Index: net/http/transport_security_state.h |
diff --git a/net/http/transport_security_state.h b/net/http/transport_security_state.h |
index 364593791455030cc4d5cd37a30b2dc03f3ec6c4..7d42888fd42401808594eb9e857e10e6c8eafd80 100644 |
--- a/net/http/transport_security_state.h |
+++ b/net/http/transport_security_state.h |
@@ -163,6 +163,7 @@ class NET_EXPORT TransportSecurityState |
bool ShouldUpgradeToSSL(const std::string& host, bool sni_enabled); |
bool CheckPublicKeyPins(const std::string& host, |
bool sni_enabled, |
+ bool is_issued_by_known_root, |
const HashValueVector& hashes, |
std::string* failure_log); |
bool HasPublicKeyPins(const std::string& host, bool sni_enabled); |
@@ -267,6 +268,25 @@ class NET_EXPORT TransportSecurityState |
// The maximum number of seconds for which we'll cache an HSTS request. |
static const long int kMaxHSTSAgeSecs; |
+ private: |
+ friend class TransportSecurityStateTest; |
+ FRIEND_TEST_ALL_PREFIXES(HttpSecurityHeadersTest, |
+ UpdateDynamicPKPOnly); |
+ FRIEND_TEST_ALL_PREFIXES(HttpSecurityHeadersTest, |
+ UpdateDynamicPKPMaxAge0); |
+ FRIEND_TEST_ALL_PREFIXES(HttpSecurityHeadersTest, |
+ DISABLED_UpdateDynamicPKPMaxAge0); |
+ FRIEND_TEST_ALL_PREFIXES(HttpSecurityHeadersTest, |
+ NoClobberPins); |
+ |
+ typedef std::map<std::string, DomainState> DomainStateMap; |
+ |
+ // Helper method for actually checking pins. |
+ bool CheckPublicKeyPinsImpl(const std::string& host, |
+ bool sni_enabled, |
+ const HashValueVector& hashes, |
+ std::string* failure_log); |
+ |
// Send an UMA report on pin validation failure, if the host is in a |
// statically-defined list of domains. |
// |
@@ -275,19 +295,12 @@ class NET_EXPORT TransportSecurityState |
// (an implementation detail of this class) with a more generic |
// representation of first-class DomainStates, and exposing the preloads |
// to the caller with |GetStaticDomainState|. |
- static void ReportUMAOnPinFailure(const std::string& host); |
wtc
2014/08/07 22:51:44
Nit: "static" tells me that the method doesn't acc
Ryan Hamilton
2014/08/07 23:19:04
Done.
|
+ void ReportUMAOnPinFailure(const std::string& host) const; |
// IsBuildTimely returns true if the current build is new enough ensure that |
// built in security information (i.e. HSTS preloading and pinning |
// information) is timely. |
- static bool IsBuildTimely(); |
- |
- private: |
- friend class TransportSecurityStateTest; |
- FRIEND_TEST_ALL_PREFIXES(HttpSecurityHeadersTest, |
- UpdateDynamicPKPOnly); |
- |
- typedef std::map<std::string, DomainState> DomainStateMap; |
+ bool IsBuildTimely() const; |
// If a Delegate is present, notify it that the internal state has |
// changed. |
@@ -309,6 +322,9 @@ class NET_EXPORT TransportSecurityState |
Delegate* delegate_; |
+ // True if static pins should be used. |
+ bool enable_static_pinning_; |
+ |
DISALLOW_COPY_AND_ASSIGN(TransportSecurityState); |
}; |