| OLD | NEW |
|---|
| 1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. | 1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. |
| 2 // Use of this source code is governed by a BSD-style license that can be | 2 // Use of this source code is governed by a BSD-style license that can be |
| 3 // found in the LICENSE file. | 3 // found in the LICENSE file. |
| 4 | 4 |
| 5 #ifndef NET_HTTP_TRANSPORT_SECURITY_STATE_H_ | 5 #ifndef NET_HTTP_TRANSPORT_SECURITY_STATE_H_ |
| 6 #define NET_HTTP_TRANSPORT_SECURITY_STATE_H_ | 6 #define NET_HTTP_TRANSPORT_SECURITY_STATE_H_ |
| 7 | 7 |
| 8 #include <stdint.h> | 8 #include <stdint.h> |
| 9 | 9 |
| 10 #include <map> | 10 #include <map> |
| 11 #include <string> | 11 #include <string> |
| 12 | 12 |
| 13 #include "base/callback.h" | 13 #include "base/callback.h" |
| 14 #include "base/feature_list.h" | 14 #include "base/feature_list.h" |
| 15 #include "base/gtest_prod_util.h" | 15 #include "base/gtest_prod_util.h" |
| 16 #include "base/macros.h" | 16 #include "base/macros.h" |
| 17 #include "base/sequence_checker.h" |
| 17 #include "base/strings/string_piece.h" | 18 #include "base/strings/string_piece.h" |
| 18 #include "base/threading/non_thread_safe.h" | |
| 19 #include "base/time/time.h" | 19 #include "base/time/time.h" |
| 20 #include "net/base/expiring_cache.h" | 20 #include "net/base/expiring_cache.h" |
| 21 #include "net/base/hash_value.h" | 21 #include "net/base/hash_value.h" |
| 22 #include "net/base/net_export.h" | 22 #include "net/base/net_export.h" |
| 23 #include "net/cert/signed_certificate_timestamp_and_status.h" | 23 #include "net/cert/signed_certificate_timestamp_and_status.h" |
| 24 #include "net/http/transport_security_state_source.h" | 24 #include "net/http/transport_security_state_source.h" |
| 25 #include "url/gurl.h" | 25 #include "url/gurl.h" |
| 26 | 26 |
| 27 namespace net { | 27 namespace net { |
| 28 | 28 |
| (...skipping 11 matching lines...) Expand all Loading... |
| 40 // Tracks which hosts have enabled strict transport security and/or public | 40 // Tracks which hosts have enabled strict transport security and/or public |
| 41 // key pins. | 41 // key pins. |
| 42 // | 42 // |
| 43 // This object manages the in-memory store. Register a Delegate with | 43 // This object manages the in-memory store. Register a Delegate with |
| 44 // |SetDelegate| to persist the state to disk. | 44 // |SetDelegate| to persist the state to disk. |
| 45 // | 45 // |
| 46 // HTTP strict transport security (HSTS) is defined in | 46 // HTTP strict transport security (HSTS) is defined in |
| 47 // http://tools.ietf.org/html/ietf-websec-strict-transport-sec, and | 47 // http://tools.ietf.org/html/ietf-websec-strict-transport-sec, and |
| 48 // HTTP-based dynamic public key pinning (HPKP) is defined in | 48 // HTTP-based dynamic public key pinning (HPKP) is defined in |
| 49 // http://tools.ietf.org/html/ietf-websec-key-pinning. | 49 // http://tools.ietf.org/html/ietf-websec-key-pinning. |
| 50 class NET_EXPORT TransportSecurityState | 50 class NET_EXPORT TransportSecurityState { |
| 51 : NON_EXPORTED_BASE(public base::NonThreadSafe) { | |
| 52 public: | 51 public: |
| 53 class NET_EXPORT Delegate { | 52 class NET_EXPORT Delegate { |
| 54 public: | 53 public: |
| 55 // This function may not block and may be called with internal locks held. | 54 // This function may not block and may be called with internal locks held. |
| 56 // Thus it must not reenter the TransportSecurityState object. | 55 // Thus it must not reenter the TransportSecurityState object. |
| 57 virtual void StateIsDirty(TransportSecurityState* state) = 0; | 56 virtual void StateIsDirty(TransportSecurityState* state) = 0; |
| 58 | 57 |
| 59 protected: | 58 protected: |
| 60 virtual ~Delegate() {} | 59 virtual ~Delegate() {} |
| 61 }; | 60 }; |
| (...skipping 497 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 559 // SetExpectCTReporter). | 558 // SetExpectCTReporter). |
| 560 // | 559 // |
| 561 // The header can also have the value "preload", indicating that the site | 560 // The header can also have the value "preload", indicating that the site |
| 562 // wants to opt-in to the static report-only version of Expect-CT. If the | 561 // wants to opt-in to the static report-only version of Expect-CT. If the |
| 563 // given host is present on the preload list and the build is timely and the | 562 // given host is present on the preload list and the build is timely and the |
| 564 // connection is not CT-compliant, then a report will be sent. | 563 // connection is not CT-compliant, then a report will be sent. |
| 565 void ProcessExpectCTHeader(const std::string& value, | 564 void ProcessExpectCTHeader(const std::string& value, |
| 566 const HostPortPair& host_port_pair, | 565 const HostPortPair& host_port_pair, |
| 567 const SSLInfo& ssl_info); | 566 const SSLInfo& ssl_info); |
| 568 | 567 |
| 568 void AssertCalledOnValidSequence() const { |
| 569 DCHECK_CALLED_ON_VALID_SEQUENCE(sequence_checker_); |
| 570 } |
| 571 |
| 569 // For unit tests only. Causes CheckCTRequirements() to return | 572 // For unit tests only. Causes CheckCTRequirements() to return |
| 570 // CT_REQUIREMENTS_NOT_MET (if |*required| is true) or CT_REQUIREMENTS_MET (if | 573 // CT_REQUIREMENTS_NOT_MET (if |*required| is true) or CT_REQUIREMENTS_MET (if |
| 571 // |*required| is false) for non-compliant connections by default (that is, | 574 // |*required| is false) for non-compliant connections by default (that is, |
| 572 // unless a RequireCTDelegate overrides). Set to nullptr to reset. | 575 // unless a RequireCTDelegate overrides). Set to nullptr to reset. |
| 573 static void SetShouldRequireCTForTesting(bool* required); | 576 static void SetShouldRequireCTForTesting(bool* required); |
| 574 | 577 |
| 575 private: | 578 private: |
| 576 friend class TransportSecurityStateTest; | 579 friend class TransportSecurityStateTest; |
| 577 friend class TransportSecurityStateStaticFuzzer; | 580 friend class TransportSecurityStateStaticFuzzer; |
| 578 FRIEND_TEST_ALL_PREFIXES(HttpSecurityHeadersTest, UpdateDynamicPKPOnly); | 581 FRIEND_TEST_ALL_PREFIXES(HttpSecurityHeadersTest, UpdateDynamicPKPOnly); |
| (...skipping 110 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 689 | 692 |
| 690 ExpectCTReporter* expect_ct_reporter_ = nullptr; | 693 ExpectCTReporter* expect_ct_reporter_ = nullptr; |
| 691 | 694 |
| 692 RequireCTDelegate* require_ct_delegate_ = nullptr; | 695 RequireCTDelegate* require_ct_delegate_ = nullptr; |
| 693 | 696 |
| 694 // Keeps track of reports that have been sent recently for | 697 // Keeps track of reports that have been sent recently for |
| 695 // rate-limiting. | 698 // rate-limiting. |
| 696 ExpiringCache<std::string, bool, base::TimeTicks, std::less<base::TimeTicks>> | 699 ExpiringCache<std::string, bool, base::TimeTicks, std::less<base::TimeTicks>> |
| 697 sent_reports_cache_; | 700 sent_reports_cache_; |
| 698 | 701 |
| 702 SEQUENCE_CHECKER(sequence_checker_); |
| 703 |
| 699 DISALLOW_COPY_AND_ASSIGN(TransportSecurityState); | 704 DISALLOW_COPY_AND_ASSIGN(TransportSecurityState); |
| 700 }; | 705 }; |
| 701 | 706 |
| 702 } // namespace net | 707 } // namespace net |
| 703 | 708 |
| 704 #endif // NET_HTTP_TRANSPORT_SECURITY_STATE_H_ | 709 #endif // NET_HTTP_TRANSPORT_SECURITY_STATE_H_ |
| OLD | NEW |
|---|
Chromium Code Reviews
Issue 2910473005:
Deprecate NonThreadSafe in net/ in favor of SequenceChecker/ThreadChecker. (Closed)
