| OLD | NEW |
|---|
| 1 // Copyright (c) 2011 The Chromium Authors. All rights reserved. | 1 // Copyright (c) 2011 The Chromium Authors. All rights reserved. |
| 2 // Use of this source code is governed by a BSD-style license that can be | 2 // Use of this source code is governed by a BSD-style license that can be |
| 3 // found in the LICENSE file. | 3 // found in the LICENSE file. |
| 4 | 4 |
| 5 #include "net/base/transport_security_state.h" | 5 #include "net/base/transport_security_state.h" |
| 6 | 6 |
| 7 #include "base/base64.h" | 7 #include "base/base64.h" |
| 8 #include "base/json/json_reader.h" | 8 #include "base/json/json_reader.h" |
| 9 #include "base/json/json_writer.h" | 9 #include "base/json/json_writer.h" |
| 10 #include "base/logging.h" | 10 #include "base/logging.h" |
| 11 #include "base/memory/scoped_ptr.h" | 11 #include "base/memory/scoped_ptr.h" |
| 12 #include "base/sha2.h" | |
| 13 #include "base/string_number_conversions.h" | 12 #include "base/string_number_conversions.h" |
| 14 #include "base/string_tokenizer.h" | 13 #include "base/string_tokenizer.h" |
| 15 #include "base/string_util.h" | 14 #include "base/string_util.h" |
| 16 #include "base/utf_string_conversions.h" | 15 #include "base/utf_string_conversions.h" |
| 17 #include "base/values.h" | 16 #include "base/values.h" |
| 17 #include "crypto/sha2.h" |
| 18 #include "googleurl/src/gurl.h" | 18 #include "googleurl/src/gurl.h" |
| 19 #include "net/base/dns_util.h" | 19 #include "net/base/dns_util.h" |
| 20 | 20 |
| 21 namespace net { | 21 namespace net { |
| 22 | 22 |
| 23 const long int TransportSecurityState::kMaxHSTSAgeSecs = 86400 * 365; // 1 year | 23 const long int TransportSecurityState::kMaxHSTSAgeSecs = 86400 * 365; // 1 year |
| 24 | 24 |
| 25 TransportSecurityState::TransportSecurityState() | 25 TransportSecurityState::TransportSecurityState() |
| 26 : delegate_(NULL) { | 26 : delegate_(NULL) { |
| 27 } | 27 } |
| 28 | 28 |
| 29 void TransportSecurityState::EnableHost(const std::string& host, | 29 void TransportSecurityState::EnableHost(const std::string& host, |
| 30 const DomainState& state) { | 30 const DomainState& state) { |
| 31 const std::string canonicalized_host = CanonicalizeHost(host); | 31 const std::string canonicalized_host = CanonicalizeHost(host); |
| 32 if (canonicalized_host.empty()) | 32 if (canonicalized_host.empty()) |
| 33 return; | 33 return; |
| 34 | 34 |
| 35 bool temp; | 35 bool temp; |
| 36 if (IsPreloadedSTS(canonicalized_host, true, &temp)) | 36 if (IsPreloadedSTS(canonicalized_host, true, &temp)) |
| 37 return; | 37 return; |
| 38 | 38 |
| 39 char hashed[base::SHA256_LENGTH]; | 39 char hashed[crypto::SHA256_LENGTH]; |
| 40 base::SHA256HashString(canonicalized_host, hashed, sizeof(hashed)); | 40 crypto::SHA256HashString(canonicalized_host, hashed, sizeof(hashed)); |
| 41 | 41 |
| 42 // Use the original creation date if we already have this host. | 42 // Use the original creation date if we already have this host. |
| 43 DomainState state_copy(state); | 43 DomainState state_copy(state); |
| 44 DomainState existing_state; | 44 DomainState existing_state; |
| 45 if (IsEnabledForHost(&existing_state, host, true)) | 45 if (IsEnabledForHost(&existing_state, host, true)) |
| 46 state_copy.created = existing_state.created; | 46 state_copy.created = existing_state.created; |
| 47 | 47 |
| 48 // We don't store these values. | 48 // We don't store these values. |
| 49 state_copy.preloaded = false; | 49 state_copy.preloaded = false; |
| 50 state_copy.domain.clear(); | 50 state_copy.domain.clear(); |
| 51 | 51 |
| 52 enabled_hosts_[std::string(hashed, sizeof(hashed))] = state_copy; | 52 enabled_hosts_[std::string(hashed, sizeof(hashed))] = state_copy; |
| 53 DirtyNotify(); | 53 DirtyNotify(); |
| 54 } | 54 } |
| 55 | 55 |
| 56 bool TransportSecurityState::DeleteHost(const std::string& host) { | 56 bool TransportSecurityState::DeleteHost(const std::string& host) { |
| 57 const std::string canonicalized_host = CanonicalizeHost(host); | 57 const std::string canonicalized_host = CanonicalizeHost(host); |
| 58 if (canonicalized_host.empty()) | 58 if (canonicalized_host.empty()) |
| 59 return false; | 59 return false; |
| 60 | 60 |
| 61 char hashed[base::SHA256_LENGTH]; | 61 char hashed[crypto::SHA256_LENGTH]; |
| 62 base::SHA256HashString(canonicalized_host, hashed, sizeof(hashed)); | 62 crypto::SHA256HashString(canonicalized_host, hashed, sizeof(hashed)); |
| 63 | 63 |
| 64 std::map<std::string, DomainState>::iterator i = enabled_hosts_.find( | 64 std::map<std::string, DomainState>::iterator i = enabled_hosts_.find( |
| 65 std::string(hashed, sizeof(hashed))); | 65 std::string(hashed, sizeof(hashed))); |
| 66 if (i != enabled_hosts_.end()) { | 66 if (i != enabled_hosts_.end()) { |
| 67 enabled_hosts_.erase(i); | 67 enabled_hosts_.erase(i); |
| 68 DirtyNotify(); | 68 DirtyNotify(); |
| 69 return true; | 69 return true; |
| 70 } | 70 } |
| 71 return false; | 71 return false; |
| 72 } | 72 } |
| (...skipping 19 matching lines...) Expand all Loading... |
| 92 result->mode = DomainState::MODE_STRICT; | 92 result->mode = DomainState::MODE_STRICT; |
| 93 result->include_subdomains = include_subdomains; | 93 result->include_subdomains = include_subdomains; |
| 94 result->preloaded = true; | 94 result->preloaded = true; |
| 95 return true; | 95 return true; |
| 96 } | 96 } |
| 97 | 97 |
| 98 result->preloaded = false; | 98 result->preloaded = false; |
| 99 base::Time current_time(base::Time::Now()); | 99 base::Time current_time(base::Time::Now()); |
| 100 | 100 |
| 101 for (size_t i = 0; canonicalized_host[i]; i += canonicalized_host[i] + 1) { | 101 for (size_t i = 0; canonicalized_host[i]; i += canonicalized_host[i] + 1) { |
| 102 char hashed_domain[base::SHA256_LENGTH]; | 102 char hashed_domain[crypto::SHA256_LENGTH]; |
| 103 | 103 |
| 104 base::SHA256HashString(IncludeNUL(&canonicalized_host[i]), &hashed_domain, | 104 crypto::SHA256HashString(IncludeNUL(&canonicalized_host[i]), &hashed_domain, |
| 105 sizeof(hashed_domain)); | 105 sizeof(hashed_domain)); |
| 106 std::map<std::string, DomainState>::iterator j = | 106 std::map<std::string, DomainState>::iterator j = |
| 107 enabled_hosts_.find(std::string(hashed_domain, sizeof(hashed_domain))); | 107 enabled_hosts_.find(std::string(hashed_domain, sizeof(hashed_domain))); |
| 108 if (j == enabled_hosts_.end()) | 108 if (j == enabled_hosts_.end()) |
| 109 continue; | 109 continue; |
| 110 | 110 |
| 111 if (current_time > j->second.expiry) { | 111 if (current_time > j->second.expiry) { |
| 112 enabled_hosts_.erase(j); | 112 enabled_hosts_.erase(j); |
| 113 DirtyNotify(); | 113 DirtyNotify(); |
| 114 continue; | 114 continue; |
| 115 } | 115 } |
| (...skipping 158 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 274 std::string out; | 274 std::string out; |
| 275 CHECK(base::Base64Encode(hashed, &out)); | 275 CHECK(base::Base64Encode(hashed, &out)); |
| 276 return out; | 276 return out; |
| 277 } | 277 } |
| 278 | 278 |
| 279 // This inverts |HashedDomainToExternalString|, above. It turns an external | 279 // This inverts |HashedDomainToExternalString|, above. It turns an external |
| 280 // string (from a JSON file) into an internal (binary) string. | 280 // string (from a JSON file) into an internal (binary) string. |
| 281 static std::string ExternalStringToHashedDomain(const std::string& external) { | 281 static std::string ExternalStringToHashedDomain(const std::string& external) { |
| 282 std::string out; | 282 std::string out; |
| 283 if (!base::Base64Decode(external, &out) || | 283 if (!base::Base64Decode(external, &out) || |
| 284 out.size() != base::SHA256_LENGTH) { | 284 out.size() != crypto::SHA256_LENGTH) { |
| 285 return std::string(); | 285 return std::string(); |
| 286 } | 286 } |
| 287 | 287 |
| 288 return out; | 288 return out; |
| 289 } | 289 } |
| 290 | 290 |
| 291 bool TransportSecurityState::Serialise(std::string* output) { | 291 bool TransportSecurityState::Serialise(std::string* output) { |
| 292 DictionaryValue toplevel; | 292 DictionaryValue toplevel; |
| 293 for (std::map<std::string, DomainState>::const_iterator | 293 for (std::map<std::string, DomainState>::const_iterator |
| 294 i = enabled_hosts_.begin(); i != enabled_hosts_.end(); ++i) { | 294 i = enabled_hosts_.begin(); i != enabled_hosts_.end(); ++i) { |
| (...skipping 223 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 518 return true; | 518 return true; |
| 519 } | 519 } |
| 520 } | 520 } |
| 521 } | 521 } |
| 522 } | 522 } |
| 523 | 523 |
| 524 return false; | 524 return false; |
| 525 } | 525 } |
| 526 | 526 |
| 527 } // namespace | 527 } // namespace |
| OLD | NEW |
|---|
Chromium Code Reviews
Issue 6805019:
Move crypto files out of base, to a top level directory. (Closed)
Base URL: svn://svn.chromium.org/chrome/trunk/src/