Refactor TransportSecurityState.

chrome/browser/transport_security_persister.cc

 // Copyright (c) 2011 The Chromium Authors. All rights reserved.
 // Use of this source code is governed by a BSD-style license that can be
 // found in the LICENSE file.
 
 #include "chrome/browser/transport_security_persister.h"
 
+#include "base/base64.h"
 #include "base/bind.h"
 #include "base/file_path.h"
 #include "base/file_util.h"
+#include "base/json/json_reader.h"
+#include "base/json/json_writer.h"
 #include "base/message_loop.h"
 #include "base/path_service.h"
+#include "base/values.h"
 #include "chrome/common/chrome_paths.h"
 #include "content/public/browser/browser_thread.h"
+#include "crypto/sha2.h"
 #include "net/base/transport_security_state.h"
+#include "net/base/x509_certificate.h"
 
 using content::BrowserThread;
+using net::Fingerprint;
+using net::FingerprintVector;
+using net::TransportSecurityState;
+
+namespace {
+
+ListValue* SPKIHashesToListValue(const FingerprintVector& hashes) {
+  ListValue* pins = new ListValue;
+
+  for (FingerprintVector::const_iterator i = hashes.begin();
+       i != hashes.end(); ++i) {
+    std::string hash_str(reinterpret_cast<const char*>(i->data),
+                         sizeof(i->data));
+    std::string b64;
+    base::Base64Encode(hash_str, &b64);
+    pins->Append(new StringValue("sha1/" + b64));
+  }
+
+  return pins;
+}
+
+void SPKIHashesFromListValue(const ListValue& pins, FingerprintVector* hashes) {
+  size_t num_pins = pins.GetSize();
+  for (size_t i = 0; i < num_pins; ++i) {
+    std::string type_and_base64;
+    Fingerprint fingerprint;
+    if (pins.GetString(i, &type_and_base64) &&
+        TransportSecurityState::ParsePin(type_and_base64, &fingerprint)) {
+      hashes->push_back(fingerprint);
+    }
+  }
+}
+
+// This function converts the binary hashes to a base64 string which we can
+// include in a JSON file.
+std::string HashedDomainToExternalString(const std::string& hashed) {
+  std::string out;
+  base::Base64Encode(hashed, &out);
+  return out;
+}
+
+// This inverts |HashedDomainToExternalString|, above. It turns an external
+// string (from a JSON file) into an internal (binary) string.
+std::string ExternalStringToHashedDomain(const std::string& external) {
+  std::string out;
+  if (!base::Base64Decode(external, &out) ||
+      out.size() != crypto::kSHA256Length) {
+    return std::string();
+  }
+
+  return out;
+}
+
+const char kIncludeSubdomains[] = "include_subdomains";
+const char kMode[] = "mode";
+const char kExpiry[] = "expiry";
+const char kDynamicSPKIHashesExpiry[] = "dynamic_spki_hashes_expiry";
+const char kStaticSPKIHashes[] = "static_spki_hashes";
+const char kPreloadedSPKIHashes[] = "preloaded_spki_hashes";
+const char kDynamicSPKIHashes[] = "dynamic_spki_hashes";
+const char kForceHTTPS[] = "force-https";
+const char kStrict[] = "strict";
+const char kDefault[] = "default";
+const char kPinningOnly[] = "pinning-only";
+const char kCreated[] = "created";
+
+}  // anonymous namespce
 
 class TransportSecurityPersister::Loader {
  public:
   Loader(const base::WeakPtr<TransportSecurityPersister>& persister,
          const FilePath& path)
       : persister_(persister),
         path_(path),
         state_valid_(false) {
   }
 
@@ skipping 18 matching lines @@
 
   FilePath path_;
 
   std::string state_;
   bool state_valid_;
 
   DISALLOW_COPY_AND_ASSIGN(Loader);
 };
 
 TransportSecurityPersister::TransportSecurityPersister(
-    net::TransportSecurityState* state,
+    TransportSecurityState* state,
     const FilePath& profile_path,
     bool readonly)
     : transport_security_state_(state),
       writer_(profile_path.AppendASCII("TransportSecurity"),
               BrowserThread::GetMessageLoopProxyForThread(BrowserThread::FILE)),
       readonly_(readonly),
       weak_ptr_factory_(ALLOW_THIS_IN_INITIALIZER_LIST(this)) {
   DCHECK(BrowserThread::CurrentlyOn(BrowserThread::IO));
 
   transport_security_state_->SetDelegate(this);
 
   Loader* loader = new Loader(weak_ptr_factory_.GetWeakPtr(), writer_.path());
   BrowserThread::PostTaskAndReply(
       BrowserThread::FILE, FROM_HERE,
       base::Bind(&Loader::Load, base::Unretained(loader)),
       base::Bind(&Loader::CompleteLoad, base::Unretained(loader)));
 }
 
 TransportSecurityPersister::~TransportSecurityPersister() {
   DCHECK(BrowserThread::CurrentlyOn(BrowserThread::IO));
 
   if (writer_.HasPendingWrite())
     writer_.DoScheduledWrite();
 
   transport_security_state_->SetDelegate(NULL);
 }
 
-void TransportSecurityPersister::CompleteLoad(const std::string& state) {
-  DCHECK(BrowserThread::CurrentlyOn(BrowserThread::IO));
-
-  bool dirty = false;
-  if (!transport_security_state_->LoadEntries(state, &dirty)) {
-    LOG(ERROR) << "Failed to deserialize state: " << state;
-    return;
-  }
-  if (dirty)
-    StateIsDirty(transport_security_state_);
-}
-
 void TransportSecurityPersister::StateIsDirty(
-    net::TransportSecurityState* state) {
+    TransportSecurityState* state) {
   DCHECK(BrowserThread::CurrentlyOn(BrowserThread::IO));
   DCHECK_EQ(transport_security_state_, state);
 
   if (!readonly_)
     writer_.ScheduleWrite(this);
 }
 
-bool TransportSecurityPersister::SerializeData(std::string* data) {
+bool TransportSecurityPersister::SerializeData(std::string* output) {
   DCHECK(BrowserThread::CurrentlyOn(BrowserThread::IO));
-  return transport_security_state_->Serialise(data);
+
+  DictionaryValue toplevel;
+  base::Time now = base::Time::Now();
+  TransportSecurityState::Iterator state(*transport_security_state_);
+  for (; state.HasNext(); state.Advance()) {
+    const std::string& hostname = state.hostname();
+    const TransportSecurityState::DomainState& domain_state =
+        state.domain_state();
+
+    DictionaryValue* serialized = new DictionaryValue;
+    serialized->SetBoolean(kIncludeSubdomains,
+                           domain_state.include_subdomains);
+    serialized->SetDouble(kCreated, domain_state.created.ToDoubleT());
+    serialized->SetDouble(kExpiry, domain_state.upgrade_expiry.ToDoubleT());
+    serialized->SetDouble(kDynamicSPKIHashesExpiry,
+                          domain_state.dynamic_spki_hashes_expiry.ToDoubleT());
+
+    switch (domain_state.upgrade_mode) {
+      case TransportSecurityState::DomainState::MODE_FORCE_HTTPS:
+        serialized->SetString(kMode, kForceHTTPS);
+        break;
+      case TransportSecurityState::DomainState::MODE_DEFAULT:
+        serialized->SetString(kMode, kDefault);
+        break;
+      default:
+        NOTREACHED() << "DomainState with unknown mode";
+        delete serialized;
+        continue;
+    }
+
+    serialized->Set(kStaticSPKIHashes,
+                    SPKIHashesToListValue(domain_state.static_spki_hashes));
+
+    if (now < domain_state.dynamic_spki_hashes_expiry) {
+      serialized->Set(kDynamicSPKIHashes,
+                      SPKIHashesToListValue(domain_state.dynamic_spki_hashes));
+    }
+
+    toplevel.Set(HashedDomainToExternalString(hostname), serialized);
+  }
+
+  base::JSONWriter::WriteWithOptions(&toplevel,
+                                     base::JSONWriter::OPTIONS_PRETTY_PRINT,
+                                     output);
+  return true;
 }
+
+bool TransportSecurityPersister::DeserializeFromCommandLine(
+    const std::string& serialized) {
+  // Purposefully ignore |dirty| because we do not want to persist entries
+  // deserialized in this way.
+  bool dirty;
+  return Deserialize(serialized, true, &dirty, transport_security_state_);
+}
+
+bool TransportSecurityPersister::LoadEntries(const std::string& serialized,
+                                             bool* dirty) {
+  DCHECK(BrowserThread::CurrentlyOn(BrowserThread::IO));
+
+  transport_security_state_->Clear();
+  return Deserialize(serialized, false, dirty, transport_security_state_);
+}
+
+// static
+bool TransportSecurityPersister::Deserialize(const std::string& serialized,
+                                             bool forced,
+                                             bool* dirty,
+                                             TransportSecurityState* state) {
+  scoped_ptr<Value> value(base::JSONReader::Read(serialized));
+  DictionaryValue* dict_value;
+  if (!value.get() || !value->GetAsDictionary(&dict_value))
+    return false;
+
+  const base::Time current_time(base::Time::Now());
+  bool dirtied = false;
+
+  for (DictionaryValue::key_iterator i = dict_value->begin_keys();
+       i != dict_value->end_keys(); ++i) {
+    DictionaryValue* parsed;
+    if (!dict_value->GetDictionaryWithoutPathExpansion(*i, &parsed)) {
+      LOG(WARNING) << "Could not parse entry " << *i << "; skipping entry";
+      continue;
+    }
+
+    bool include_subdomains;
+    std::string mode_string;
+    double created;
+    double expiry;
+    double dynamic_spki_hashes_expiry = 0.0;
+
+    if (!parsed->GetBoolean(kIncludeSubdomains, &include_subdomains) ||
+        !parsed->GetString(kMode, &mode_string) ||
+        !parsed->GetDouble(kExpiry, &expiry)) {
+      LOG(WARNING) << "Could not parse some elements of entry " << *i
+                   << "; skipping entry";
+      continue;
+    }
+
+    // Don't fail if this key is not present.
+    parsed->GetDouble(kDynamicSPKIHashesExpiry,
+                      &dynamic_spki_hashes_expiry);
+
+    ListValue* pins_list = NULL;
+    FingerprintVector static_spki_hashes;
+    // preloaded_spki_hashes is a legacy synonym for static_spki_hashes.
+    if (parsed->GetList(kStaticSPKIHashes, &pins_list))
+      SPKIHashesFromListValue(*pins_list, &static_spki_hashes);
+    else if (parsed->GetList(kPreloadedSPKIHashes, &pins_list))
+      SPKIHashesFromListValue(*pins_list, &static_spki_hashes);
+
+    FingerprintVector dynamic_spki_hashes;
+    if (parsed->GetList(kDynamicSPKIHashes, &pins_list))
+      SPKIHashesFromListValue(*pins_list, &dynamic_spki_hashes);
+
+    TransportSecurityState::DomainState::UpgradeMode mode;
+    if (mode_string == kForceHTTPS || mode_string == kStrict) {
+      mode = TransportSecurityState::DomainState::MODE_FORCE_HTTPS;
+    } else if (mode_string == kDefault || mode_string == kPinningOnly) {
+      mode = TransportSecurityState::DomainState::MODE_DEFAULT;
+    } else {
+      LOG(WARNING) << "Unknown TransportSecurityState mode string "
+                   << mode_string << " found for entry " << *i
+                   << "; skipping entry";
+      continue;
+    }
+
+    base::Time expiry_time = base::Time::FromDoubleT(expiry);
+    base::Time dynamic_spki_hashes_expiry_time =
+        base::Time::FromDoubleT(dynamic_spki_hashes_expiry);
+    base::Time created_time;
+    if (parsed->GetDouble(kCreated, &created)) {
+      created_time = base::Time::FromDoubleT(created);
+    } else {
+      // We're migrating an old entry with no creation date. Make sure we
+      // write the new date back in a reasonable time frame.
+      dirtied = true;
+      created_time = base::Time::Now();
+    }
+
+    if (expiry_time <= current_time &&
+        dynamic_spki_hashes_expiry_time <= current_time) {
+      // Make sure we dirty the state if we drop an entry.
+      dirtied = true;
+      continue;
+    }
+
+    std::string hashed = ExternalStringToHashedDomain(*i);
+    if (hashed.empty()) {
+      dirtied = true;
+      continue;
+    }
+
+    TransportSecurityState::DomainState domain_state;
+    domain_state.upgrade_mode = mode;
+    domain_state.created = created_time;
+    domain_state.upgrade_expiry = expiry_time;
+    domain_state.include_subdomains = include_subdomains;
+    domain_state.static_spki_hashes = static_spki_hashes;
+    domain_state.dynamic_spki_hashes = dynamic_spki_hashes;
+    domain_state.dynamic_spki_hashes_expiry = dynamic_spki_hashes_expiry_time;
+
+    if (forced)
+      state->AddOrUpdateForcedHosts(hashed, domain_state);
+    else
+      state->AddOrUpdateEnabledHosts(hashed, domain_state);
+  }
+
+  *dirty = dirtied;
+  return true;
+}
+
+void TransportSecurityPersister::CompleteLoad(const std::string& state) {
+  DCHECK(BrowserThread::CurrentlyOn(BrowserThread::IO));
+
+  bool dirty = false;
+  if (!LoadEntries(state, &dirty)) {
+    LOG(ERROR) << "Failed to deserialize state: " << state;
+    return;
+  }
+  if (dirty)
+    StateIsDirty(transport_security_state_);
+}