Chromium Code Reviews Chromium Code Reviews
Issue 11274032:
Separate http_security_headers from transport_security_state (Closed)
Base URL: https://src.chromium.org/chrome/trunk/src/| OLD | NEW |
|---|---|
| 1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. | 1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. |
| 2 // Use of this source code is governed by a BSD-style license that can be | 2 // Use of this source code is governed by a BSD-style license that can be |
| 3 // found in the LICENSE file. | 3 // found in the LICENSE file. |
| 4 | 4 |
| 5 #include "chrome/browser/ui/webui/net_internals/net_internals_ui.h" | 5 #include "chrome/browser/ui/webui/net_internals/net_internals_ui.h" |
| 6 | 6 |
| 7 #include <list> | 7 #include <list> |
| 8 #include <string> | 8 #include <string> |
| 9 #include <utility> | 9 #include <utility> |
| 10 #include <vector> | 10 #include <vector> |
| (...skipping 1082 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... | |
| 1093 // For example, turn "www.google.com" into "http://www.google.com". | 1093 // For example, turn "www.google.com" into "http://www.google.com". |
| 1094 GURL url(URLFixerUpper::FixupURL(UTF16ToUTF8(url_str), std::string())); | 1094 GURL url(URLFixerUpper::FixupURL(UTF16ToUTF8(url_str), std::string())); |
| 1095 | 1095 |
| 1096 connection_tester_.reset(new ConnectionTester( | 1096 connection_tester_.reset(new ConnectionTester( |
| 1097 this, | 1097 this, |
| 1098 io_thread_->globals()->proxy_script_fetcher_context.get(), | 1098 io_thread_->globals()->proxy_script_fetcher_context.get(), |
| 1099 net_log())); | 1099 net_log())); |
| 1100 connection_tester_->RunAllTests(url); | 1100 connection_tester_->RunAllTests(url); |
| 1101 } | 1101 } |
| 1102 | 1102 |
| 1103 void SPKIHashesToString(const net::HashValueVector& hashes, | 1103 std::string HashesToBase64String(const net::HashValueVector& hashes) { |
| 1104 std::string* string) { | 1104 std::string str; |
| 1105 for (net::HashValueVector::const_iterator | 1105 for (size_t i = 0; i != hashes.size(); ++i) { |
| 1106 i = hashes.begin(); i != hashes.end(); ++i) { | 1106 if (i != 0) |
| 1107 base::StringPiece hash_str(reinterpret_cast<const char*>(i->data()), | 1107 str += ","; |
| 1108 i->size()); | 1108 str += hashes[i].ToString(); |
| 1109 std::string encoded; | 1109 } |
| 1110 base::Base64Encode(hash_str, &encoded); | 1110 return str; |
| 1111 } | |
| 1111 | 1112 |
| 1112 if (i != hashes.begin()) | 1113 bool Base64StringToHashes(const std::string& hashes_str, |
| 1113 *string += ","; | 1114 net::HashValueVector* hashes) { |
| 1114 *string += net::TransportSecurityState::HashValueLabel(*i) + encoded; | 1115 hashes->clear(); |
| 1116 if (hashes_str.empty()) | |
| 1117 return true; | |
| 1118 std::vector<std::string> vector_hash_str; | |
| 1119 base::SplitString(hashes_str, ',', &vector_hash_str); | |
| 1120 | |
| 1121 for (size_t i = 0; i != vector_hash_str.size(); ++i) { | |
| 1122 std::string hash_str; | |
| 1123 RemoveChars(vector_hash_str[i], " \t\r\n", &hash_str); | |
| 1124 net::HashValue hash; | |
| 1125 if (!hash.FromString(hash_str)) | |
| 1126 return false; | |
| 1127 hashes->push_back(hash); | |
| 1115 } | 1128 } |
| 1129 return true; | |
| 1116 } | 1130 } |
| 1117 | 1131 |
| 1118 void NetInternalsMessageHandler::IOThreadImpl::OnHSTSQuery( | 1132 void NetInternalsMessageHandler::IOThreadImpl::OnHSTSQuery( |
| 1119 const ListValue* list) { | 1133 const ListValue* list) { |
| 1120 // |list| should be: [<domain to query>]. | 1134 // |list| should be: [<domain to query>]. |
| 1121 std::string domain; | 1135 std::string domain; |
| 1122 CHECK(list->GetString(0, &domain)); | 1136 CHECK(list->GetString(0, &domain)); |
| 1123 DictionaryValue* result = new DictionaryValue(); | 1137 DictionaryValue* result = new DictionaryValue(); |
| 1124 | 1138 |
| 1125 if (!IsStringASCII(domain)) { | 1139 if (!IsStringASCII(domain)) { |
| (...skipping 10 matching lines...) Expand all Loading... | |
| 1136 | 1150 |
| 1137 result->SetBoolean("result", found); | 1151 result->SetBoolean("result", found); |
| 1138 if (found) { | 1152 if (found) { |
| 1139 result->SetInteger("mode", static_cast<int>(state.upgrade_mode)); | 1153 result->SetInteger("mode", static_cast<int>(state.upgrade_mode)); |
| 1140 result->SetBoolean("subdomains", state.include_subdomains); | 1154 result->SetBoolean("subdomains", state.include_subdomains); |
| 1141 result->SetString("domain", state.domain); | 1155 result->SetString("domain", state.domain); |
| 1142 result->SetDouble("expiry", state.upgrade_expiry.ToDoubleT()); | 1156 result->SetDouble("expiry", state.upgrade_expiry.ToDoubleT()); |
| 1143 result->SetDouble("dynamic_spki_hashes_expiry", | 1157 result->SetDouble("dynamic_spki_hashes_expiry", |
| 1144 state.dynamic_spki_hashes_expiry.ToDoubleT()); | 1158 state.dynamic_spki_hashes_expiry.ToDoubleT()); |
| 1145 | 1159 |
| 1146 std::string hashes; | 1160 std::string hashes_str; |
| 1147 SPKIHashesToString(state.static_spki_hashes, &hashes); | 1161 hashes_str = HashesToBase64String(state.static_spki_hashes); |
| 1148 result->SetString("static_spki_hashes", hashes); | 1162 result->SetString("static_spki_hashes", hashes_str); |
| 1149 | 1163 |
| 1150 hashes.clear(); | 1164 hashes_str = HashesToBase64String(state.dynamic_spki_hashes); |
| 1151 SPKIHashesToString(state.dynamic_spki_hashes, &hashes); | 1165 result->SetString("dynamic_spki_hashes", hashes_str); |
| 1152 result->SetString("dynamic_spki_hashes", hashes); | |
| 1153 } | 1166 } |
| 1154 } | 1167 } |
| 1155 } | 1168 } |
| 1156 | 1169 |
| 1157 SendJavascriptCommand("receivedHSTSResult", result); | 1170 SendJavascriptCommand("receivedHSTSResult", result); |
| 1158 } | 1171 } |
| 1159 | 1172 |
| 1160 void NetInternalsMessageHandler::IOThreadImpl::OnHSTSAdd( | 1173 void NetInternalsMessageHandler::IOThreadImpl::OnHSTSAdd( |
| 1161 const ListValue* list) { | 1174 const ListValue* list) { |
| 1162 // |list| should be: [<domain to query>, <include subdomains>, <cert pins>]. | 1175 // |list| should be: [<domain to query>, <include subdomains>, <cert pins>]. |
| (...skipping 10 matching lines...) Expand all Loading... | |
| 1173 CHECK(list->GetString(2, &hashes_str)); | 1186 CHECK(list->GetString(2, &hashes_str)); |
| 1174 | 1187 |
| 1175 net::TransportSecurityState* transport_security_state = | 1188 net::TransportSecurityState* transport_security_state = |
| 1176 context_getter_->GetURLRequestContext()->transport_security_state(); | 1189 context_getter_->GetURLRequestContext()->transport_security_state(); |
| 1177 if (!transport_security_state) | 1190 if (!transport_security_state) |
| 1178 return; | 1191 return; |
| 1179 | 1192 |
| 1180 net::TransportSecurityState::DomainState state; | 1193 net::TransportSecurityState::DomainState state; |
| 1181 state.upgrade_expiry = state.created + base::TimeDelta::FromDays(1000); | 1194 state.upgrade_expiry = state.created + base::TimeDelta::FromDays(1000); |
| 1182 state.include_subdomains = include_subdomains; | 1195 state.include_subdomains = include_subdomains; |
| 1183 if (!hashes_str.empty()) { | 1196 Base64StringToHashes(hashes_str, &state.dynamic_spki_hashes); |
|
Ryan Sleevi
2012/11/13 19:02:32
In the original code, if a hash failed to parse, i
unsafe
2012/11/13 23:20:18
Hmm, how about if it handles the false return by N
Ryan Sleevi
2012/11/13 23:32:05
I think the old behaviour was better, for reasons
| |
| 1184 std::vector<std::string> type_and_b64s; | |
| 1185 base::SplitString(hashes_str, ',', &type_and_b64s); | |
| 1186 for (std::vector<std::string>::const_iterator | |
| 1187 i = type_and_b64s.begin(); i != type_and_b64s.end(); ++i) { | |
| 1188 std::string type_and_b64; | |
| 1189 RemoveChars(*i, " \t\r\n", &type_and_b64); | |
| 1190 net::HashValue hash; | |
| 1191 if (!net::TransportSecurityState::ParsePin(type_and_b64, &hash)) | |
| 1192 continue; | |
| 1193 | |
| 1194 state.dynamic_spki_hashes.push_back(hash); | |
| 1195 } | |
| 1196 } | |
| 1197 | |
| 1198 transport_security_state->EnableHost(domain, state); | 1197 transport_security_state->EnableHost(domain, state); |
| 1199 } | 1198 } |
| 1200 | 1199 |
| 1201 void NetInternalsMessageHandler::IOThreadImpl::OnHSTSDelete( | 1200 void NetInternalsMessageHandler::IOThreadImpl::OnHSTSDelete( |
| 1202 const ListValue* list) { | 1201 const ListValue* list) { |
| 1203 // |list| should be: [<domain to query>]. | 1202 // |list| should be: [<domain to query>]. |
| 1204 std::string domain; | 1203 std::string domain; |
| 1205 CHECK(list->GetString(0, &domain)); | 1204 CHECK(list->GetString(0, &domain)); |
| 1206 if (!IsStringASCII(domain)) { | 1205 if (!IsStringASCII(domain)) { |
| 1207 // There cannot be a unicode entry in the HSTS set. | 1206 // There cannot be a unicode entry in the HSTS set. |
| (...skipping 567 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... | |
| 1775 } | 1774 } |
| 1776 | 1775 |
| 1777 NetInternalsUI::NetInternalsUI(content::WebUI* web_ui) | 1776 NetInternalsUI::NetInternalsUI(content::WebUI* web_ui) |
| 1778 : WebUIController(web_ui) { | 1777 : WebUIController(web_ui) { |
| 1779 web_ui->AddMessageHandler(new NetInternalsMessageHandler()); | 1778 web_ui->AddMessageHandler(new NetInternalsMessageHandler()); |
| 1780 | 1779 |
| 1781 // Set up the chrome://net-internals/ source. | 1780 // Set up the chrome://net-internals/ source. |
| 1782 Profile* profile = Profile::FromWebUI(web_ui); | 1781 Profile* profile = Profile::FromWebUI(web_ui); |
| 1783 ChromeURLDataManager::AddDataSource(profile, CreateNetInternalsHTMLSource()); | 1782 ChromeURLDataManager::AddDataSource(profile, CreateNetInternalsHTMLSource()); |
| 1784 } | 1783 } |
| OLD | NEW |
