Chromium Code Reviews Chromium Code Reviews
Issue 103803012:
Make HSTS headers not clobber preloaded pins. (Closed)
Base URL: svn://svn.chromium.org/chrome/trunk/src| OLD | NEW |
|---|---|
| 1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. | 1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. |
| 2 // Use of this source code is governed by a BSD-style license that can be | 2 // Use of this source code is governed by a BSD-style license that can be |
| 3 // found in the LICENSE file. | 3 // found in the LICENSE file. |
| 4 | 4 |
| 5 #include "chrome/browser/ui/webui/net_internals/net_internals_ui.h" | 5 #include "chrome/browser/ui/webui/net_internals/net_internals_ui.h" |
| 6 | 6 |
| 7 #include <algorithm> | 7 #include <algorithm> |
| 8 #include <list> | 8 #include <list> |
| 9 #include <string> | 9 #include <string> |
| 10 #include <utility> | 10 #include <utility> |
| (...skipping 1191 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... | |
| 1202 base::DictionaryValue* result = new base::DictionaryValue(); | 1202 base::DictionaryValue* result = new base::DictionaryValue(); |
| 1203 | 1203 |
| 1204 if (!IsStringASCII(domain)) { | 1204 if (!IsStringASCII(domain)) { |
| 1205 result->SetString("error", "non-ASCII domain name"); | 1205 result->SetString("error", "non-ASCII domain name"); |
| 1206 } else { | 1206 } else { |
| 1207 net::TransportSecurityState* transport_security_state = | 1207 net::TransportSecurityState* transport_security_state = |
| 1208 GetMainContext()->transport_security_state(); | 1208 GetMainContext()->transport_security_state(); |
| 1209 if (!transport_security_state) { | 1209 if (!transport_security_state) { |
| 1210 result->SetString("error", "no TransportSecurityState active"); | 1210 result->SetString("error", "no TransportSecurityState active"); |
| 1211 } else { | 1211 } else { |
| 1212 net::TransportSecurityState::DomainState state; | 1212 net::TransportSecurityState::DomainState static_state; |
| 1213 const bool found = transport_security_state->GetDomainState( | 1213 const bool found_static = transport_security_state->GetStaticDomainState( |
| 1214 domain, true, &state); | 1214 domain, true, &static_state); |
| 1215 if (found_static) { | |
| 1216 result->SetBoolean("has_static_sts", | |
| 1217 found_static && static_state.ShouldUpgradeToSSL()); | |
| 1218 result->SetInteger("static_upgrade_mode", | |
| 1219 static_cast<int>(static_state.sts.upgrade_mode)); | |
| 1220 result->SetBoolean("static_sts_include_subdomains", | |
| 1221 static_state.sts.include_subdomains); | |
| 1222 result->SetDouble("static_sts_observed", | |
| 1223 static_state.sts.last_observed.ToDoubleT()); | |
| 1224 result->SetDouble("static_sts_expiry", | |
| 1225 static_state.sts.expiry.ToDoubleT()); | |
| 1226 result->SetBoolean("has_static_pkp", | |
| 1227 found_static && static_state.HasPublicKeyPins()); | |
| 1228 result->SetBoolean("static_pkp_include_subdomains", | |
| 1229 static_state.pkp.include_subdomains); | |
| 1230 result->SetDouble("static_pkp_observed", | |
| 1231 static_state.pkp.last_observed.ToDoubleT()); | |
| 1232 result->SetDouble("static_pkp_expiry", | |
| 1233 static_state.pkp.expiry.ToDoubleT()); | |
| 1234 result->SetString("static_spki_hashes", | |
| 1235 HashesToBase64String(static_state.pkp.spki_hashes)); | |
| 1236 } | |
| 1215 | 1237 |
| 1216 result->SetBoolean("result", found); | 1238 net::TransportSecurityState::DomainState dynamic_state; |
| 1217 if (found) { | 1239 const bool found_dynamic = |
| 1218 result->SetInteger("mode", static_cast<int>(state.upgrade_mode)); | 1240 transport_security_state->GetDynamicDomainState(domain, |
| 1219 result->SetBoolean("sts_subdomains", state.sts_include_subdomains); | 1241 &dynamic_state); |
| 1220 result->SetBoolean("pkp_subdomains", state.pkp_include_subdomains); | 1242 if (found_dynamic) { |
| 1221 result->SetDouble("sts_observed", state.sts_observed.ToDoubleT()); | 1243 result->SetInteger("dynamic_upgrade_mode", |
| 1222 result->SetDouble("pkp_observed", state.pkp_observed.ToDoubleT()); | 1244 static_cast<int>(dynamic_state.sts.upgrade_mode)); |
| 1223 result->SetString("domain", state.domain); | 1245 result->SetBoolean("dynamic_sts_include_subdomains", |
| 1224 result->SetDouble("expiry", state.upgrade_expiry.ToDoubleT()); | 1246 dynamic_state.sts.include_subdomains); |
| 1225 result->SetDouble("dynamic_spki_hashes_expiry", | 1247 result->SetBoolean("dynamic_pkp_include_subdomains", |
| 1226 state.dynamic_spki_hashes_expiry.ToDoubleT()); | 1248 dynamic_state.pkp.include_subdomains); |
| 1249 result->SetDouble("dynamic_sts_observed", | |
| 1250 dynamic_state.sts.last_observed.ToDoubleT()); | |
| 1251 result->SetDouble("dynamic_pkp_observed", | |
| 1252 dynamic_state.pkp.last_observed.ToDoubleT()); | |
| 1253 result->SetDouble("dynamic_sts_expiry", | |
| 1254 dynamic_state.sts.expiry.ToDoubleT()); | |
| 1255 result->SetDouble("dynamic_pkp_expiry", | |
| 1256 dynamic_state.pkp.expiry.ToDoubleT()); | |
| 1257 result->SetString("dynamic_spki_hashes", | |
| 1258 HashesToBase64String(dynamic_state.pkp.spki_hashes)); | |
| 1259 } | |
| 1227 | 1260 |
| 1228 result->SetString("static_spki_hashes", | 1261 result->SetBoolean("result", found_static || found_dynamic); |
| 1229 HashesToBase64String(state.static_spki_hashes)); | 1262 if (found_static) { |
| 1230 result->SetString("dynamic_spki_hashes", | 1263 result->SetString("domain", static_state.domain); |
| 1231 HashesToBase64String(state.dynamic_spki_hashes)); | 1264 } else if (found_dynamic) { |
| 1265 result->SetString("domain", dynamic_state.domain); | |
| 1266 } else { | |
| 1267 result->SetString("domain", domain); | |
|
Ryan Sleevi
2014/04/24 21:40:21
Let's file a follow-up bug to fix this domain ambi
palmer
2014/04/25 00:59:59
https://code.google.com/p/chromium/issues/detail?i
| |
| 1232 } | 1268 } |
| 1233 } | 1269 } |
| 1234 } | 1270 } |
| 1235 | 1271 |
| 1236 SendJavascriptCommand("receivedHSTSResult", result); | 1272 SendJavascriptCommand("receivedHSTSResult", result); |
| 1237 } | 1273 } |
| 1238 | 1274 |
| 1239 void NetInternalsMessageHandler::IOThreadImpl::OnHSTSAdd( | 1275 void NetInternalsMessageHandler::IOThreadImpl::OnHSTSAdd( |
| 1240 const base::ListValue* list) { | 1276 const base::ListValue* list) { |
| 1241 // |list| should be: [<domain to query>, <STS include subdomains>, <PKP | 1277 // |list| should be: [<domain to query>, <STS include subdomains>, <PKP |
| (...skipping 608 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... | |
| 1850 } | 1886 } |
| 1851 | 1887 |
| 1852 NetInternalsUI::NetInternalsUI(content::WebUI* web_ui) | 1888 NetInternalsUI::NetInternalsUI(content::WebUI* web_ui) |
| 1853 : WebUIController(web_ui) { | 1889 : WebUIController(web_ui) { |
| 1854 web_ui->AddMessageHandler(new NetInternalsMessageHandler()); | 1890 web_ui->AddMessageHandler(new NetInternalsMessageHandler()); |
| 1855 | 1891 |
| 1856 // Set up the chrome://net-internals/ source. | 1892 // Set up the chrome://net-internals/ source. |
| 1857 Profile* profile = Profile::FromWebUI(web_ui); | 1893 Profile* profile = Profile::FromWebUI(web_ui); |
| 1858 content::WebUIDataSource::Add(profile, CreateNetInternalsHTMLSource()); | 1894 content::WebUIDataSource::Add(profile, CreateNetInternalsHTMLSource()); |
| 1859 } | 1895 } |
| OLD | NEW |
