| OLD | NEW |
|---|
| 1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. | 1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. |
| 2 // Use of this source code is governed by a BSD-style license that can be | 2 // Use of this source code is governed by a BSD-style license that can be |
| 3 // found in the LICENSE file. | 3 // found in the LICENSE file. |
| 4 | 4 |
| 5 #include "net/http/transport_security_state.h" | 5 #include "net/http/transport_security_state.h" |
| 6 | 6 |
| 7 #if defined(USE_OPENSSL) | 7 #if defined(USE_OPENSSL) |
| 8 #include <openssl/ecdsa.h> | 8 #include <openssl/ecdsa.h> |
| 9 #include <openssl/ssl.h> | 9 #include <openssl/ssl.h> |
| 10 #else // !defined(USE_OPENSSL) | 10 #else // !defined(USE_OPENSSL) |
| (...skipping 119 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 130 if (i != enabled_hosts_.end()) { | 130 if (i != enabled_hosts_.end()) { |
| 131 enabled_hosts_.erase(i); | 131 enabled_hosts_.erase(i); |
| 132 DirtyNotify(); | 132 DirtyNotify(); |
| 133 return true; | 133 return true; |
| 134 } | 134 } |
| 135 return false; | 135 return false; |
| 136 } | 136 } |
| 137 | 137 |
| 138 bool TransportSecurityState::GetDomainState(const std::string& host, | 138 bool TransportSecurityState::GetDomainState(const std::string& host, |
| 139 bool sni_enabled, | 139 bool sni_enabled, |
| 140 bool allow_dynamic, |
| 140 DomainState* result) { | 141 DomainState* result) { |
| 141 DCHECK(CalledOnValidThread()); | 142 DCHECK(CalledOnValidThread()); |
| 142 | 143 |
| 143 DomainState state; | 144 DomainState state; |
| 144 const std::string canonicalized_host = CanonicalizeHost(host); | 145 const std::string canonicalized_host = CanonicalizeHost(host); |
| 145 if (canonicalized_host.empty()) | 146 if (canonicalized_host.empty()) |
| 146 return false; | 147 return false; |
| 147 | 148 |
| 148 bool has_preload = GetStaticDomainState(canonicalized_host, sni_enabled, | 149 bool has_preload = GetStaticDomainState(canonicalized_host, sni_enabled, |
| 149 &state); | 150 &state); |
| 151 // If |allow_dynamic| is false, then return static state to the caller. |
| 152 if (!allow_dynamic) { |
| 153 if (has_preload) |
| 154 *result = state; |
| 155 return has_preload; |
| 156 } |
| 150 std::string canonicalized_preload = CanonicalizeHost(state.domain); | 157 std::string canonicalized_preload = CanonicalizeHost(state.domain); |
| 151 GetDynamicDomainState(host, &state); | 158 GetDynamicDomainState(host, &state); |
| 152 | 159 |
| 153 base::Time current_time(base::Time::Now()); | 160 base::Time current_time(base::Time::Now()); |
| 154 | 161 |
| 155 for (size_t i = 0; canonicalized_host[i]; i += canonicalized_host[i] + 1) { | 162 for (size_t i = 0; canonicalized_host[i]; i += canonicalized_host[i] + 1) { |
| 156 std::string host_sub_chunk(&canonicalized_host[i], | 163 std::string host_sub_chunk(&canonicalized_host[i], |
| 157 canonicalized_host.size() - i); | 164 canonicalized_host.size() - i); |
| 158 // Exact match of a preload always wins. | 165 // Exact match of a preload always wins. |
| 159 if (has_preload && host_sub_chunk == canonicalized_preload) { | 166 if (has_preload && host_sub_chunk == canonicalized_preload) { |
| (...skipping 669 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 829 void TransportSecurityState::AddOrUpdateEnabledHosts( | 836 void TransportSecurityState::AddOrUpdateEnabledHosts( |
| 830 const std::string& hashed_host, const DomainState& state) { | 837 const std::string& hashed_host, const DomainState& state) { |
| 831 DCHECK(CalledOnValidThread()); | 838 DCHECK(CalledOnValidThread()); |
| 832 enabled_hosts_[hashed_host] = state; | 839 enabled_hosts_[hashed_host] = state; |
| 833 } | 840 } |
| 834 | 841 |
| 835 TransportSecurityState::DomainState::DomainState() | 842 TransportSecurityState::DomainState::DomainState() |
| 836 : upgrade_mode(MODE_DEFAULT), | 843 : upgrade_mode(MODE_DEFAULT), |
| 837 created(base::Time::Now()), | 844 created(base::Time::Now()), |
| 838 sts_include_subdomains(false), | 845 sts_include_subdomains(false), |
| 839 pkp_include_subdomains(false) { | 846 pkp_include_subdomains(false) {} |
| 840 } | |
| 841 | 847 |
| 842 TransportSecurityState::DomainState::~DomainState() { | 848 TransportSecurityState::DomainState::~DomainState() { |
| 843 } | 849 } |
| 844 | 850 |
| 845 bool TransportSecurityState::DomainState::CheckPublicKeyPins( | 851 bool TransportSecurityState::DomainState::CheckPublicKeyPins( |
| 846 const HashValueVector& hashes) const { | 852 const HashValueVector& hashes) const { |
| 847 // Validate that hashes is not empty. By the time this code is called (in | 853 // Validate that hashes is not empty. By the time this code is called (in |
| 848 // production), that should never happen, but it's good to be defensive. | 854 // production), that should never happen, but it's good to be defensive. |
| 849 // And, hashes *can* be empty in some test scenarios. | 855 // And, hashes *can* be empty in some test scenarios. |
| 850 if (hashes.empty()) { | 856 if (hashes.empty()) { |
| (...skipping 34 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 885 return true; | 891 return true; |
| 886 } | 892 } |
| 887 | 893 |
| 888 bool TransportSecurityState::DomainState::HasPublicKeyPins() const { | 894 bool TransportSecurityState::DomainState::HasPublicKeyPins() const { |
| 889 return static_spki_hashes.size() > 0 || | 895 return static_spki_hashes.size() > 0 || |
| 890 bad_static_spki_hashes.size() > 0 || | 896 bad_static_spki_hashes.size() > 0 || |
| 891 dynamic_spki_hashes.size() > 0; | 897 dynamic_spki_hashes.size() > 0; |
| 892 } | 898 } |
| 893 | 899 |
| 894 } // namespace | 900 } // namespace |
| OLD | NEW |
|---|
Chromium Code Reviews
Issue 19269012:
Don't persist HPKP if PrivacyMode is enabled. (Closed)
Base URL: svn://svn.chromium.org/chrome/trunk/src