Chromium Code Reviews
chromiumcodereview-hr@appspot.gserviceaccount.com (chromiumcodereview-hr) | Please choose your nickname with Settings | Help | Chromium Project | Gerrit Changes | Sign out
(481)

Issues Search
    My Issues | Starred     Open | Closed | All

Side by Side Diff: net/http/transport_security_state.cc

Issue 2951343002: Remove residual support for SHA-1 public key pins. (Closed)
Patch Set: Remove the rest of HASH_VALUE_SHA1; respond to comments. Created 3 years, 5 months ago
Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.
Jump to:
View unified diff | Download patch
« net/data/ssl/name_constrained/README.md ('K') | « net/data/ssl/name_constrained/f375e2f77a108bacc4234894a9af308edeca1acd8fbde0e7aaa9634e9daf7e1c.pem ('k') | net/http/transport_security_state_unittest.cc » ('j') | no next file with comments »
Toggle Intra-line Diffs ('i') | Expand Comments ('e') | Collapse Comments ('c') | Show Comments Hide Comments ('s')
OLDNEW
1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. 1 // Copyright (c) 2012 The Chromium Authors. All rights reserved.
2 // Use of this source code is governed by a BSD-style license that can be 2 // Use of this source code is governed by a BSD-style license that can be
3 // found in the LICENSE file. 3 // found in the LICENSE file.
4 4
5 #include "net/http/transport_security_state.h" 5 #include "net/http/transport_security_state.h"
6 6
7 #include <memory> 7 #include <memory>
8 #include <utility> 8 #include <utility>
9 #include <vector> 9 #include <vector>
10 10
11 #include "base/base64.h" 11 #include "base/base64.h"
12 #include "base/build_time.h" 12 #include "base/build_time.h"
13 #include "base/json/json_writer.h" 13 #include "base/json/json_writer.h"
14 #include "base/logging.h" 14 #include "base/logging.h"
15 #include "base/memory/ptr_util.h" 15 #include "base/memory/ptr_util.h"
16 #include "base/metrics/histogram_macros.h" 16 #include "base/metrics/histogram_macros.h"
17 #include "base/metrics/sparse_histogram.h" 17 #include "base/metrics/sparse_histogram.h"
18 #include "base/sha1.h"
19 #include "base/stl_util.h" 18 #include "base/stl_util.h"
20 #include "base/strings/string_number_conversions.h" 19 #include "base/strings/string_number_conversions.h"
21 #include "base/strings/string_util.h" 20 #include "base/strings/string_util.h"
22 #include "base/strings/stringprintf.h" 21 #include "base/strings/stringprintf.h"
23 #include "base/strings/utf_string_conversions.h" 22 #include "base/strings/utf_string_conversions.h"
24 #include "base/values.h" 23 #include "base/values.h"
25 #include "build/build_config.h" 24 #include "build/build_config.h"
26 #include "crypto/sha2.h" 25 #include "crypto/sha2.h"
27 #include "net/base/host_port_pair.h" 26 #include "net/base/host_port_pair.h"
28 #include "net/cert/ct_policy_status.h" 27 #include "net/cert/ct_policy_status.h"
(...skipping 116 matching lines...) Expand 10 before | Expand all | Expand 10 after
145 report.Set("served-certificate-chain", 144 report.Set("served-certificate-chain",
146 std::move(served_certificate_chain_list)); 145 std::move(served_certificate_chain_list));
147 report.Set("validated-certificate-chain", 146 report.Set("validated-certificate-chain",
148 std::move(validated_certificate_chain_list)); 147 std::move(validated_certificate_chain_list));
149 148
150 std::unique_ptr<base::ListValue> known_pin_list(new base::ListValue()); 149 std::unique_ptr<base::ListValue> known_pin_list(new base::ListValue());
151 for (const auto& hash_value : pkp_state.spki_hashes) { 150 for (const auto& hash_value : pkp_state.spki_hashes) {
152 std::string known_pin; 151 std::string known_pin;
153 152
154 switch (hash_value.tag) { 153 switch (hash_value.tag) {
155 case HASH_VALUE_SHA1:
156 known_pin += "pin-sha1=";
157 break;
158 case HASH_VALUE_SHA256: 154 case HASH_VALUE_SHA256:
159 known_pin += "pin-sha256="; 155 known_pin += "pin-sha256=";
160 break; 156 break;
157 default:
158 // Don't bother reporting about hash types we don't support. SHA-256 is
159 // the only standardized hash function for HPKP anyway.
160 continue;
161 } 161 }
162 162
163 std::string base64_value; 163 std::string base64_value;
164 base::Base64Encode( 164 base::Base64Encode(
165 base::StringPiece(reinterpret_cast<const char*>(hash_value.data()), 165 base::StringPiece(reinterpret_cast<const char*>(hash_value.data()),
166 hash_value.size()), 166 hash_value.size()),
167 &base64_value); 167 &base64_value);
168 known_pin += "\"" + base64_value + "\""; 168 known_pin += "\"" + base64_value + "\"";
169 169
170 known_pin_list->Append( 170 known_pin_list->Append(
(...skipping 1674 matching lines...) Expand 10 before | Expand all | Expand 10 after
1845 TransportSecurityState::PKPStateIterator::PKPStateIterator( 1845 TransportSecurityState::PKPStateIterator::PKPStateIterator(
1846 const TransportSecurityState& state) 1846 const TransportSecurityState& state)
1847 : iterator_(state.enabled_pkp_hosts_.begin()), 1847 : iterator_(state.enabled_pkp_hosts_.begin()),
1848 end_(state.enabled_pkp_hosts_.end()) { 1848 end_(state.enabled_pkp_hosts_.end()) {
1849 } 1849 }
1850 1850
1851 TransportSecurityState::PKPStateIterator::~PKPStateIterator() { 1851 TransportSecurityState::PKPStateIterator::~PKPStateIterator() {
1852 } 1852 }
1853 1853
1854 } // namespace net 1854 } // namespace net
OLDNEW
« net/data/ssl/name_constrained/README.md ('K') | « net/data/ssl/name_constrained/f375e2f77a108bacc4234894a9af308edeca1acd8fbde0e7aaa9634e9daf7e1c.pem ('k') | net/http/transport_security_state_unittest.cc » ('j') | no next file with comments »

Powered by Google App Engine
This is Rietveld 408576698