Parse HPKP report-uri and persist in TransportSecurityPersister

net/http/http_security_headers.cc

 // Copyright (c) 2012 The Chromium Authors. All rights reserved.
 // Use of this source code is governed by a BSD-style license that can be
 // found in the LICENSE file.
 
 #include "base/base64.h"
 #include "base/basictypes.h"
 #include "base/strings/string_number_conversions.h"
+#include "base/strings/string_piece.h"
 #include "base/strings/string_tokenizer.h"
 #include "base/strings/string_util.h"
 #include "net/http/http_security_headers.h"
 #include "net/http/http_util.h"
+#include "url/gurl.h"
 
 namespace net {
 
 namespace {
 
 static_assert(kMaxHSTSAgeSecs <= kuint32max, "kMaxHSTSAgeSecs too large");
 
 // MaxAgeToInt converts a string representation of a "whole number" of
 // seconds into a uint32. The string may contain an arbitrarily large number,
 // which will be clipped to kMaxHSTSAgeSecs and which is guaranteed to fit
 // within a 32-bit unsigned integer. False is returned on any parse error.
 bool MaxAgeToInt(std::string::const_iterator begin,
                  std::string::const_iterator end,
                  uint32* result) {
-  const std::string s(begin, end);
+  const base::StringPiece s(begin, end);
+  if (s.empty())
+    return false;
+
   int64 i = 0;
 
   // Return false on any StringToInt64 parse errors *except* for
   // int64 overflow. StringToInt64 is used, rather than StringToUint64,
   // in order to properly handle and reject negative numbers
   // (StringToUint64 does not return false on negative numbers).
   // For values too large to be stored in an int64, StringToInt64 will
   // return false with i set to kint64max, so this case is detected
   // by the immediately following if-statement and allowed to fall
   // through so that i gets clipped to kMaxHSTSAgeSecs.
@@ skipping 48 matching lines @@
   if (pins.size() < 2)
     return false;
 
   if (from_cert_chain.empty())
     return false;
 
   return IsBackupPinPresent(pins, from_cert_chain) &&
          HashesIntersect(pins, from_cert_chain);
 }
 
-std::string Strip(const std::string& source) {
-  if (source.empty())
-    return source;
-
-  std::string::const_iterator start = source.begin();
-  std::string::const_iterator end = source.end();
-  HttpUtil::TrimLWS(&start, &end);
-  return std::string(start, end);
-}
-
-typedef std::pair<std::string, std::string> StringPair;
-
-StringPair Split(const std::string& source, char delimiter) {
-  StringPair pair;
-  size_t point = source.find(delimiter);
-
-  pair.first = source.substr(0, point);
-  if (std::string::npos != point)
-    pair.second = source.substr(point + 1);
-
-  return pair;
-}
-
-bool ParseAndAppendPin(const std::string& value,
+bool ParseAndAppendPin(std::string::const_iterator begin,
+                       std::string::const_iterator end,
                        HashValueTag tag,
                        HashValueVector* hashes) {
-  // Pins are always quoted.
-  if (value.empty() || !HttpUtil::IsQuote(value[0]))
+  const base::StringPiece value(begin, end);
+  if (value.empty())
     return false;
 
-  std::string unquoted = HttpUtil::Unquote(value);
-  if (unquoted.empty())
-      return false;
-
   std::string decoded;
-  if (!base::Base64Decode(unquoted, &decoded))
+  if (!base::Base64Decode(value, &decoded))
     return false;
 
   HashValue hash(tag);
   if (decoded.size() != hash.size())
     return false;
 
   memcpy(hash.data(), decoded.data(), hash.size());
   hashes->push_back(hash);
   return true;
 }
@@ skipping 125 matching lines @@
     case START:
     case AFTER_MAX_AGE_LABEL:
     case AFTER_MAX_AGE_EQUALS:
       return false;
     default:
       NOTREACHED();
       return false;
   }
 }
 
-// "Public-Key-Pins" ":"
+// "Public-Key-Pins[-Report-Only]" ":"
 //     "max-age" "=" delta-seconds ";"
 //     "pin-" algo "=" base64 [ ";" ... ]
+//     [ ";" "includeSubdomains" ]
+//     [ ";" "report-uri" "=" uri-reference ]
 bool ParseHPKPHeader(const std::string& value,
                      const HashValueVector& chain_hashes,
                      base::TimeDelta* max_age,
                      bool* include_subdomains,
-                     HashValueVector* hashes) {
+                     HashValueVector* hashes,
+                     GURL* report_uri) {
   bool parsed_max_age = false;
   bool include_subdomains_candidate = false;
   uint32 max_age_candidate = 0;
+  GURL parsed_report_uri;
   HashValueVector pins;
 
-  std::string source = value;
+  HttpUtil::NameValuePairsIterator name_value_pairs(
+      value.begin(), value.end(), ';',
+      HttpUtil::NameValuePairsIterator::VALUES_OPTIONAL);
 
-  while (!source.empty()) {
-    StringPair semicolon = Split(source, ';');
-    semicolon.first = Strip(semicolon.first);
-    semicolon.second = Strip(semicolon.second);
-    StringPair equals = Split(semicolon.first, '=');
-    equals.first = Strip(equals.first);
-    equals.second = Strip(equals.second);
-
-    if (base::LowerCaseEqualsASCII(equals.first, "max-age")) {
-      if (equals.second.empty() ||
-          !MaxAgeToInt(equals.second.begin(), equals.second.end(),
-                       &max_age_candidate)) {
+  while (name_value_pairs.GetNext()) {
+    if (base::LowerCaseEqualsASCII(name_value_pairs.name(), "max-age")) {

[Ryan Sleevi, 2015/07/16 05:07:51]

World's cruelest reviewer nit:

Each of these can be

base::LowerCaseEqualsASCII(name_value_pairs.name_begin(),
name_value_pairs.name_end(), ...))

Avoids multiple copies of the directive name...

[estark, 2015/07/16 05:18:48]

Done.

+      if (!MaxAgeToInt(name_value_pairs.value_begin(),
+                       name_value_pairs.value_end(), &max_age_candidate)) {
         return false;
       }
       parsed_max_age = true;
-    } else if (base::LowerCaseEqualsASCII(equals.first, "pin-sha1")) {
-      if (!ParseAndAppendPin(equals.second, HASH_VALUE_SHA1, &pins))
+    } else if (base::LowerCaseEqualsASCII(name_value_pairs.name(),
+                                          "pin-sha1")) {
+      // Pins are always quoted.
+      if (!name_value_pairs.value_is_quoted() ||
+          !ParseAndAppendPin(name_value_pairs.value_begin(),
+                             name_value_pairs.value_end(), HASH_VALUE_SHA1,
+                             &pins)) {
         return false;
-    } else if (base::LowerCaseEqualsASCII(equals.first, "pin-sha256")) {
-      if (!ParseAndAppendPin(equals.second, HASH_VALUE_SHA256, &pins))
+      }
+    } else if (base::LowerCaseEqualsASCII(name_value_pairs.name(),
+                                          "pin-sha256")) {
+      // Pins are always quoted.
+      if (!name_value_pairs.value_is_quoted() ||
+          !ParseAndAppendPin(name_value_pairs.value_begin(),
+                             name_value_pairs.value_end(), HASH_VALUE_SHA256,
+                             &pins)) {
         return false;
-    } else if (base::LowerCaseEqualsASCII(equals.first, "includesubdomains")) {
+      }
+    } else if (base::LowerCaseEqualsASCII(name_value_pairs.name(),
+                                          "includesubdomains")) {
       include_subdomains_candidate = true;
+    } else if (base::LowerCaseEqualsASCII(name_value_pairs.name(),
+                                          "report-uri")) {
+      // report-uris are always quoted.
+      if (!name_value_pairs.value_is_quoted())
+        return false;
+
+      parsed_report_uri = GURL(name_value_pairs.value());
+      if (parsed_report_uri.is_empty() || !parsed_report_uri.is_valid())
+        return false;
     } else {
       // Silently ignore unknown directives for forward compatibility.
     }
+  }
 
-    source = semicolon.second;
-  }
+  if (!name_value_pairs.valid())
+    return false;
 
   if (!parsed_max_age)
     return false;
 
   if (!IsPinListValid(pins, chain_hashes))
     return false;
 
   *max_age = base::TimeDelta::FromSeconds(max_age_candidate);
   *include_subdomains = include_subdomains_candidate;
   hashes->swap(pins);
+  *report_uri = parsed_report_uri;
 
   return true;
 }
 
 }  // namespace net