HSTS: add net-internals UI.

chrome/browser/dom_ui/net_internals_ui.cc

Index: chrome/browser/dom_ui/net_internals_ui.cc
diff --git a/chrome/browser/dom_ui/net_internals_ui.cc b/chrome/browser/dom_ui/net_internals_ui.cc
index 6fe735f1abd444040e13d68c632301323efcae29..b8763e64e9b8b421d29d8b603d2e12ac538e9758 100644
--- a/chrome/browser/dom_ui/net_internals_ui.cc
+++ b/chrome/browser/dom_ui/net_internals_ui.cc
@@ -255,6 +255,9 @@ class NetInternalsMessageHandler::IOThreadImpl
   void OnClearHostResolverCache(const ListValue* list);
   void OnEnableIPv6(const ListValue* list);
   void OnStartConnectionTests(const ListValue* list);
+  void OnHSTSQuery(const ListValue* list);
+  void OnHSTSAdd(const ListValue* list);
+  void OnHSTSDelete(const ListValue* list);
   void OnGetHttpCacheInfo(const ListValue* list);
   void OnGetSocketPoolInfo(const ListValue* list);
   void OnGetSpdySessionInfo(const ListValue* list);
@@ -507,6 +510,15 @@ void NetInternalsMessageHandler::RegisterMessages() {
       "startConnectionTests",
       proxy_->CreateCallback(&IOThreadImpl::OnStartConnectionTests));
   dom_ui_->RegisterMessageCallback(
+      "hstsQuery",
+      proxy_->CreateCallback(&IOThreadImpl::OnHSTSQuery));
+  dom_ui_->RegisterMessageCallback(
+      "hstsAdd",
+      proxy_->CreateCallback(&IOThreadImpl::OnHSTSAdd));
+  dom_ui_->RegisterMessageCallback(
+      "hstsDelete",
+      proxy_->CreateCallback(&IOThreadImpl::OnHSTSDelete));
+  dom_ui_->RegisterMessageCallback(
       "getHttpCacheInfo",
       proxy_->CreateCallback(&IOThreadImpl::OnGetHttpCacheInfo));
   dom_ui_->RegisterMessageCallback(
@@ -954,6 +966,65 @@ void NetInternalsMessageHandler::IOThreadImpl::OnStartConnectionTests(
   connection_tester_->RunAllTests(url);
 }
 
+void NetInternalsMessageHandler::IOThreadImpl::OnHSTSQuery(
+    const ListValue* list) {
+  // |list| should be: [<domain to query>].
+  std::string domain;
+  CHECK(list->GetString(0, &domain));

[eroman, 2011/02/16 20:12:45]

Note that GetString() is going to give you a UTF-8 encoded string --> it is not
necessarily ascii.

Would be good to restrict the inputs to ASCII here, sine the
transportsecuritystate is not prepared to handle unicode.

(it isn't inconceivable that a user might try to enter an IDNA hostname using
unicode).

[agl, 2011/02/16 22:46:22]

Restricted to ASCII.

+  net::TransportSecurityState* transport_security_state =
+    context_getter_->GetURLRequestContext()->transport_security_state();

[eroman, 2011/02/16 20:12:45]

nit: indent by 4.

[agl, 2011/02/16 22:46:22]

Done.

+  if (!transport_security_state)
+    return;

[eroman, 2011/02/16 20:12:45]

I think it would be better to call g_browser.recenvedHSTSResult() with an empty
result. Never responding to the requests could make it look like a hang.

[agl, 2011/02/16 22:46:22]

Now replies with error.

+
+  net::TransportSecurityState::DomainState state;
+  const bool r = transport_security_state->IsEnabledForHost(&state, domain);

[eroman, 2011/02/16 20:12:45]

can you use a more descriptive variable name than "r"?

[agl, 2011/02/16 22:46:22]

Done.

+
+  DictionaryValue* result = new(DictionaryValue);
+  result->SetBoolean("result", r);
+  if (r) {
+    result->SetInteger("mode", static_cast<int>(state.mode));
+    result->SetDouble("created", static_cast<double>(state.created.ToTimeT()));

[eroman, 2011/02/16 20:12:45]

Are you sure this works?

Isn't Chrome representing timestamps internally using Windows Epoch on all
platforms? It is generally better to pass a unix timestamp to the javascript,
since its date functions can deal with that.

Also nit, you can use Time::ToDoubleT() to avoid the cast...

[agl, 2011/02/16 22:46:22]

I didn't end up exposing the timestamps anyway so I've removed this.

+    result->SetDouble("expiry", static_cast<double>(state.expiry.ToTimeT()));
+    result->SetBoolean("subdomains", state.include_subdomains);
+    result->SetBoolean("preloaded", state.preloaded);
+    result->SetString("domain", state.domain);
+  }
+  CallJavascriptFunction(L"g_browser.receivedHSTSResult", result);
+}
+
+void NetInternalsMessageHandler::IOThreadImpl::OnHSTSAdd(
+    const ListValue* list) {
+  // |list| should be: [<domain to query>, <include subdomains>].
+  std::string domain;
+  CHECK(list->GetString(0, &domain));
+  bool include_subdomains;
+  CHECK(list->GetBoolean(1, &include_subdomains));
+
+  net::TransportSecurityState* transport_security_state =
+    context_getter_->GetURLRequestContext()->transport_security_state();

[eroman, 2011/02/16 20:12:45]

indent continued lines by 4.

[agl, 2011/02/16 22:46:22]

Done.

+  if (!transport_security_state)
+    return;
+
+  net::TransportSecurityState::DomainState state;
+  state.expiry = state.created + base::TimeDelta::FromDays(1000);

[eroman, 2011/02/16 20:12:45]

What is the significance of 1000 days?

[agl, 2011/02/16 22:46:22]

It's long enough to be useful basically. This is intended to be used as a cheap
way for sites to test HSTS without risk of breaking users.

+  state.include_subdomains = include_subdomains;
+
+  transport_security_state->EnableHost(domain, state);
+}
+
+void NetInternalsMessageHandler::IOThreadImpl::OnHSTSDelete(
+    const ListValue* list) {
+  // |list| should be: [<domain to query>].
+  std::string domain;
+  CHECK(list->GetString(0, &domain));
+  net::TransportSecurityState* transport_security_state =
+    context_getter_->GetURLRequestContext()->transport_security_state();

[eroman, 2011/02/16 20:12:45]

indent by 4

[agl, 2011/02/16 22:46:22]

Done.

+  if (!transport_security_state)
+    return;
+
+  transport_security_state->DeleteHost(domain);
+}
+
 void NetInternalsMessageHandler::IOThreadImpl::OnGetHttpCacheInfo(
     const ListValue* list) {
   DictionaryValue* info_dict = new DictionaryValue();