| OLD | NEW |
|---|
| 1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. | 1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. |
| 2 // Use of this source code is governed by a BSD-style license that can be | 2 // Use of this source code is governed by a BSD-style license that can be |
| 3 // found in the LICENSE file. | 3 // found in the LICENSE file. |
| 4 | 4 |
| 5 #include "net/http/transport_security_state.h" | 5 #include "net/http/transport_security_state.h" |
| 6 | 6 |
| 7 #include <algorithm> | 7 #include <algorithm> |
| 8 #include <memory> | 8 #include <memory> |
| 9 #include <utility> | 9 #include <utility> |
| 10 #include <vector> | 10 #include <vector> |
| (...skipping 733 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 744 enable_static_expect_staple_(true), | 744 enable_static_expect_staple_(true), |
| 745 enable_pkp_bypass_for_local_trust_anchors_(true), | 745 enable_pkp_bypass_for_local_trust_anchors_(true), |
| 746 sent_hpkp_reports_cache_(kMaxReportCacheEntries), | 746 sent_hpkp_reports_cache_(kMaxReportCacheEntries), |
| 747 sent_expect_ct_reports_cache_(kMaxReportCacheEntries) { | 747 sent_expect_ct_reports_cache_(kMaxReportCacheEntries) { |
| 748 // Static pinning is only enabled for official builds to make sure that | 748 // Static pinning is only enabled for official builds to make sure that |
| 749 // others don't end up with pins that cannot be easily updated. | 749 // others don't end up with pins that cannot be easily updated. |
| 750 #if !defined(GOOGLE_CHROME_BUILD) || defined(OS_ANDROID) || defined(OS_IOS) | 750 #if !defined(GOOGLE_CHROME_BUILD) || defined(OS_ANDROID) || defined(OS_IOS) |
| 751 enable_static_pins_ = false; | 751 enable_static_pins_ = false; |
| 752 enable_static_expect_ct_ = false; | 752 enable_static_expect_ct_ = false; |
| 753 #endif | 753 #endif |
| 754 DCHECK(CalledOnValidThread()); | 754 DCHECK_CALLED_ON_VALID_THREAD(thread_checker_); |
| 755 } | 755 } |
| 756 | 756 |
| 757 // Both HSTS and HPKP cause fatal SSL errors, so return true if a | 757 // Both HSTS and HPKP cause fatal SSL errors, so return true if a |
| 758 // host has either. | 758 // host has either. |
| 759 bool TransportSecurityState::ShouldSSLErrorsBeFatal(const std::string& host) { | 759 bool TransportSecurityState::ShouldSSLErrorsBeFatal(const std::string& host) { |
| 760 STSState sts_state; | 760 STSState sts_state; |
| 761 PKPState pkp_state; | 761 PKPState pkp_state; |
| 762 if (GetStaticDomainState(host, &sts_state, &pkp_state)) | 762 if (GetStaticDomainState(host, &sts_state, &pkp_state)) |
| 763 return true; | 763 return true; |
| 764 if (GetDynamicSTSState(host, &sts_state)) | 764 if (GetDynamicSTSState(host, &sts_state)) |
| (...skipping 41 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 806 | 806 |
| 807 UMA_HISTOGRAM_BOOLEAN("Net.PublicKeyPinSuccess", | 807 UMA_HISTOGRAM_BOOLEAN("Net.PublicKeyPinSuccess", |
| 808 pin_validity == PKPStatus::OK); | 808 pin_validity == PKPStatus::OK); |
| 809 return pin_validity; | 809 return pin_validity; |
| 810 } | 810 } |
| 811 | 811 |
| 812 void TransportSecurityState::CheckExpectStaple( | 812 void TransportSecurityState::CheckExpectStaple( |
| 813 const HostPortPair& host_port_pair, | 813 const HostPortPair& host_port_pair, |
| 814 const SSLInfo& ssl_info, | 814 const SSLInfo& ssl_info, |
| 815 base::StringPiece ocsp_response) { | 815 base::StringPiece ocsp_response) { |
| 816 DCHECK(CalledOnValidThread()); | 816 DCHECK_CALLED_ON_VALID_THREAD(thread_checker_); |
| 817 if (!enable_static_expect_staple_ || !report_sender_ || | 817 if (!enable_static_expect_staple_ || !report_sender_ || |
| 818 !ssl_info.is_issued_by_known_root) { | 818 !ssl_info.is_issued_by_known_root) { |
| 819 return; | 819 return; |
| 820 } | 820 } |
| 821 | 821 |
| 822 // Determine if the host is on the Expect-Staple preload list. If the build is | 822 // Determine if the host is on the Expect-Staple preload list. If the build is |
| 823 // not timely (i.e. the preload list is not fresh), this will fail and return | 823 // not timely (i.e. the preload list is not fresh), this will fail and return |
| 824 // false. | 824 // false. |
| 825 ExpectStapleState expect_staple_state; | 825 ExpectStapleState expect_staple_state; |
| 826 if (!GetStaticExpectStapleState(host_port_pair.host(), &expect_staple_state)) | 826 if (!GetStaticExpectStapleState(host_port_pair.host(), &expect_staple_state)) |
| (...skipping 142 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 969 // No exception found. This certificate must conform to the CT policy. | 969 // No exception found. This certificate must conform to the CT policy. |
| 970 return CT_REQUIREMENTS_NOT_MET; | 970 return CT_REQUIREMENTS_NOT_MET; |
| 971 } | 971 } |
| 972 } | 972 } |
| 973 | 973 |
| 974 return default_response; | 974 return default_response; |
| 975 } | 975 } |
| 976 | 976 |
| 977 void TransportSecurityState::SetDelegate( | 977 void TransportSecurityState::SetDelegate( |
| 978 TransportSecurityState::Delegate* delegate) { | 978 TransportSecurityState::Delegate* delegate) { |
| 979 DCHECK(CalledOnValidThread()); | 979 DCHECK_CALLED_ON_VALID_THREAD(thread_checker_); |
| 980 delegate_ = delegate; | 980 delegate_ = delegate; |
| 981 } | 981 } |
| 982 | 982 |
| 983 void TransportSecurityState::SetReportSender( | 983 void TransportSecurityState::SetReportSender( |
| 984 TransportSecurityState::ReportSenderInterface* report_sender) { | 984 TransportSecurityState::ReportSenderInterface* report_sender) { |
| 985 DCHECK(CalledOnValidThread()); | 985 DCHECK_CALLED_ON_VALID_THREAD(thread_checker_); |
| 986 report_sender_ = report_sender; | 986 report_sender_ = report_sender; |
| 987 } | 987 } |
| 988 | 988 |
| 989 void TransportSecurityState::SetExpectCTReporter( | 989 void TransportSecurityState::SetExpectCTReporter( |
| 990 ExpectCTReporter* expect_ct_reporter) { | 990 ExpectCTReporter* expect_ct_reporter) { |
| 991 DCHECK(CalledOnValidThread()); | 991 DCHECK_CALLED_ON_VALID_THREAD(thread_checker_); |
| 992 expect_ct_reporter_ = expect_ct_reporter; | 992 expect_ct_reporter_ = expect_ct_reporter; |
| 993 } | 993 } |
| 994 | 994 |
| 995 void TransportSecurityState::SetRequireCTDelegate(RequireCTDelegate* delegate) { | 995 void TransportSecurityState::SetRequireCTDelegate(RequireCTDelegate* delegate) { |
| 996 DCHECK(CalledOnValidThread()); | 996 DCHECK_CALLED_ON_VALID_THREAD(thread_checker_); |
| 997 require_ct_delegate_ = delegate; | 997 require_ct_delegate_ = delegate; |
| 998 } | 998 } |
| 999 | 999 |
| 1000 void TransportSecurityState::AddHSTSInternal( | 1000 void TransportSecurityState::AddHSTSInternal( |
| 1001 const std::string& host, | 1001 const std::string& host, |
| 1002 TransportSecurityState::STSState::UpgradeMode upgrade_mode, | 1002 TransportSecurityState::STSState::UpgradeMode upgrade_mode, |
| 1003 const base::Time& expiry, | 1003 const base::Time& expiry, |
| 1004 bool include_subdomains) { | 1004 bool include_subdomains) { |
| 1005 DCHECK(CalledOnValidThread()); | 1005 DCHECK_CALLED_ON_VALID_THREAD(thread_checker_); |
| 1006 | 1006 |
| 1007 STSState sts_state; | 1007 STSState sts_state; |
| 1008 sts_state.last_observed = base::Time::Now(); | 1008 sts_state.last_observed = base::Time::Now(); |
| 1009 sts_state.include_subdomains = include_subdomains; | 1009 sts_state.include_subdomains = include_subdomains; |
| 1010 sts_state.expiry = expiry; | 1010 sts_state.expiry = expiry; |
| 1011 sts_state.upgrade_mode = upgrade_mode; | 1011 sts_state.upgrade_mode = upgrade_mode; |
| 1012 | 1012 |
| 1013 EnableSTSHost(host, sts_state); | 1013 EnableSTSHost(host, sts_state); |
| 1014 } | 1014 } |
| 1015 | 1015 |
| 1016 void TransportSecurityState::AddHPKPInternal(const std::string& host, | 1016 void TransportSecurityState::AddHPKPInternal(const std::string& host, |
| 1017 const base::Time& last_observed, | 1017 const base::Time& last_observed, |
| 1018 const base::Time& expiry, | 1018 const base::Time& expiry, |
| 1019 bool include_subdomains, | 1019 bool include_subdomains, |
| 1020 const HashValueVector& hashes, | 1020 const HashValueVector& hashes, |
| 1021 const GURL& report_uri) { | 1021 const GURL& report_uri) { |
| 1022 DCHECK(CalledOnValidThread()); | 1022 DCHECK_CALLED_ON_VALID_THREAD(thread_checker_); |
| 1023 | 1023 |
| 1024 PKPState pkp_state; | 1024 PKPState pkp_state; |
| 1025 pkp_state.last_observed = last_observed; | 1025 pkp_state.last_observed = last_observed; |
| 1026 pkp_state.expiry = expiry; | 1026 pkp_state.expiry = expiry; |
| 1027 pkp_state.include_subdomains = include_subdomains; | 1027 pkp_state.include_subdomains = include_subdomains; |
| 1028 pkp_state.spki_hashes = hashes; | 1028 pkp_state.spki_hashes = hashes; |
| 1029 pkp_state.report_uri = report_uri; | 1029 pkp_state.report_uri = report_uri; |
| 1030 | 1030 |
| 1031 EnablePKPHost(host, pkp_state); | 1031 EnablePKPHost(host, pkp_state); |
| 1032 } | 1032 } |
| 1033 | 1033 |
| 1034 void TransportSecurityState::AddExpectCTInternal( | 1034 void TransportSecurityState::AddExpectCTInternal( |
| 1035 const std::string& host, | 1035 const std::string& host, |
| 1036 const base::Time& last_observed, | 1036 const base::Time& last_observed, |
| 1037 const base::Time& expiry, | 1037 const base::Time& expiry, |
| 1038 bool enforce, | 1038 bool enforce, |
| 1039 const GURL& report_uri) { | 1039 const GURL& report_uri) { |
| 1040 DCHECK(CalledOnValidThread()); | 1040 DCHECK_CALLED_ON_VALID_THREAD(thread_checker_); |
| 1041 | 1041 |
| 1042 ExpectCTState expect_ct_state; | 1042 ExpectCTState expect_ct_state; |
| 1043 expect_ct_state.last_observed = last_observed; | 1043 expect_ct_state.last_observed = last_observed; |
| 1044 expect_ct_state.expiry = expiry; | 1044 expect_ct_state.expiry = expiry; |
| 1045 expect_ct_state.enforce = enforce; | 1045 expect_ct_state.enforce = enforce; |
| 1046 expect_ct_state.report_uri = report_uri; | 1046 expect_ct_state.report_uri = report_uri; |
| 1047 | 1047 |
| 1048 EnableExpectCTHost(host, expect_ct_state); | 1048 EnableExpectCTHost(host, expect_ct_state); |
| 1049 } | 1049 } |
| 1050 | 1050 |
| 1051 void TransportSecurityState:: | 1051 void TransportSecurityState:: |
| 1052 SetEnablePublicKeyPinningBypassForLocalTrustAnchors(bool value) { | 1052 SetEnablePublicKeyPinningBypassForLocalTrustAnchors(bool value) { |
| 1053 enable_pkp_bypass_for_local_trust_anchors_ = value; | 1053 enable_pkp_bypass_for_local_trust_anchors_ = value; |
| 1054 } | 1054 } |
| 1055 | 1055 |
| 1056 void TransportSecurityState::EnableSTSHost(const std::string& host, | 1056 void TransportSecurityState::EnableSTSHost(const std::string& host, |
| 1057 const STSState& state) { | 1057 const STSState& state) { |
| 1058 DCHECK(CalledOnValidThread()); | 1058 DCHECK_CALLED_ON_VALID_THREAD(thread_checker_); |
| 1059 | 1059 |
| 1060 const std::string canonicalized_host = CanonicalizeHost(host); | 1060 const std::string canonicalized_host = CanonicalizeHost(host); |
| 1061 if (canonicalized_host.empty()) | 1061 if (canonicalized_host.empty()) |
| 1062 return; | 1062 return; |
| 1063 | 1063 |
| 1064 // Only store new state when HSTS is explicitly enabled. If it is | 1064 // Only store new state when HSTS is explicitly enabled. If it is |
| 1065 // disabled, remove the state from the enabled hosts. | 1065 // disabled, remove the state from the enabled hosts. |
| 1066 if (state.ShouldUpgradeToSSL()) { | 1066 if (state.ShouldUpgradeToSSL()) { |
| 1067 STSState sts_state(state); | 1067 STSState sts_state(state); |
| 1068 // No need to store this value since it is redundant. (|canonicalized_host| | 1068 // No need to store this value since it is redundant. (|canonicalized_host| |
| 1069 // is the map key.) | 1069 // is the map key.) |
| 1070 sts_state.domain.clear(); | 1070 sts_state.domain.clear(); |
| 1071 | 1071 |
| 1072 enabled_sts_hosts_[HashHost(canonicalized_host)] = sts_state; | 1072 enabled_sts_hosts_[HashHost(canonicalized_host)] = sts_state; |
| 1073 } else { | 1073 } else { |
| 1074 const std::string hashed_host = HashHost(canonicalized_host); | 1074 const std::string hashed_host = HashHost(canonicalized_host); |
| 1075 enabled_sts_hosts_.erase(hashed_host); | 1075 enabled_sts_hosts_.erase(hashed_host); |
| 1076 } | 1076 } |
| 1077 | 1077 |
| 1078 DirtyNotify(); | 1078 DirtyNotify(); |
| 1079 } | 1079 } |
| 1080 | 1080 |
| 1081 void TransportSecurityState::EnablePKPHost(const std::string& host, | 1081 void TransportSecurityState::EnablePKPHost(const std::string& host, |
| 1082 const PKPState& state) { | 1082 const PKPState& state) { |
| 1083 DCHECK(CalledOnValidThread()); | 1083 DCHECK_CALLED_ON_VALID_THREAD(thread_checker_); |
| 1084 | 1084 |
| 1085 const std::string canonicalized_host = CanonicalizeHost(host); | 1085 const std::string canonicalized_host = CanonicalizeHost(host); |
| 1086 if (canonicalized_host.empty()) | 1086 if (canonicalized_host.empty()) |
| 1087 return; | 1087 return; |
| 1088 | 1088 |
| 1089 // Only store new state when HPKP is explicitly enabled. If it is | 1089 // Only store new state when HPKP is explicitly enabled. If it is |
| 1090 // disabled, remove the state from the enabled hosts. | 1090 // disabled, remove the state from the enabled hosts. |
| 1091 if (state.HasPublicKeyPins()) { | 1091 if (state.HasPublicKeyPins()) { |
| 1092 PKPState pkp_state(state); | 1092 PKPState pkp_state(state); |
| 1093 // No need to store this value since it is redundant. (|canonicalized_host| | 1093 // No need to store this value since it is redundant. (|canonicalized_host| |
| 1094 // is the map key.) | 1094 // is the map key.) |
| 1095 pkp_state.domain.clear(); | 1095 pkp_state.domain.clear(); |
| 1096 | 1096 |
| 1097 enabled_pkp_hosts_[HashHost(canonicalized_host)] = pkp_state; | 1097 enabled_pkp_hosts_[HashHost(canonicalized_host)] = pkp_state; |
| 1098 } else { | 1098 } else { |
| 1099 const std::string hashed_host = HashHost(canonicalized_host); | 1099 const std::string hashed_host = HashHost(canonicalized_host); |
| 1100 enabled_pkp_hosts_.erase(hashed_host); | 1100 enabled_pkp_hosts_.erase(hashed_host); |
| 1101 } | 1101 } |
| 1102 | 1102 |
| 1103 DirtyNotify(); | 1103 DirtyNotify(); |
| 1104 } | 1104 } |
| 1105 | 1105 |
| 1106 void TransportSecurityState::EnableExpectCTHost(const std::string& host, | 1106 void TransportSecurityState::EnableExpectCTHost(const std::string& host, |
| 1107 const ExpectCTState& state) { | 1107 const ExpectCTState& state) { |
| 1108 DCHECK(CalledOnValidThread()); | 1108 DCHECK_CALLED_ON_VALID_THREAD(thread_checker_); |
| 1109 if (!IsDynamicExpectCTEnabled()) | 1109 if (!IsDynamicExpectCTEnabled()) |
| 1110 return; | 1110 return; |
| 1111 | 1111 |
| 1112 const std::string canonicalized_host = CanonicalizeHost(host); | 1112 const std::string canonicalized_host = CanonicalizeHost(host); |
| 1113 if (canonicalized_host.empty()) | 1113 if (canonicalized_host.empty()) |
| 1114 return; | 1114 return; |
| 1115 | 1115 |
| 1116 // Only store new state when Expect-CT is explicitly enabled. If it is | 1116 // Only store new state when Expect-CT is explicitly enabled. If it is |
| 1117 // disabled, remove the state from the enabled hosts. | 1117 // disabled, remove the state from the enabled hosts. |
| 1118 if (state.enforce || !state.report_uri.is_empty()) { | 1118 if (state.enforce || !state.report_uri.is_empty()) { |
| (...skipping 62 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 1181 | 1181 |
| 1182 report_sender_->Send(pkp_state.report_uri, "application/json; charset=utf-8", | 1182 report_sender_->Send(pkp_state.report_uri, "application/json; charset=utf-8", |
| 1183 serialized_report, base::Callback<void()>(), | 1183 serialized_report, base::Callback<void()>(), |
| 1184 base::Bind(RecordUMAForHPKPReportFailure)); | 1184 base::Bind(RecordUMAForHPKPReportFailure)); |
| 1185 return PKPStatus::VIOLATED; | 1185 return PKPStatus::VIOLATED; |
| 1186 } | 1186 } |
| 1187 | 1187 |
| 1188 bool TransportSecurityState::GetStaticExpectCTState( | 1188 bool TransportSecurityState::GetStaticExpectCTState( |
| 1189 const std::string& host, | 1189 const std::string& host, |
| 1190 ExpectCTState* expect_ct_state) const { | 1190 ExpectCTState* expect_ct_state) const { |
| 1191 DCHECK(CalledOnValidThread()); | 1191 DCHECK_CALLED_ON_VALID_THREAD(thread_checker_); |
| 1192 | 1192 |
| 1193 if (!IsBuildTimely()) | 1193 if (!IsBuildTimely()) |
| 1194 return false; | 1194 return false; |
| 1195 | 1195 |
| 1196 PreloadResult result; | 1196 PreloadResult result; |
| 1197 if (!DecodeHSTSPreload(host, &result)) | 1197 if (!DecodeHSTSPreload(host, &result)) |
| 1198 return false; | 1198 return false; |
| 1199 | 1199 |
| 1200 if (!enable_static_expect_ct_ || !result.expect_ct) | 1200 if (!enable_static_expect_ct_ || !result.expect_ct) |
| 1201 return false; | 1201 return false; |
| (...skipping 27 matching lines...) Expand all Loading... |
| 1229 base::TimeDelta::FromMinutes(kTimeToRememberReportsMins)); | 1229 base::TimeDelta::FromMinutes(kTimeToRememberReportsMins)); |
| 1230 | 1230 |
| 1231 expect_ct_reporter_->OnExpectCTFailed( | 1231 expect_ct_reporter_->OnExpectCTFailed( |
| 1232 host_port_pair, report_uri, validated_certificate_chain, | 1232 host_port_pair, report_uri, validated_certificate_chain, |
| 1233 served_certificate_chain, signed_certificate_timestamps); | 1233 served_certificate_chain, signed_certificate_timestamps); |
| 1234 } | 1234 } |
| 1235 | 1235 |
| 1236 bool TransportSecurityState::GetStaticExpectStapleState( | 1236 bool TransportSecurityState::GetStaticExpectStapleState( |
| 1237 const std::string& host, | 1237 const std::string& host, |
| 1238 ExpectStapleState* expect_staple_state) const { | 1238 ExpectStapleState* expect_staple_state) const { |
| 1239 DCHECK(CalledOnValidThread()); | 1239 DCHECK_CALLED_ON_VALID_THREAD(thread_checker_); |
| 1240 | 1240 |
| 1241 if (!IsBuildTimely()) | 1241 if (!IsBuildTimely()) |
| 1242 return false; | 1242 return false; |
| 1243 | 1243 |
| 1244 PreloadResult result; | 1244 PreloadResult result; |
| 1245 if (!DecodeHSTSPreload(host, &result)) | 1245 if (!DecodeHSTSPreload(host, &result)) |
| 1246 return false; | 1246 return false; |
| 1247 | 1247 |
| 1248 if (!enable_static_expect_staple_ || !result.expect_staple) | 1248 if (!enable_static_expect_staple_ || !result.expect_staple) |
| 1249 return false; | 1249 return false; |
| 1250 | 1250 |
| 1251 expect_staple_state->domain = host.substr(result.hostname_offset); | 1251 expect_staple_state->domain = host.substr(result.hostname_offset); |
| 1252 expect_staple_state->include_subdomains = | 1252 expect_staple_state->include_subdomains = |
| 1253 result.expect_staple_include_subdomains; | 1253 result.expect_staple_include_subdomains; |
| 1254 expect_staple_state->report_uri = | 1254 expect_staple_state->report_uri = |
| 1255 GURL(g_hsts_source | 1255 GURL(g_hsts_source |
| 1256 ->expect_staple_report_uris[result.expect_staple_report_uri_id]); | 1256 ->expect_staple_report_uris[result.expect_staple_report_uri_id]); |
| 1257 return true; | 1257 return true; |
| 1258 } | 1258 } |
| 1259 | 1259 |
| 1260 bool TransportSecurityState::DeleteDynamicDataForHost(const std::string& host) { | 1260 bool TransportSecurityState::DeleteDynamicDataForHost(const std::string& host) { |
| 1261 DCHECK(CalledOnValidThread()); | 1261 DCHECK_CALLED_ON_VALID_THREAD(thread_checker_); |
| 1262 | 1262 |
| 1263 const std::string canonicalized_host = CanonicalizeHost(host); | 1263 const std::string canonicalized_host = CanonicalizeHost(host); |
| 1264 if (canonicalized_host.empty()) | 1264 if (canonicalized_host.empty()) |
| 1265 return false; | 1265 return false; |
| 1266 | 1266 |
| 1267 const std::string hashed_host = HashHost(canonicalized_host); | 1267 const std::string hashed_host = HashHost(canonicalized_host); |
| 1268 bool deleted = false; | 1268 bool deleted = false; |
| 1269 STSStateMap::iterator sts_interator = enabled_sts_hosts_.find(hashed_host); | 1269 STSStateMap::iterator sts_interator = enabled_sts_hosts_.find(hashed_host); |
| 1270 if (sts_interator != enabled_sts_hosts_.end()) { | 1270 if (sts_interator != enabled_sts_hosts_.end()) { |
| 1271 enabled_sts_hosts_.erase(sts_interator); | 1271 enabled_sts_hosts_.erase(sts_interator); |
| (...skipping 12 matching lines...) Expand all Loading... |
| 1284 enabled_expect_ct_hosts_.erase(expect_ct_iterator); | 1284 enabled_expect_ct_hosts_.erase(expect_ct_iterator); |
| 1285 deleted = true; | 1285 deleted = true; |
| 1286 } | 1286 } |
| 1287 | 1287 |
| 1288 if (deleted) | 1288 if (deleted) |
| 1289 DirtyNotify(); | 1289 DirtyNotify(); |
| 1290 return deleted; | 1290 return deleted; |
| 1291 } | 1291 } |
| 1292 | 1292 |
| 1293 void TransportSecurityState::ClearDynamicData() { | 1293 void TransportSecurityState::ClearDynamicData() { |
| 1294 DCHECK(CalledOnValidThread()); | 1294 DCHECK_CALLED_ON_VALID_THREAD(thread_checker_); |
| 1295 enabled_sts_hosts_.clear(); | 1295 enabled_sts_hosts_.clear(); |
| 1296 enabled_pkp_hosts_.clear(); | 1296 enabled_pkp_hosts_.clear(); |
| 1297 enabled_expect_ct_hosts_.clear(); | 1297 enabled_expect_ct_hosts_.clear(); |
| 1298 } | 1298 } |
| 1299 | 1299 |
| 1300 void TransportSecurityState::DeleteAllDynamicDataSince(const base::Time& time) { | 1300 void TransportSecurityState::DeleteAllDynamicDataSince(const base::Time& time) { |
| 1301 DCHECK(CalledOnValidThread()); | 1301 DCHECK_CALLED_ON_VALID_THREAD(thread_checker_); |
| 1302 | 1302 |
| 1303 bool dirtied = false; | 1303 bool dirtied = false; |
| 1304 STSStateMap::iterator sts_iterator = enabled_sts_hosts_.begin(); | 1304 STSStateMap::iterator sts_iterator = enabled_sts_hosts_.begin(); |
| 1305 while (sts_iterator != enabled_sts_hosts_.end()) { | 1305 while (sts_iterator != enabled_sts_hosts_.end()) { |
| 1306 if (sts_iterator->second.last_observed >= time) { | 1306 if (sts_iterator->second.last_observed >= time) { |
| 1307 dirtied = true; | 1307 dirtied = true; |
| 1308 enabled_sts_hosts_.erase(sts_iterator++); | 1308 enabled_sts_hosts_.erase(sts_iterator++); |
| 1309 continue; | 1309 continue; |
| 1310 } | 1310 } |
| 1311 | 1311 |
| (...skipping 21 matching lines...) Expand all Loading... |
| 1333 } | 1333 } |
| 1334 | 1334 |
| 1335 ++expect_ct_iterator; | 1335 ++expect_ct_iterator; |
| 1336 } | 1336 } |
| 1337 | 1337 |
| 1338 if (dirtied) | 1338 if (dirtied) |
| 1339 DirtyNotify(); | 1339 DirtyNotify(); |
| 1340 } | 1340 } |
| 1341 | 1341 |
| 1342 TransportSecurityState::~TransportSecurityState() { | 1342 TransportSecurityState::~TransportSecurityState() { |
| 1343 DCHECK(CalledOnValidThread()); | 1343 DCHECK_CALLED_ON_VALID_THREAD(thread_checker_); |
| 1344 } | 1344 } |
| 1345 | 1345 |
| 1346 void TransportSecurityState::DirtyNotify() { | 1346 void TransportSecurityState::DirtyNotify() { |
| 1347 DCHECK(CalledOnValidThread()); | 1347 DCHECK_CALLED_ON_VALID_THREAD(thread_checker_); |
| 1348 | 1348 |
| 1349 if (delegate_) | 1349 if (delegate_) |
| 1350 delegate_->StateIsDirty(this); | 1350 delegate_->StateIsDirty(this); |
| 1351 } | 1351 } |
| 1352 | 1352 |
| 1353 bool TransportSecurityState::AddHSTSHeader(const std::string& host, | 1353 bool TransportSecurityState::AddHSTSHeader(const std::string& host, |
| 1354 const std::string& value) { | 1354 const std::string& value) { |
| 1355 DCHECK(CalledOnValidThread()); | 1355 DCHECK_CALLED_ON_VALID_THREAD(thread_checker_); |
| 1356 | 1356 |
| 1357 base::Time now = base::Time::Now(); | 1357 base::Time now = base::Time::Now(); |
| 1358 base::TimeDelta max_age; | 1358 base::TimeDelta max_age; |
| 1359 bool include_subdomains; | 1359 bool include_subdomains; |
| 1360 if (!ParseHSTSHeader(value, &max_age, &include_subdomains)) { | 1360 if (!ParseHSTSHeader(value, &max_age, &include_subdomains)) { |
| 1361 return false; | 1361 return false; |
| 1362 } | 1362 } |
| 1363 | 1363 |
| 1364 // Handle max-age == 0. | 1364 // Handle max-age == 0. |
| 1365 STSState::UpgradeMode upgrade_mode; | 1365 STSState::UpgradeMode upgrade_mode; |
| 1366 if (max_age.InSeconds() == 0) { | 1366 if (max_age.InSeconds() == 0) { |
| 1367 upgrade_mode = STSState::MODE_DEFAULT; | 1367 upgrade_mode = STSState::MODE_DEFAULT; |
| 1368 } else { | 1368 } else { |
| 1369 upgrade_mode = STSState::MODE_FORCE_HTTPS; | 1369 upgrade_mode = STSState::MODE_FORCE_HTTPS; |
| 1370 } | 1370 } |
| 1371 | 1371 |
| 1372 AddHSTSInternal(host, upgrade_mode, now + max_age, include_subdomains); | 1372 AddHSTSInternal(host, upgrade_mode, now + max_age, include_subdomains); |
| 1373 return true; | 1373 return true; |
| 1374 } | 1374 } |
| 1375 | 1375 |
| 1376 bool TransportSecurityState::AddHPKPHeader(const std::string& host, | 1376 bool TransportSecurityState::AddHPKPHeader(const std::string& host, |
| 1377 const std::string& value, | 1377 const std::string& value, |
| 1378 const SSLInfo& ssl_info) { | 1378 const SSLInfo& ssl_info) { |
| 1379 DCHECK(CalledOnValidThread()); | 1379 DCHECK_CALLED_ON_VALID_THREAD(thread_checker_); |
| 1380 | 1380 |
| 1381 base::Time now = base::Time::Now(); | 1381 base::Time now = base::Time::Now(); |
| 1382 base::TimeDelta max_age; | 1382 base::TimeDelta max_age; |
| 1383 bool include_subdomains; | 1383 bool include_subdomains; |
| 1384 HashValueVector spki_hashes; | 1384 HashValueVector spki_hashes; |
| 1385 GURL report_uri; | 1385 GURL report_uri; |
| 1386 | 1386 |
| 1387 if (!ParseHPKPHeader(value, ssl_info.public_key_hashes, &max_age, | 1387 if (!ParseHPKPHeader(value, ssl_info.public_key_hashes, &max_age, |
| 1388 &include_subdomains, &spki_hashes, &report_uri)) { | 1388 &include_subdomains, &spki_hashes, &report_uri)) { |
| 1389 return false; | 1389 return false; |
| 1390 } | 1390 } |
| 1391 // Handle max-age == 0. | 1391 // Handle max-age == 0. |
| 1392 if (max_age.InSeconds() == 0) | 1392 if (max_age.InSeconds() == 0) |
| 1393 spki_hashes.clear(); | 1393 spki_hashes.clear(); |
| 1394 AddHPKPInternal(host, now, now + max_age, include_subdomains, spki_hashes, | 1394 AddHPKPInternal(host, now, now + max_age, include_subdomains, spki_hashes, |
| 1395 report_uri); | 1395 report_uri); |
| 1396 return true; | 1396 return true; |
| 1397 } | 1397 } |
| 1398 | 1398 |
| 1399 void TransportSecurityState::AddHSTS(const std::string& host, | 1399 void TransportSecurityState::AddHSTS(const std::string& host, |
| 1400 const base::Time& expiry, | 1400 const base::Time& expiry, |
| 1401 bool include_subdomains) { | 1401 bool include_subdomains) { |
| 1402 DCHECK(CalledOnValidThread()); | 1402 DCHECK_CALLED_ON_VALID_THREAD(thread_checker_); |
| 1403 AddHSTSInternal(host, STSState::MODE_FORCE_HTTPS, expiry, include_subdomains); | 1403 AddHSTSInternal(host, STSState::MODE_FORCE_HTTPS, expiry, include_subdomains); |
| 1404 } | 1404 } |
| 1405 | 1405 |
| 1406 void TransportSecurityState::AddHPKP(const std::string& host, | 1406 void TransportSecurityState::AddHPKP(const std::string& host, |
| 1407 const base::Time& expiry, | 1407 const base::Time& expiry, |
| 1408 bool include_subdomains, | 1408 bool include_subdomains, |
| 1409 const HashValueVector& hashes, | 1409 const HashValueVector& hashes, |
| 1410 const GURL& report_uri) { | 1410 const GURL& report_uri) { |
| 1411 DCHECK(CalledOnValidThread()); | 1411 DCHECK_CALLED_ON_VALID_THREAD(thread_checker_); |
| 1412 AddHPKPInternal(host, base::Time::Now(), expiry, include_subdomains, hashes, | 1412 AddHPKPInternal(host, base::Time::Now(), expiry, include_subdomains, hashes, |
| 1413 report_uri); | 1413 report_uri); |
| 1414 } | 1414 } |
| 1415 | 1415 |
| 1416 void TransportSecurityState::AddExpectCT(const std::string& host, | 1416 void TransportSecurityState::AddExpectCT(const std::string& host, |
| 1417 const base::Time& expiry, | 1417 const base::Time& expiry, |
| 1418 bool enforce, | 1418 bool enforce, |
| 1419 const GURL& report_uri) { | 1419 const GURL& report_uri) { |
| 1420 DCHECK(CalledOnValidThread()); | 1420 DCHECK_CALLED_ON_VALID_THREAD(thread_checker_); |
| 1421 AddExpectCTInternal(host, base::Time::Now(), expiry, enforce, report_uri); | 1421 AddExpectCTInternal(host, base::Time::Now(), expiry, enforce, report_uri); |
| 1422 } | 1422 } |
| 1423 | 1423 |
| 1424 bool TransportSecurityState::ProcessHPKPReportOnlyHeader( | 1424 bool TransportSecurityState::ProcessHPKPReportOnlyHeader( |
| 1425 const std::string& value, | 1425 const std::string& value, |
| 1426 const HostPortPair& host_port_pair, | 1426 const HostPortPair& host_port_pair, |
| 1427 const SSLInfo& ssl_info) { | 1427 const SSLInfo& ssl_info) { |
| 1428 DCHECK(CalledOnValidThread()); | 1428 DCHECK_CALLED_ON_VALID_THREAD(thread_checker_); |
| 1429 | 1429 |
| 1430 base::Time now = base::Time::Now(); | 1430 base::Time now = base::Time::Now(); |
| 1431 bool include_subdomains; | 1431 bool include_subdomains; |
| 1432 HashValueVector spki_hashes; | 1432 HashValueVector spki_hashes; |
| 1433 GURL report_uri; | 1433 GURL report_uri; |
| 1434 std::string unused_failure_log; | 1434 std::string unused_failure_log; |
| 1435 | 1435 |
| 1436 if (!ParseHPKPReportOnlyHeader(value, &include_subdomains, &spki_hashes, | 1436 if (!ParseHPKPReportOnlyHeader(value, &include_subdomains, &spki_hashes, |
| 1437 &report_uri) || | 1437 &report_uri) || |
| 1438 !report_uri.is_valid() || report_uri.is_empty()) { | 1438 !report_uri.is_valid() || report_uri.is_empty()) { |
| (...skipping 12 matching lines...) Expand all Loading... |
| 1451 host_port_pair, ssl_info.is_issued_by_known_root, pkp_state, | 1451 host_port_pair, ssl_info.is_issued_by_known_root, pkp_state, |
| 1452 ssl_info.public_key_hashes, ssl_info.unverified_cert.get(), | 1452 ssl_info.public_key_hashes, ssl_info.unverified_cert.get(), |
| 1453 ssl_info.cert.get(), ENABLE_PIN_REPORTS, &unused_failure_log); | 1453 ssl_info.cert.get(), ENABLE_PIN_REPORTS, &unused_failure_log); |
| 1454 return true; | 1454 return true; |
| 1455 } | 1455 } |
| 1456 | 1456 |
| 1457 void TransportSecurityState::ProcessExpectCTHeader( | 1457 void TransportSecurityState::ProcessExpectCTHeader( |
| 1458 const std::string& value, | 1458 const std::string& value, |
| 1459 const HostPortPair& host_port_pair, | 1459 const HostPortPair& host_port_pair, |
| 1460 const SSLInfo& ssl_info) { | 1460 const SSLInfo& ssl_info) { |
| 1461 DCHECK(CalledOnValidThread()); | 1461 DCHECK_CALLED_ON_VALID_THREAD(thread_checker_); |
| 1462 | 1462 |
| 1463 // If a site sends `Expect-CT: preload` and appears on the preload list, they | 1463 // If a site sends `Expect-CT: preload` and appears on the preload list, they |
| 1464 // are in the experimental preload-list-only, report-only version of | 1464 // are in the experimental preload-list-only, report-only version of |
| 1465 // Expect-CT. | 1465 // Expect-CT. |
| 1466 if (value == "preload") { | 1466 if (value == "preload") { |
| 1467 if (!expect_ct_reporter_) | 1467 if (!expect_ct_reporter_) |
| 1468 return; | 1468 return; |
| 1469 if (!IsBuildTimely()) | 1469 if (!IsBuildTimely()) |
| 1470 return; | 1470 return; |
| 1471 if (!ssl_info.is_issued_by_known_root) | 1471 if (!ssl_info.is_issued_by_known_root) |
| (...skipping 93 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 1565 DCHECK(found_state); | 1565 DCHECK(found_state); |
| 1566 return CheckPinsAndMaybeSendReport( | 1566 return CheckPinsAndMaybeSendReport( |
| 1567 host_port_pair, is_issued_by_known_root, pkp_state, hashes, | 1567 host_port_pair, is_issued_by_known_root, pkp_state, hashes, |
| 1568 served_certificate_chain, validated_certificate_chain, report_status, | 1568 served_certificate_chain, validated_certificate_chain, report_status, |
| 1569 failure_log); | 1569 failure_log); |
| 1570 } | 1570 } |
| 1571 | 1571 |
| 1572 bool TransportSecurityState::GetStaticDomainState(const std::string& host, | 1572 bool TransportSecurityState::GetStaticDomainState(const std::string& host, |
| 1573 STSState* sts_state, | 1573 STSState* sts_state, |
| 1574 PKPState* pkp_state) const { | 1574 PKPState* pkp_state) const { |
| 1575 DCHECK(CalledOnValidThread()); | 1575 DCHECK_CALLED_ON_VALID_THREAD(thread_checker_); |
| 1576 | 1576 |
| 1577 sts_state->upgrade_mode = STSState::MODE_FORCE_HTTPS; | 1577 sts_state->upgrade_mode = STSState::MODE_FORCE_HTTPS; |
| 1578 sts_state->include_subdomains = false; | 1578 sts_state->include_subdomains = false; |
| 1579 pkp_state->include_subdomains = false; | 1579 pkp_state->include_subdomains = false; |
| 1580 | 1580 |
| 1581 if (!IsBuildTimely()) | 1581 if (!IsBuildTimely()) |
| 1582 return false; | 1582 return false; |
| 1583 | 1583 |
| 1584 PreloadResult result; | 1584 PreloadResult result; |
| 1585 if (!DecodeHSTSPreload(host, &result)) | 1585 if (!DecodeHSTSPreload(host, &result)) |
| (...skipping 33 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 1619 AddHash(*sha256_hash, &pkp_state->bad_spki_hashes); | 1619 AddHash(*sha256_hash, &pkp_state->bad_spki_hashes); |
| 1620 sha256_hash++; | 1620 sha256_hash++; |
| 1621 } | 1621 } |
| 1622 } | 1622 } |
| 1623 } | 1623 } |
| 1624 | 1624 |
| 1625 return true; | 1625 return true; |
| 1626 } | 1626 } |
| 1627 | 1627 |
| 1628 bool TransportSecurityState::IsGooglePinnedHost(const std::string& host) const { | 1628 bool TransportSecurityState::IsGooglePinnedHost(const std::string& host) const { |
| 1629 DCHECK(CalledOnValidThread()); | 1629 DCHECK_CALLED_ON_VALID_THREAD(thread_checker_); |
| 1630 | 1630 |
| 1631 if (!IsBuildTimely()) | 1631 if (!IsBuildTimely()) |
| 1632 return false; | 1632 return false; |
| 1633 | 1633 |
| 1634 PreloadResult result; | 1634 PreloadResult result; |
| 1635 if (!DecodeHSTSPreload(host, &result)) | 1635 if (!DecodeHSTSPreload(host, &result)) |
| 1636 return false; | 1636 return false; |
| 1637 | 1637 |
| 1638 if (!result.has_pins) | 1638 if (!result.has_pins) |
| 1639 return false; | 1639 return false; |
| 1640 | 1640 |
| 1641 if (result.pinset_id >= arraysize(kPinsets)) | 1641 if (result.pinset_id >= arraysize(kPinsets)) |
| 1642 return false; | 1642 return false; |
| 1643 | 1643 |
| 1644 return kPinsets[result.pinset_id].accepted_pins == kGoogleAcceptableCerts; | 1644 return kPinsets[result.pinset_id].accepted_pins == kGoogleAcceptableCerts; |
| 1645 } | 1645 } |
| 1646 | 1646 |
| 1647 bool TransportSecurityState::GetDynamicSTSState(const std::string& host, | 1647 bool TransportSecurityState::GetDynamicSTSState(const std::string& host, |
| 1648 STSState* result) { | 1648 STSState* result) { |
| 1649 DCHECK(CalledOnValidThread()); | 1649 DCHECK_CALLED_ON_VALID_THREAD(thread_checker_); |
| 1650 | 1650 |
| 1651 const std::string canonicalized_host = CanonicalizeHost(host); | 1651 const std::string canonicalized_host = CanonicalizeHost(host); |
| 1652 if (canonicalized_host.empty()) | 1652 if (canonicalized_host.empty()) |
| 1653 return false; | 1653 return false; |
| 1654 | 1654 |
| 1655 base::Time current_time(base::Time::Now()); | 1655 base::Time current_time(base::Time::Now()); |
| 1656 | 1656 |
| 1657 for (size_t i = 0; canonicalized_host[i]; i += canonicalized_host[i] + 1) { | 1657 for (size_t i = 0; canonicalized_host[i]; i += canonicalized_host[i] + 1) { |
| 1658 std::string host_sub_chunk(&canonicalized_host[i], | 1658 std::string host_sub_chunk(&canonicalized_host[i], |
| 1659 canonicalized_host.size() - i); | 1659 canonicalized_host.size() - i); |
| (...skipping 20 matching lines...) Expand all Loading... |
| 1680 | 1680 |
| 1681 break; | 1681 break; |
| 1682 } | 1682 } |
| 1683 } | 1683 } |
| 1684 | 1684 |
| 1685 return false; | 1685 return false; |
| 1686 } | 1686 } |
| 1687 | 1687 |
| 1688 bool TransportSecurityState::GetDynamicPKPState(const std::string& host, | 1688 bool TransportSecurityState::GetDynamicPKPState(const std::string& host, |
| 1689 PKPState* result) { | 1689 PKPState* result) { |
| 1690 DCHECK(CalledOnValidThread()); | 1690 DCHECK_CALLED_ON_VALID_THREAD(thread_checker_); |
| 1691 | 1691 |
| 1692 const std::string canonicalized_host = CanonicalizeHost(host); | 1692 const std::string canonicalized_host = CanonicalizeHost(host); |
| 1693 if (canonicalized_host.empty()) | 1693 if (canonicalized_host.empty()) |
| 1694 return false; | 1694 return false; |
| 1695 | 1695 |
| 1696 base::Time current_time(base::Time::Now()); | 1696 base::Time current_time(base::Time::Now()); |
| 1697 | 1697 |
| 1698 for (size_t i = 0; canonicalized_host[i]; i += canonicalized_host[i] + 1) { | 1698 for (size_t i = 0; canonicalized_host[i]; i += canonicalized_host[i] + 1) { |
| 1699 std::string host_sub_chunk(&canonicalized_host[i], | 1699 std::string host_sub_chunk(&canonicalized_host[i], |
| 1700 canonicalized_host.size() - i); | 1700 canonicalized_host.size() - i); |
| (...skipping 20 matching lines...) Expand all Loading... |
| 1721 | 1721 |
| 1722 break; | 1722 break; |
| 1723 } | 1723 } |
| 1724 } | 1724 } |
| 1725 | 1725 |
| 1726 return false; | 1726 return false; |
| 1727 } | 1727 } |
| 1728 | 1728 |
| 1729 bool TransportSecurityState::GetDynamicExpectCTState(const std::string& host, | 1729 bool TransportSecurityState::GetDynamicExpectCTState(const std::string& host, |
| 1730 ExpectCTState* result) { | 1730 ExpectCTState* result) { |
| 1731 DCHECK(CalledOnValidThread()); | 1731 DCHECK_CALLED_ON_VALID_THREAD(thread_checker_); |
| 1732 | 1732 |
| 1733 const std::string canonicalized_host = CanonicalizeHost(host); | 1733 const std::string canonicalized_host = CanonicalizeHost(host); |
| 1734 if (canonicalized_host.empty()) | 1734 if (canonicalized_host.empty()) |
| 1735 return false; | 1735 return false; |
| 1736 | 1736 |
| 1737 base::Time current_time(base::Time::Now()); | 1737 base::Time current_time(base::Time::Now()); |
| 1738 ExpectCTStateMap::iterator j = | 1738 ExpectCTStateMap::iterator j = |
| 1739 enabled_expect_ct_hosts_.find(HashHost(canonicalized_host)); | 1739 enabled_expect_ct_hosts_.find(HashHost(canonicalized_host)); |
| 1740 if (j == enabled_expect_ct_hosts_.end()) | 1740 if (j == enabled_expect_ct_hosts_.end()) |
| 1741 return false; | 1741 return false; |
| 1742 // If the entry is invalid, drop it. | 1742 // If the entry is invalid, drop it. |
| 1743 if (current_time > j->second.expiry) { | 1743 if (current_time > j->second.expiry) { |
| 1744 enabled_expect_ct_hosts_.erase(j); | 1744 enabled_expect_ct_hosts_.erase(j); |
| 1745 DirtyNotify(); | 1745 DirtyNotify(); |
| 1746 return false; | 1746 return false; |
| 1747 } | 1747 } |
| 1748 | 1748 |
| 1749 *result = j->second; | 1749 *result = j->second; |
| 1750 return true; | 1750 return true; |
| 1751 } | 1751 } |
| 1752 | 1752 |
| 1753 void TransportSecurityState::AddOrUpdateEnabledSTSHosts( | 1753 void TransportSecurityState::AddOrUpdateEnabledSTSHosts( |
| 1754 const std::string& hashed_host, | 1754 const std::string& hashed_host, |
| 1755 const STSState& state) { | 1755 const STSState& state) { |
| 1756 DCHECK(CalledOnValidThread()); | 1756 DCHECK_CALLED_ON_VALID_THREAD(thread_checker_); |
| 1757 DCHECK(state.ShouldUpgradeToSSL()); | 1757 DCHECK(state.ShouldUpgradeToSSL()); |
| 1758 enabled_sts_hosts_[hashed_host] = state; | 1758 enabled_sts_hosts_[hashed_host] = state; |
| 1759 } | 1759 } |
| 1760 | 1760 |
| 1761 void TransportSecurityState::AddOrUpdateEnabledPKPHosts( | 1761 void TransportSecurityState::AddOrUpdateEnabledPKPHosts( |
| 1762 const std::string& hashed_host, | 1762 const std::string& hashed_host, |
| 1763 const PKPState& state) { | 1763 const PKPState& state) { |
| 1764 DCHECK(CalledOnValidThread()); | 1764 DCHECK_CALLED_ON_VALID_THREAD(thread_checker_); |
| 1765 DCHECK(state.HasPublicKeyPins()); | 1765 DCHECK(state.HasPublicKeyPins()); |
| 1766 enabled_pkp_hosts_[hashed_host] = state; | 1766 enabled_pkp_hosts_[hashed_host] = state; |
| 1767 } | 1767 } |
| 1768 | 1768 |
| 1769 void TransportSecurityState::AddOrUpdateEnabledExpectCTHosts( | 1769 void TransportSecurityState::AddOrUpdateEnabledExpectCTHosts( |
| 1770 const std::string& hashed_host, | 1770 const std::string& hashed_host, |
| 1771 const ExpectCTState& state) { | 1771 const ExpectCTState& state) { |
| 1772 DCHECK(CalledOnValidThread()); | 1772 DCHECK_CALLED_ON_VALID_THREAD(thread_checker_); |
| 1773 DCHECK(state.enforce || !state.report_uri.is_empty()); | 1773 DCHECK(state.enforce || !state.report_uri.is_empty()); |
| 1774 enabled_expect_ct_hosts_[hashed_host] = state; | 1774 enabled_expect_ct_hosts_[hashed_host] = state; |
| 1775 } | 1775 } |
| 1776 | 1776 |
| 1777 TransportSecurityState::STSState::STSState() | 1777 TransportSecurityState::STSState::STSState() |
| 1778 : upgrade_mode(MODE_DEFAULT), include_subdomains(false) { | 1778 : upgrade_mode(MODE_DEFAULT), include_subdomains(false) { |
| 1779 } | 1779 } |
| 1780 | 1780 |
| 1781 TransportSecurityState::STSState::~STSState() { | 1781 TransportSecurityState::STSState::~STSState() { |
| 1782 } | 1782 } |
| (...skipping 20 matching lines...) Expand all Loading... |
| 1803 } | 1803 } |
| 1804 | 1804 |
| 1805 TransportSecurityState::ExpectCTState::ExpectCTState() : enforce(false) {} | 1805 TransportSecurityState::ExpectCTState::ExpectCTState() : enforce(false) {} |
| 1806 | 1806 |
| 1807 TransportSecurityState::ExpectCTState::~ExpectCTState() {} | 1807 TransportSecurityState::ExpectCTState::~ExpectCTState() {} |
| 1808 | 1808 |
| 1809 TransportSecurityState::ExpectCTStateIterator::ExpectCTStateIterator( | 1809 TransportSecurityState::ExpectCTStateIterator::ExpectCTStateIterator( |
| 1810 const TransportSecurityState& state) | 1810 const TransportSecurityState& state) |
| 1811 : iterator_(state.enabled_expect_ct_hosts_.begin()), | 1811 : iterator_(state.enabled_expect_ct_hosts_.begin()), |
| 1812 end_(state.enabled_expect_ct_hosts_.end()) { | 1812 end_(state.enabled_expect_ct_hosts_.end()) { |
| 1813 DCHECK(state.CalledOnValidThread()); | 1813 state.AssertCalledOnValidThread(); |
| 1814 } | 1814 } |
| 1815 | 1815 |
| 1816 TransportSecurityState::ExpectCTStateIterator::~ExpectCTStateIterator() {} | 1816 TransportSecurityState::ExpectCTStateIterator::~ExpectCTStateIterator() {} |
| 1817 | 1817 |
| 1818 TransportSecurityState::ExpectStapleState::ExpectStapleState() | 1818 TransportSecurityState::ExpectStapleState::ExpectStapleState() |
| 1819 : include_subdomains(false) {} | 1819 : include_subdomains(false) {} |
| 1820 | 1820 |
| 1821 TransportSecurityState::ExpectStapleState::~ExpectStapleState() {} | 1821 TransportSecurityState::ExpectStapleState::~ExpectStapleState() {} |
| 1822 | 1822 |
| 1823 bool TransportSecurityState::PKPState::CheckPublicKeyPins( | 1823 bool TransportSecurityState::PKPState::CheckPublicKeyPins( |
| (...skipping 38 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 1862 TransportSecurityState::PKPStateIterator::PKPStateIterator( | 1862 TransportSecurityState::PKPStateIterator::PKPStateIterator( |
| 1863 const TransportSecurityState& state) | 1863 const TransportSecurityState& state) |
| 1864 : iterator_(state.enabled_pkp_hosts_.begin()), | 1864 : iterator_(state.enabled_pkp_hosts_.begin()), |
| 1865 end_(state.enabled_pkp_hosts_.end()) { | 1865 end_(state.enabled_pkp_hosts_.end()) { |
| 1866 } | 1866 } |
| 1867 | 1867 |
| 1868 TransportSecurityState::PKPStateIterator::~PKPStateIterator() { | 1868 TransportSecurityState::PKPStateIterator::~PKPStateIterator() { |
| 1869 } | 1869 } |
| 1870 | 1870 |
| 1871 } // namespace net | 1871 } // namespace net |
| OLD | NEW |
|---|
Chromium Code Reviews
Issue 2910473005:
Deprecate NonThreadSafe in net/ in favor of SequenceChecker/ThreadChecker. (Closed)
