1// Copyright (c) 2012 The Chromium Authors. All rights reserved.
2// Use of this source code is governed by a BSD-style license that can be
3// found in the LICENSE file.
4
5#ifndef NET_HTTP_HTTP_SECURITY_HEADERS_H_
6#define NET_HTTP_HTTP_SECURITY_HEADERS_H_
7
8#include <string>
9
10#include "base/basictypes.h"
11#include "base/gtest_prod_util.h"
12#include "base/time/time.h"
13#include "base/values.h"
14#include "net/base/hash_value.h"
15#include "net/base/net_export.h"
16
17namespace net {
18
19const int64 kMaxHSTSAgeSecs = 86400 * 365;  // 1 year
20
21// Parses |value| as a Strict-Transport-Security header value. If successful,
22// returns true and sets |*max_age| and |*include_subdomains|.
23// Otherwise returns false and leaves the output parameters unchanged.
24//
25// value is the right-hand side of:
26//
27// "Strict-Transport-Security" ":"
28//     [ directive ]  *( ";" [ directive ] )
29bool NET_EXPORT_PRIVATE ParseHSTSHeader(const std::string& value,
30                                        base::TimeDelta* max_age,
31                                        bool* include_subdomains);
32
33// Parses |value| as a Public-Key-Pins header value. If successful, returns
34// true and populates the |*max_age|, |*include_subdomains|, and |*hashes|
35// values. Otherwise returns false and leaves the output parameters
36// unchanged.
37//
38// value is the right-hand side of:
39//
40// "Public-Key-Pins" ":"
41//     "max-age" "=" delta-seconds ";"
42//     "pin-" algo "=" base64 [ ";" ... ]
43//     [ ";" "includeSubdomains" ]
44//
45// For this function to return true, the key hashes specified by the HPKP
46// header must pass two additional checks. There MUST be at least one key
47// hash which matches the SSL certificate chain of the current site (as
48// specified by the chain_hashes) parameter. In addition, there MUST be at
49// least one key hash which does NOT match the site's SSL certificate chain
50// (this is the "backup pin").
51bool NET_EXPORT_PRIVATE ParseHPKPHeader(const std::string& value,
52                                        const HashValueVector& chain_hashes,
53                                        base::TimeDelta* max_age,
54                                        bool* include_subdomains,
55                                        HashValueVector* hashes);
56
57}  // namespace net
58
59#endif  // NET_HTTP_HTTP_SECURITY_HEADERS_H_
60