Chromium Code Reviews
Help | Chromium Project | Sign in
(188)

Side by Side Diff: net/url_request/url_request_http_job.cc

Issue 11274032: Separate http_security_headers from transport_security_state (Closed) Base URL: https://src.chromium.org/chrome/trunk/src/
Patch Set: Created 1 year, 5 months ago
Use n/p to move between diff chunks; N/P to move between comments. Please Sign in to add in-line comments.
Jump to:
View unified diff | Download patch
« net/http/http_security_headers.cc ('K') | « net/net.gyp ('k') | no next file » | no next file with comments »
Toggle Intra-line Diffs ('i') | Expand Comments ('e') | Collapse Comments ('c') | Show Comments Hide Comments ('s')
OLDNEW
1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. 1 // Copyright (c) 2012 The Chromium Authors. All rights reserved.
2 // Use of this source code is governed by a BSD-style license that can be 2 // Use of this source code is governed by a BSD-style license that can be
3 // found in the LICENSE file. 3 // found in the LICENSE file.
4 4
5 #include "net/url_request/url_request_http_job.h" 5 #include "net/url_request/url_request_http_job.h"
6 6
7 #include "base/base_switches.h" 7 #include "base/base_switches.h"
8 #include "base/bind.h" 8 #include "base/bind.h"
9 #include "base/bind_helpers.h" 9 #include "base/bind_helpers.h"
10 #include "base/command_line.h" 10 #include "base/command_line.h"
(...skipping 649 matching lines...) Expand 10 before | Expand all | Expand 10 after
660 void* iter = NULL; 660 void* iter = NULL;
661 HttpResponseHeaders* headers = GetResponseHeaders(); 661 HttpResponseHeaders* headers = GetResponseHeaders();
662 while (headers->EnumerateHeader(&iter, name, &value)) { 662 while (headers->EnumerateHeader(&iter, name, &value)) {
663 if (!value.empty()) 663 if (!value.empty())
664 cookies->push_back(value); 664 cookies->push_back(value);
665 } 665 }
666 } 666 }
667 667
668 // NOTE: |ProcessStrictTransportSecurityHeader| and 668 // NOTE: |ProcessStrictTransportSecurityHeader| and
669 // |ProcessPublicKeyPinsHeader| have very similar structures, by design. 669 // |ProcessPublicKeyPinsHeader| have very similar structures, by design.
670 // They manipulate different parts of |TransportSecurityState::DomainState|,
671 // and they must remain complementary. If, in future changes here, there is
672 // any conflict between their policies (such as in |domain_state.mode|), you
673 // should resolve the conflict in favor of the more strict policy.
674 void URLRequestHttpJob::ProcessStrictTransportSecurityHeader() { 670 void URLRequestHttpJob::ProcessStrictTransportSecurityHeader() {
675 DCHECK(response_info_); 671 DCHECK(response_info_);
676 672 TransportSecurityState* security_state =
677 const URLRequestContext* ctx = request_->context(); 673 request_->context()->transport_security_state();
678 const SSLInfo& ssl_info = response_info_->ssl_info; 674 const SSLInfo& ssl_info = response_info_->ssl_info;
679 675
680 // Only accept strict transport security headers on HTTPS connections that 676 // Only accept HSTS headers on HTTPS connections that have no
681 // have no certificate errors. 677 // certificate errors.
682 if (!ssl_info.is_valid() || IsCertStatusError(ssl_info.cert_status) || 678 if (!ssl_info.is_valid() || IsCertStatusError(ssl_info.cert_status) ||
683 !ctx->transport_security_state()) { 679 !security_state)
684 return; 680 return;
685 }
686
687 TransportSecurityState* security_state = ctx->transport_security_state();
688 TransportSecurityState::DomainState domain_state;
689 const std::string& host = request_info_.url.host();
690
691 bool sni_available =
692 SSLConfigService::IsSNIAvailable(ctx->ssl_config_service());
693 if (!security_state->GetDomainState(host, sni_available, &domain_state))
694 // |GetDomainState| may have altered |domain_state| while searching. If
695 // not found, start with a fresh state.
696 domain_state.upgrade_mode =
697 TransportSecurityState::DomainState::MODE_FORCE_HTTPS;
698
699 HttpResponseHeaders* headers = GetResponseHeaders();
700 std::string value;
701 void* iter = NULL;
702 base::Time now = base::Time::Now();
703 681
704 // http://tools.ietf.org/html/draft-ietf-websec-strict-transport-sec: 682 // http://tools.ietf.org/html/draft-ietf-websec-strict-transport-sec:
705 // 683 //
706 // If a UA receives more than one STS header field in a HTTP response 684 // If a UA receives more than one STS header field in a HTTP response
707 // message over secure transport, then the UA MUST process only the 685 // message over secure transport, then the UA MUST process only the
708 // first such header field. 686 // first such header field.
709 bool seen_sts = false; 687 HttpResponseHeaders* headers = GetResponseHeaders();
710 while (headers->EnumerateHeader(&iter, "Strict-Transport-Security", &value)) { 688 std::string value;
711 if (seen_sts) 689 if (headers->EnumerateHeader(NULL, "Strict-Transport-Security", &value))
712 return; 690 security_state->AddHSTSHeader(request_info_.url.host(), value);
713 seen_sts = true;
714 TransportSecurityState::DomainState domain_state;
715 if (domain_state.ParseSTSHeader(now, value))
716 security_state->EnableHost(host, domain_state);
717 }
718 } 691 }
719 692
720 void URLRequestHttpJob::ProcessPublicKeyPinsHeader() { 693 void URLRequestHttpJob::ProcessPublicKeyPinsHeader() {
721 DCHECK(response_info_); 694 DCHECK(response_info_);
722 695 TransportSecurityState* security_state =
723 const URLRequestContext* ctx = request_->context(); 696 request_->context()->transport_security_state();
724 const SSLInfo& ssl_info = response_info_->ssl_info; 697 const SSLInfo& ssl_info = response_info_->ssl_info;
725 698
726 // Only accept public key pins headers on HTTPS connections that have no 699 // Only accept HPKP headers on HTTPS connections that have no
727 // certificate errors. 700 // certificate errors.
728 if (!ssl_info.is_valid() || IsCertStatusError(ssl_info.cert_status) || 701 if (!ssl_info.is_valid() || IsCertStatusError(ssl_info.cert_status) ||
729 !ctx->transport_security_state()) { 702 !security_state)
730 return; 703 return;
731 }
732
733 TransportSecurityState* security_state = ctx->transport_security_state();
734 TransportSecurityState::DomainState domain_state;
735 const std::string& host = request_info_.url.host();
736
737 bool sni_available =
738 SSLConfigService::IsSNIAvailable(ctx->ssl_config_service());
739 if (!security_state->GetDomainState(host, sni_available, &domain_state))
740 // |GetDomainState| may have altered |domain_state| while searching. If
741 // not found, start with a fresh state.
742 domain_state.upgrade_mode =
743 TransportSecurityState::DomainState::MODE_DEFAULT;
744 704
745 HttpResponseHeaders* headers = GetResponseHeaders(); 705 HttpResponseHeaders* headers = GetResponseHeaders();
746 void* iter = NULL;
747 std::string value; 706 std::string value;
748 base::Time now = base::Time::Now(); 707 if (headers->EnumerateHeader(NULL, "Public-Key-Pins", &value))
749 708 security_state->AddHPKPHeader(request_info_.url.host(), value, ssl_info);
Ryan Sleevi 2012/11/13 19:02:32 Pretty sure that HPKP should be using HasHeader &&
Chromium Palmer 2012/11/13 19:35:04 As mentioned in previous comments, I tend to think
Ryan Sleevi 2012/11/13 19:43:15 RFC 2616 4.2 is what causes the problems "Multipl
unsafe 2012/11/13 23:20:18 I like that sentiment, if it means what I think wh
750 while (headers->EnumerateHeader(&iter, "Public-Key-Pins", &value)) {
751 // Note that ParsePinsHeader updates |domain_state| (iff the header parses
752 // correctly), but does not completely overwrite it. It just updates the
753 // dynamic pinning metadata.
754 if (domain_state.ParsePinsHeader(now, value, ssl_info))
755 security_state->EnableHost(host, domain_state);
756 }
757 } 709 }
758 710
759 void URLRequestHttpJob::OnStartCompleted(int result) { 711 void URLRequestHttpJob::OnStartCompleted(int result) {
760 RecordTimer(); 712 RecordTimer();
761 713
762 // If the request was destroyed, then there is no more work to do. 714 // If the request was destroyed, then there is no more work to do.
763 if (!request_) 715 if (!request_)
764 return; 716 return;
765 717
766 // If the transaction was destroyed, then the job was cancelled, and 718 // If the transaction was destroyed, then the job was cancelled, and
(...skipping 792 matching lines...) Expand 10 before | Expand all | Expand 10 after
1559 1511
1560 void URLRequestHttpJob::NotifyURLRequestDestroyed() { 1512 void URLRequestHttpJob::NotifyURLRequestDestroyed() {
1561 awaiting_callback_ = false; 1513 awaiting_callback_ = false;
1562 } 1514 }
1563 1515
1564 void URLRequestHttpJob::OnDetachRequest() { 1516 void URLRequestHttpJob::OnDetachRequest() {
1565 http_transaction_delegate_->OnDetachRequest(); 1517 http_transaction_delegate_->OnDetachRequest();
1566 } 1518 }
1567 1519
1568 } // namespace net 1520 } // namespace net
OLDNEW
« net/http/http_security_headers.cc ('K') | « net/net.gyp ('k') | no next file » | no next file with comments »

Powered by Google App Engine
RSS Feeds Recent Issues | This issue
This is Rietveld 1280:2d3e6564b7b6