Chromium Code Reviews Chromium Code Reviews
Issue 11274032:
Separate http_security_headers from transport_security_state (Closed)
Base URL: https://src.chromium.org/chrome/trunk/src/| Index: net/url_request/url_request_http_job.cc |
| =================================================================== |
| --- net/url_request/url_request_http_job.cc (revision 165283) |
| +++ net/url_request/url_request_http_job.cc (working copy) |
| @@ -667,93 +667,45 @@ |
| // NOTE: |ProcessStrictTransportSecurityHeader| and |
| // |ProcessPublicKeyPinsHeader| have very similar structures, by design. |
| -// They manipulate different parts of |TransportSecurityState::DomainState|, |
| -// and they must remain complementary. If, in future changes here, there is |
| -// any conflict between their policies (such as in |domain_state.mode|), you |
| -// should resolve the conflict in favor of the more strict policy. |
| void URLRequestHttpJob::ProcessStrictTransportSecurityHeader() { |
| DCHECK(response_info_); |
| - |
| - const URLRequestContext* ctx = request_->context(); |
| + TransportSecurityState* security_state = |
| + request_->context()->transport_security_state(); |
| const SSLInfo& ssl_info = response_info_->ssl_info; |
| - // Only accept strict transport security headers on HTTPS connections that |
| - // have no certificate errors. |
| + // Only accept HSTS headers on HTTPS connections that have no |
| + // certificate errors. |
| if (!ssl_info.is_valid() || IsCertStatusError(ssl_info.cert_status) || |
| - !ctx->transport_security_state()) { |
| + !security_state) |
| return; |
| - } |
| - TransportSecurityState* security_state = ctx->transport_security_state(); |
| - TransportSecurityState::DomainState domain_state; |
| - const std::string& host = request_info_.url.host(); |
| - |
| - bool sni_available = |
| - SSLConfigService::IsSNIAvailable(ctx->ssl_config_service()); |
| - if (!security_state->GetDomainState(host, sni_available, &domain_state)) |
| - // |GetDomainState| may have altered |domain_state| while searching. If |
| - // not found, start with a fresh state. |
| - domain_state.upgrade_mode = |
| - TransportSecurityState::DomainState::MODE_FORCE_HTTPS; |
| - |
| - HttpResponseHeaders* headers = GetResponseHeaders(); |
| - std::string value; |
| - void* iter = NULL; |
| - base::Time now = base::Time::Now(); |
| - |
| // http://tools.ietf.org/html/draft-ietf-websec-strict-transport-sec: |
| // |
| // If a UA receives more than one STS header field in a HTTP response |
| // message over secure transport, then the UA MUST process only the |
| // first such header field. |
| - bool seen_sts = false; |
| - while (headers->EnumerateHeader(&iter, "Strict-Transport-Security", &value)) { |
| - if (seen_sts) |
| - return; |
| - seen_sts = true; |
| - TransportSecurityState::DomainState domain_state; |
| - if (domain_state.ParseSTSHeader(now, value)) |
| - security_state->EnableHost(host, domain_state); |
| - } |
| + HttpResponseHeaders* headers = GetResponseHeaders(); |
| + std::string value; |
| + if (headers->EnumerateHeader(NULL, "Strict-Transport-Security", &value)) |
| + security_state->AddHSTSHeader(request_info_.url.host(), value); |
| } |
| void URLRequestHttpJob::ProcessPublicKeyPinsHeader() { |
| DCHECK(response_info_); |
| - |
| - const URLRequestContext* ctx = request_->context(); |
| + TransportSecurityState* security_state = |
| + request_->context()->transport_security_state(); |
| const SSLInfo& ssl_info = response_info_->ssl_info; |
| - // Only accept public key pins headers on HTTPS connections that have no |
| + // Only accept HPKP headers on HTTPS connections that have no |
| // certificate errors. |
| if (!ssl_info.is_valid() || IsCertStatusError(ssl_info.cert_status) || |
| - !ctx->transport_security_state()) { |
| + !security_state) |
| return; |
| - } |
| - TransportSecurityState* security_state = ctx->transport_security_state(); |
| - TransportSecurityState::DomainState domain_state; |
| - const std::string& host = request_info_.url.host(); |
| - |
| - bool sni_available = |
| - SSLConfigService::IsSNIAvailable(ctx->ssl_config_service()); |
| - if (!security_state->GetDomainState(host, sni_available, &domain_state)) |
| - // |GetDomainState| may have altered |domain_state| while searching. If |
| - // not found, start with a fresh state. |
| - domain_state.upgrade_mode = |
| - TransportSecurityState::DomainState::MODE_DEFAULT; |
| - |
| HttpResponseHeaders* headers = GetResponseHeaders(); |
| - void* iter = NULL; |
| std::string value; |
| - base::Time now = base::Time::Now(); |
| - |
| - while (headers->EnumerateHeader(&iter, "Public-Key-Pins", &value)) { |
| - // Note that ParsePinsHeader updates |domain_state| (iff the header parses |
| - // correctly), but does not completely overwrite it. It just updates the |
| - // dynamic pinning metadata. |
| - if (domain_state.ParsePinsHeader(now, value, ssl_info)) |
| - security_state->EnableHost(host, domain_state); |
| - } |
| + if (headers->EnumerateHeader(NULL, "Public-Key-Pins", &value)) |
| + security_state->AddHPKPHeader(request_info_.url.host(), value, ssl_info); |
|
Ryan Sleevi
2012/11/13 19:02:32
Pretty sure that HPKP should be using HasHeader &&
palmer
2012/11/13 19:35:04
As mentioned in previous comments, I tend to think
Ryan Sleevi
2012/11/13 19:43:15
RFC 2616 4.2 is what causes the problems
"Multipl
unsafe
2012/11/13 23:20:18
I like that sentiment, if it means what I think wh
|
| } |
| void URLRequestHttpJob::OnStartCompleted(int result) { |
