Revert "Fix broken channel icon in chrome://help on CrOS" and try again
[chromium-blink-merge.git] / net / http / http_security_headers.h
bloba447289009b71bf680b518dbb5015fae7fa9b5cd
1 // Copyright (c) 2012 The Chromium Authors. All rights reserved.
2 // Use of this source code is governed by a BSD-style license that can be
3 // found in the LICENSE file.
5 #ifndef NET_HTTP_HTTP_SECURITY_HEADERS_H_
6 #define NET_HTTP_HTTP_SECURITY_HEADERS_H_
8 #include <string>
10 #include "base/basictypes.h"
11 #include "base/gtest_prod_util.h"
12 #include "base/time/time.h"
13 #include "base/values.h"
14 #include "net/base/hash_value.h"
15 #include "net/base/net_export.h"
17 class GURL;
19 namespace net {
21 const int64 kMaxHSTSAgeSecs = 86400 * 365; // 1 year
23 // Parses |value| as a Strict-Transport-Security header value. If successful,
24 // returns true and sets |*max_age| and |*include_subdomains|.
25 // Otherwise returns false and leaves the output parameters unchanged.
27 // value is the right-hand side of:
29 // "Strict-Transport-Security" ":"
30 // [ directive ] *( ";" [ directive ] )
31 bool NET_EXPORT_PRIVATE ParseHSTSHeader(const std::string& value,
32 base::TimeDelta* max_age,
33 bool* include_subdomains);
35 // Parses |value| as a Public-Key-Pins header value. If successful, returns
36 // true and populates the |*max_age|, |*include_subdomains|, |*hashes|, and
37 // |*report_uri| values. Otherwise returns false and leaves the output
38 // parameters unchanged.
40 // value is the right-hand side of:
42 // "Public-Key-Pins" ":"
43 // "max-age" "=" delta-seconds ";"
44 // "pin-" algo "=" base64 [ ";" ... ]
45 // [ ";" "includeSubdomains" ]
46 // [ ";" "report-uri" "=" uri-reference ]
48 // For this function to return true, the key hashes specified by the HPKP
49 // header must pass two additional checks. There MUST be at least one key
50 // hash which matches the SSL certificate chain of the current site (as
51 // specified by the chain_hashes) parameter. In addition, there MUST be at
52 // least one key hash which does NOT match the site's SSL certificate chain
53 // (this is the "backup pin").
54 bool NET_EXPORT_PRIVATE ParseHPKPHeader(const std::string& value,
55 const HashValueVector& chain_hashes,
56 base::TimeDelta* max_age,
57 bool* include_subdomains,
58 HashValueVector* hashes,
59 GURL* report_uri);
61 // Parses |value| as a Public-Key-Pins-Report-Only header value. If
62 // successful, returns true and populates the |*include_subdomains|,
63 // |*hashes|, and |*report_uri| values. Otherwise returns false and
64 // leaves the output parameters unchanged.
66 // value is the right-hand side of:
68 // "Public-Key-Pins-Report-Only" ":"
69 // [ "max-age" "=" delta-seconds ";" ]
70 // "pin-" algo "=" base64 [ ";" ... ]
71 // [ ";" "includeSubdomains" ]
72 // [ ";" "report-uri" "=" uri-reference ]
74 bool NET_EXPORT_PRIVATE ParseHPKPReportOnlyHeader(const std::string& value,
75 bool* include_subdomains,
76 HashValueVector* hashes,
77 GURL* report_uri);
78 } // namespace net
80 #endif // NET_HTTP_HTTP_SECURITY_HEADERS_H_