Index: net/http/transport_security_state.h |
diff --git a/net/http/transport_security_state.h b/net/http/transport_security_state.h |
index 364593791455030cc4d5cd37a30b2dc03f3ec6c4..4d49da1b228fe7acb65b6ae77bcf30d926663de5 100644 |
--- a/net/http/transport_security_state.h |
+++ b/net/http/transport_security_state.h |
@@ -163,6 +163,7 @@ class NET_EXPORT TransportSecurityState |
bool ShouldUpgradeToSSL(const std::string& host, bool sni_enabled); |
bool CheckPublicKeyPins(const std::string& host, |
bool sni_enabled, |
+ bool is_issued_by_known_root, |
const HashValueVector& hashes, |
std::string* failure_log); |
bool HasPublicKeyPins(const std::string& host, bool sni_enabled); |
@@ -267,6 +268,14 @@ class NET_EXPORT TransportSecurityState |
// The maximum number of seconds for which we'll cache an HSTS request. |
static const long int kMaxHSTSAgeSecs; |
+ private: |
+ friend class TransportSecurityStateTest; |
+ FRIEND_TEST_ALL_PREFIXES(HttpSecurityHeadersTest, UpdateDynamicPKPOnly); |
+ FRIEND_TEST_ALL_PREFIXES(HttpSecurityHeadersTest, UpdateDynamicPKPMaxAge0); |
+ FRIEND_TEST_ALL_PREFIXES(HttpSecurityHeadersTest, NoClobberPins); |
+ |
+ typedef std::map<std::string, DomainState> DomainStateMap; |
+ |
// Send an UMA report on pin validation failure, if the host is in a |
// statically-defined list of domains. |
// |
@@ -282,12 +291,11 @@ class NET_EXPORT TransportSecurityState |
// information) is timely. |
static bool IsBuildTimely(); |
- private: |
- friend class TransportSecurityStateTest; |
- FRIEND_TEST_ALL_PREFIXES(HttpSecurityHeadersTest, |
- UpdateDynamicPKPOnly); |
- |
- typedef std::map<std::string, DomainState> DomainStateMap; |
+ // Helper method for actually checking pins. |
+ bool CheckPublicKeyPinsImpl(const std::string& host, |
+ bool sni_enabled, |
+ const HashValueVector& hashes, |
+ std::string* failure_log); |
// If a Delegate is present, notify it that the internal state has |
// changed. |
@@ -309,6 +317,9 @@ class NET_EXPORT TransportSecurityState |
Delegate* delegate_; |
+ // True if static pins should be used. |
+ bool enable_static_pins_; |
+ |
DISALLOW_COPY_AND_ASSIGN(TransportSecurityState); |
}; |