Chromium Code Reviews Chromium Code Reviews
Issue 11274032:
Separate http_security_headers from transport_security_state (Closed)
Base URL: https://src.chromium.org/chrome/trunk/src/| Index: chrome/browser/ui/webui/net_internals/net_internals_ui.cc |
| =================================================================== |
| --- chrome/browser/ui/webui/net_internals/net_internals_ui.cc (revision 165283) |
| +++ chrome/browser/ui/webui/net_internals/net_internals_ui.cc (working copy) |
| @@ -1100,19 +1100,36 @@ |
| connection_tester_->RunAllTests(url); |
| } |
| -void SPKIHashesToString(const net::HashValueVector& hashes, |
| - std::string* string) { |
| - for (net::HashValueVector::const_iterator |
| - i = hashes.begin(); i != hashes.end(); ++i) { |
| - base::StringPiece hash_str(reinterpret_cast<const char*>(i->data()), |
| - i->size()); |
| - std::string encoded; |
| - base::Base64Encode(hash_str, &encoded); |
| +std::string HashesToBase64String(const net::HashValueVector& hashes) { |
|
palmer
2012/12/06 21:20:17
These utility functions (this and Base64StringToHa
unsafe
2012/12/07 09:58:26
Moved to anonymous namespace.
I previously put
|
| + std::string str; |
| + for (size_t i = 0; i != hashes.size(); ++i) { |
| + if (i != 0) |
| + str += ","; |
| + str += hashes[i].ToString(); |
| + } |
| + return str; |
| +} |
| - if (i != hashes.begin()) |
| - *string += ","; |
| - *string += net::TransportSecurityState::HashValueLabel(*i) + encoded; |
| +bool Base64StringToHashes(const std::string& hashes_str, |
| + net::HashValueVector* hashes) { |
| + hashes->clear(); |
| + if (hashes_str.empty()) |
| + return true; |
| + std::vector<std::string> vector_hash_str; |
| + base::SplitString(hashes_str, ',', &vector_hash_str); |
| + |
| + for (size_t i = 0; i != vector_hash_str.size(); ++i) { |
| + std::string hash_str; |
| + RemoveChars(vector_hash_str[i], " \t\r\n", &hash_str); |
| + net::HashValue hash; |
| + // Skip past unrecognized hash algos |
| + if (hash_str.substr(0, 4) != "sha1" && hash_str.substr(0, 6) != "sha256") |
| + continue; |
| + if (!hash.FromString(hash_str)) |
| + return false; |
| + hashes->push_back(hash); |
| } |
| + return true; |
| } |
| void NetInternalsMessageHandler::IOThreadImpl::OnHSTSQuery( |
| @@ -1143,13 +1160,12 @@ |
| result->SetDouble("dynamic_spki_hashes_expiry", |
| state.dynamic_spki_hashes_expiry.ToDoubleT()); |
| - std::string hashes; |
| - SPKIHashesToString(state.static_spki_hashes, &hashes); |
| - result->SetString("static_spki_hashes", hashes); |
| + std::string hashes_str; |
| + hashes_str = HashesToBase64String(state.static_spki_hashes); |
| + result->SetString("static_spki_hashes", hashes_str); |
| - hashes.clear(); |
| - SPKIHashesToString(state.dynamic_spki_hashes, &hashes); |
| - result->SetString("dynamic_spki_hashes", hashes); |
| + hashes_str = HashesToBase64String(state.dynamic_spki_hashes); |
| + result->SetString("dynamic_spki_hashes", hashes_str); |
| } |
| } |
| } |
| @@ -1180,22 +1196,8 @@ |
| net::TransportSecurityState::DomainState state; |
| state.upgrade_expiry = state.created + base::TimeDelta::FromDays(1000); |
| state.include_subdomains = include_subdomains; |
| - if (!hashes_str.empty()) { |
| - std::vector<std::string> type_and_b64s; |
| - base::SplitString(hashes_str, ',', &type_and_b64s); |
| - for (std::vector<std::string>::const_iterator |
| - i = type_and_b64s.begin(); i != type_and_b64s.end(); ++i) { |
| - std::string type_and_b64; |
| - RemoveChars(*i, " \t\r\n", &type_and_b64); |
| - net::HashValue hash; |
| - if (!net::TransportSecurityState::ParsePin(type_and_b64, &hash)) |
| - continue; |
| - |
| - state.dynamic_spki_hashes.push_back(hash); |
| - } |
| - } |
| - |
| - transport_security_state->EnableHost(domain, state); |
| + if (Base64StringToHashes(hashes_str, &state.dynamic_spki_hashes)) |
| + transport_security_state->EnableHost(domain, state); |
| } |
| void NetInternalsMessageHandler::IOThreadImpl::OnHSTSDelete( |
