Revert 113823 - net: move pinning checks into the SSL socket.

net/url_request/url_request_http_job.cc

 // Copyright (c) 2011 The Chromium Authors. All rights reserved.
 // Use of this source code is governed by a BSD-style license that can be
 // found in the LICENSE file.
 
 #include "net/url_request/url_request_http_job.h"
 
 #include "base/base_switches.h"
 #include "base/bind.h"
 #include "base/bind_helpers.h"
+#include "base/build_time.h"
 #include "base/command_line.h"
 #include "base/compiler_specific.h"
 #include "base/file_util.h"
 #include "base/file_version_info.h"
 #include "base/message_loop.h"
 #include "base/metrics/field_trial.h"
 #include "base/metrics/histogram.h"
 #include "base/rand_util.h"
 #include "base/string_util.h"
 #include "base/time.h"
 #include "net/base/cert_status_flags.h"
 #include "net/base/cookie_monster.h"
 #include "net/base/filter.h"
 #include "net/base/host_port_pair.h"
 #include "net/base/load_flags.h"
 #include "net/base/mime_util.h"
 #include "net/base/net_errors.h"
 #include "net/base/net_util.h"
 #include "net/base/network_delegate.h"
 #include "net/base/sdch_manager.h"
 #include "net/base/ssl_cert_request_info.h"
 #include "net/base/ssl_config_service.h"
+#include "net/base/transport_security_state.h"
 #include "net/http/http_mac_signature.h"
 #include "net/http/http_request_headers.h"
 #include "net/http/http_response_headers.h"
 #include "net/http/http_response_info.h"
 #include "net/http/http_transaction.h"
 #include "net/http/http_transaction_factory.h"
 #include "net/http/http_util.h"
 #include "net/url_request/fraudulent_certificate_reporter.h"
 #include "net/url_request/url_request.h"
 #include "net/url_request/url_request_context.h"
@@ skipping 610 matching lines @@
     return;
 
   // If the transaction was destroyed, then the job was cancelled, and
   // we can just ignore this notification.
   if (!transaction_.get())
     return;
 
   // Clear the IO_PENDING status
   SetStatus(URLRequestStatus());
 
-  if (result == ERR_SSL_PINNED_KEY_NOT_IN_CERT_CHAIN &&
-      transaction_->GetResponseInfo() != NULL) {
-    FraudulentCertificateReporter* reporter =
-      context_->fraudulent_certificate_reporter();
-    if (reporter != NULL) {
-      const SSLInfo& ssl_info = transaction_->GetResponseInfo()->ssl_info;
+#if defined(OFFICIAL_BUILD) && !defined(OS_ANDROID)
+  // Take care of any mandates for public key pinning.
+  //
+  // Pinning is only enabled for official builds to make sure that others don't
+  // end up with pins that cannot be easily updated.
+  //
+  // TODO(agl): we might have an issue here where a request for foo.example.com
+  // merges into a SPDY connection to www.example.com, and gets a different
+  // certificate.
+  if (transaction_->GetResponseInfo() != NULL) {
+    const SSLInfo& ssl_info = transaction_->GetResponseInfo()->ssl_info;
+    if (ssl_info.is_valid() &&
+        (result == OK || (IsCertificateError(result) &&
+                          IsCertStatusMinorError(ssl_info.cert_status))) &&
+        ssl_info.is_issued_by_known_root &&
+        context_->transport_security_state()) {
+      TransportSecurityState::DomainState domain_state;
       bool sni_available = SSLConfigService::IsSNIAvailable(
           context_->ssl_config_service());
-      const std::string& host = request_->url().host();
+      std::string host = request_->url().host();
 
-      reporter->SendReport(host, ssl_info, sni_available);
+      if (context_->transport_security_state()->HasPinsForHost(
+              &domain_state, host, sni_available)) {
+        if (!domain_state.IsChainOfPublicKeysPermitted(
+                ssl_info.public_key_hashes)) {
+          const base::Time build_time = base::GetBuildTime();
+          // Pins are not enforced if the build is sufficiently old. Chrome
+          // users should get updates every six weeks or so, but it's possible
+          // that some users will stop getting updates for some reason. We
+          // don't want those users building up as a pool of people with bad
+          // pins.
+          if ((base::Time::Now() - build_time).InDays() < 70 /* 10 weeks */) {
+            result = ERR_SSL_PINNED_KEY_NOT_IN_CERT_CHAIN;
+            UMA_HISTOGRAM_BOOLEAN("Net.PublicKeyPinSuccess", false);
+            TransportSecurityState::ReportUMAOnPinFailure(host);
+            FraudulentCertificateReporter* reporter =
+                context_->fraudulent_certificate_reporter();
+            if (reporter != NULL)
+              reporter->SendReport(host, ssl_info, sni_available);
+          }
+        } else {
+          UMA_HISTOGRAM_BOOLEAN("Net.PublicKeyPinSuccess", true);
+        }
+      }
     }
   }
+#endif
 
   if (result == OK) {
     scoped_refptr<HttpResponseHeaders> headers = GetResponseHeaders();
     if (request_->context() && request_->context()->network_delegate()) {
       // Note that |this| may not be deleted until
       // |on_headers_received_callback_| or
       // |NetworkDelegate::URLRequestDestroyed()| has been called.
       int error = request_->context()->network_delegate()->
           NotifyHeadersReceived(request_, on_headers_received_callback_,
                                 headers, &override_response_headers_);
@@ skipping 719 matching lines @@
   return override_response_headers_.get() ?
       override_response_headers_ :
       transaction_->GetResponseInfo()->headers;
 }
 
 void URLRequestHttpJob::NotifyURLRequestDestroyed() {
   awaiting_callback_ = false;
 }
 
 }  // namespace net