Separate http_security_headers from transport_security_state

chrome/browser/ui/webui/net_internals/net_internals_ui.cc

 // Copyright (c) 2012 The Chromium Authors. All rights reserved.
 // Use of this source code is governed by a BSD-style license that can be
 // found in the LICENSE file.
 
 #include "chrome/browser/ui/webui/net_internals/net_internals_ui.h"
 
 #include <list>
 #include <string>
 #include <utility>
 #include <vector>
@@ skipping 1082 matching lines @@
   // For example, turn "www.google.com" into "http://www.google.com".
   GURL url(URLFixerUpper::FixupURL(UTF16ToUTF8(url_str), std::string()));
 
   connection_tester_.reset(new ConnectionTester(
       this,
       io_thread_->globals()->proxy_script_fetcher_context.get(),
       net_log()));
   connection_tester_->RunAllTests(url);
 }
 
-void SPKIHashesToString(const net::HashValueVector& hashes,
-                        std::string* string) {
-  for (net::HashValueVector::const_iterator
-       i = hashes.begin(); i != hashes.end(); ++i) {
-    base::StringPiece hash_str(reinterpret_cast<const char*>(i->data()),
-                               i->size());
-    std::string encoded;
-    base::Base64Encode(hash_str, &encoded);
+std::string HashesToBase64String(const net::HashValueVector& hashes) {

[palmer, 2012/12/06 21:20:17]

These utility functions (this and Base64StringToHashes) should either be in an
anonymous namespace or exposed publicly in some utility file. (There is a static
copy of HashesToBase64String in transport_security_state.cc, so we obviously
need it in multiple places).

Apologies if we have already talked about this and decided on the current course
of action...

[unsafe, 2012/12/07 09:58:26]

Moved to anonymous namespace.  

I previously put these in hash_value.h/.cc, but rsleevi suggested that since
HashesToBase64String() is only used twice, in somewhat disconnected places (TSS
for logging; here for debugging display), he thought it was better to just
duplicate it in each file, instead of putting it into a header file as an API
that would have to be maintained.  

If it needs to get used other places, it could be moved into hash_value.h/.cc
later?

+  std::string str;
+  for (size_t i = 0; i != hashes.size(); ++i) {
+    if (i != 0)
+      str += ",";
+    str += hashes[i].ToString();
+  }
+  return str;
+}
 
-    if (i != hashes.begin())
-      *string += ",";
-    *string += net::TransportSecurityState::HashValueLabel(*i) + encoded;
+bool Base64StringToHashes(const std::string& hashes_str,
+                          net::HashValueVector* hashes) {
+  hashes->clear();
+  if (hashes_str.empty())
+    return true;
+  std::vector<std::string> vector_hash_str;
+  base::SplitString(hashes_str, ',', &vector_hash_str);
+
+  for (size_t i = 0; i != vector_hash_str.size(); ++i) {
+    std::string hash_str;
+    RemoveChars(vector_hash_str[i], " \t\r\n", &hash_str);
+    net::HashValue hash;
+    // Skip past unrecognized hash algos
+    if (hash_str.substr(0, 4) != "sha1" && hash_str.substr(0, 6) != "sha256")
+      continue;
+    if (!hash.FromString(hash_str))
+      return false;
+    hashes->push_back(hash);
   }
+  return true;
 }
 
 void NetInternalsMessageHandler::IOThreadImpl::OnHSTSQuery(
     const ListValue* list) {
   // |list| should be: [<domain to query>].
   std::string domain;
   CHECK(list->GetString(0, &domain));
   DictionaryValue* result = new DictionaryValue();
 
   if (!IsStringASCII(domain)) {
@@ skipping 10 matching lines @@
 
       result->SetBoolean("result", found);
       if (found) {
         result->SetInteger("mode", static_cast<int>(state.upgrade_mode));
         result->SetBoolean("subdomains", state.include_subdomains);
         result->SetString("domain", state.domain);
         result->SetDouble("expiry", state.upgrade_expiry.ToDoubleT());
         result->SetDouble("dynamic_spki_hashes_expiry",
                           state.dynamic_spki_hashes_expiry.ToDoubleT());
 
-        std::string hashes;
-        SPKIHashesToString(state.static_spki_hashes, &hashes);
-        result->SetString("static_spki_hashes", hashes);
+        std::string hashes_str;
+        hashes_str = HashesToBase64String(state.static_spki_hashes);
+        result->SetString("static_spki_hashes", hashes_str);
 
-        hashes.clear();
-        SPKIHashesToString(state.dynamic_spki_hashes, &hashes);
-        result->SetString("dynamic_spki_hashes", hashes);
+        hashes_str = HashesToBase64String(state.dynamic_spki_hashes);
+        result->SetString("dynamic_spki_hashes", hashes_str);
       }
     }
   }
 
   SendJavascriptCommand("receivedHSTSResult", result);
 }
 
 void NetInternalsMessageHandler::IOThreadImpl::OnHSTSAdd(
     const ListValue* list) {
   // |list| should be: [<domain to query>, <include subdomains>, <cert pins>].
@@ skipping 10 matching lines @@
   CHECK(list->GetString(2, &hashes_str));
 
   net::TransportSecurityState* transport_security_state =
       context_getter_->GetURLRequestContext()->transport_security_state();
   if (!transport_security_state)
     return;
 
   net::TransportSecurityState::DomainState state;
   state.upgrade_expiry = state.created + base::TimeDelta::FromDays(1000);
   state.include_subdomains = include_subdomains;
-  if (!hashes_str.empty()) {
-    std::vector<std::string> type_and_b64s;
-    base::SplitString(hashes_str, ',', &type_and_b64s);
-    for (std::vector<std::string>::const_iterator
-         i = type_and_b64s.begin(); i != type_and_b64s.end(); ++i) {
-      std::string type_and_b64;
-      RemoveChars(*i, " \t\r\n", &type_and_b64);
-      net::HashValue hash;
-      if (!net::TransportSecurityState::ParsePin(type_and_b64, &hash))
-        continue;
-
-      state.dynamic_spki_hashes.push_back(hash);
-    }
-  }
-
-  transport_security_state->EnableHost(domain, state);
+  if (Base64StringToHashes(hashes_str, &state.dynamic_spki_hashes))
+    transport_security_state->EnableHost(domain, state);
 }
 
 void NetInternalsMessageHandler::IOThreadImpl::OnHSTSDelete(
     const ListValue* list) {
   // |list| should be: [<domain to query>].
   std::string domain;
   CHECK(list->GetString(0, &domain));
   if (!IsStringASCII(domain)) {
     // There cannot be a unicode entry in the HSTS set.
     return;
@@ skipping 566 matching lines @@
 }
 
 NetInternalsUI::NetInternalsUI(content::WebUI* web_ui)
     : WebUIController(web_ui) {
   web_ui->AddMessageHandler(new NetInternalsMessageHandler());
 
   // Set up the chrome://net-internals/ source.
   Profile* profile = Profile::FromWebUI(web_ui);
   ChromeURLDataManager::AddDataSource(profile, CreateNetInternalsHTMLSource());
 }