| OLD | NEW |
|---|
| 1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. | 1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. |
| 2 // Use of this source code is governed by a BSD-style license that can be | 2 // Use of this source code is governed by a BSD-style license that can be |
| 3 // found in the LICENSE file. | 3 // found in the LICENSE file. |
| 4 | 4 |
| 5 #include "net/http/transport_security_state.h" | 5 #include "net/http/transport_security_state.h" |
| 6 | 6 |
| 7 #if defined(USE_OPENSSL) | 7 #if defined(USE_OPENSSL) |
| 8 #include <openssl/ecdsa.h> | 8 #include <openssl/ecdsa.h> |
| 9 #include <openssl/ssl.h> | 9 #include <openssl/ssl.h> |
| 10 #else // !defined(USE_OPENSSL) | 10 #else // !defined(USE_OPENSSL) |
| (...skipping 568 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 579 domain_state.sts.include_subdomains = include_subdomains; | 579 domain_state.sts.include_subdomains = include_subdomains; |
| 580 domain_state.sts.expiry = expiry; | 580 domain_state.sts.expiry = expiry; |
| 581 domain_state.sts.upgrade_mode = upgrade_mode; | 581 domain_state.sts.upgrade_mode = upgrade_mode; |
| 582 EnableHost(host, domain_state); | 582 EnableHost(host, domain_state); |
| 583 } | 583 } |
| 584 | 584 |
| 585 void TransportSecurityState::AddHPKPInternal(const std::string& host, | 585 void TransportSecurityState::AddHPKPInternal(const std::string& host, |
| 586 const base::Time& last_observed, | 586 const base::Time& last_observed, |
| 587 const base::Time& expiry, | 587 const base::Time& expiry, |
| 588 bool include_subdomains, | 588 bool include_subdomains, |
| 589 const HashValueVector& hashes) { | 589 const HashValueVector& hashes, |
| 590 const std::string& report_uri) { |
| 590 DCHECK(CalledOnValidThread()); | 591 DCHECK(CalledOnValidThread()); |
| 591 | 592 |
| 592 // Copy-and-modify the existing DomainState for this host (if any). | 593 // Copy-and-modify the existing DomainState for this host (if any). |
| 593 DomainState domain_state; | 594 DomainState domain_state; |
| 594 const std::string canonicalized_host = CanonicalizeHost(host); | 595 const std::string canonicalized_host = CanonicalizeHost(host); |
| 595 const std::string hashed_host = HashHost(canonicalized_host); | 596 const std::string hashed_host = HashHost(canonicalized_host); |
| 596 DomainStateMap::const_iterator i = enabled_hosts_.find(hashed_host); | 597 DomainStateMap::const_iterator i = enabled_hosts_.find(hashed_host); |
| 597 if (i != enabled_hosts_.end()) | 598 if (i != enabled_hosts_.end()) |
| 598 domain_state = i->second; | 599 domain_state = i->second; |
| 599 | 600 |
| 600 domain_state.pkp.last_observed = last_observed; | 601 domain_state.pkp.last_observed = last_observed; |
| 601 domain_state.pkp.expiry = expiry; | 602 domain_state.pkp.expiry = expiry; |
| 602 domain_state.pkp.include_subdomains = include_subdomains; | 603 domain_state.pkp.include_subdomains = include_subdomains; |
| 603 domain_state.pkp.spki_hashes = hashes; | 604 domain_state.pkp.spki_hashes = hashes; |
| 605 domain_state.pkp.report_uri = report_uri; |
| 604 EnableHost(host, domain_state); | 606 EnableHost(host, domain_state); |
| 605 } | 607 } |
| 606 | 608 |
| 607 void TransportSecurityState::EnableHost(const std::string& host, | 609 void TransportSecurityState::EnableHost(const std::string& host, |
| 608 const DomainState& state) { | 610 const DomainState& state) { |
| 609 DCHECK(CalledOnValidThread()); | 611 DCHECK(CalledOnValidThread()); |
| 610 | 612 |
| 611 const std::string canonicalized_host = CanonicalizeHost(host); | 613 const std::string canonicalized_host = CanonicalizeHost(host); |
| 612 if (canonicalized_host.empty()) | 614 if (canonicalized_host.empty()) |
| 613 return; | 615 return; |
| (...skipping 97 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 711 | 713 |
| 712 bool TransportSecurityState::AddHPKPHeader(const std::string& host, | 714 bool TransportSecurityState::AddHPKPHeader(const std::string& host, |
| 713 const std::string& value, | 715 const std::string& value, |
| 714 const SSLInfo& ssl_info) { | 716 const SSLInfo& ssl_info) { |
| 715 DCHECK(CalledOnValidThread()); | 717 DCHECK(CalledOnValidThread()); |
| 716 | 718 |
| 717 base::Time now = base::Time::Now(); | 719 base::Time now = base::Time::Now(); |
| 718 base::TimeDelta max_age; | 720 base::TimeDelta max_age; |
| 719 bool include_subdomains; | 721 bool include_subdomains; |
| 720 HashValueVector spki_hashes; | 722 HashValueVector spki_hashes; |
| 723 std::string report_uri; |
| 724 |
| 721 if (!ParseHPKPHeader(value, ssl_info.public_key_hashes, &max_age, | 725 if (!ParseHPKPHeader(value, ssl_info.public_key_hashes, &max_age, |
| 722 &include_subdomains, &spki_hashes)) { | 726 &include_subdomains, &spki_hashes, &report_uri)) { |
| 723 return false; | 727 return false; |
| 724 } | 728 } |
| 725 // Handle max-age == 0. | 729 // Handle max-age == 0. |
| 726 if (max_age.InSeconds() == 0) | 730 if (max_age.InSeconds() == 0) |
| 727 spki_hashes.clear(); | 731 spki_hashes.clear(); |
| 728 AddHPKPInternal(host, now, now + max_age, include_subdomains, spki_hashes); | 732 AddHPKPInternal(host, now, now + max_age, include_subdomains, spki_hashes, |
| 733 report_uri); |
| 729 return true; | 734 return true; |
| 730 } | 735 } |
| 731 | 736 |
| 732 void TransportSecurityState::AddHSTS(const std::string& host, | 737 void TransportSecurityState::AddHSTS(const std::string& host, |
| 733 const base::Time& expiry, | 738 const base::Time& expiry, |
| 734 bool include_subdomains) { | 739 bool include_subdomains) { |
| 735 DCHECK(CalledOnValidThread()); | 740 DCHECK(CalledOnValidThread()); |
| 736 AddHSTSInternal(host, DomainState::MODE_FORCE_HTTPS, expiry, | 741 AddHSTSInternal(host, DomainState::MODE_FORCE_HTTPS, expiry, |
| 737 include_subdomains); | 742 include_subdomains); |
| 738 } | 743 } |
| 739 | 744 |
| 740 void TransportSecurityState::AddHPKP(const std::string& host, | 745 void TransportSecurityState::AddHPKP(const std::string& host, |
| 741 const base::Time& expiry, | 746 const base::Time& expiry, |
| 742 bool include_subdomains, | 747 bool include_subdomains, |
| 743 const HashValueVector& hashes) { | 748 const HashValueVector& hashes, |
| 749 const std::string& report_uri) { |
| 744 DCHECK(CalledOnValidThread()); | 750 DCHECK(CalledOnValidThread()); |
| 745 AddHPKPInternal(host, base::Time::Now(), expiry, include_subdomains, hashes); | 751 AddHPKPInternal(host, base::Time::Now(), expiry, include_subdomains, hashes, |
| 752 report_uri); |
| 746 } | 753 } |
| 747 | 754 |
| 748 // static | 755 // static |
| 749 bool TransportSecurityState::IsGooglePinnedProperty(const std::string& host) { | 756 bool TransportSecurityState::IsGooglePinnedProperty(const std::string& host) { |
| 750 PreloadResult result; | 757 PreloadResult result; |
| 751 return DecodeHSTSPreload(host, &result) && result.has_pins && | 758 return DecodeHSTSPreload(host, &result) && result.has_pins && |
| 752 kPinsets[result.pinset_id].accepted_pins == kGoogleAcceptableCerts; | 759 kPinsets[result.pinset_id].accepted_pins == kGoogleAcceptableCerts; |
| 753 } | 760 } |
| 754 | 761 |
| 755 // static | 762 // static |
| (...skipping 237 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 993 TransportSecurityState::DomainState::STSState::~STSState() { | 1000 TransportSecurityState::DomainState::STSState::~STSState() { |
| 994 } | 1001 } |
| 995 | 1002 |
| 996 TransportSecurityState::DomainState::PKPState::PKPState() { | 1003 TransportSecurityState::DomainState::PKPState::PKPState() { |
| 997 } | 1004 } |
| 998 | 1005 |
| 999 TransportSecurityState::DomainState::PKPState::~PKPState() { | 1006 TransportSecurityState::DomainState::PKPState::~PKPState() { |
| 1000 } | 1007 } |
| 1001 | 1008 |
| 1002 } // namespace | 1009 } // namespace |
| OLD | NEW |
|---|
Chromium Code Reviews
Issue 1211363005:
Parse HPKP report-uri and persist in TransportSecurityPersister (Closed)
Base URL: https://chromium.googlesource.com/chromium/src.git@master