Chromium Code Reviews
chromiumcodereview-hr@appspot.gserviceaccount.com (chromiumcodereview-hr) | Please choose your nickname with Settings | Help | Chromium Project | Gerrit Changes | Sign out
(176)

Issues Search
    My Issues | Starred     Open | Closed | All

Unified Diff: net/http/transport_security_state.h

Issue 433123003: Centralize the logic for checking public key pins (Closed) Base URL: svn://svn.chromium.org/chrome/trunk/src
Patch Set: make IsBuildTimely and ReportUMAOnPinFailure static, as per wtc Created 6 years, 4 months ago
Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.
Jump to:
View side-by-side diff with in-line comments
Download patch
« net/http/http_security_headers_unittest.cc ('K') | « net/http/http_security_headers_unittest.cc ('k') | net/http/transport_security_state.cc » ('j') | net/http/transport_security_state.cc » ('J')
Expand Comments ('e') | Collapse Comments ('c') | Show Comments Hide Comments ('s')
Index: net/http/transport_security_state.h
diff --git a/net/http/transport_security_state.h b/net/http/transport_security_state.h
index 364593791455030cc4d5cd37a30b2dc03f3ec6c4..1c20d904dc951c736047a455b2d450fc7f43d5a3 100644
--- a/net/http/transport_security_state.h
+++ b/net/http/transport_security_state.h
@@ -163,6 +163,7 @@ class NET_EXPORT TransportSecurityState
bool ShouldUpgradeToSSL(const std::string& host, bool sni_enabled);
bool CheckPublicKeyPins(const std::string& host,
bool sni_enabled,
+ bool is_issued_by_known_root,
const HashValueVector& hashes,
std::string* failure_log);
bool HasPublicKeyPins(const std::string& host, bool sni_enabled);
@@ -267,6 +268,19 @@ class NET_EXPORT TransportSecurityState
// The maximum number of seconds for which we'll cache an HSTS request.
static const long int kMaxHSTSAgeSecs;
+ private:
+ friend class TransportSecurityStateTest;
+ FRIEND_TEST_ALL_PREFIXES(HttpSecurityHeadersTest,
+ UpdateDynamicPKPOnly);
+ FRIEND_TEST_ALL_PREFIXES(HttpSecurityHeadersTest,
+ UpdateDynamicPKPMaxAge0);
+ FRIEND_TEST_ALL_PREFIXES(HttpSecurityHeadersTest,
+ DISABLED_UpdateDynamicPKPMaxAge0);
+ FRIEND_TEST_ALL_PREFIXES(HttpSecurityHeadersTest,
+ NoClobberPins);
+
+ typedef std::map<std::string, DomainState> DomainStateMap;
+
// Send an UMA report on pin validation failure, if the host is in a
// statically-defined list of domains.
//
@@ -282,12 +296,11 @@ class NET_EXPORT TransportSecurityState
// information) is timely.
static bool IsBuildTimely();
wtc 2014/08/07 23:39:12 In the .cc file, these two methods are defined aft
Ryan Hamilton 2014/08/08 00:54:00 Done.
- private:
- friend class TransportSecurityStateTest;
- FRIEND_TEST_ALL_PREFIXES(HttpSecurityHeadersTest,
- UpdateDynamicPKPOnly);
-
- typedef std::map<std::string, DomainState> DomainStateMap;
+ // Helper method for actually checking pins.
+ bool CheckPublicKeyPinsImpl(const std::string& host,
+ bool sni_enabled,
+ const HashValueVector& hashes,
+ std::string* failure_log);
// If a Delegate is present, notify it that the internal state has
// changed.
@@ -309,6 +322,9 @@ class NET_EXPORT TransportSecurityState
Delegate* delegate_;
+ // True if static pins should be used.
+ bool enable_static_pinning_;
wtc 2014/08/07 23:39:12 Ryan asked you to rename this member "enable_stati
Ryan Hamilton 2014/08/08 00:54:00 Done. Thanks, I missed that.
+
DISALLOW_COPY_AND_ASSIGN(TransportSecurityState);
};
« net/http/http_security_headers_unittest.cc ('K') | « net/http/http_security_headers_unittest.cc ('k') | net/http/transport_security_state.cc » ('j') | net/http/transport_security_state.cc » ('J')

Powered by Google App Engine
This is Rietveld 408576698