Chromium Code Reviews Chromium Code Reviews
Issue 11274032:
Separate http_security_headers from transport_security_state (Closed)
Base URL: https://src.chromium.org/chrome/trunk/src/| Index: chrome/browser/ui/webui/net_internals/net_internals_ui.cc |
| =================================================================== |
| --- chrome/browser/ui/webui/net_internals/net_internals_ui.cc (revision 165283) |
| +++ chrome/browser/ui/webui/net_internals/net_internals_ui.cc (working copy) |
| @@ -106,6 +106,40 @@ |
| return context->host_resolver()->GetHostCache(); |
| } |
| +std::string HashesToBase64String(const net::HashValueVector& hashes) { |
| + std::string str; |
| + for (size_t i = 0; i != hashes.size(); ++i) { |
| + if (i != 0) |
| + str += ","; |
| + str += hashes[i].ToString(); |
| + } |
| + return str; |
| +} |
| + |
| +bool Base64StringToHashes(const std::string& hashes_str, |
| + net::HashValueVector* hashes) { |
| + hashes->clear(); |
| + std::vector<std::string> vector_hash_str; |
| + base::SplitString(hashes_str, ',', &vector_hash_str); |
| + |
| + for (size_t i = 0; i != vector_hash_str.size(); ++i) { |
| + std::string hash_str; |
| + RemoveChars(vector_hash_str[i], " \t\r\n", &hash_str); |
| + net::HashValue hash; |
| + // Skip past unrecognized hash algos |
| + // But return false on malformatted input |
| + if (hash_str.empty()) /* pair of commas with no content between them */ |
|
Ryan Sleevi
2012/12/20 23:44:13
nit: Drop this end-of-line comment.
unsafe
2012/12/21 02:56:49
Done.
|
| + return false; |
| + /* hash_str.substr() will not throw, as hash_str is non-empty */ |
|
Ryan Sleevi
2012/12/20 23:44:13
nit: Drop this comment. Because you're using a |0|
unsafe
2012/12/21 02:56:49
Done.
|
| + if (hash_str.substr(0, 5) != "sha1/" && hash_str.substr(0, 7) != "sha256/") |
|
Ryan Sleevi
2012/12/20 23:44:13
(pedantic) nit:
if (hash_str.compare(0, 5, "sha1/
unsafe
2012/12/21 02:56:49
Done.
|
| + continue; |
| + if (!hash.FromString(hash_str)) |
| + return false; |
| + hashes->push_back(hash); |
| + } |
| + return true; |
| +} |
| + |
| // Returns the disk cache backend for |context| if there is one, or NULL. |
| disk_cache::Backend* GetDiskCacheBackend(net::URLRequestContext* context) { |
| if (!context->http_transaction_factory()) |
| @@ -1100,21 +1134,6 @@ |
| connection_tester_->RunAllTests(url); |
| } |
| -void SPKIHashesToString(const net::HashValueVector& hashes, |
| - std::string* string) { |
| - for (net::HashValueVector::const_iterator |
| - i = hashes.begin(); i != hashes.end(); ++i) { |
| - base::StringPiece hash_str(reinterpret_cast<const char*>(i->data()), |
| - i->size()); |
| - std::string encoded; |
| - base::Base64Encode(hash_str, &encoded); |
| - |
| - if (i != hashes.begin()) |
| - *string += ","; |
| - *string += net::TransportSecurityState::HashValueLabel(*i) + encoded; |
| - } |
| -} |
| - |
| void NetInternalsMessageHandler::IOThreadImpl::OnHSTSQuery( |
| const ListValue* list) { |
| // |list| should be: [<domain to query>]. |
| @@ -1143,13 +1162,10 @@ |
| result->SetDouble("dynamic_spki_hashes_expiry", |
| state.dynamic_spki_hashes_expiry.ToDoubleT()); |
| - std::string hashes; |
| - SPKIHashesToString(state.static_spki_hashes, &hashes); |
| - result->SetString("static_spki_hashes", hashes); |
| - |
| - hashes.clear(); |
| - SPKIHashesToString(state.dynamic_spki_hashes, &hashes); |
| - result->SetString("dynamic_spki_hashes", hashes); |
| + result->SetString("static_spki_hashes", |
| + HashesToBase64String(state.static_spki_hashes)); |
| + result->SetString("dynamic_spki_hashes", |
| + HashesToBase64String(state.dynamic_spki_hashes)); |
| } |
| } |
| } |
| @@ -1181,20 +1197,9 @@ |
| state.upgrade_expiry = state.created + base::TimeDelta::FromDays(1000); |
| state.include_subdomains = include_subdomains; |
| if (!hashes_str.empty()) { |
| - std::vector<std::string> type_and_b64s; |
| - base::SplitString(hashes_str, ',', &type_and_b64s); |
| - for (std::vector<std::string>::const_iterator |
| - i = type_and_b64s.begin(); i != type_and_b64s.end(); ++i) { |
| - std::string type_and_b64; |
| - RemoveChars(*i, " \t\r\n", &type_and_b64); |
| - net::HashValue hash; |
| - if (!net::TransportSecurityState::ParsePin(type_and_b64, &hash)) |
| - continue; |
| - |
| - state.dynamic_spki_hashes.push_back(hash); |
| - } |
| + if (!Base64StringToHashes(hashes_str, &state.dynamic_spki_hashes)) |
| + return; |
| } |
| - |
| transport_security_state->EnableHost(domain, state); |
| } |
