OLD | NEW |
1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. | 1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. |
2 // Use of this source code is governed by a BSD-style license that can be | 2 // Use of this source code is governed by a BSD-style license that can be |
3 // found in the LICENSE file. | 3 // found in the LICENSE file. |
4 | 4 |
5 #ifndef NET_HTTP_TRANSPORT_SECURITY_STATE_H_ | 5 #ifndef NET_HTTP_TRANSPORT_SECURITY_STATE_H_ |
6 #define NET_HTTP_TRANSPORT_SECURITY_STATE_H_ | 6 #define NET_HTTP_TRANSPORT_SECURITY_STATE_H_ |
7 | 7 |
8 #include <stdint.h> | 8 #include <stdint.h> |
9 | 9 |
10 #include <map> | 10 #include <map> |
(...skipping 299 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
310 // site expects valid Certificate Transparency information but it | 310 // site expects valid Certificate Transparency information but it |
311 // wasn't supplied. | 311 // wasn't supplied. |
312 class NET_EXPORT ExpectCTReporter { | 312 class NET_EXPORT ExpectCTReporter { |
313 public: | 313 public: |
314 // Called when the host in |host_port_pair| has opted in to have | 314 // Called when the host in |host_port_pair| has opted in to have |
315 // reports about Expect CT policy violations sent to |report_uri|, | 315 // reports about Expect CT policy violations sent to |report_uri|, |
316 // and such a violation has occurred. | 316 // and such a violation has occurred. |
317 virtual void OnExpectCTFailed( | 317 virtual void OnExpectCTFailed( |
318 const net::HostPortPair& host_port_pair, | 318 const net::HostPortPair& host_port_pair, |
319 const GURL& report_uri, | 319 const GURL& report_uri, |
| 320 base::Time expiration, |
320 const X509Certificate* validated_certificate_chain, | 321 const X509Certificate* validated_certificate_chain, |
321 const X509Certificate* served_certificate_chain, | 322 const X509Certificate* served_certificate_chain, |
322 const SignedCertificateTimestampAndStatusList& | 323 const SignedCertificateTimestampAndStatusList& |
323 signed_certificate_timestamps) = 0; | 324 signed_certificate_timestamps) = 0; |
324 | 325 |
325 protected: | 326 protected: |
326 virtual ~ExpectCTReporter() {} | 327 virtual ~ExpectCTReporter() {} |
327 }; | 328 }; |
328 | 329 |
329 // Indicates whether or not a public key pin check should send a | 330 // Indicates whether or not a public key pin check should send a |
(...skipping 334 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
664 // (built-in) state for |host| with expect_staple=true, or if |host| is a | 665 // (built-in) state for |host| with expect_staple=true, or if |host| is a |
665 // subdomain of another domain with expect_staple=true and | 666 // subdomain of another domain with expect_staple=true and |
666 // include_subdomains_for_expect_staple=true. | 667 // include_subdomains_for_expect_staple=true. |
667 bool GetStaticExpectStapleState( | 668 bool GetStaticExpectStapleState( |
668 const std::string& host, | 669 const std::string& host, |
669 ExpectStapleState* expect_staple_result) const; | 670 ExpectStapleState* expect_staple_result) const; |
670 | 671 |
671 void MaybeNotifyExpectCTFailed( | 672 void MaybeNotifyExpectCTFailed( |
672 const HostPortPair& host_port_pair, | 673 const HostPortPair& host_port_pair, |
673 const GURL& report_uri, | 674 const GURL& report_uri, |
| 675 base::Time expiration, |
674 const X509Certificate* validated_certificate_chain, | 676 const X509Certificate* validated_certificate_chain, |
675 const X509Certificate* served_certificate_chain, | 677 const X509Certificate* served_certificate_chain, |
676 const SignedCertificateTimestampAndStatusList& | 678 const SignedCertificateTimestampAndStatusList& |
677 signed_certificate_timestamps); | 679 signed_certificate_timestamps); |
678 | 680 |
679 // The sets of hosts that have enabled TransportSecurity. |domain| will always | 681 // The sets of hosts that have enabled TransportSecurity. |domain| will always |
680 // be empty for a STSState, PKPState, or ExpectCTState in these maps; the | 682 // be empty for a STSState, PKPState, or ExpectCTState in these maps; the |
681 // domain comes from the map keys instead. In addition, |upgrade_mode| in the | 683 // domain comes from the map keys instead. In addition, |upgrade_mode| in the |
682 // STSState is never MODE_DEFAULT and |HasPublicKeyPins| in the PKPState | 684 // STSState is never MODE_DEFAULT and |HasPublicKeyPins| in the PKPState |
683 // always returns true. | 685 // always returns true. |
(...skipping 27 matching lines...) Expand all Loading... |
711 ReportCache sent_expect_ct_reports_cache_; | 713 ReportCache sent_expect_ct_reports_cache_; |
712 | 714 |
713 THREAD_CHECKER(thread_checker_); | 715 THREAD_CHECKER(thread_checker_); |
714 | 716 |
715 DISALLOW_COPY_AND_ASSIGN(TransportSecurityState); | 717 DISALLOW_COPY_AND_ASSIGN(TransportSecurityState); |
716 }; | 718 }; |
717 | 719 |
718 } // namespace net | 720 } // namespace net |
719 | 721 |
720 #endif // NET_HTTP_TRANSPORT_SECURITY_STATE_H_ | 722 #endif // NET_HTTP_TRANSPORT_SECURITY_STATE_H_ |
OLD | NEW |