(canonicalized_host); |
| 1073 enabled_sts_hosts_.erase(hashed_host); | 1073 enabled_sts_hosts_.erase(hashed_host); |
| 1074 } | 1074 } |
| 1075 | 1075 |
| 1076 DirtyNotify(); | 1076 DirtyNotify(); |
| 1077 } | 1077 } |
| 1078 | 1078 |
| 1079 void TransportSecurityState::EnablePKPHost(const std::string& host, | 1079 void TransportSecurityState::EnablePKPHost(const std::string& host, |
| 1080 const PKPState& state) { | 1080 const PKPState& state) { |
| 1081 DCHECK(CalledOnValidThread()); | 1081 DCHECK_CALLED_ON_VALID_SEQUENCE(sequence_checker_); |
| 1082 | 1082 |
| 1083 const std::string canonicalized_host = CanonicalizeHost(host); | 1083 const std::string canonicalized_host = CanonicalizeHost(host); |
| 1084 if (canonicalized_host.empty()) | 1084 if (canonicalized_host.empty()) |
| 1085 return; | 1085 return; |
| 1086 | 1086 |
| 1087 // Only store new state when HPKP is explicitly enabled. If it is | 1087 // Only store new state when HPKP is explicitly enabled. If it is |
| 1088 // disabled, remove the state from the enabled hosts. | 1088 // disabled, remove the state from the enabled hosts. |
| 1089 if (state.HasPublicKeyPins()) { | 1089 if (state.HasPublicKeyPins()) { |
| 1090 PKPState pkp_state(state); | 1090 PKPState pkp_state(state); |
| 1091 // No need to store this value since it is redundant. (|canonicalized_host| | 1091 // No need to store this value since it is redundant. (|canonicalized_host| |
| 1092 // is the map key.) | 1092 // is the map key.) |
| 1093 pkp_state.domain.clear(); | 1093 pkp_state.domain.clear(); |
| 1094 | 1094 |
| 1095 enabled_pkp_hosts_[HashHost(canonicalized_host)] = pkp_state; | 1095 enabled_pkp_hosts_[HashHost(canonicalized_host)] = pkp_state; |
| 1096 } else { | 1096 } else { |
| 1097 const std::string hashed_host = HashHost(canonicalized_host); | 1097 const std::string hashed_host = HashHost(canonicalized_host); |
| 1098 enabled_pkp_hosts_.erase(hashed_host); | 1098 enabled_pkp_hosts_.erase(hashed_host); |
| 1099 } | 1099 } |
| 1100 | 1100 |
| 1101 DirtyNotify(); | 1101 DirtyNotify(); |
| 1102 } | 1102 } |
| 1103 | 1103 |
| 1104 void TransportSecurityState::EnableExpectCTHost(const std::string& host, | 1104 void TransportSecurityState::EnableExpectCTHost(const std::string& host, |
| 1105 const ExpectCTState& state) { | 1105 const ExpectCTState& state) { |
| 1106 DCHECK(CalledOnValidThread()); | 1106 DCHECK_CALLED_ON_VALID_SEQUENCE(sequence_checker_); |
| 1107 if (!IsDynamicExpectCTEnabled()) | 1107 if (!IsDynamicExpectCTEnabled()) |
| 1108 return; | 1108 return; |
| 1109 | 1109 |
| 1110 const std::string canonicalized_host = CanonicalizeHost(host); | 1110 const std::string canonicalized_host = CanonicalizeHost(host); |
| 1111 if (canonicalized_host.empty()) | 1111 if (canonicalized_host.empty()) |
| 1112 return; | 1112 return; |
| 1113 | 1113 |
| 1114 // Only store new state when Expect-CT is explicitly enabled. If it is | 1114 // Only store new state when Expect-CT is explicitly enabled. If it is |
| 1115 // disabled, remove the state from the enabled hosts. | 1115 // disabled, remove the state from the enabled hosts. |
| 1116 if (state.enforce || !state.report_uri.is_empty()) { | 1116 if (state.enforce || !state.report_uri.is_empty()) { |
| (...skipping 62 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 1179 | 1179 |
| 1180 report_sender_->Send(pkp_state.report_uri, "application/json; charset=utf-8", | 1180 report_sender_->Send(pkp_state.report_uri, "application/json; charset=utf-8", |
| 1181 serialized_report, base::Callback<void()>(), | 1181 serialized_report, base::Callback<void()>(), |
| 1182 base::Bind(RecordUMAForHPKPReportFailure)); | 1182 base::Bind(RecordUMAForHPKPReportFailure)); |
| 1183 return PKPStatus::VIOLATED; | 1183 return PKPStatus::VIOLATED; |
| 1184 } | 1184 } |
| 1185 | 1185 |
| 1186 bool TransportSecurityState::GetStaticExpectCTState( | 1186 bool TransportSecurityState::GetStaticExpectCTState( |
| 1187 const std::string& host, | 1187 const std::string& host, |
| 1188 ExpectCTState* expect_ct_state) const { | 1188 ExpectCTState* expect_ct_state) const { |
| 1189 DCHECK(CalledOnValidThread()); | 1189 DCHECK_CALLED_ON_VALID_SEQUENCE(sequence_checker_); |
| 1190 | 1190 |
| 1191 if (!IsBuildTimely()) | 1191 if (!IsBuildTimely()) |
| 1192 return false; | 1192 return false; |
| 1193 | 1193 |
| 1194 PreloadResult result; | 1194 PreloadResult result; |
| 1195 if (!DecodeHSTSPreload(host, &result)) | 1195 if (!DecodeHSTSPreload(host, &result)) |
| 1196 return false; | 1196 return false; |
| 1197 | 1197 |
| 1198 if (!enable_static_expect_ct_ || !result.expect_ct) | 1198 if (!enable_static_expect_ct_ || !result.expect_ct) |
| 1199 return false; | 1199 return false; |
| 1200 | 1200 |
| 1201 expect_ct_state->domain = host.substr(result.hostname_offset); | 1201 expect_ct_state->domain = host.substr(result.hostname_offset); |
| 1202 expect_ct_state->report_uri = GURL( | 1202 expect_ct_state->report_uri = GURL( |
| 1203 g_hsts_source->expect_ct_report_uris[result.expect_ct_report_uri_id]); | 1203 g_hsts_source->expect_ct_report_uris[result.expect_ct_report_uri_id]); |
| 1204 return true; | 1204 return true; |
| 1205 } | 1205 } |
| 1206 | 1206 |
| 1207 bool TransportSecurityState::GetStaticExpectStapleState( | 1207 bool TransportSecurityState::GetStaticExpectStapleState( |
| 1208 const std::string& host, | 1208 const std::string& host, |
| 1209 ExpectStapleState* expect_staple_state) const { | 1209 ExpectStapleState* expect_staple_state) const { |
| 1210 DCHECK(CalledOnValidThread()); | 1210 DCHECK_CALLED_ON_VALID_SEQUENCE(sequence_checker_); |
| 1211 | 1211 |
| 1212 if (!IsBuildTimely()) | 1212 if (!IsBuildTimely()) |
| 1213 return false; | 1213 return false; |
| 1214 | 1214 |
| 1215 PreloadResult result; | 1215 PreloadResult result; |
| 1216 if (!DecodeHSTSPreload(host, &result)) | 1216 if (!DecodeHSTSPreload(host, &result)) |
| 1217 return false; | 1217 return false; |
| 1218 | 1218 |
| 1219 if (!enable_static_expect_staple_ || !result.expect_staple) | 1219 if (!enable_static_expect_staple_ || !result.expect_staple) |
| 1220 return false; | 1220 return false; |
| 1221 | 1221 |
| 1222 expect_staple_state->domain = host.substr(result.hostname_offset); | 1222 expect_staple_state->domain = host.substr(result.hostname_offset); |
| 1223 expect_staple_state->include_subdomains = | 1223 expect_staple_state->include_subdomains = |
| 1224 result.expect_staple_include_subdomains; | 1224 result.expect_staple_include_subdomains; |
| 1225 expect_staple_state->report_uri = | 1225 expect_staple_state->report_uri = |
| 1226 GURL(g_hsts_source | 1226 GURL(g_hsts_source |
| 1227 ->expect_staple_report_uris[result.expect_staple_report_uri_id]); | 1227 ->expect_staple_report_uris[result.expect_staple_report_uri_id]); |
| 1228 return true; | 1228 return true; |
| 1229 } | 1229 } |
| 1230 | 1230 |
| 1231 bool TransportSecurityState::DeleteDynamicDataForHost(const std::string& host) { | 1231 bool TransportSecurityState::DeleteDynamicDataForHost(const std::string& host) { |
| 1232 DCHECK(CalledOnValidThread()); | 1232 DCHECK_CALLED_ON_VALID_SEQUENCE(sequence_checker_); |
| 1233 | 1233 |
| 1234 const std::string canonicalized_host = CanonicalizeHost(host); | 1234 const std::string canonicalized_host = CanonicalizeHost(host); |
| 1235 if (canonicalized_host.empty()) | 1235 if (canonicalized_host.empty()) |
| 1236 return false; | 1236 return false; |
| 1237 | 1237 |
| 1238 const std::string hashed_host = HashHost(canonicalized_host); | 1238 const std::string hashed_host = HashHost(canonicalized_host); |
| 1239 bool deleted = false; | 1239 bool deleted = false; |
| 1240 STSStateMap::iterator sts_interator = enabled_sts_hosts_.find(hashed_host); | 1240 STSStateMap::iterator sts_interator = enabled_sts_hosts_.find(hashed_host); |
| 1241 if (sts_interator != enabled_sts_hosts_.end()) { | 1241 if (sts_interator != enabled_sts_hosts_.end()) { |
| 1242 enabled_sts_hosts_.erase(sts_interator); | 1242 enabled_sts_hosts_.erase(sts_interator); |
| (...skipping 12 matching lines...) Expand all Loading... |
| 1255 enabled_expect_ct_hosts_.erase(expect_ct_iterator); | 1255 enabled_expect_ct_hosts_.erase(expect_ct_iterator); |
| 1256 deleted = true; | 1256 deleted = true; |
| 1257 } | 1257 } |
| 1258 | 1258 |
| 1259 if (deleted) | 1259 if (deleted) |
| 1260 DirtyNotify(); | 1260 DirtyNotify(); |
| 1261 return deleted; | 1261 return deleted; |
| 1262 } | 1262 } |
| 1263 | 1263 |
| 1264 void TransportSecurityState::ClearDynamicData() { | 1264 void TransportSecurityState::ClearDynamicData() { |
| 1265 DCHECK(CalledOnValidThread()); | 1265 DCHECK_CALLED_ON_VALID_SEQUENCE(sequence_checker_); |
| 1266 enabled_sts_hosts_.clear(); | 1266 enabled_sts_hosts_.clear(); |
| 1267 enabled_pkp_hosts_.clear(); | 1267 enabled_pkp_hosts_.clear(); |
| 1268 enabled_expect_ct_hosts_.clear(); | 1268 enabled_expect_ct_hosts_.clear(); |
| 1269 } | 1269 } |
| 1270 | 1270 |
| 1271 void TransportSecurityState::DeleteAllDynamicDataSince(const base::Time& time) { | 1271 void TransportSecurityState::DeleteAllDynamicDataSince(const base::Time& time) { |
| 1272 DCHECK(CalledOnValidThread()); | 1272 DCHECK_CALLED_ON_VALID_SEQUENCE(sequence_checker_); |
| 1273 | 1273 |
| 1274 bool dirtied = false; | 1274 bool dirtied = false; |
| 1275 STSStateMap::iterator sts_iterator = enabled_sts_hosts_.begin(); | 1275 STSStateMap::iterator sts_iterator = enabled_sts_hosts_.begin(); |
| 1276 while (sts_iterator != enabled_sts_hosts_.end()) { | 1276 while (sts_iterator != enabled_sts_hosts_.end()) { |
| 1277 if (sts_iterator->second.last_observed >= time) { | 1277 if (sts_iterator->second.last_observed >= time) { |
| 1278 dirtied = true; | 1278 dirtied = true; |
| 1279 enabled_sts_hosts_.erase(sts_iterator++); | 1279 enabled_sts_hosts_.erase(sts_iterator++); |
| 1280 continue; | 1280 continue; |
| 1281 } | 1281 } |
| 1282 | 1282 |
| (...skipping 21 matching lines...) Expand all Loading... |
| 1304 } | 1304 } |
| 1305 | 1305 |
| 1306 ++expect_ct_iterator; | 1306 ++expect_ct_iterator; |
| 1307 } | 1307 } |
| 1308 | 1308 |
| 1309 if (dirtied) | 1309 if (dirtied) |
| 1310 DirtyNotify(); | 1310 DirtyNotify(); |
| 1311 } | 1311 } |
| 1312 | 1312 |
| 1313 TransportSecurityState::~TransportSecurityState() { | 1313 TransportSecurityState::~TransportSecurityState() { |
| 1314 DCHECK(CalledOnValidThread()); | 1314 DCHECK_CALLED_ON_VALID_SEQUENCE(sequence_checker_); |
| 1315 } | 1315 } |
| 1316 | 1316 |
| 1317 void TransportSecurityState::DirtyNotify() { | 1317 void TransportSecurityState::DirtyNotify() { |
| 1318 DCHECK(CalledOnValidThread()); | 1318 DCHECK_CALLED_ON_VALID_SEQUENCE(sequence_checker_); |
| 1319 | 1319 |
| 1320 if (delegate_) | 1320 if (delegate_) |
| 1321 delegate_->StateIsDirty(this); | 1321 delegate_->StateIsDirty(this); |
| 1322 } | 1322 } |
| 1323 | 1323 |
| 1324 bool TransportSecurityState::AddHSTSHeader(const std::string& host, | 1324 bool TransportSecurityState::AddHSTSHeader(const std::string& host, |
| 1325 const std::string& value) { | 1325 const std::string& value) { |
| 1326 DCHECK(CalledOnValidThread()); | 1326 DCHECK_CALLED_ON_VALID_SEQUENCE(sequence_checker_); |
| 1327 | 1327 |
| 1328 base::Time now = base::Time::Now(); | 1328 base::Time now = base::Time::Now(); |
| 1329 base::TimeDelta max_age; | 1329 base::TimeDelta max_age; |
| 1330 bool include_subdomains; | 1330 bool include_subdomains; |
| 1331 if (!ParseHSTSHeader(value, &max_age, &include_subdomains)) { | 1331 if (!ParseHSTSHeader(value, &max_age, &include_subdomains)) { |
| 1332 return false; | 1332 return false; |
| 1333 } | 1333 } |
| 1334 | 1334 |
| 1335 // Handle max-age == 0. | 1335 // Handle max-age == 0. |
| 1336 STSState::UpgradeMode upgrade_mode; | 1336 STSState::UpgradeMode upgrade_mode; |
| 1337 if (max_age.InSeconds() == 0) { | 1337 if (max_age.InSeconds() == 0) { |
| 1338 upgrade_mode = STSState::MODE_DEFAULT; | 1338 upgrade_mode = STSState::MODE_DEFAULT; |
| 1339 } else { | 1339 } else { |
| 1340 upgrade_mode = STSState::MODE_FORCE_HTTPS; | 1340 upgrade_mode = STSState::MODE_FORCE_HTTPS; |
| 1341 } | 1341 } |
| 1342 | 1342 |
| 1343 AddHSTSInternal(host, upgrade_mode, now + max_age, include_subdomains); | 1343 AddHSTSInternal(host, upgrade_mode, now + max_age, include_subdomains); |
| 1344 return true; | 1344 return true; |
| 1345 } | 1345 } |
| 1346 | 1346 |
| 1347 bool TransportSecurityState::AddHPKPHeader(const std::string& host, | 1347 bool TransportSecurityState::AddHPKPHeader(const std::string& host, |
| 1348 const std::string& value, | 1348 const std::string& value, |
| 1349 const SSLInfo& ssl_info) { | 1349 const SSLInfo& ssl_info) { |
| 1350 DCHECK(CalledOnValidThread()); | 1350 DCHECK_CALLED_ON_VALID_SEQUENCE(sequence_checker_); |
| 1351 | 1351 |
| 1352 base::Time now = base::Time::Now(); | 1352 base::Time now = base::Time::Now(); |
| 1353 base::TimeDelta max_age; | 1353 base::TimeDelta max_age; |
| 1354 bool include_subdomains; | 1354 bool include_subdomains; |
| 1355 HashValueVector spki_hashes; | 1355 HashValueVector spki_hashes; |
| 1356 GURL report_uri; | 1356 GURL report_uri; |
| 1357 | 1357 |
| 1358 if (!ParseHPKPHeader(value, ssl_info.public_key_hashes, &max_age, | 1358 if (!ParseHPKPHeader(value, ssl_info.public_key_hashes, &max_age, |
| 1359 &include_subdomains, &spki_hashes, &report_uri)) { | 1359 &include_subdomains, &spki_hashes, &report_uri)) { |
| 1360 return false; | 1360 return false; |
| 1361 } | 1361 } |
| 1362 // Handle max-age == 0. | 1362 // Handle max-age == 0. |
| 1363 if (max_age.InSeconds() == 0) | 1363 if (max_age.InSeconds() == 0) |
| 1364 spki_hashes.clear(); | 1364 spki_hashes.clear(); |
| 1365 AddHPKPInternal(host, now, now + max_age, include_subdomains, spki_hashes, | 1365 AddHPKPInternal(host, now, now + max_age, include_subdomains, spki_hashes, |
| 1366 report_uri); | 1366 report_uri); |
| 1367 return true; | 1367 return true; |
| 1368 } | 1368 } |
| 1369 | 1369 |
| 1370 void TransportSecurityState::AddHSTS(const std::string& host, | 1370 void TransportSecurityState::AddHSTS(const std::string& host, |
| 1371 const base::Time& expiry, | 1371 const base::Time& expiry, |
| 1372 bool include_subdomains) { | 1372 bool include_subdomains) { |
| 1373 DCHECK(CalledOnValidThread()); | 1373 DCHECK_CALLED_ON_VALID_SEQUENCE(sequence_checker_); |
| 1374 AddHSTSInternal(host, STSState::MODE_FORCE_HTTPS, expiry, include_subdomains); | 1374 AddHSTSInternal(host, STSState::MODE_FORCE_HTTPS, expiry, include_subdomains); |
| 1375 } | 1375 } |
| 1376 | 1376 |
| 1377 void TransportSecurityState::AddHPKP(const std::string& host, | 1377 void TransportSecurityState::AddHPKP(const std::string& host, |
| 1378 const base::Time& expiry, | 1378 const base::Time& expiry, |
| 1379 bool include_subdomains, | 1379 bool include_subdomains, |
| 1380 const HashValueVector& hashes, | 1380 const HashValueVector& hashes, |
| 1381 const GURL& report_uri) { | 1381 const GURL& report_uri) { |
| 1382 DCHECK(CalledOnValidThread()); | 1382 DCHECK_CALLED_ON_VALID_SEQUENCE(sequence_checker_); |
| 1383 AddHPKPInternal(host, base::Time::Now(), expiry, include_subdomains, hashes, | 1383 AddHPKPInternal(host, base::Time::Now(), expiry, include_subdomains, hashes, |
| 1384 report_uri); | 1384 report_uri); |
| 1385 } | 1385 } |
| 1386 | 1386 |
| 1387 void TransportSecurityState::AddExpectCT(const std::string& host, | 1387 void TransportSecurityState::AddExpectCT(const std::string& host, |
| 1388 const base::Time& expiry, | 1388 const base::Time& expiry, |
| 1389 bool enforce, | 1389 bool enforce, |
| 1390 const GURL& report_uri) { | 1390 const GURL& report_uri) { |
| 1391 DCHECK(CalledOnValidThread()); | 1391 DCHECK_CALLED_ON_VALID_SEQUENCE(sequence_checker_); |
| 1392 AddExpectCTInternal(host, base::Time::Now(), expiry, enforce, report_uri); | 1392 AddExpectCTInternal(host, base::Time::Now(), expiry, enforce, report_uri); |
| 1393 } | 1393 } |
| 1394 | 1394 |
| 1395 bool TransportSecurityState::ProcessHPKPReportOnlyHeader( | 1395 bool TransportSecurityState::ProcessHPKPReportOnlyHeader( |
| 1396 const std::string& value, | 1396 const std::string& value, |
| 1397 const HostPortPair& host_port_pair, | 1397 const HostPortPair& host_port_pair, |
| 1398 const SSLInfo& ssl_info) { | 1398 const SSLInfo& ssl_info) { |
| 1399 DCHECK(CalledOnValidThread()); | 1399 DCHECK_CALLED_ON_VALID_SEQUENCE(sequence_checker_); |
| 1400 | 1400 |
| 1401 base::Time now = base::Time::Now(); | 1401 base::Time now = base::Time::Now(); |
| 1402 bool include_subdomains; | 1402 bool include_subdomains; |
| 1403 HashValueVector spki_hashes; | 1403 HashValueVector spki_hashes; |
| 1404 GURL report_uri; | 1404 GURL report_uri; |
| 1405 std::string unused_failure_log; | 1405 std::string unused_failure_log; |
| 1406 | 1406 |
| 1407 if (!ParseHPKPReportOnlyHeader(value, &include_subdomains, &spki_hashes, | 1407 if (!ParseHPKPReportOnlyHeader(value, &include_subdomains, &spki_hashes, |
| 1408 &report_uri) || | 1408 &report_uri) || |
| 1409 !report_uri.is_valid() || report_uri.is_empty()) { | 1409 !report_uri.is_valid() || report_uri.is_empty()) { |
| (...skipping 12 matching lines...) Expand all Loading... |
| 1422 host_port_pair, ssl_info.is_issued_by_known_root, pkp_state, | 1422 host_port_pair, ssl_info.is_issued_by_known_root, pkp_state, |
| 1423 ssl_info.public_key_hashes, ssl_info.unverified_cert.get(), | 1423 ssl_info.public_key_hashes, ssl_info.unverified_cert.get(), |
| 1424 ssl_info.cert.get(), ENABLE_PIN_REPORTS, &unused_failure_log); | 1424 ssl_info.cert.get(), ENABLE_PIN_REPORTS, &unused_failure_log); |
| 1425 return true; | 1425 return true; |
| 1426 } | 1426 } |
| 1427 | 1427 |
| 1428 void TransportSecurityState::ProcessExpectCTHeader( | 1428 void TransportSecurityState::ProcessExpectCTHeader( |
| 1429 const std::string& value, | 1429 const std::string& value, |
| 1430 const HostPortPair& host_port_pair, | 1430 const HostPortPair& host_port_pair, |
| 1431 const SSLInfo& ssl_info) { | 1431 const SSLInfo& ssl_info) { |
| 1432 DCHECK(CalledOnValidThread()); | 1432 DCHECK_CALLED_ON_VALID_SEQUENCE(sequence_checker_); |
| 1433 | 1433 |
| 1434 // If a site sends `Expect-CT: preload` and appears on the preload list, they | 1434 // If a site sends `Expect-CT: preload` and appears on the preload list, they |
| 1435 // are in the experimental preload-list-only, report-only version of | 1435 // are in the experimental preload-list-only, report-only version of |
| 1436 // Expect-CT. | 1436 // Expect-CT. |
| 1437 if (value == "preload") { | 1437 if (value == "preload") { |
| 1438 if (!expect_ct_reporter_) | 1438 if (!expect_ct_reporter_) |
| 1439 return; | 1439 return; |
| 1440 if (!IsBuildTimely()) | 1440 if (!IsBuildTimely()) |
| 1441 return; | 1441 return; |
| 1442 if (!ssl_info.is_issued_by_known_root) | 1442 if (!ssl_info.is_issued_by_known_root) |
| (...skipping 89 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 1532 DCHECK(found_state); | 1532 DCHECK(found_state); |
| 1533 return CheckPinsAndMaybeSendReport( | 1533 return CheckPinsAndMaybeSendReport( |
| 1534 host_port_pair, is_issued_by_known_root, pkp_state, hashes, | 1534 host_port_pair, is_issued_by_known_root, pkp_state, hashes, |
| 1535 served_certificate_chain, validated_certificate_chain, report_status, | 1535 served_certificate_chain, validated_certificate_chain, report_status, |
| 1536 failure_log); | 1536 failure_log); |
| 1537 } | 1537 } |
| 1538 | 1538 |
| 1539 bool TransportSecurityState::GetStaticDomainState(const std::string& host, | 1539 bool TransportSecurityState::GetStaticDomainState(const std::string& host, |
| 1540 STSState* sts_state, | 1540 STSState* sts_state, |
| 1541 PKPState* pkp_state) const { | 1541 PKPState* pkp_state) const { |
| 1542 DCHECK(CalledOnValidThread()); | 1542 DCHECK_CALLED_ON_VALID_SEQUENCE(sequence_checker_); |
| 1543 | 1543 |
| 1544 sts_state->upgrade_mode = STSState::MODE_FORCE_HTTPS; | 1544 sts_state->upgrade_mode = STSState::MODE_FORCE_HTTPS; |
| 1545 sts_state->include_subdomains = false; | 1545 sts_state->include_subdomains = false; |
| 1546 pkp_state->include_subdomains = false; | 1546 pkp_state->include_subdomains = false; |
| 1547 | 1547 |
| 1548 if (!IsBuildTimely()) | 1548 if (!IsBuildTimely()) |
| 1549 return false; | 1549 return false; |
| 1550 | 1550 |
| 1551 PreloadResult result; | 1551 PreloadResult result; |
| 1552 if (!DecodeHSTSPreload(host, &result)) | 1552 if (!DecodeHSTSPreload(host, &result)) |
| (...skipping 33 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 1586 AddHash(*sha256_hash, &pkp_state->bad_spki_hashes); | 1586 AddHash(*sha256_hash, &pkp_state->bad_spki_hashes); |
| 1587 sha256_hash++; | 1587 sha256_hash++; |
| 1588 } | 1588 } |
| 1589 } | 1589 } |
| 1590 } | 1590 } |
| 1591 | 1591 |
| 1592 return true; | 1592 return true; |
| 1593 } | 1593 } |
| 1594 | 1594 |
| 1595 bool TransportSecurityState::IsGooglePinnedHost(const std::string& host) const { | 1595 bool TransportSecurityState::IsGooglePinnedHost(const std::string& host) const { |
| 1596 DCHECK(CalledOnValidThread()); | 1596 DCHECK_CALLED_ON_VALID_SEQUENCE(sequence_checker_); |
| 1597 | 1597 |
| 1598 if (!IsBuildTimely()) | 1598 if (!IsBuildTimely()) |
| 1599 return false; | 1599 return false; |
| 1600 | 1600 |
| 1601 PreloadResult result; | 1601 PreloadResult result; |
| 1602 if (!DecodeHSTSPreload(host, &result)) | 1602 if (!DecodeHSTSPreload(host, &result)) |
| 1603 return false; | 1603 return false; |
| 1604 | 1604 |
| 1605 if (!result.has_pins) | 1605 if (!result.has_pins) |
| 1606 return false; | 1606 return false; |
| 1607 | 1607 |
| 1608 if (result.pinset_id >= arraysize(kPinsets)) | 1608 if (result.pinset_id >= arraysize(kPinsets)) |
| 1609 return false; | 1609 return false; |
| 1610 | 1610 |
| 1611 return kPinsets[result.pinset_id].accepted_pins == kGoogleAcceptableCerts; | 1611 return kPinsets[result.pinset_id].accepted_pins == kGoogleAcceptableCerts; |
| 1612 } | 1612 } |
| 1613 | 1613 |
| 1614 bool TransportSecurityState::GetDynamicSTSState(const std::string& host, | 1614 bool TransportSecurityState::GetDynamicSTSState(const std::string& host, |
| 1615 STSState* result) { | 1615 STSState* result) { |
| 1616 DCHECK(CalledOnValidThread()); | 1616 DCHECK_CALLED_ON_VALID_SEQUENCE(sequence_checker_); |
| 1617 | 1617 |
| 1618 const std::string canonicalized_host = CanonicalizeHost(host); | 1618 const std::string canonicalized_host = CanonicalizeHost(host); |
| 1619 if (canonicalized_host.empty()) | 1619 if (canonicalized_host.empty()) |
| 1620 return false; | 1620 return false; |
| 1621 | 1621 |
| 1622 base::Time current_time(base::Time::Now()); | 1622 base::Time current_time(base::Time::Now()); |
| 1623 | 1623 |
| 1624 for (size_t i = 0; canonicalized_host[i]; i += canonicalized_host[i] + 1) { | 1624 for (size_t i = 0; canonicalized_host[i]; i += canonicalized_host[i] + 1) { |
| 1625 std::string host_sub_chunk(&canonicalized_host[i], | 1625 std::string host_sub_chunk(&canonicalized_host[i], |
| 1626 canonicalized_host.size() - i); | 1626 canonicalized_host.size() - i); |
| (...skipping 20 matching lines...) Expand all Loading... |
| 1647 | 1647 |
| 1648 break; | 1648 break; |
| 1649 } | 1649 } |
| 1650 } | 1650 } |
| 1651 | 1651 |
| 1652 return false; | 1652 return false; |
| 1653 } | 1653 } |
| 1654 | 1654 |
| 1655 bool TransportSecurityState::GetDynamicPKPState(const std::string& host, | 1655 bool TransportSecurityState::GetDynamicPKPState(const std::string& host, |
| 1656 PKPState* result) { | 1656 PKPState* result) { |
| 1657 DCHECK(CalledOnValidThread()); | 1657 DCHECK_CALLED_ON_VALID_SEQUENCE(sequence_checker_); |
| 1658 | 1658 |
| 1659 const std::string canonicalized_host = CanonicalizeHost(host); | 1659 const std::string canonicalized_host = CanonicalizeHost(host); |
| 1660 if (canonicalized_host.empty()) | 1660 if (canonicalized_host.empty()) |
| 1661 return false; | 1661 return false; |
| 1662 | 1662 |
| 1663 base::Time current_time(base::Time::Now()); | 1663 base::Time current_time(base::Time::Now()); |
| 1664 | 1664 |
| 1665 for (size_t i = 0; canonicalized_host[i]; i += canonicalized_host[i] + 1) { | 1665 for (size_t i = 0; canonicalized_host[i]; i += canonicalized_host[i] + 1) { |
| 1666 std::string host_sub_chunk(&canonicalized_host[i], | 1666 std::string host_sub_chunk(&canonicalized_host[i], |
| 1667 canonicalized_host.size() - i); | 1667 canonicalized_host.size() - i); |
| (...skipping 20 matching lines...) Expand all Loading... |
| 1688 | 1688 |
| 1689 break; | 1689 break; |
| 1690 } | 1690 } |
| 1691 } | 1691 } |
| 1692 | 1692 |
| 1693 return false; | 1693 return false; |
| 1694 } | 1694 } |
| 1695 | 1695 |
| 1696 bool TransportSecurityState::GetDynamicExpectCTState(const std::string& host, | 1696 bool TransportSecurityState::GetDynamicExpectCTState(const std::string& host, |
| 1697 ExpectCTState* result) { | 1697 ExpectCTState* result) { |
| 1698 DCHECK(CalledOnValidThread()); | 1698 DCHECK_CALLED_ON_VALID_SEQUENCE(sequence_checker_); |
| 1699 | 1699 |
| 1700 const std::string canonicalized_host = CanonicalizeHost(host); | 1700 const std::string canonicalized_host = CanonicalizeHost(host); |
| 1701 if (canonicalized_host.empty()) | 1701 if (canonicalized_host.empty()) |
| 1702 return false; | 1702 return false; |
| 1703 | 1703 |
| 1704 base::Time current_time(base::Time::Now()); | 1704 base::Time current_time(base::Time::Now()); |
| 1705 ExpectCTStateMap::iterator j = | 1705 ExpectCTStateMap::iterator j = |
| 1706 enabled_expect_ct_hosts_.find(HashHost(canonicalized_host)); | 1706 enabled_expect_ct_hosts_.find(HashHost(canonicalized_host)); |
| 1707 if (j == enabled_expect_ct_hosts_.end()) | 1707 if (j == enabled_expect_ct_hosts_.end()) |
| 1708 return false; | 1708 return false; |
| 1709 // If the entry is invalid, drop it. | 1709 // If the entry is invalid, drop it. |
| 1710 if (current_time > j->second.expiry) { | 1710 if (current_time > j->second.expiry) { |
| 1711 enabled_expect_ct_hosts_.erase(j); | 1711 enabled_expect_ct_hosts_.erase(j); |
| 1712 DirtyNotify(); | 1712 DirtyNotify(); |
| 1713 return false; | 1713 return false; |
| 1714 } | 1714 } |
| 1715 | 1715 |
| 1716 *result = j->second; | 1716 *result = j->second; |
| 1717 return true; | 1717 return true; |
| 1718 } | 1718 } |
| 1719 | 1719 |
| 1720 void TransportSecurityState::AddOrUpdateEnabledSTSHosts( | 1720 void TransportSecurityState::AddOrUpdateEnabledSTSHosts( |
| 1721 const std::string& hashed_host, | 1721 const std::string& hashed_host, |
| 1722 const STSState& state) { | 1722 const STSState& state) { |
| 1723 DCHECK(CalledOnValidThread()); | 1723 DCHECK_CALLED_ON_VALID_SEQUENCE(sequence_checker_); |
| 1724 DCHECK(state.ShouldUpgradeToSSL()); | 1724 DCHECK(state.ShouldUpgradeToSSL()); |
| 1725 enabled_sts_hosts_[hashed_host] = state; | 1725 enabled_sts_hosts_[hashed_host] = state; |
| 1726 } | 1726 } |
| 1727 | 1727 |
| 1728 void TransportSecurityState::AddOrUpdateEnabledPKPHosts( | 1728 void TransportSecurityState::AddOrUpdateEnabledPKPHosts( |
| 1729 const std::string& hashed_host, | 1729 const std::string& hashed_host, |
| 1730 const PKPState& state) { | 1730 const PKPState& state) { |
| 1731 DCHECK(CalledOnValidThread()); | 1731 DCHECK_CALLED_ON_VALID_SEQUENCE(sequence_checker_); |
| 1732 DCHECK(state.HasPublicKeyPins()); | 1732 DCHECK(state.HasPublicKeyPins()); |
| 1733 enabled_pkp_hosts_[hashed_host] = state; | 1733 enabled_pkp_hosts_[hashed_host] = state; |
| 1734 } | 1734 } |
| 1735 | 1735 |
| 1736 void TransportSecurityState::AddOrUpdateEnabledExpectCTHosts( | 1736 void TransportSecurityState::AddOrUpdateEnabledExpectCTHosts( |
| 1737 const std::string& hashed_host, | 1737 const std::string& hashed_host, |
| 1738 const ExpectCTState& state) { | 1738 const ExpectCTState& state) { |
| 1739 DCHECK(CalledOnValidThread()); | 1739 DCHECK_CALLED_ON_VALID_SEQUENCE(sequence_checker_); |
| 1740 DCHECK(state.enforce || !state.report_uri.is_empty()); | 1740 DCHECK(state.enforce || !state.report_uri.is_empty()); |
| 1741 enabled_expect_ct_hosts_[hashed_host] = state; | 1741 enabled_expect_ct_hosts_[hashed_host] = state; |
| 1742 } | 1742 } |
| 1743 | 1743 |
| 1744 TransportSecurityState::STSState::STSState() | 1744 TransportSecurityState::STSState::STSState() |
| 1745 : upgrade_mode(MODE_DEFAULT), include_subdomains(false) { | 1745 : upgrade_mode(MODE_DEFAULT), include_subdomains(false) { |
| 1746 } | 1746 } |
| 1747 | 1747 |
| 1748 TransportSecurityState::STSState::~STSState() { | 1748 TransportSecurityState::STSState::~STSState() { |
| 1749 } | 1749 } |
| (...skipping 20 matching lines...) Expand all Loading... |
| 1770 } | 1770 } |
| 1771 | 1771 |
| 1772 TransportSecurityState::ExpectCTState::ExpectCTState() : enforce(false) {} | 1772 TransportSecurityState::ExpectCTState::ExpectCTState() : enforce(false) {} |
| 1773 | 1773 |
| 1774 TransportSecurityState::ExpectCTState::~ExpectCTState() {} | 1774 TransportSecurityState::ExpectCTState::~ExpectCTState() {} |
| 1775 | 1775 |
| 1776 TransportSecurityState::ExpectCTStateIterator::ExpectCTStateIterator( | 1776 TransportSecurityState::ExpectCTStateIterator::ExpectCTStateIterator( |
| 1777 const TransportSecurityState& state) | 1777 const TransportSecurityState& state) |
| 1778 : iterator_(state.enabled_expect_ct_hosts_.begin()), | 1778 : iterator_(state.enabled_expect_ct_hosts_.begin()), |
| 1779 end_(state.enabled_expect_ct_hosts_.end()) { | 1779 end_(state.enabled_expect_ct_hosts_.end()) { |
| 1780 DCHECK(state.CalledOnValidThread()); | 1780 state.AssertCalledOnValidSequence(); |
| 1781 } | 1781 } |
| 1782 | 1782 |
| 1783 TransportSecurityState::ExpectCTStateIterator::~ExpectCTStateIterator() {} | 1783 TransportSecurityState::ExpectCTStateIterator::~ExpectCTStateIterator() {} |
| 1784 | 1784 |
| 1785 TransportSecurityState::ExpectStapleState::ExpectStapleState() | 1785 TransportSecurityState::ExpectStapleState::ExpectStapleState() |
| 1786 : include_subdomains(false) {} | 1786 : include_subdomains(false) {} |
| 1787 | 1787 |
| 1788 TransportSecurityState::ExpectStapleState::~ExpectStapleState() {} | 1788 TransportSecurityState::ExpectStapleState::~ExpectStapleState() {} |
| 1789 | 1789 |
| 1790 bool TransportSecurityState::PKPState::CheckPublicKeyPins( | 1790 bool TransportSecurityState::PKPState::CheckPublicKeyPins( |
| (...skipping 38 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 1829 TransportSecurityState::PKPStateIterator::PKPStateIterator( | 1829 TransportSecurityState::PKPStateIterator::PKPStateIterator( |
| 1830 const TransportSecurityState& state) | 1830 const TransportSecurityState& state) |
| 1831 : iterator_(state.enabled_pkp_hosts_.begin()), | 1831 : iterator_(state.enabled_pkp_hosts_.begin()), |
| 1832 end_(state.enabled_pkp_hosts_.end()) { | 1832 end_(state.enabled_pkp_hosts_.end()) { |
| 1833 } | 1833 } |
| 1834 | 1834 |
| 1835 TransportSecurityState::PKPStateIterator::~PKPStateIterator() { | 1835 TransportSecurityState::PKPStateIterator::~PKPStateIterator() { |
| 1836 } | 1836 } |
| 1837 | 1837 |
| 1838 } // namespace net | 1838 } // namespace net |
| OLD | NEW |
|---|
Chromium Code Reviews
Issue 2910473005:
Deprecate NonThreadSafe in net/ in favor of SequenceChecker/ThreadChecker. (Closed)
