net/base/transport_security_state.h - Issue 10825211: Implement SHA-256 fingerprint support

Keyboard Shortcuts

	File
u :	up to issue
j / k :	jump to file after / before current file
J / K :	jump to next file with a comment after / before current file
	Side-by-side diff
i :	toggle intra-line diffs
e :	expand all comments
c :	collapse all comments
s :	toggle showing all comments
n / p :	next / previous diff chunk or comment
N / P :	next / previous comment
<Up> / <Down> :	next / previous line

	Issue
u :	up to list of issues
j / k :	jump to patch after / before current patch
o / <Enter> :	open current patch in side-by-side view
i :	open current patch in unified diff view

	Issue List
j / k :	jump to issue after / before current issue
o / <Enter> :	open current issue

Unified Diff: net/base/transport_security_state.h

Issue 10825211: Implement SHA-256 fingerprint support (Closed) Base URL: svn://svn.chromium.org/chrome/trunk/src/

Patch Set: Created 8 years, 4 months ago

Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.

Jump to:

View side-by-side diff with in-line comments

Download patch

Index: net/base/transport_security_state.h

===================================================================

--- net/base/transport_security_state.h (revision 150170)

+++ net/base/transport_security_state.h (working copy)

@@ -91,9 +91,10 @@

// |bad_static_spki_hashes| contains public keys that we don't want to

// trust.

- bool IsChainOfPublicKeysPermitted(const FingerprintVector& hashes) const;

+ bool IsChainOfPublicKeysPermitted(

+ const std::vector<HashValueVector>& hashes) const;

- // Returns true if any of the FingerprintVectors |static_spki_hashes|,

+ // Returns true if any of the HashValueVectors |static_spki_hashes|,

// |bad_static_spki_hashes|, or |dynamic_spki_hashes| contains any

// items.

bool HasPins() const;

@@ -131,10 +132,10 @@

// |dynamic_spki_hashes| take precedence over |static_spki_hashes|.

// That is, |IsChainOfPublicKeysPermitted| first checks dynamic pins and

// then checks static pins.

- FingerprintVector static_spki_hashes;

+ HashValueVector static_spki_hashes;

// Optional; hashes of dynamically pinned SubjectPublicKeyInfos.

- FingerprintVector dynamic_spki_hashes;

+ HashValueVector dynamic_spki_hashes;

// The absolute time (UTC) when the |dynamic_spki_hashes| expire.

base::Time dynamic_spki_hashes_expiry;

@@ -142,7 +143,7 @@

// Optional; hashes of static known-bad SubjectPublicKeyInfos which

// MUST NOT intersect with the set of SPKIs in the TLS server's

// certificate chain.

- FingerprintVector bad_static_spki_hashes;

+ HashValueVector bad_static_spki_hashes;

// The following members are not valid when stored in |enabled_hosts_|:

@@ -255,7 +256,7 @@

// Decodes a pin string |value| (e.g. "sha1/hvfkN/qlp/zhXR3cuerq6jd2Z7g=").

// If parsing succeeded, updates |*out| and returns true; otherwise returns

// false without updating |*out|.

- static bool ParsePin(const std::string& value, Fingerprint* out);

+ static bool ParsePin(const std::string& value, HashValue* out);

// The maximum number of seconds for which we'll cache an HSTS request.

static const long int kMaxHSTSAgeSecs;

« chrome/browser/net/transport_security_persister_unittest.cc ('K') | « net/base/ssl_info.cc ('k') | net/base/transport_security_state.cc » ('j') | net/base/x509_cert_types.h » ('J')