blob: 068d73c765d0d10216390fcb1ee83dbe33821303 (
plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
|
// Copyright (c) 2009 The Chromium Authors. All rights reserved.
// Use of this source code is governed by a BSD-style license that can be
// found in the LICENSE file.
#ifndef NET_BASE_FORCE_TLS_STATE_H_
#define NET_BASE_FORCE_TLS_STATE_H_
#include <map>
#include <string>
#include "base/basictypes.h"
#include "base/lock.h"
#include "base/ref_counted.h"
#include "base/time.h"
class GURL;
namespace net {
// ForceTLSState
//
// Tracks which hosts have enabled ForceTLS. After a host enables ForceTLS,
// then we refuse to talk to the host over HTTP, treat all certificate errors as
// fatal, and refuse to load any mixed content.
//
class ForceTLSState : public base::RefCountedThreadSafe<ForceTLSState> {
public:
ForceTLSState();
// Called when we see an X-Force-TLS header that we should process. Modifies
// our state as instructed by the header.
void DidReceiveHeader(const GURL& url, const std::string& value);
// Enable ForceTLS for |host|.
void EnableHost(const std::string& host, base::Time expiry,
bool include_subdomains);
// Returns whether |host| has had ForceTLS enabled.
bool IsEnabledForHost(const std::string& host);
// Returns |true| if |value| parses as a valid X-Force-TLS header value.
// The values of max-age and and includeSubDomains are returned in |max_age|
// and |include_subdomains|, respectively. The out parameters are not
// modified if the function returns |false|.
static bool ParseHeader(const std::string& value,
int* max_age,
bool* include_subdomains);
struct State {
base::Time expiry; // the absolute time (UTC) when this record expires
bool include_subdomains; // subdomains included?
};
class Delegate {
public:
// This function may not block and may be called with internal locks held.
// Thus it must not reenter the ForceTLSState object.
virtual void StateIsDirty(ForceTLSState* state) = 0;
};
void SetDelegate(Delegate*);
bool Serialise(std::string* output);
bool Deserialise(const std::string& state);
private:
// If we have a callback configured, call it to let our serialiser know that
// our state is dirty.
void DirtyNotify();
// The set of hosts that have enabled ForceTLS.
std::map<std::string, State> enabled_hosts_;
// Protect access to our data members with this lock.
Lock lock_;
// Our delegate who gets notified when we are dirtied, or NULL.
Delegate* delegate_;
DISALLOW_COPY_AND_ASSIGN(ForceTLSState);
};
} // namespace net
#endif // NET_BASE_FORCE_TLS_STATE_H_
|
