Refactor TransportSecurityState.

net/base/transport_security_state.cc

 // Copyright (c) 2012 The Chromium Authors. All rights reserved.
 // Use of this source code is governed by a BSD-style license that can be
 // found in the LICENSE file.
 
 #include "net/base/transport_security_state.h"
 
 #if defined(USE_OPENSSL)
 #include <openssl/ecdsa.h>
 #include <openssl/ssl.h>
 #else  // !defined(USE_OPENSSL)
 #include <cryptohi.h>
 #include <hasht.h>
 #include <keyhi.h>
 #include <pk11pub.h>
 #include <nspr.h>
 #endif
 
 #include <algorithm>
 #include <utility>
 
 #include "base/base64.h"
-#include "base/json/json_reader.h"
-#include "base/json/json_writer.h"
 #include "base/logging.h"
 #include "base/memory/scoped_ptr.h"
 #include "base/metrics/histogram.h"
 #include "base/sha1.h"
 #include "base/string_number_conversions.h"
 #include "base/string_tokenizer.h"
 #include "base/string_util.h"
 #include "base/time.h"
 #include "base/utf_string_conversions.h"
 #include "base/values.h"
 #include "crypto/sha2.h"
 #include "googleurl/src/gurl.h"
-#include "net/base/asn1_util.h"
 #include "net/base/dns_util.h"
 #include "net/base/public_key_hashes.h"
 #include "net/base/ssl_info.h"
 #include "net/base/x509_certificate.h"
 #include "net/http/http_util.h"
 
 #if defined(USE_OPENSSL)
 #include "crypto/openssl_util.h"
 #endif
 
 namespace net {
 
 const long int TransportSecurityState::kMaxHSTSAgeSecs = 86400 * 365;  // 1 year
 
+/* XXX

[Ryan Sleevi, 2012/03/28 00:50:32]

Delete?

[palmer, 2012/04/10 23:25:51]

Done.

 TransportSecurityState::TransportSecurityState(const std::string& hsts_hosts)
     : delegate_(NULL) {
   if (!hsts_hosts.empty()) {
     bool dirty;
     Deserialise(hsts_hosts, &dirty, &forced_hosts_);
   }
-}
+}*/
 
 static std::string HashHost(const std::string& canonicalized_host) {
   char hashed[crypto::kSHA256Length];
   crypto::SHA256HashString(canonicalized_host, hashed, sizeof(hashed));
   return std::string(hashed, sizeof(hashed));
 }
 
+TransportSecurityState::TransportSecurityState(
+    TransportSecurityState::Delegate* delegate)
+  : delegate_(delegate) { }
+
+TransportSecurityState::TransportSecurityState()
+  : delegate_(NULL) { }
+
 void TransportSecurityState::SetDelegate(
     TransportSecurityState::Delegate* delegate) {
   delegate_ = delegate;
 }
 
 void TransportSecurityState::EnableHost(const std::string& host,
                                         const DomainState& state) {
   DCHECK(CalledOnValidThread());
 
   const std::string canonicalized_host = CanonicalizeHost(host);
   if (canonicalized_host.empty())
     return;
 
+  DomainState existing_state;
+
   // Only override a preloaded state if the new state describes a more strict
   // policy. TODO(palmer): Reconsider this?
-  DomainState existing_state;
-  if (IsPreloadedSTS(canonicalized_host, true, &existing_state) &&
+  /*if (GetStaticDomainState(canonicalized_host, true, &existing_state) &&
       canonicalized_host == CanonicalizeHost(existing_state.domain) &&
       existing_state.IsMoreStrict(state)) {
     return;
-  }
+  }*/

[Ryan Sleevi, 2012/03/28 00:50:32]

Delete?

[palmer, 2012/04/10 23:25:51]

Done.

 
   // Use the original creation date if we already have this host.
   DomainState state_copy(state);
-  if (GetDomainState(&existing_state, host, true) &&
+  if (GetDomainState(host, true, &existing_state) &&

[Ryan Sleevi, 2012/03/28 00:50:32]

nit: GetDomainState(host, true /*sni_enabled*/, &existing_state) ?

It's not obvious why calling with |sni_enabled| should be true for EnableHost,
so perhaps you could expand on the comment as well.

[palmer, 2012/04/10 23:25:51]

It doesn't really matter, since statically-defined states will have null created
dates. But for that reason, we might as well not search the SNI-only static
states. Added a comment to that effect.

       !existing_state.created.is_null()) {
     state_copy.created = existing_state.created;
   }
 
-  // We don't store these values.
-  state_copy.preloaded = false;
+  // We don't store this value.

[Ryan Sleevi, 2012/03/28 00:50:32]

nit: Drop the "we", expand on why this value isn't appropriate to be stored.

[palmer, 2012/04/10 23:25:51]

Done.

   state_copy.domain.clear();
 
   enabled_hosts_[HashHost(canonicalized_host)] = state_copy;
   DirtyNotify();
 }
 
 bool TransportSecurityState::DeleteHost(const std::string& host) {
   DCHECK(CalledOnValidThread());
 
   const std::string canonicalized_host = CanonicalizeHost(host);
   if (canonicalized_host.empty())
     return false;
 
   std::map<std::string, DomainState>::iterator i = enabled_hosts_.find(
       HashHost(canonicalized_host));
   if (i != enabled_hosts_.end()) {
     enabled_hosts_.erase(i);
     DirtyNotify();
     return true;
   }
   return false;
 }
 
-bool TransportSecurityState::HasPinsForHost(DomainState* result,
-                                            const std::string& host,
-                                            bool sni_available) {
-  DCHECK(CalledOnValidThread());
-
-  return HasMetadata(result, host, sni_available) &&
-      (!result->dynamic_spki_hashes.empty() ||
-       !result->preloaded_spki_hashes.empty());
-}
-
-bool TransportSecurityState::GetDomainState(DomainState* result,
-                                            const std::string& host,
-                                            bool sni_available) {
-  DCHECK(CalledOnValidThread());
-
-  return HasMetadata(result, host, sni_available);
-}
-
-bool TransportSecurityState::HasMetadata(DomainState* result,
-                                         const std::string& host,
-                                         bool sni_available) {
+bool TransportSecurityState::GetDomainState(const std::string& host,
+                                            bool sni_enabled,
+                                            DomainState* result) {
   DCHECK(CalledOnValidThread());
 
   DomainState state;
   const std::string canonicalized_host = CanonicalizeHost(host);
   if (canonicalized_host.empty())
     return false;
 
-  bool has_preload = IsPreloadedSTS(canonicalized_host, sni_available, &state);
+  bool has_preload = GetStaticDomainState(canonicalized_host, sni_enabled,
+                                          &state);
   std::string canonicalized_preload = CanonicalizeHost(state.domain);
 
   base::Time current_time(base::Time::Now());
 
   for (size_t i = 0; canonicalized_host[i]; i += canonicalized_host[i] + 1) {
     std::string host_sub_chunk(&canonicalized_host[i],
                                canonicalized_host.size() - i);
     // Exact match of a preload always wins.
     if (has_preload && host_sub_chunk == canonicalized_preload) {
       *result = state;
       return true;
     }
 
     std::map<std::string, DomainState>::iterator j =
         enabled_hosts_.find(HashHost(host_sub_chunk));
     if (j == enabled_hosts_.end())
       continue;
 
-    if (current_time > j->second.expiry &&
+    if (current_time > j->second.upgrade_expiry &&
         current_time > j->second.dynamic_spki_hashes_expiry) {
       enabled_hosts_.erase(j);
       DirtyNotify();
       continue;
     }
 
     state = j->second;
     state.domain = DNSDomainToString(host_sub_chunk);
 
     // Succeed if we matched the domain exactly or if subdomain matches are
@@ skipping 107 matching lines @@
   if (!base::Base64Decode(unquoted, &decoded) ||
       decoded.size() != arraysize(fp.data)) {
     return false;
   }
 
   memcpy(fp.data, decoded.data(), arraysize(fp.data));
   fingerprints->push_back(fp);
   return true;
 }
 
-// static
-bool TransportSecurityState::GetPublicKeyHash(
-    const X509Certificate& cert, SHA1Fingerprint* spki_hash) {
-  std::string der_bytes;
-  if (!X509Certificate::GetDEREncoded(cert.os_cert_handle(), &der_bytes))
-    return false;
-
-  base::StringPiece spki;
-  if (!asn1::ExtractSPKIFromDERCert(der_bytes, &spki))
-    return false;
-
-  base::SHA1HashBytes(reinterpret_cast<const unsigned char*>(spki.data()),
-                      spki.size(), spki_hash->data);
-
-  return true;
-}
-
 struct FingerprintsEqualPredicate {
   explicit FingerprintsEqualPredicate(const SHA1Fingerprint& fingerprint) :
       fingerprint_(fingerprint) {}
 
   bool operator()(const SHA1Fingerprint& other) const {
     return fingerprint_.Equals(other);
   }
 
   const SHA1Fingerprint& fingerprint_;
 };
@@ skipping 40 matching lines @@
   const FingerprintVector& from_cert_chain = ssl_info.public_key_hashes;
   if (from_cert_chain.empty())
     return false;
 
   return IsBackupPinPresent(pins, from_cert_chain) &&
       HashesIntersect(pins, from_cert_chain);
 }
 
 // "Public-Key-Pins" ":"
 //     "max-age" "=" delta-seconds ";"
 //     "pin-" algo "=" base64 [ ";" ... ]

[Ryan Sleevi, 2012/03/28 00:50:32]

Update the ABNF for -01.

[palmer, 2012/04/10 23:25:51]

Done.

-//
-// static
-bool TransportSecurityState::ParsePinsHeader(const std::string& value,
-                                             const SSLInfo& ssl_info,
-                                             DomainState* state) {
+bool TransportSecurityState::DomainState::ParsePinsHeader(
+    const base::Time& now,
+    const std::string& value,
+    const SSLInfo& ssl_info) {
   bool parsed_max_age = false;
-  int max_age = 0;
+  int max_age_candidate = 0;
   FingerprintVector pins;
 
   std::string source = value;
 
   while (!source.empty()) {
     StringPair semicolon = Split(source, ';');
     semicolon.first = Strip(semicolon.first);
     semicolon.second = Strip(semicolon.second);
     StringPair equals = Split(semicolon.first, '=');
     equals.first = Strip(equals.first);
     equals.second = Strip(equals.second);
 
     if (LowerCaseEqualsASCII(equals.first, "max-age")) {
       if (equals.second.empty() ||
-          !MaxAgeToInt(equals.second.begin(), equals.second.end(), &max_age)) {
+          !MaxAgeToInt(equals.second.begin(), equals.second.end(),
+                       &max_age_candidate)) {
         return false;
       }
-      if (max_age > kMaxHSTSAgeSecs)
-        max_age = kMaxHSTSAgeSecs;
+      if (max_age_candidate > kMaxHSTSAgeSecs)
+        max_age_candidate = kMaxHSTSAgeSecs;
       parsed_max_age = true;
     } else if (LowerCaseEqualsASCII(equals.first, "pin-sha1")) {
       if (!ParseAndAppendPin(equals.second, &pins))
         return false;
     } else if (LowerCaseEqualsASCII(equals.first, "pin-sha256")) {
       // TODO(palmer)
     } else {
       // Silently ignore unknown directives for forward compatibility.
     }
 
     source = semicolon.second;
   }
 
   if (!parsed_max_age || !IsPinListValid(pins, ssl_info))
     return false;
 
-  state->max_age = max_age;
-  state->dynamic_spki_hashes_expiry =
-      base::Time::Now() + base::TimeDelta::FromSeconds(max_age);
+  dynamic_spki_hashes_expiry =
+      now + base::TimeDelta::FromSeconds(max_age_candidate);
 
-  state->dynamic_spki_hashes.clear();
-  if (max_age > 0) {
+  dynamic_spki_hashes.clear();
+  if (max_age_candidate > 0) {
     for (FingerprintVector::const_iterator i = pins.begin();
-         i != pins.end(); i++) {
-      state->dynamic_spki_hashes.push_back(*i);
+         i != pins.end(); ++i) {
+      dynamic_spki_hashes.push_back(*i);
     }
   }
 
   return true;
 }
 
 // "Strict-Transport-Security" ":"
 //     "max-age" "=" delta-seconds [ ";" "includeSubDomains" ]

[Ryan Sleevi, 2012/03/28 00:50:32]

Definitely update this guy

[palmer, 2012/04/10 23:25:51]

What is wrong about this comment, other than being merely one example?

http://tools.ietf.org/html/draft-ietf-websec-strict-transport-sec-06#section-6.1

I'll leave it to abarth to update the comment if he updates the parser.

-//
-// static
-bool TransportSecurityState::ParseHeader(const std::string& value,
-                                         int* max_age,
-                                         bool* include_subdomains) {
-  DCHECK(max_age);
-  DCHECK(include_subdomains);
-
+bool TransportSecurityState::DomainState::ParseSTSHeader(
+    const base::Time& now,
+    const std::string& value) {
   int max_age_candidate = 0;
 
   enum ParserState {
     START,
     AFTER_MAX_AGE_LABEL,
     AFTER_MAX_AGE_EQUALS,
     AFTER_MAX_AGE,
     AFTER_MAX_AGE_INCLUDE_SUB_DOMAINS_DELIMITER,
     AFTER_INCLUDE_SUBDOMAINS,
   } state = START;
@@ skipping 56 matching lines @@
     }
   }
 
   // We've consumed all the input.  Let's see what state we ended up in.
   switch (state) {
     case START:
     case AFTER_MAX_AGE_LABEL:
     case AFTER_MAX_AGE_EQUALS:
       return false;
     case AFTER_MAX_AGE:
-      *max_age = max_age_candidate;
-      *include_subdomains = false;
+      upgrade_expiry =
+          now + base::TimeDelta::FromSeconds(max_age_candidate);
+      include_subdomains = false;
+      upgrade_mode = MODE_FORCE_HTTPS;
       return true;
     case AFTER_MAX_AGE_INCLUDE_SUB_DOMAINS_DELIMITER:
       return false;
     case AFTER_INCLUDE_SUBDOMAINS:
-      *max_age = max_age_candidate;
-      *include_subdomains = true;
+      upgrade_expiry =
+          now + base::TimeDelta::FromSeconds(max_age_candidate);
+      include_subdomains = true;
+      upgrade_mode = MODE_FORCE_HTTPS;
       return true;
     default:
       NOTREACHED();
       return false;
   }
 }
 
-// Side pinning and superfluous certificates:
-//
-// In SSLClientSocketNSS::DoVerifyCertComplete we look for certificates with a
-// Subject of CN=meta. When we find one we'll currently try and parse side
-// pinned key from it.
-//
-// A side pin is a key which can be pinned to, but also can be kept offline and
-// still held by the site owner. The CN=meta certificate is just a backwards
-// compatiable method of carrying a lump of bytes to the client. (We could use
-// a TLS extension just as well, but it's a lot easier for admins to add extra
-// certificates to the chain.)
-
-// A TagMap represents the simple key-value structure that we use. Keys are
-// 32-bit ints. Values are byte strings.
-typedef std::map<uint32, base::StringPiece> TagMap;
-
-// ParseTags parses a list of key-value pairs from |in| to |out| and advances
-// |in| past the data. The key-value pair data is:
-//   u16le num_tags
-//   u32le tag[num_tags]
-//   u16le lengths[num_tags]
-//   ...data...
-static bool ParseTags(base::StringPiece* in, TagMap *out) {
-  // Many part of Chrome already assume little-endian. This is just to help
-  // anyone who should try to port it in the future.
-#if defined(__BYTE_ORDER)
-  // Linux check
-  COMPILE_ASSERT(__BYTE_ORDER == __LITTLE_ENDIAN, assumes_little_endian);
-#elif defined(__BIG_ENDIAN__)
-  // Mac check
-  #error assumes little endian
-#endif
-
-  uint16 num_tags_16;
-  if (in->size() < sizeof(num_tags_16))
-    return false;
-
-  memcpy(&num_tags_16, in->data(), sizeof(num_tags_16));
-  in->remove_prefix(sizeof(num_tags_16));
-  unsigned num_tags = num_tags_16;
-
-  if (in->size() < 6 * num_tags)
-    return false;
-
-  const uint32* tags = reinterpret_cast<const uint32*>(in->data());
-  const uint16* lens = reinterpret_cast<const uint16*>(
-      in->data() + 4*num_tags);
-  in->remove_prefix(6*num_tags);
-
-  uint32 prev_tag = 0;
-  for (unsigned i = 0; i < num_tags; i++) {
-    size_t len = lens[i];
-    uint32 tag = tags[i];
-
-    if (in->size() < len)
-      return false;
-    // tags must be in ascending order.
-    if (i > 0 && prev_tag >= tag)
-      return false;
-    (*out)[tag] = base::StringPiece(in->data(), len);
-    in->remove_prefix(len);
-    prev_tag = tag;
-  }
-
-  return true;
-}
-
-// GetTag extracts the data associated with |tag| in |tags|.
-static bool GetTag(uint32 tag, const TagMap& tags, base::StringPiece* out) {
-  TagMap::const_iterator i = tags.find(tag);
-  if (i == tags.end())
-    return false;
-
-  *out = i->second;
-  return true;
-}
-
-// kP256SubjectPublicKeyInfoPrefix can be prepended onto a P256 elliptic curve
-// point in X9.62 format in order to make a valid SubjectPublicKeyInfo. The
-// ASN.1 interpretation of these bytes is:
-//
-//     0:d=0  hl=2 l=  89 cons: SEQUENCE
-//     2:d=1  hl=2 l=  19 cons: SEQUENCE
-//     4:d=2  hl=2 l=   7 prim: OBJECT            :id-ecPublicKey
-//    13:d=2  hl=2 l=   8 prim: OBJECT            :prime256v1
-//    23:d=1  hl=2 l=  66 prim: BIT STRING
-static const uint8 kP256SubjectPublicKeyInfoPrefix[] = {
-  0x30, 0x59, 0x30, 0x13, 0x06, 0x07, 0x2a, 0x86,
-  0x48, 0xce, 0x3d, 0x02, 0x01, 0x06, 0x08, 0x2a,
-  0x86, 0x48, 0xce, 0x3d, 0x03, 0x01, 0x07, 0x03,
-  0x42, 0x00,
-};
-
-// VerifySignature returns true iff |sig| is a valid signature of
-// |hash| by |pubkey|. The actual implementation is crypto library
-// specific.
-static bool VerifySignature(const base::StringPiece& pubkey,
-                            const base::StringPiece& sig,
-                            const base::StringPiece& hash);
-
-#if defined(USE_OPENSSL)
-
-static EVP_PKEY* DecodeX962P256PublicKey(
-    const base::StringPiece& pubkey_bytes) {
-  // The public key is an X9.62 encoded P256 point.
-  if (pubkey_bytes.size() != 1 + 2*32)
-    return NULL;
-
-  std::string pubkey_spki(
-      reinterpret_cast<const char*>(kP256SubjectPublicKeyInfoPrefix),
-      sizeof(kP256SubjectPublicKeyInfoPrefix));
-  pubkey_spki += pubkey_bytes.as_string();
-
-  EVP_PKEY* ret = NULL;
-  const unsigned char* der_pubkey =
-      reinterpret_cast<const unsigned char*>(pubkey_spki.data());
-  d2i_PUBKEY(&ret, &der_pubkey, pubkey_spki.size());
-  return ret;
-}
-
-static bool VerifySignature(const base::StringPiece& pubkey,
-                            const base::StringPiece& sig,
-                            const base::StringPiece& hash) {
-  crypto::ScopedOpenSSL<EVP_PKEY, EVP_PKEY_free> secpubkey(
-      DecodeX962P256PublicKey(pubkey));
-  if (!secpubkey.get())
-    return false;
-
-
-  crypto::ScopedOpenSSL<EC_KEY, EC_KEY_free> ec_key(
-      EVP_PKEY_get1_EC_KEY(secpubkey.get()));
-  if (!ec_key.get())
-    return false;
-
-  return ECDSA_verify(0, reinterpret_cast<const unsigned char*>(hash.data()),
-                      hash.size(),
-                      reinterpret_cast<const unsigned char*>(sig.data()),
-                      sig.size(), ec_key.get()) == 1;
-}
-
-#else
-
-// DecodeX962P256PublicKey parses an uncompressed, X9.62 format, P256 elliptic
-// curve point from |pubkey_bytes| and returns it as a SECKEYPublicKey.
-static SECKEYPublicKey* DecodeX962P256PublicKey(
-    const base::StringPiece& pubkey_bytes) {
-  // The public key is an X9.62 encoded P256 point.
-  if (pubkey_bytes.size() != 1 + 2*32)
-    return NULL;
-
-  std::string pubkey_spki(
-      reinterpret_cast<const char*>(kP256SubjectPublicKeyInfoPrefix),
-      sizeof(kP256SubjectPublicKeyInfoPrefix));
-  pubkey_spki += pubkey_bytes.as_string();
-
-  SECItem der;
-  memset(&der, 0, sizeof(der));
-  der.data = reinterpret_cast<uint8*>(const_cast<char*>(pubkey_spki.data()));
-  der.len = pubkey_spki.size();
-
-  CERTSubjectPublicKeyInfo* spki = SECKEY_DecodeDERSubjectPublicKeyInfo(&der);
-  if (!spki)
-    return NULL;
-  SECKEYPublicKey* public_key = SECKEY_ExtractPublicKey(spki);
-  SECKEY_DestroySubjectPublicKeyInfo(spki);
-
-  return public_key;
-}
-
-static bool VerifySignature(const base::StringPiece& pubkey,
-                            const base::StringPiece& sig,
-                            const base::StringPiece& hash) {
-  SECKEYPublicKey* secpubkey = DecodeX962P256PublicKey(pubkey);
-  if (!secpubkey)
-    return false;
-
-  SECItem sigitem;
-  memset(&sigitem, 0, sizeof(sigitem));
-  sigitem.data = reinterpret_cast<uint8*>(const_cast<char*>(sig.data()));
-  sigitem.len = sig.size();
-
-  // |decoded_sigitem| is newly allocated, as is the data that it points to.
-  SECItem* decoded_sigitem = DSAU_DecodeDerSigToLen(
-      &sigitem, SECKEY_SignatureLen(secpubkey));
-
-  if (!decoded_sigitem) {
-    SECKEY_DestroyPublicKey(secpubkey);
-    return false;
-  }
-
-  SECItem hashitem;
-  memset(&hashitem, 0, sizeof(hashitem));
-  hashitem.data = reinterpret_cast<unsigned char*>(
-      const_cast<char*>(hash.data()));
-  hashitem.len = hash.size();
-
-  SECStatus rv = PK11_Verify(secpubkey, decoded_sigitem, &hashitem, NULL);
-  SECKEY_DestroyPublicKey(secpubkey);
-  SECITEM_FreeItem(decoded_sigitem, PR_TRUE);
-  return rv == SECSuccess;
-}
-
-#endif  // !defined(USE_OPENSSL)
-
-// These are the tag values that we use. Tags are little-endian on the wire and
-// these values correspond to the ASCII of the name.
-static const uint32 kTagALGO = 0x4f474c41;
-static const uint32 kTagP256 = 0x36353250;
-static const uint32 kTagPUBK = 0x4b425550;
-static const uint32 kTagSIG = 0x474953;
-static const uint32 kTagSPIN = 0x4e495053;
-
-// static
-bool TransportSecurityState::ParseSidePin(
-    const base::StringPiece& leaf_spki,
-    const base::StringPiece& in_side_info,
-    FingerprintVector* out_pub_key_hash) {
-  base::StringPiece side_info(in_side_info);
-
-  TagMap outer;
-  if (!ParseTags(&side_info, &outer))
-    return false;
-  // trailing data is not allowed
-  if (side_info.size())
-    return false;
-
-  base::StringPiece side_pin_bytes;
-  if (!GetTag(kTagSPIN, outer, &side_pin_bytes))
-    return false;
-
-  bool have_parsed_a_key = false;
-  uint8 leaf_spki_hash[crypto::kSHA256Length];
-  bool have_leaf_spki_hash = false;
-
-  while (side_pin_bytes.size() > 0) {
-    TagMap side_pin;
-    if (!ParseTags(&side_pin_bytes, &side_pin))
-      return false;
-
-    base::StringPiece algo, pubkey, sig;
-    if (!GetTag(kTagALGO, side_pin, &algo) ||
-        !GetTag(kTagPUBK, side_pin, &pubkey) ||
-        !GetTag(kTagSIG, side_pin, &sig)) {
-      return false;
-    }
-
-    if (algo.size() != sizeof(kTagP256) ||
-        0 != memcmp(algo.data(), &kTagP256, sizeof(kTagP256))) {
-      // We don't support anything but P256 at the moment.
-      continue;
-    }
-
-    if (!have_leaf_spki_hash) {
-      crypto::SHA256HashString(
-          leaf_spki.as_string(), leaf_spki_hash, sizeof(leaf_spki_hash));
-      have_leaf_spki_hash = true;
-    }
-
-    if (VerifySignature(pubkey, sig, base::StringPiece(
-        reinterpret_cast<const char*>(leaf_spki_hash),
-        sizeof(leaf_spki_hash)))) {
-      SHA1Fingerprint fpr;
-      base::SHA1HashBytes(
-          reinterpret_cast<const uint8*>(pubkey.data()),
-          pubkey.size(),
-          fpr.data);
-      out_pub_key_hash->push_back(fpr);
-      have_parsed_a_key = true;
-    }
-  }
-
-  return have_parsed_a_key;
-}
-
-// This function converts the binary hashes, which we store in
-// |enabled_hosts_|, to a base64 string which we can include in a JSON file.
-static std::string HashedDomainToExternalString(const std::string& hashed) {
-  std::string out;
-  CHECK(base::Base64Encode(hashed, &out));
-  return out;
-}
-
-// This inverts |HashedDomainToExternalString|, above. It turns an external
-// string (from a JSON file) into an internal (binary) string.
-static std::string ExternalStringToHashedDomain(const std::string& external) {
-  std::string out;
-  if (!base::Base64Decode(external, &out) ||
-      out.size() != crypto::kSHA256Length) {
-    return std::string();
-  }
-
-  return out;
-}
-
-static ListValue* SPKIHashesToListValue(const FingerprintVector& hashes) {
-  ListValue* pins = new ListValue;
-
-  for (FingerprintVector::const_iterator i = hashes.begin();
-       i != hashes.end(); ++i) {
-    std::string hash_str(reinterpret_cast<const char*>(i->data),
-                         sizeof(i->data));
-    std::string b64;
-    base::Base64Encode(hash_str, &b64);
-    pins->Append(new StringValue("sha1/" + b64));
-  }
-
-  return pins;
-}
-
-bool TransportSecurityState::Serialise(std::string* output) {
-  DCHECK(CalledOnValidThread());
-
-  DictionaryValue toplevel;
-  base::Time now = base::Time::Now();
-  for (std::map<std::string, DomainState>::const_iterator
-       i = enabled_hosts_.begin(); i != enabled_hosts_.end(); ++i) {
-    DictionaryValue* state = new DictionaryValue;
-    state->SetBoolean("include_subdomains", i->second.include_subdomains);
-    state->SetDouble("created", i->second.created.ToDoubleT());
-    state->SetDouble("expiry", i->second.expiry.ToDoubleT());
-    state->SetDouble("dynamic_spki_hashes_expiry",
-                     i->second.dynamic_spki_hashes_expiry.ToDoubleT());
-
-    switch (i->second.mode) {
-      case DomainState::MODE_STRICT:
-        state->SetString("mode", "strict");
-        break;
-      case DomainState::MODE_SPDY_ONLY:
-        state->SetString("mode", "spdy-only");
-        break;
-      case DomainState::MODE_PINNING_ONLY:
-        state->SetString("mode", "pinning-only");
-        break;
-      default:
-        NOTREACHED() << "DomainState with unknown mode";
-        delete state;
-        continue;
-    }
-
-    state->Set("preloaded_spki_hashes",
-               SPKIHashesToListValue(i->second.preloaded_spki_hashes));
-
-    if (now < i->second.dynamic_spki_hashes_expiry) {
-      state->Set("dynamic_spki_hashes",
-                 SPKIHashesToListValue(i->second.dynamic_spki_hashes));
-    }
-
-    toplevel.Set(HashedDomainToExternalString(i->first), state);
-  }
-
-  base::JSONWriter::WriteWithOptions(&toplevel,
-                                     base::JSONWriter::OPTIONS_PRETTY_PRINT,
-                                     output);
-  return true;
-}
-
-bool TransportSecurityState::LoadEntries(const std::string& input,
-                                         bool* dirty) {
-  DCHECK(CalledOnValidThread());
-
-  enabled_hosts_.clear();
-  return Deserialise(input, dirty, &enabled_hosts_);
-}
-
 static bool AddHash(const std::string& type_and_base64,
                     FingerprintVector* out) {
   SHA1Fingerprint hash;
 
   if (!TransportSecurityState::ParsePin(type_and_base64, &hash))
     return false;
 
   out->push_back(hash);
   return true;
 }
 
-static void SPKIHashesFromListValue(FingerprintVector* hashes,
-                                    const ListValue& pins) {
-  size_t num_pins = pins.GetSize();
-  for (size_t i = 0; i < num_pins; ++i) {
-    std::string type_and_base64;
-    if (pins.GetString(i, &type_and_base64))
-      AddHash(type_and_base64, hashes);
-  }
-}
-
-// static
-bool TransportSecurityState::Deserialise(
-    const std::string& input,
-    bool* dirty,
-    std::map<std::string, DomainState>* out) {
-  scoped_ptr<Value> value(
-      base::JSONReader::Read(input, false /* do not allow trailing commas */));
-  if (!value.get() || !value->IsType(Value::TYPE_DICTIONARY))
-    return false;
-
-  DictionaryValue* dict_value = reinterpret_cast<DictionaryValue*>(value.get());
-  const base::Time current_time(base::Time::Now());
-  bool dirtied = false;
-
-  for (DictionaryValue::key_iterator i = dict_value->begin_keys();
-       i != dict_value->end_keys(); ++i) {
-    DictionaryValue* state;
-    if (!dict_value->GetDictionaryWithoutPathExpansion(*i, &state))
-      continue;
-
-    bool include_subdomains;
-    std::string mode_string;
-    double created;
-    double expiry;
-    double dynamic_spki_hashes_expiry = 0.0;
-
-    if (!state->GetBoolean("include_subdomains", &include_subdomains) ||
-        !state->GetString("mode", &mode_string) ||
-        !state->GetDouble("expiry", &expiry)) {
-      continue;
-    }
-
-    // Don't fail if this key is not present.
-    (void) state->GetDouble("dynamic_spki_hashes_expiry",
-                            &dynamic_spki_hashes_expiry);
-
-    ListValue* pins_list = NULL;
-    FingerprintVector preloaded_spki_hashes;
-    if (state->GetList("preloaded_spki_hashes", &pins_list))
-      SPKIHashesFromListValue(&preloaded_spki_hashes, *pins_list);
-
-    FingerprintVector dynamic_spki_hashes;
-    if (state->GetList("dynamic_spki_hashes", &pins_list))
-      SPKIHashesFromListValue(&dynamic_spki_hashes, *pins_list);
-
-    DomainState::Mode mode;
-    if (mode_string == "strict") {
-      mode = DomainState::MODE_STRICT;
-    } else if (mode_string == "spdy-only") {
-      mode = DomainState::MODE_SPDY_ONLY;
-    } else if (mode_string == "pinning-only") {
-      mode = DomainState::MODE_PINNING_ONLY;
-    } else {
-      LOG(WARNING) << "Unknown TransportSecurityState mode string found: "
-                   << mode_string;
-      continue;
-    }
-
-    base::Time expiry_time = base::Time::FromDoubleT(expiry);
-    base::Time dynamic_spki_hashes_expiry_time =
-        base::Time::FromDoubleT(dynamic_spki_hashes_expiry);
-    base::Time created_time;
-    if (state->GetDouble("created", &created)) {
-      created_time = base::Time::FromDoubleT(created);
-    } else {
-      // We're migrating an old entry with no creation date. Make sure we
-      // write the new date back in a reasonable time frame.
-      dirtied = true;
-      created_time = base::Time::Now();
-    }
-
-    if (expiry_time <= current_time &&
-        dynamic_spki_hashes_expiry_time <= current_time) {
-      // Make sure we dirty the state if we drop an entry.
-      dirtied = true;
-      continue;
-    }
-
-    std::string hashed = ExternalStringToHashedDomain(*i);
-    if (hashed.empty()) {
-      dirtied = true;
-      continue;
-    }
-
-    DomainState new_state;
-    new_state.mode = mode;
-    new_state.created = created_time;
-    new_state.expiry = expiry_time;
-    new_state.include_subdomains = include_subdomains;
-    new_state.preloaded_spki_hashes = preloaded_spki_hashes;
-    new_state.dynamic_spki_hashes = dynamic_spki_hashes;
-    new_state.dynamic_spki_hashes_expiry = dynamic_spki_hashes_expiry_time;
-    (*out)[hashed] = new_state;
-  }
-
-  *dirty = dirtied;
-  return true;
-}
-
 TransportSecurityState::~TransportSecurityState() {
 }
 
 void TransportSecurityState::DirtyNotify() {
   DCHECK(CalledOnValidThread());
 
   if (delegate_)
     delegate_->StateIsDirty(this);
 }
 
@@ skipping 93 matching lines @@
   for (size_t j = 0; j < num_entries; j++) {
     if (entries[j].length == canonicalized_host.size() - i &&
         memcmp(entries[j].dns_name, &canonicalized_host[i],
                entries[j].length) == 0) {
       if (!entries[j].include_subdomains && i != 0) {
         *ret = false;
       } else {
         out->include_subdomains = entries[j].include_subdomains;
         *ret = true;
         if (!entries[j].https_required)
-          out->mode = TransportSecurityState::DomainState::MODE_PINNING_ONLY;
+          out->upgrade_mode = TransportSecurityState::DomainState::MODE_DEFAULT;
         if (entries[j].pins.required_hashes) {
           const char* const* hash = entries[j].pins.required_hashes;
           while (*hash) {
-            bool ok = AddHash(*hash, &out->preloaded_spki_hashes);
+            bool ok = AddHash(*hash, &out->static_spki_hashes);
             DCHECK(ok) << " failed to parse " << *hash;
             hash++;
           }
         }
         if (entries[j].pins.excluded_hashes) {
           const char* const* hash = entries[j].pins.excluded_hashes;
           while (*hash) {
-            bool ok = AddHash(*hash, &out->bad_preloaded_spki_hashes);
+            bool ok = AddHash(*hash, &out->bad_static_spki_hashes);
             DCHECK(ok) << " failed to parse " << *hash;
             hash++;
           }
         }
       }
       return true;
     }
   }
   return false;
 }
@@ skipping 103 matching lines @@
   kSPKIHash_UTNUSERFirstHardware,
   kSPKIHash_UTNUSERFirstObject,
   kSPKIHash_GTECyberTrustGlobalRoot,
   NULL,
 };
 #define kTwitterCDNPins { \
   kTwitterCDNAcceptableCerts, \
   kNoRejectedPublicKeys, \
 }
 
+// These are the tag values that we use. Tags are little-endian on the wire and
+// these values correspond to the ASCII of the name.
+static const uint32 kTagALGO = 0x4f474c41;
+static const uint32 kTagP256 = 0x36353250;
+static const uint32 kTagPUBK = 0x4b425550;
+static const uint32 kTagSIG = 0x474953;
+static const uint32 kTagSPIN = 0x4e495053;

[Ryan Sleevi, 2012/03/28 00:50:32]

This was related to side pinning - delete?

[palmer, 2012/04/10 23:25:51]

Done.

+
 // kTestAcceptableCerts doesn't actually match any public keys and is used
 // with "pinningtest.appspot.com", below, to test if pinning is active.
 static const char* const kTestAcceptableCerts[] = {
   "sha1/AAAAAAAAAAAAAAAAAAAAAAAAAAA=",
   NULL,
 };
 #define kTestPins { \
   kTestAcceptableCerts, \
   kNoRejectedPublicKeys, \
 }
@@ skipping 241 matching lines @@
         return entry;
       }
     }
   }
 
   return NULL;
 }
 
 // static
 bool TransportSecurityState::IsGooglePinnedProperty(const std::string& host,
-                                                    bool sni_available) {
+                                                    bool sni_enabled) {
   std::string canonicalized_host = CanonicalizeHost(host);
   const struct HSTSPreload* entry =
       GetHSTSPreload(canonicalized_host, kPreloadedSTS, kNumPreloadedSTS);
 
   if (entry && entry->pins.required_hashes == kGoogleAcceptableCerts)
     return true;
 
-  if (sni_available) {
+  if (sni_enabled) {
     entry = GetHSTSPreload(canonicalized_host, kPreloadedSNISTS,
                            kNumPreloadedSNISTS);
     if (entry && entry->pins.required_hashes == kGoogleAcceptableCerts)
       return true;
   }
 
   return false;
 }
 
 // static
 void TransportSecurityState::ReportUMAOnPinFailure(const std::string& host) {
   std::string canonicalized_host = CanonicalizeHost(host);
 
   const struct HSTSPreload* entry =
       GetHSTSPreload(canonicalized_host, kPreloadedSTS, kNumPreloadedSTS);
 
   if (!entry) {
     entry = GetHSTSPreload(canonicalized_host, kPreloadedSNISTS,
                            kNumPreloadedSNISTS);
   }
 
   DCHECK(entry);
   DCHECK(entry->pins.required_hashes);
   DCHECK(entry->second_level_domain_name != DOMAIN_NOT_PINNED);
 
   UMA_HISTOGRAM_ENUMERATION("Net.PublicKeyPinFailureDomain",
                             entry->second_level_domain_name, DOMAIN_NUM_EVENTS);
 }
 
-// IsPreloadedSTS returns true if the canonicalized hostname should always be
-// considered to have STS enabled.
-bool TransportSecurityState::IsPreloadedSTS(
+bool TransportSecurityState::GetStaticDomainState(
     const std::string& canonicalized_host,
-    bool sni_available,
+    bool sni_enabled,
     DomainState* out) {
   DCHECK(CalledOnValidThread());
 
-  out->preloaded = true;
-  out->mode = DomainState::MODE_STRICT;
+  out->upgrade_mode = DomainState::MODE_FORCE_HTTPS;
   out->include_subdomains = false;
 
   for (size_t i = 0; canonicalized_host[i]; i += canonicalized_host[i] + 1) {
     std::string host_sub_chunk(&canonicalized_host[i],
                                canonicalized_host.size() - i);
     out->domain = DNSDomainToString(host_sub_chunk);
     std::string hashed_host(HashHost(host_sub_chunk));
     if (forced_hosts_.find(hashed_host) != forced_hosts_.end()) {
       *out = forced_hosts_[hashed_host];
       out->domain = DNSDomainToString(host_sub_chunk);
-      out->preloaded = true;
       return true;
     }
     bool ret;
     if (HasPreload(kPreloadedSTS, kNumPreloadedSTS, canonicalized_host, i, out,
                    &ret)) {
       return ret;
     }
-    if (sni_available &&
+    if (sni_enabled &&
         HasPreload(kPreloadedSNISTS, kNumPreloadedSNISTS, canonicalized_host, i,
                    out, &ret)) {
       return ret;
     }
   }
 
   return false;
 }
 
 static std::string HashesToBase64String(
     const FingerprintVector& hashes) {
   std::vector<std::string> hashes_strs;
   for (FingerprintVector::const_iterator
        i = hashes.begin(); i != hashes.end(); i++) {
     std::string s;
     const std::string hash_str(reinterpret_cast<const char*>(i->data),
                                sizeof(i->data));
     base::Base64Encode(hash_str, &s);
     hashes_strs.push_back(s);
   }
 
   return JoinString(hashes_strs, ',');
 }
 
 TransportSecurityState::DomainState::DomainState()
-    : mode(MODE_STRICT),
+    : upgrade_mode(MODE_FORCE_HTTPS),
       created(base::Time::Now()),
-      include_subdomains(false),
-      preloaded(false) {
+      include_subdomains(false) {
 }
 
 TransportSecurityState::DomainState::~DomainState() {
 }
 
 bool TransportSecurityState::DomainState::IsChainOfPublicKeysPermitted(
-    const FingerprintVector& hashes) {
-
-  if (HashesIntersect(bad_preloaded_spki_hashes, hashes)) {
+    const FingerprintVector& hashes) const {
+  if (HashesIntersect(bad_static_spki_hashes, hashes)) {
     LOG(ERROR) << "Rejecting public key chain for domain " << domain
                << ". Validated chain: " << HashesToBase64String(hashes)
                << ", matches one or more bad hashes: "
-               << HashesToBase64String(bad_preloaded_spki_hashes);
+               << HashesToBase64String(bad_static_spki_hashes);
     return false;
   }
 
-  if (!(dynamic_spki_hashes.empty() && preloaded_spki_hashes.empty()) &&
+  if (!(dynamic_spki_hashes.empty() && static_spki_hashes.empty()) &&
       !HashesIntersect(dynamic_spki_hashes, hashes) &&
-      !HashesIntersect(preloaded_spki_hashes, hashes)) {
+      !HashesIntersect(static_spki_hashes, hashes)) {
     LOG(ERROR) << "Rejecting public key chain for domain " << domain
                << ". Validated chain: " << HashesToBase64String(hashes)
                << ", expected: " << HashesToBase64String(dynamic_spki_hashes)
-               << " or: " << HashesToBase64String(preloaded_spki_hashes);
+               << " or: " << HashesToBase64String(static_spki_hashes);
 
     return false;
   }
 
   return true;
 }
 
-bool TransportSecurityState::DomainState::IsMoreStrict(
-    const TransportSecurityState::DomainState& other) {
-  if (this->dynamic_spki_hashes.empty() && !other.dynamic_spki_hashes.empty())
-    return false;
-
-  if (!this->include_subdomains && other.include_subdomains)
-    return false;
-
-  return true;
-}
-
 bool TransportSecurityState::DomainState::ShouldRedirectHTTPToHTTPS()
     const {
-  return mode == MODE_STRICT;
+  return upgrade_mode == MODE_FORCE_HTTPS;
 }
 
 }  // namespace