Chromium Code Reviews
chromiumcodereview-hr@appspot.gserviceaccount.com (chromiumcodereview-hr) | Please choose your nickname with Settings | Help | Chromium Project | Gerrit Changes | Sign out
(123)

Issues Search
    My Issues | Starred     Open | Closed | All

Side by Side Diff: net/http/transport_security_state.h

Issue 2944953002: Add effective-expiration-date to Expect-CT reports (Closed)
Patch Set: meacer comments Created 3 years, 6 months ago
Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.
Jump to:
View unified diff | Download patch
« no previous file with comments | « chrome/browser/ssl/chrome_expect_ct_reporter_unittest.cc ('k') | net/http/transport_security_state.cc » ('j') | no next file with comments »
Toggle Intra-line Diffs ('i') | Expand Comments ('e') | Collapse Comments ('c') | Show Comments Hide Comments ('s')
OLDNEW
1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. 1 // Copyright (c) 2012 The Chromium Authors. All rights reserved.
2 // Use of this source code is governed by a BSD-style license that can be 2 // Use of this source code is governed by a BSD-style license that can be
3 // found in the LICENSE file. 3 // found in the LICENSE file.
4 4
5 #ifndef NET_HTTP_TRANSPORT_SECURITY_STATE_H_ 5 #ifndef NET_HTTP_TRANSPORT_SECURITY_STATE_H_
6 #define NET_HTTP_TRANSPORT_SECURITY_STATE_H_ 6 #define NET_HTTP_TRANSPORT_SECURITY_STATE_H_
7 7
8 #include <stdint.h> 8 #include <stdint.h>
9 9
10 #include <map> 10 #include <map>
(...skipping 299 matching lines...) Expand 10 before | Expand all | Expand 10 after
310 // site expects valid Certificate Transparency information but it 310 // site expects valid Certificate Transparency information but it
311 // wasn't supplied. 311 // wasn't supplied.
312 class NET_EXPORT ExpectCTReporter { 312 class NET_EXPORT ExpectCTReporter {
313 public: 313 public:
314 // Called when the host in |host_port_pair| has opted in to have 314 // Called when the host in |host_port_pair| has opted in to have
315 // reports about Expect CT policy violations sent to |report_uri|, 315 // reports about Expect CT policy violations sent to |report_uri|,
316 // and such a violation has occurred. 316 // and such a violation has occurred.
317 virtual void OnExpectCTFailed( 317 virtual void OnExpectCTFailed(
318 const net::HostPortPair& host_port_pair, 318 const net::HostPortPair& host_port_pair,
319 const GURL& report_uri, 319 const GURL& report_uri,
320 base::Time expiration,
320 const X509Certificate* validated_certificate_chain, 321 const X509Certificate* validated_certificate_chain,
321 const X509Certificate* served_certificate_chain, 322 const X509Certificate* served_certificate_chain,
322 const SignedCertificateTimestampAndStatusList& 323 const SignedCertificateTimestampAndStatusList&
323 signed_certificate_timestamps) = 0; 324 signed_certificate_timestamps) = 0;
324 325
325 protected: 326 protected:
326 virtual ~ExpectCTReporter() {} 327 virtual ~ExpectCTReporter() {}
327 }; 328 };
328 329
329 // Indicates whether or not a public key pin check should send a 330 // Indicates whether or not a public key pin check should send a
(...skipping 334 matching lines...) Expand 10 before | Expand all | Expand 10 after
664 // (built-in) state for |host| with expect_staple=true, or if |host| is a 665 // (built-in) state for |host| with expect_staple=true, or if |host| is a
665 // subdomain of another domain with expect_staple=true and 666 // subdomain of another domain with expect_staple=true and
666 // include_subdomains_for_expect_staple=true. 667 // include_subdomains_for_expect_staple=true.
667 bool GetStaticExpectStapleState( 668 bool GetStaticExpectStapleState(
668 const std::string& host, 669 const std::string& host,
669 ExpectStapleState* expect_staple_result) const; 670 ExpectStapleState* expect_staple_result) const;
670 671
671 void MaybeNotifyExpectCTFailed( 672 void MaybeNotifyExpectCTFailed(
672 const HostPortPair& host_port_pair, 673 const HostPortPair& host_port_pair,
673 const GURL& report_uri, 674 const GURL& report_uri,
675 base::Time expiration,
674 const X509Certificate* validated_certificate_chain, 676 const X509Certificate* validated_certificate_chain,
675 const X509Certificate* served_certificate_chain, 677 const X509Certificate* served_certificate_chain,
676 const SignedCertificateTimestampAndStatusList& 678 const SignedCertificateTimestampAndStatusList&
677 signed_certificate_timestamps); 679 signed_certificate_timestamps);
678 680
679 // The sets of hosts that have enabled TransportSecurity. |domain| will always 681 // The sets of hosts that have enabled TransportSecurity. |domain| will always
680 // be empty for a STSState, PKPState, or ExpectCTState in these maps; the 682 // be empty for a STSState, PKPState, or ExpectCTState in these maps; the
681 // domain comes from the map keys instead. In addition, |upgrade_mode| in the 683 // domain comes from the map keys instead. In addition, |upgrade_mode| in the
682 // STSState is never MODE_DEFAULT and |HasPublicKeyPins| in the PKPState 684 // STSState is never MODE_DEFAULT and |HasPublicKeyPins| in the PKPState
683 // always returns true. 685 // always returns true.
(...skipping 27 matching lines...) Expand all
711 ReportCache sent_expect_ct_reports_cache_; 713 ReportCache sent_expect_ct_reports_cache_;
712 714
713 THREAD_CHECKER(thread_checker_); 715 THREAD_CHECKER(thread_checker_);
714 716
715 DISALLOW_COPY_AND_ASSIGN(TransportSecurityState); 717 DISALLOW_COPY_AND_ASSIGN(TransportSecurityState);
716 }; 718 };
717 719
718 } // namespace net 720 } // namespace net
719 721
720 #endif // NET_HTTP_TRANSPORT_SECURITY_STATE_H_ 722 #endif // NET_HTTP_TRANSPORT_SECURITY_STATE_H_
OLDNEW
« no previous file with comments | « chrome/browser/ssl/chrome_expect_ct_reporter_unittest.cc ('k') | net/http/transport_security_state.cc » ('j') | no next file with comments »

Powered by Google App Engine
This is Rietveld 408576698