| OLD | NEW |
|---|
| 1 // Copyright (c) 2011 The Chromium Authors. All rights reserved. | 1 // Copyright (c) 2011 The Chromium Authors. All rights reserved. |
| 2 // Use of this source code is governed by a BSD-style license that can be | 2 // Use of this source code is governed by a BSD-style license that can be |
| 3 // found in the LICENSE file. | 3 // found in the LICENSE file. |
| 4 | 4 |
| 5 #include "net/base/transport_security_state.h" | 5 #include "net/base/transport_security_state.h" |
| 6 | 6 |
| 7 #include "base/base64.h" | 7 #include "base/base64.h" |
| 8 #include "base/json/json_reader.h" | 8 #include "base/json/json_reader.h" |
| 9 #include "base/json/json_writer.h" | 9 #include "base/json/json_writer.h" |
| 10 #include "base/logging.h" | 10 #include "base/logging.h" |
| 11 #include "base/memory/scoped_ptr.h" | 11 #include "base/memory/scoped_ptr.h" |
| 12 #include "base/sha2.h" | |
| 13 #include "base/string_number_conversions.h" | 12 #include "base/string_number_conversions.h" |
| 14 #include "base/string_tokenizer.h" | 13 #include "base/string_tokenizer.h" |
| 15 #include "base/string_util.h" | 14 #include "base/string_util.h" |
| 16 #include "base/utf_string_conversions.h" | 15 #include "base/utf_string_conversions.h" |
| 17 #include "base/values.h" | 16 #include "base/values.h" |
| 17 #include "crypto/sha2.h" |
| 18 #include "googleurl/src/gurl.h" | 18 #include "googleurl/src/gurl.h" |
| 19 #include "net/base/dns_util.h" | 19 #include "net/base/dns_util.h" |
| 20 | 20 |
| 21 namespace net { | 21 namespace net { |
| 22 | 22 |
| 23 const long int TransportSecurityState::kMaxHSTSAgeSecs = 86400 * 365; // 1 year | 23 const long int TransportSecurityState::kMaxHSTSAgeSecs = 86400 * 365; // 1 year |
| 24 | 24 |
| 25 TransportSecurityState::TransportSecurityState() | 25 TransportSecurityState::TransportSecurityState() |
| 26 : delegate_(NULL) { | 26 : delegate_(NULL) { |
| 27 } | 27 } |
| 28 | 28 |
| 29 void TransportSecurityState::EnableHost(const std::string& host, | 29 void TransportSecurityState::EnableHost(const std::string& host, |
| 30 const DomainState& state) { | 30 const DomainState& state) { |
| 31 const std::string canonicalized_host = CanonicalizeHost(host); | 31 const std::string canonicalized_host = CanonicalizeHost(host); |
| 32 if (canonicalized_host.empty()) | 32 if (canonicalized_host.empty()) |
| 33 return; | 33 return; |
| 34 | 34 |
| 35 bool temp; | 35 bool temp; |
| 36 if (IsPreloadedSTS(canonicalized_host, &temp)) | 36 if (IsPreloadedSTS(canonicalized_host, &temp)) |
| 37 return; | 37 return; |
| 38 | 38 |
| 39 char hashed[base::SHA256_LENGTH]; | 39 char hashed[crypto::SHA256_LENGTH]; |
| 40 base::SHA256HashString(canonicalized_host, hashed, sizeof(hashed)); | 40 crypto::SHA256HashString(canonicalized_host, hashed, sizeof(hashed)); |
| 41 | 41 |
| 42 // Use the original creation date if we already have this host. | 42 // Use the original creation date if we already have this host. |
| 43 DomainState state_copy(state); | 43 DomainState state_copy(state); |
| 44 DomainState existing_state; | 44 DomainState existing_state; |
| 45 if (IsEnabledForHost(&existing_state, host)) | 45 if (IsEnabledForHost(&existing_state, host)) |
| 46 state_copy.created = existing_state.created; | 46 state_copy.created = existing_state.created; |
| 47 | 47 |
| 48 // We don't store these values. | 48 // We don't store these values. |
| 49 state_copy.preloaded = false; | 49 state_copy.preloaded = false; |
| 50 state_copy.domain.clear(); | 50 state_copy.domain.clear(); |
| 51 | 51 |
| 52 enabled_hosts_[std::string(hashed, sizeof(hashed))] = state_copy; | 52 enabled_hosts_[std::string(hashed, sizeof(hashed))] = state_copy; |
| 53 DirtyNotify(); | 53 DirtyNotify(); |
| 54 } | 54 } |
| 55 | 55 |
| 56 bool TransportSecurityState::DeleteHost(const std::string& host) { | 56 bool TransportSecurityState::DeleteHost(const std::string& host) { |
| 57 const std::string canonicalized_host = CanonicalizeHost(host); | 57 const std::string canonicalized_host = CanonicalizeHost(host); |
| 58 if (canonicalized_host.empty()) | 58 if (canonicalized_host.empty()) |
| 59 return false; | 59 return false; |
| 60 | 60 |
| 61 char hashed[base::SHA256_LENGTH]; | 61 char hashed[crypto::SHA256_LENGTH]; |
| 62 base::SHA256HashString(canonicalized_host, hashed, sizeof(hashed)); | 62 crypto::SHA256HashString(canonicalized_host, hashed, sizeof(hashed)); |
| 63 | 63 |
| 64 std::map<std::string, DomainState>::iterator i = enabled_hosts_.find( | 64 std::map<std::string, DomainState>::iterator i = enabled_hosts_.find( |
| 65 std::string(hashed, sizeof(hashed))); | 65 std::string(hashed, sizeof(hashed))); |
| 66 if (i != enabled_hosts_.end()) { | 66 if (i != enabled_hosts_.end()) { |
| 67 enabled_hosts_.erase(i); | 67 enabled_hosts_.erase(i); |
| 68 DirtyNotify(); | 68 DirtyNotify(); |
| 69 return true; | 69 return true; |
| 70 } | 70 } |
| 71 return false; | 71 return false; |
| 72 } | 72 } |
| (...skipping 18 matching lines...) Expand all Loading... |
| 91 result->mode = DomainState::MODE_STRICT; | 91 result->mode = DomainState::MODE_STRICT; |
| 92 result->include_subdomains = include_subdomains; | 92 result->include_subdomains = include_subdomains; |
| 93 result->preloaded = true; | 93 result->preloaded = true; |
| 94 return true; | 94 return true; |
| 95 } | 95 } |
| 96 | 96 |
| 97 result->preloaded = false; | 97 result->preloaded = false; |
| 98 base::Time current_time(base::Time::Now()); | 98 base::Time current_time(base::Time::Now()); |
| 99 | 99 |
| 100 for (size_t i = 0; canonicalized_host[i]; i += canonicalized_host[i] + 1) { | 100 for (size_t i = 0; canonicalized_host[i]; i += canonicalized_host[i] + 1) { |
| 101 char hashed_domain[base::SHA256_LENGTH]; | 101 char hashed_domain[crypto::SHA256_LENGTH]; |
| 102 | 102 |
| 103 base::SHA256HashString(IncludeNUL(&canonicalized_host[i]), &hashed_domain, | 103 crypto::SHA256HashString(IncludeNUL(&canonicalized_host[i]), &hashed_domain, |
| 104 sizeof(hashed_domain)); | 104 sizeof(hashed_domain)); |
| 105 std::map<std::string, DomainState>::iterator j = | 105 std::map<std::string, DomainState>::iterator j = |
| 106 enabled_hosts_.find(std::string(hashed_domain, sizeof(hashed_domain))); | 106 enabled_hosts_.find(std::string(hashed_domain, sizeof(hashed_domain))); |
| 107 if (j == enabled_hosts_.end()) | 107 if (j == enabled_hosts_.end()) |
| 108 continue; | 108 continue; |
| 109 | 109 |
| 110 if (current_time > j->second.expiry) { | 110 if (current_time > j->second.expiry) { |
| 111 enabled_hosts_.erase(j); | 111 enabled_hosts_.erase(j); |
| 112 DirtyNotify(); | 112 DirtyNotify(); |
| 113 continue; | 113 continue; |
| 114 } | 114 } |
| (...skipping 158 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 273 std::string out; | 273 std::string out; |
| 274 CHECK(base::Base64Encode(hashed, &out)); | 274 CHECK(base::Base64Encode(hashed, &out)); |
| 275 return out; | 275 return out; |
| 276 } | 276 } |
| 277 | 277 |
| 278 // This inverts |HashedDomainToExternalString|, above. It turns an external | 278 // This inverts |HashedDomainToExternalString|, above. It turns an external |
| 279 // string (from a JSON file) into an internal (binary) string. | 279 // string (from a JSON file) into an internal (binary) string. |
| 280 static std::string ExternalStringToHashedDomain(const std::string& external) { | 280 static std::string ExternalStringToHashedDomain(const std::string& external) { |
| 281 std::string out; | 281 std::string out; |
| 282 if (!base::Base64Decode(external, &out) || | 282 if (!base::Base64Decode(external, &out) || |
| 283 out.size() != base::SHA256_LENGTH) { | 283 out.size() != crypto::SHA256_LENGTH) { |
| 284 return std::string(); | 284 return std::string(); |
| 285 } | 285 } |
| 286 | 286 |
| 287 return out; | 287 return out; |
| 288 } | 288 } |
| 289 | 289 |
| 290 bool TransportSecurityState::Serialise(std::string* output) { | 290 bool TransportSecurityState::Serialise(std::string* output) { |
| 291 DictionaryValue toplevel; | 291 DictionaryValue toplevel; |
| 292 for (std::map<std::string, DomainState>::const_iterator | 292 for (std::map<std::string, DomainState>::const_iterator |
| 293 i = enabled_hosts_.begin(); i != enabled_hosts_.end(); ++i) { | 293 i = enabled_hosts_.begin(); i != enabled_hosts_.end(); ++i) { |
| (...skipping 199 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 493 *include_subdomains = kPreloadedSTS[j].include_subdomains; | 493 *include_subdomains = kPreloadedSTS[j].include_subdomains; |
| 494 return true; | 494 return true; |
| 495 } | 495 } |
| 496 } | 496 } |
| 497 } | 497 } |
| 498 | 498 |
| 499 return false; | 499 return false; |
| 500 } | 500 } |
| 501 | 501 |
| 502 } // namespace | 502 } // namespace |
| OLD | NEW |
|---|
Chromium Code Reviews
Issue 6805019:
Move crypto files out of base, to a top level directory. (Closed)
Base URL: svn://svn.chromium.org/chrome/trunk/src/