net/base/x509_cert_types.cc - Issue 11274032: Separate http_security_headers from transport_security_state

Side by Side Diff: net/base/x509_cert_types.cc

Issue 11274032: Separate http_security_headers from transport_security_state (Closed) Base URL: https://src.chromium.org/chrome/trunk/src/

Patch Set: Created 8 years, 2 months ago

Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.

Jump to:

View unified diff | Download patch

OLD	NEW
1 // Copyright (c) 2012 The Chromium Authors. All rights reserved.	1 // Copyright (c) 2012 The Chromium Authors. All rights reserved.

2 // Use of this source code is governed by a BSD-style license that can be	2 // Use of this source code is governed by a BSD-style license that can be

3 // found in the LICENSE file.	3 // found in the LICENSE file.

4	4

5 #include "net/base/x509_cert_types.h"	5 #include "net/base/x509_cert_types.h"

6	6

7 #include <cstdlib>	7 #include <cstdlib>

8 #include <cstring>	8 #include <cstring>

9	9

	10 #include "base/base64.h"

10 #include "base/logging.h"	11 #include "base/logging.h"

11 #include "base/sha1.h"	12 #include "base/sha1.h"

12 #include "base/string_number_conversions.h"	13 #include "base/string_number_conversions.h"

13 #include "base/string_piece.h"	14 #include "base/string_piece.h"

	15 #include "base/string_split.h"

	16 #include "base/string_util.h"

14 #include "base/time.h"	17 #include "base/time.h"

15 #include "net/base/x509_certificate.h"	18 #include "net/base/x509_certificate.h"

16	19

17 namespace net {	20 namespace net {

18	21

19 namespace {	22 namespace {

20	23

21 // Helper for ParseCertificateDate. \|*field\| must contain at least	24 // Helper for ParseCertificateDate. \|*field\| must contain at least

22 // \|field_len\| characters. \|*field\| will be advanced by \|field_len\| on exit.	25 // \|field_len\| characters. \|*field\| will be advanced by \|field_len\| on exit.

23 // \|*ok\| is set to false if there is an error in parsing the number, but left	26 // \|*ok\| is set to false if there is an error in parsing the number, but left

24 // untouched otherwise. Returns the parsed integer.	27 // untouched otherwise. Returns the parsed integer.

25 int ParseIntAndAdvance(const char** field, size_t field_len, bool* ok) {	28 int ParseIntAndAdvance(const char** field, size_t field_len, bool* ok) {

26 int result = 0;	29 int result = 0;

27 ok &= base::StringToInt(base::StringPiece(field, field_len), &result);	30 ok &= base::StringToInt(base::StringPiece(field, field_len), &result);

28 *field += field_len;	31 *field += field_len;

29 return result;	32 return result;

30 }	33 }

31	34

32 // CompareSHA1Hashes is a helper function for using bsearch() with an array of	35 // CompareSHA1Hashes is a helper function for using bsearch() with an array of

33 // SHA1 hashes.	36 // SHA1 hashes.

34 int CompareSHA1Hashes(const void* a, const void* b) {	37 int CompareSHA1Hashes(const void* a, const void* b) {

35 return memcmp(a, b, base::kSHA1Length);	38 return memcmp(a, b, base::kSHA1Length);

36 }	39 }

37	40

38 } // namespace	41 } // namespace

39	42

40 // static

41 bool IsSHA1HashInSortedArray(const SHA1HashValue& hash,	43 bool IsSHA1HashInSortedArray(const SHA1HashValue& hash,

42 const uint8* array,	44 const uint8* array,

43 size_t array_byte_len) {	45 size_t array_byte_len) {

44 DCHECK_EQ(0u, array_byte_len % base::kSHA1Length);	46 DCHECK_EQ(0u, array_byte_len % base::kSHA1Length);

45 const size_t arraylen = array_byte_len / base::kSHA1Length;	47 const size_t arraylen = array_byte_len / base::kSHA1Length;

46 return NULL != bsearch(hash.data, array, arraylen, base::kSHA1Length,	48 return NULL != bsearch(hash.data, array, arraylen, base::kSHA1Length,

47 CompareSHA1Hashes);	49 CompareSHA1Hashes);

48 }	50 }

49	51

	52 bool HashesIntersect(const HashValueVector& a,

	53 const HashValueVector& b) {

	54 for (HashValueVector::const_iterator i = a.begin(); i != a.end(); ++i) {

	55 HashValueVector::const_iterator j =

	56 std::find_if(b.begin(), b.end(), HashValuesEqualPredicate(*i));

	57 if (j != b.end())

	58 return true;

	59 }

	60 return false;

	61 }

	62

	63 std::string HashesToBase64String(const HashValueVector& hashes) {

	64 std::string str;

	65 for (size_t i = 0; i != hashes.size(); ++i) {

	66 if (i != 0)

	67 str += ",";

	68 str += hashes[i].WriteBase64String();

	69 }

	70 return str;

	71 }

	72

	73 bool Base64StringToHashes(const std::string& hashes_str,

	74 HashValueVector* hashes) {

	75 if (!hashes_str.empty()) {
	Ryan Sleevi 2012/10/25 01:59:09 Rather than structuring code along the if (success Rather than structuring code along the if (success) { // do stuff } [else optional error handling] pattern, Chromium/Google Open Source code tries to follow the if (error) { // error handling return } // do stuff style of structure. This helps reduce indentation levels. suggested rewrite: if (hashes_str.empty()) return [something] Ryan Sleevi 2012/10/25 01:59:09 design nit: You have not documented what the pre-a design nit: You have not documented what the pre-and-post conditions of this function in the header file, but as such, I'm not sure the current behaviours are a good API. The current API appends data to \|hashes\|, and returns success when there are no hashes. Typically, we try to make this very clear in the naming of the function, as the general expectation is that it'll replace \|hashes\|, and also try to make invalid inputs fail. hashes->clear(); if (hashes_str.empty()) return false; // Parse unsafe 2012/10/25 06:59:54 Fixed - documented, clears \|hashes\|, returns true Show quoted text On 2012/10/25 01:59:09, Ryan Sleevi wrote: > design nit: > You have not documented what the pre-and-post conditions of this function in the > header file, but as such, I'm not sure the current behaviours are a good API. > > The current API appends data to \|hashes\|, and returns success when there are no > hashes. Fixed - documented, clears \|hashes\|, returns true even if none.
	76 std::vector<std::string> type_and_b64s;

	77 base::SplitString(hashes_str, ',', &type_and_b64s);

	78

	79 for (size_t i = 0; i != type_and_b64s.size(); i++) {
	Ryan Sleevi 2012/10/25 01:59:09 style nit: pre-increment (++i) http://google-styl style nit: pre-increment (++i) http://google-styleguide.googlecode.com/svn/trunk/cppguide.xml?showone=Preinc... unsafe 2012/10/25 06:59:54 Done. Show quoted text On 2012/10/25 01:59:09, Ryan Sleevi wrote: > style nit: pre-increment (++i) > > http://google-styleguide.googlecode.com/svn/trunk/cppguide.xml?showone=Preinc... Done.
	80 std::string type_and_b64;

	81 RemoveChars(type_and_b64s[i], " \t\r\n", &type_and_b64);
	Ryan Sleevi 2012/10/25 01:59:09 RemoveChars(type_and_b64s[i], " \t\r\n", &type_and RemoveChars(type_and_b64s[i], " \t\r\n", &type_and_b64s[i]); That said, I believe the real function, based on the spec, should be net::HttpUtil::TrimLWS(), which net/base cannot use or call (layering violation) This is part of why I think this function may belong somewhere under net/http to handle header parsing. unsafe 2012/10/25 06:59:54 This function isn't processing the HTTP header, it Show quoted text On 2012/10/25 01:59:09, Ryan Sleevi wrote: > RemoveChars(type_and_b64s[i], " \t\r\n", &type_and_b64s[i]); > > That said, I believe the real function, based on the spec, should be > net::HttpUtil::TrimLWS(), which net/base cannot use or call (layering violation) This function isn't processing the HTTP header, it process net_internals input currently, and could be used for unit tests or debugging, so I think its OK at this level.
	82 net::HashValue hash;

	83 if (!hash.ParseBase64String(type_and_b64))

	84 return false;

	85 hashes->push_back(hash);

	86 }

	87 }

	88 return true;

	89 }

	90

50 CertPrincipal::CertPrincipal() {	91 CertPrincipal::CertPrincipal() {

51 }	92 }

52	93

53 CertPrincipal::CertPrincipal(const std::string& name) : common_name(name) {}	94 CertPrincipal::CertPrincipal(const std::string& name) : common_name(name) {}

54	95

55 CertPrincipal::~CertPrincipal() {	96 CertPrincipal::~CertPrincipal() {

56 }	97 }

57	98

58 std::string CertPrincipal::GetDisplayName() const {	99 std::string CertPrincipal::GetDisplayName() const {

59 if (!common_name.empty())	100 if (!common_name.empty())

(...skipping 90 matching lines...) Expand 10 before \| Expand all \| Expand 10 after Loading...
150 case HASH_VALUE_SHA1:	191 case HASH_VALUE_SHA1:

151 return fingerprint.sha1.Equals(other.fingerprint.sha1);	192 return fingerprint.sha1.Equals(other.fingerprint.sha1);

152 case HASH_VALUE_SHA256:	193 case HASH_VALUE_SHA256:

153 return fingerprint.sha256.Equals(other.fingerprint.sha256);	194 return fingerprint.sha256.Equals(other.fingerprint.sha256);

154 default:	195 default:

155 NOTREACHED() << "Unknown HashValueTag " << tag;	196 NOTREACHED() << "Unknown HashValueTag " << tag;

156 return false;	197 return false;

157 }	198 }

158 }	199 }

159	200

	201 bool HashValue::ParseBase64String(const std::string& value) {

	202 std::string b64;
	Ryan Sleevi 2012/10/25 01:59:09 naming nit: b64 is too abbreviated. Applies throug naming nit: b64 is too abbreviated. Applies throughout the file (eg: Base64StringToHashes) (See http://google-styleguide.googlecode.com/svn/trunk/cppguide.xml?showone=Genera... ) perf: use base::StringPiece to avoid needing to make a copy of these values. You can still trim prefix/suffices as possible. unsafe 2012/10/25 06:59:54 Changed the names. Show quoted text On 2012/10/25 01:59:09, Ryan Sleevi wrote: > naming nit: b64 is too abbreviated. Applies throughout the file (eg: > Base64StringToHashes) Changed the names. Show quoted text > perf: use base::StringPiece to avoid needing to make a copy of these values. It's about the same efficiency as the previous TransportSecurityState::ParsePin. I'm not familiar with base::StringPiece. This is used to read the dynamic JSON, so I suppose efficiency matters slightly, can you give me more pointers?
	203 if (value.substr(0, 5) == "sha1/") {

	204 tag = HASH_VALUE_SHA1;

	205 b64 = value.substr(5, 28); // length of base64 string

	206 } else if (value.substr(0, 7) == "sha256/") {

	207 tag = HASH_VALUE_SHA256;

	208 b64 = value.substr(7, 44); // length of base64 string

	209 } else {

	210 return false;

	211 }

	212

	213 std::string decoded;

	214 if (!base::Base64Decode(b64, &decoded) \|\| decoded.size() != size()) {

	215 return false;

	216 }

	217 memcpy(data(), decoded.data(), size());

	218 return true;

	219 }

	220

	221 std::string HashValue::WriteBase64String() const {

	222 std::string b64;

	223 base::Base64Encode(std::string((const char*)data(), size()), &b64);
	Ryan Sleevi 2012/10/25 01:59:09 design nit: Encode expects a base::StringPiece rat design nit: Encode expects a base::StringPiece rather than an std::string. base::StringPiece lets you avoid the copy. style nit: Use C++ casts ( http://google-styleguide.googlecode.com/svn/trunk/cppguide.xml?showone=Castin... ) unsafe 2012/10/25 06:59:54 Done. Show quoted text On 2012/10/25 01:59:09, Ryan Sleevi wrote: > design nit: Encode expects a base::StringPiece rather than an std::string. > base::StringPiece lets you avoid the copy. > > style nit: Use C++ casts ( > http://google-styleguide.googlecode.com/svn/trunk/cppguide.xml?showone=Castin... > ) Done.
	224 if (tag == HASH_VALUE_SHA1)

	225 return std::string("sha1/" + b64);

	226 else if (tag == HASH_VALUE_SHA256)

	227 return std::string("sha256/" + b64);

	228 return std::string("unknown/" + b64);
	Ryan Sleevi 2012/10/25 01:59:09 nit: Write this as a switch statement, with no "de nit: Write this as a switch statement, with no "default" case, and an error return after the switch, and the compiler will (should?) warn any time the tag is not handled. Also, NOTREACHED() here, since WriteBase64String() should never be called with an unsupported hash value (Parsing shouldn't use this, because it's user input, but outputting is a coder issue) unsafe 2012/10/25 06:59:54 Changed to a switch. The existing code in this fi Show quoted text On 2012/10/25 01:59:09, Ryan Sleevi wrote: > nit: Write this as a switch statement, with no "default" case, and an error > return after the switch, and the compiler will (should?) warn any time the tag > is not handled. Changed to a switch. The existing code in this file does not folow the "no default case" idiom, so I didn't. Should all the switch statements be changed?
	229 }

	230

160 size_t HashValue::size() const {	231 size_t HashValue::size() const {

161 switch (tag) {	232 switch (tag) {

162 case HASH_VALUE_SHA1:	233 case HASH_VALUE_SHA1:

163 return sizeof(fingerprint.sha1.data);	234 return sizeof(fingerprint.sha1.data);

164 case HASH_VALUE_SHA256:	235 case HASH_VALUE_SHA256:

165 return sizeof(fingerprint.sha256.data);	236 return sizeof(fingerprint.sha256.data);

166 default:	237 default:

167 NOTREACHED() << "Unknown HashValueTag " << tag;	238 NOTREACHED() << "Unknown HashValueTag " << tag;

168 // Although this is NOTREACHED, this function might be inlined and its	239 // Although this is NOTREACHED, this function might be inlined and its

169 // return value can be passed to memset as the length argument. If we	240 // return value can be passed to memset as the length argument. If we

(...skipping 15 matching lines...) Expand all Loading...
185 return fingerprint.sha1.data;	256 return fingerprint.sha1.data;

186 case HASH_VALUE_SHA256:	257 case HASH_VALUE_SHA256:

187 return fingerprint.sha256.data;	258 return fingerprint.sha256.data;

188 default:	259 default:

189 NOTREACHED() << "Unknown HashValueTag " << tag;	260 NOTREACHED() << "Unknown HashValueTag " << tag;

190 return NULL;	261 return NULL;

191 }	262 }

192 }	263 }

193	264

194 } // namespace net	265 } // namespace net

OLD	NEW

« net/base/x509_cert_types.h ('K') | « net/base/x509_cert_types.h ('k') | net/http/http_security_headers.h » ('j') | net/http/http_security_headers.h » ('J')