net/http/transport_security_state.h - Issue 433123003: Centralize the logic for checking public key pins

Keyboard Shortcuts

	File
u :	up to issue
j / k :	jump to file after / before current file
J / K :	jump to next file with a comment after / before current file
	Side-by-side diff
i :	toggle intra-line diffs
e :	expand all comments
c :	collapse all comments
s :	toggle showing all comments
n / p :	next / previous diff chunk or comment
N / P :	next / previous comment
<Up> / <Down> :	next / previous line

	Issue
u :	up to list of issues
j / k :	jump to patch after / before current patch
o / <Enter> :	open current patch in side-by-side view
i :	open current patch in unified diff view

	Issue List
j / k :	jump to issue after / before current issue
o / <Enter> :	open current issue

Unified Diff: net/http/transport_security_state.h

Issue 433123003: Centralize the logic for checking public key pins (Closed) Base URL: svn://svn.chromium.org/chrome/trunk/src

Patch Set: final fixes? Hah! Created 6 years, 4 months ago

Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.

Jump to:

View side-by-side diff with in-line comments

Download patch

Index: net/http/transport_security_state.h

diff --git a/net/http/transport_security_state.h b/net/http/transport_security_state.h

index 364593791455030cc4d5cd37a30b2dc03f3ec6c4..b0196e63580223cf04ec1c11e567aefa49571b79 100644

--- a/net/http/transport_security_state.h

+++ b/net/http/transport_security_state.h

@@ -163,6 +163,7 @@ class NET_EXPORT TransportSecurityState

bool ShouldUpgradeToSSL(const std::string& host, bool sni_enabled);

bool CheckPublicKeyPins(const std::string& host,

bool sni_enabled,

+ bool is_issued_by_known_root,

const HashValueVector& hashes,

std::string* failure_log);

bool HasPublicKeyPins(const std::string& host, bool sni_enabled);

@@ -267,6 +268,16 @@ class NET_EXPORT TransportSecurityState

// The maximum number of seconds for which we'll cache an HSTS request.

static const long int kMaxHSTSAgeSecs;

+ private:

+ friend class TransportSecurityStateTest;

+ FRIEND_TEST_ALL_PREFIXES(HttpSecurityHeadersTest, UpdateDynamicPKPOnly);

+ FRIEND_TEST_ALL_PREFIXES(HttpSecurityHeadersTest, UpdateDynamicPKPMaxAge0);

+ FRIEND_TEST_ALL_PREFIXES(HttpSecurityHeadersTest,

+ DISABLED_UpdateDynamicPKPMaxAge0);

+ FRIEND_TEST_ALL_PREFIXES(HttpSecurityHeadersTest, NoClobberPins);

+ typedef std::map<std::string, DomainState> DomainStateMap;

// Send an UMA report on pin validation failure, if the host is in a

// statically-defined list of domains.

@@ -282,12 +293,11 @@ class NET_EXPORT TransportSecurityState

// information) is timely.

static bool IsBuildTimely();

- private:

- friend class TransportSecurityStateTest;

- FRIEND_TEST_ALL_PREFIXES(HttpSecurityHeadersTest,

- UpdateDynamicPKPOnly);

- typedef std::map<std::string, DomainState> DomainStateMap;

+ // Helper method for actually checking pins.

+ bool CheckPublicKeyPinsImpl(const std::string& host,

+ bool sni_enabled,

+ const HashValueVector& hashes,

+ std::string* failure_log);

// If a Delegate is present, notify it that the internal state has

// changed.

@@ -309,6 +319,9 @@ class NET_EXPORT TransportSecurityState

Delegate* delegate_;

+ // True if static pins should be used.

+ bool enable_static_pins_;

DISALLOW_COPY_AND_ASSIGN(TransportSecurityState);

};

« no previous file with comments | « net/http/http_security_headers_unittest.cc ('k') | net/http/transport_security_state.cc » ('j') | net/http/transport_security_state.cc » ('J')