Chromium Code Reviews Chromium Code Reviews
Issue 6793026:
Initial support for HSTS certificate locking. This isn't a finished work, but (Closed)
Base URL: svn://svn.chromium.org/chrome/trunk/src/| OLD | NEW |
|---|---|
| 1 // Copyright (c) 2011 The Chromium Authors. All rights reserved. | 1 // Copyright (c) 2011 The Chromium Authors. All rights reserved. |
| 2 // Use of this source code is governed by a BSD-style license that can be | 2 // Use of this source code is governed by a BSD-style license that can be |
| 3 // found in the LICENSE file. | 3 // found in the LICENSE file. |
| 4 | 4 |
| 5 #include "net/base/transport_security_state.h" | 5 #include "net/base/transport_security_state.h" |
| 6 | 6 |
| 7 #include <set> | |
| 8 | |
| 7 #include "base/base64.h" | 9 #include "base/base64.h" |
| 8 #include "base/json/json_reader.h" | 10 #include "base/json/json_reader.h" |
| 9 #include "base/json/json_writer.h" | 11 #include "base/json/json_writer.h" |
| 10 #include "base/logging.h" | 12 #include "base/logging.h" |
| 11 #include "base/memory/scoped_ptr.h" | 13 #include "base/memory/scoped_ptr.h" |
| 12 #include "base/sha2.h" | 14 #include "base/sha2.h" |
| 13 #include "base/string_number_conversions.h" | 15 #include "base/string_number_conversions.h" |
| 14 #include "base/string_tokenizer.h" | 16 #include "base/string_tokenizer.h" |
| 15 #include "base/string_util.h" | 17 #include "base/string_util.h" |
| 16 #include "base/utf_string_conversions.h" | 18 #include "base/utf_string_conversions.h" |
| 17 #include "base/values.h" | 19 #include "base/values.h" |
| 18 #include "googleurl/src/gurl.h" | 20 #include "googleurl/src/gurl.h" |
| 19 #include "net/base/dns_util.h" | 21 #include "net/base/dns_util.h" |
| 22 #include "net/base/x509_cert_types.h" | |
| 23 #include "net/base/x509_certificate.h" | |
| 20 | 24 |
| 21 namespace net { | 25 namespace net { |
| 22 | 26 |
| 23 const long int TransportSecurityState::kMaxHSTSAgeSecs = 86400 * 365; // 1 year | 27 const long int TransportSecurityState::kMaxHSTSAgeSecs = 86400 * 365; // 1 year |
| 24 | 28 |
| 25 TransportSecurityState::TransportSecurityState() | 29 TransportSecurityState::TransportSecurityState() |
| 26 : delegate_(NULL) { | 30 : delegate_(NULL) { |
| 27 } | 31 } |
| 28 | 32 |
| 29 void TransportSecurityState::EnableHost(const std::string& host, | 33 void TransportSecurityState::EnableHost(const std::string& host, |
| 30 const DomainState& state) { | 34 const DomainState& state) { |
| 31 const std::string canonicalized_host = CanonicalizeHost(host); | 35 const std::string canonicalized_host = CanonicalizeHost(host); |
| 32 if (canonicalized_host.empty()) | 36 if (canonicalized_host.empty()) |
| 33 return; | 37 return; |
| 34 | 38 |
| 39 // TODO(cevans) -- we likely want to permit a host to override a built-in, | |
| 40 // for at least the case where the override is stricter (i.e. includes | |
| 41 // subdomains, or includes cert locks). | |
| 35 bool temp; | 42 bool temp; |
| 36 if (IsPreloadedSTS(canonicalized_host, &temp)) | 43 if (IsPreloadedSTS(canonicalized_host, &temp)) |
| 37 return; | 44 return; |
| 38 | 45 |
| 39 char hashed[base::SHA256_LENGTH]; | 46 char hashed[base::SHA256_LENGTH]; |
| 40 base::SHA256HashString(canonicalized_host, hashed, sizeof(hashed)); | 47 base::SHA256HashString(canonicalized_host, hashed, sizeof(hashed)); |
| 41 | 48 |
| 42 // Use the original creation date if we already have this host. | 49 // Use the original creation date if we already have this host. |
| 43 DomainState state_copy(state); | 50 DomainState state_copy(state); |
| 44 DomainState existing_state; | 51 DomainState existing_state; |
| (...skipping 76 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... | |
| 121 // include_subdomains is. | 128 // include_subdomains is. |
| 122 if (i == 0) | 129 if (i == 0) |
| 123 return true; | 130 return true; |
| 124 | 131 |
| 125 return j->second.include_subdomains; | 132 return j->second.include_subdomains; |
| 126 } | 133 } |
| 127 | 134 |
| 128 return false; | 135 return false; |
| 129 } | 136 } |
| 130 | 137 |
| 138 bool TransportSecurityState::IsAcceptableCertificate(const std::string& host, | |
| 139 X509Certificate* cert) { | |
| 140 DomainState state; | |
| 141 if (!IsEnabledForHost(&state, host)) | |
| 142 return true; | |
| 143 | |
| 144 if (state.cert_locks.empty()) | |
| 145 return true; | |
| 146 | |
| 147 std::set<std::string> fingerprints; | |
| 148 X509Certificate::OSCertHandles cert_chain; | |
| 149 X509Certificate::GetCertChainFromCert(cert->os_cert_handle(), &cert_chain); | |
| 150 { | |
| 151 X509Certificate::OSCertHandles::const_iterator i; | |
| 152 for (i = cert_chain.begin(); i != cert_chain.end(); ++i) { | |
| 153 net::SHA1Fingerprint fingerprint = | |
| 154 X509Certificate::CalculateFingerprint(*i); | |
| 155 std::string hash; | |
| 156 for (size_t i = 0; i < sizeof(fingerprint.data); ++i) | |
| 157 hash += StringPrintf("%02X", fingerprint.data[i]); | |
|
abarth-chromium
2011/04/04 22:49:36
This code looks pretty low-level. Why can't SHA1F
| |
| 158 fingerprints.insert(hash); | |
| 159 } | |
| 160 } | |
| 161 X509Certificate::DestroyCertChain(&cert_chain); | |
| 162 std::vector<std::string>::const_iterator locks_iter; | |
| 163 for (locks_iter = state.cert_locks.begin(); | |
| 164 locks_iter != state.cert_locks.end(); ++locks_iter) { | |
| 165 std::string cert_lock = *locks_iter; | |
| 166 if (fingerprints.find(cert_lock) != fingerprints.end()) | |
| 167 return true; | |
| 168 } | |
| 169 return false; | |
| 170 } | |
| 171 | |
| 131 void TransportSecurityState::DeleteSince(const base::Time& time) { | 172 void TransportSecurityState::DeleteSince(const base::Time& time) { |
| 132 bool dirtied = false; | 173 bool dirtied = false; |
| 133 | 174 |
| 134 std::map<std::string, DomainState>::iterator i = enabled_hosts_.begin(); | 175 std::map<std::string, DomainState>::iterator i = enabled_hosts_.begin(); |
| 135 while (i != enabled_hosts_.end()) { | 176 while (i != enabled_hosts_.end()) { |
| 136 if (i->second.created >= time) { | 177 if (i->second.created >= time) { |
| 137 dirtied = true; | 178 dirtied = true; |
| 138 enabled_hosts_.erase(i++); | 179 enabled_hosts_.erase(i++); |
| 139 } else { | 180 } else { |
| 140 i++; | 181 i++; |
| (...skipping 164 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... | |
| 305 break; | 346 break; |
| 306 case DomainState::MODE_SPDY_ONLY: | 347 case DomainState::MODE_SPDY_ONLY: |
| 307 state->SetString("mode", "spdy-only"); | 348 state->SetString("mode", "spdy-only"); |
| 308 break; | 349 break; |
| 309 default: | 350 default: |
| 310 NOTREACHED() << "DomainState with unknown mode"; | 351 NOTREACHED() << "DomainState with unknown mode"; |
| 311 delete state; | 352 delete state; |
| 312 continue; | 353 continue; |
| 313 } | 354 } |
| 314 | 355 |
| 356 ListValue* locks = new ListValue; | |
| 357 std::vector<std::string>::const_iterator lock_strings; | |
| 358 for (lock_strings = i->second.cert_locks.begin(); | |
| 359 lock_strings != i->second.cert_locks.end(); | |
| 360 ++lock_strings) | |
| 361 locks->Append(new StringValue(*lock_strings)); | |
| 362 state->Set("cert_locks", locks); | |
|
abarth-chromium
2011/04/04 22:49:36
Again, pin is probably a better term.
| |
| 363 | |
| 315 toplevel.Set(HashedDomainToExternalString(i->first), state); | 364 toplevel.Set(HashedDomainToExternalString(i->first), state); |
| 316 } | 365 } |
| 317 | 366 |
| 318 base::JSONWriter::Write(&toplevel, true /* pretty print */, output); | 367 base::JSONWriter::Write(&toplevel, true /* pretty print */, output); |
| 319 return true; | 368 return true; |
| 320 } | 369 } |
| 321 | 370 |
| 322 bool TransportSecurityState::Deserialise(const std::string& input, | 371 bool TransportSecurityState::Deserialise(const std::string& input, |
| 323 bool* dirty) { | 372 bool* dirty) { |
| 324 enabled_hosts_.clear(); | 373 enabled_hosts_.clear(); |
| (...skipping 17 matching lines...) Expand all Loading... | |
| 342 std::string mode_string; | 391 std::string mode_string; |
| 343 double created; | 392 double created; |
| 344 double expiry; | 393 double expiry; |
| 345 | 394 |
| 346 if (!state->GetBoolean("include_subdomains", &include_subdomains) || | 395 if (!state->GetBoolean("include_subdomains", &include_subdomains) || |
| 347 !state->GetString("mode", &mode_string) || | 396 !state->GetString("mode", &mode_string) || |
| 348 !state->GetDouble("expiry", &expiry)) { | 397 !state->GetDouble("expiry", &expiry)) { |
| 349 continue; | 398 continue; |
| 350 } | 399 } |
| 351 | 400 |
| 401 ListValue* locks_list; | |
| 402 std::vector<std::string> cert_locks; | |
| 403 if (state->GetList("cert_locks", &locks_list)) { | |
| 404 size_t num_locks = locks_list->GetSize(); | |
| 405 for (size_t i = 0; i < num_locks; ++i) { | |
| 406 std::string lock_string; | |
| 407 if (locks_list->GetString(i, &lock_string)) | |
| 408 cert_locks.push_back(lock_string); | |
| 409 } | |
| 410 } | |
| 411 | |
| 352 DomainState::Mode mode; | 412 DomainState::Mode mode; |
| 353 if (mode_string == "strict") { | 413 if (mode_string == "strict") { |
| 354 mode = DomainState::MODE_STRICT; | 414 mode = DomainState::MODE_STRICT; |
| 355 } else if (mode_string == "opportunistic") { | 415 } else if (mode_string == "opportunistic") { |
| 356 mode = DomainState::MODE_OPPORTUNISTIC; | 416 mode = DomainState::MODE_OPPORTUNISTIC; |
| 357 } else if (mode_string == "spdy-only") { | 417 } else if (mode_string == "spdy-only") { |
| 358 mode = DomainState::MODE_SPDY_ONLY; | 418 mode = DomainState::MODE_SPDY_ONLY; |
| 359 } else { | 419 } else { |
| 360 LOG(WARNING) << "Unknown TransportSecurityState mode string found: " | 420 LOG(WARNING) << "Unknown TransportSecurityState mode string found: " |
| 361 << mode_string; | 421 << mode_string; |
| (...skipping 11 matching lines...) Expand all Loading... | |
| 373 created_time = base::Time::Now(); | 433 created_time = base::Time::Now(); |
| 374 } | 434 } |
| 375 | 435 |
| 376 if (expiry_time <= current_time) { | 436 if (expiry_time <= current_time) { |
| 377 // Make sure we dirty the state if we drop an entry. | 437 // Make sure we dirty the state if we drop an entry. |
| 378 dirtied = true; | 438 dirtied = true; |
| 379 continue; | 439 continue; |
| 380 } | 440 } |
| 381 | 441 |
| 382 std::string hashed = ExternalStringToHashedDomain(*i); | 442 std::string hashed = ExternalStringToHashedDomain(*i); |
| 383 if (hashed.empty()) | 443 if (hashed.empty()) { |
| 444 dirtied = true; | |
| 384 continue; | 445 continue; |
| 446 } | |
| 385 | 447 |
| 386 DomainState new_state; | 448 DomainState new_state; |
| 387 new_state.mode = mode; | 449 new_state.mode = mode; |
| 388 new_state.created = created_time; | 450 new_state.created = created_time; |
| 389 new_state.expiry = expiry_time; | 451 new_state.expiry = expiry_time; |
| 390 new_state.include_subdomains = include_subdomains; | 452 new_state.include_subdomains = include_subdomains; |
| 453 new_state.cert_locks = cert_locks; | |
| 391 enabled_hosts_[hashed] = new_state; | 454 enabled_hosts_[hashed] = new_state; |
| 392 } | 455 } |
| 393 | 456 |
| 394 *dirty = dirtied; | 457 *dirty = dirtied; |
| 395 return true; | 458 return true; |
| 396 } | 459 } |
| 397 | 460 |
| 398 TransportSecurityState::~TransportSecurityState() { | 461 TransportSecurityState::~TransportSecurityState() { |
| 399 } | 462 } |
| 400 | 463 |
| (...skipping 92 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... | |
| 493 *include_subdomains = kPreloadedSTS[j].include_subdomains; | 556 *include_subdomains = kPreloadedSTS[j].include_subdomains; |
| 494 return true; | 557 return true; |
| 495 } | 558 } |
| 496 } | 559 } |
| 497 } | 560 } |
| 498 | 561 |
| 499 return false; | 562 return false; |
| 500 } | 563 } |
| 501 | 564 |
| 502 } // namespace | 565 } // namespace |
| OLD | NEW |
