1// Copyright (c) 2012 The Chromium Authors. All rights reserved. 2// Use of this source code is governed by a BSD-style license that can be 3// found in the LICENSE file. 4 5#ifndef NET_HTTP_HTTP_SECURITY_HEADERS_H_ 6#define NET_HTTP_HTTP_SECURITY_HEADERS_H_ 7 8#include <string> 9 10#include "base/basictypes.h" 11#include "base/gtest_prod_util.h" 12#include "base/time/time.h" 13#include "base/values.h" 14#include "net/base/hash_value.h" 15#include "net/base/net_export.h" 16 17namespace net { 18 19const int64 kMaxHSTSAgeSecs = 86400 * 365; // 1 year 20 21// Parses |value| as a Strict-Transport-Security header value. If successful, 22// returns true and sets |*max_age| and |*include_subdomains|. 23// Otherwise returns false and leaves the output parameters unchanged. 24// 25// value is the right-hand side of: 26// 27// "Strict-Transport-Security" ":" 28// [ directive ] *( ";" [ directive ] ) 29bool NET_EXPORT_PRIVATE ParseHSTSHeader(const std::string& value, 30 base::TimeDelta* max_age, 31 bool* include_subdomains); 32 33// Parses |value| as a Public-Key-Pins header value. If successful, returns 34// true and populates the |*max_age|, |*include_subdomains|, and |*hashes| 35// values. Otherwise returns false and leaves the output parameters 36// unchanged. 37// 38// value is the right-hand side of: 39// 40// "Public-Key-Pins" ":" 41// "max-age" "=" delta-seconds ";" 42// "pin-" algo "=" base64 [ ";" ... ] 43// [ ";" "includeSubdomains" ] 44// 45// For this function to return true, the key hashes specified by the HPKP 46// header must pass two additional checks. There MUST be at least one key 47// hash which matches the SSL certificate chain of the current site (as 48// specified by the chain_hashes) parameter. In addition, there MUST be at 49// least one key hash which does NOT match the site's SSL certificate chain 50// (this is the "backup pin"). 51bool NET_EXPORT_PRIVATE ParseHPKPHeader(const std::string& value, 52 const HashValueVector& chain_hashes, 53 base::TimeDelta* max_age, 54 bool* include_subdomains, 55 HashValueVector* hashes); 56 57} // namespace net 58 59#endif // NET_HTTP_HTTP_SECURITY_HEADERS_H_ 60