OLD | NEW |
1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. | 1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. |
2 // Use of this source code is governed by a BSD-style license that can be | 2 // Use of this source code is governed by a BSD-style license that can be |
3 // found in the LICENSE file. | 3 // found in the LICENSE file. |
4 | 4 |
5 #include "net/http/transport_security_state.h" | 5 #include "net/http/transport_security_state.h" |
6 | 6 |
7 #if defined(USE_OPENSSL) | 7 #if defined(USE_OPENSSL) |
8 #include <openssl/ecdsa.h> | 8 #include <openssl/ecdsa.h> |
9 #include <openssl/ssl.h> | 9 #include <openssl/ssl.h> |
10 #else // !defined(USE_OPENSSL) | 10 #else // !defined(USE_OPENSSL) |
(...skipping 568 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
579 domain_state.sts.include_subdomains = include_subdomains; | 579 domain_state.sts.include_subdomains = include_subdomains; |
580 domain_state.sts.expiry = expiry; | 580 domain_state.sts.expiry = expiry; |
581 domain_state.sts.upgrade_mode = upgrade_mode; | 581 domain_state.sts.upgrade_mode = upgrade_mode; |
582 EnableHost(host, domain_state); | 582 EnableHost(host, domain_state); |
583 } | 583 } |
584 | 584 |
585 void TransportSecurityState::AddHPKPInternal(const std::string& host, | 585 void TransportSecurityState::AddHPKPInternal(const std::string& host, |
586 const base::Time& last_observed, | 586 const base::Time& last_observed, |
587 const base::Time& expiry, | 587 const base::Time& expiry, |
588 bool include_subdomains, | 588 bool include_subdomains, |
589 const HashValueVector& hashes) { | 589 const HashValueVector& hashes, |
| 590 const std::string& report_uri) { |
590 DCHECK(CalledOnValidThread()); | 591 DCHECK(CalledOnValidThread()); |
591 | 592 |
592 // Copy-and-modify the existing DomainState for this host (if any). | 593 // Copy-and-modify the existing DomainState for this host (if any). |
593 DomainState domain_state; | 594 DomainState domain_state; |
594 const std::string canonicalized_host = CanonicalizeHost(host); | 595 const std::string canonicalized_host = CanonicalizeHost(host); |
595 const std::string hashed_host = HashHost(canonicalized_host); | 596 const std::string hashed_host = HashHost(canonicalized_host); |
596 DomainStateMap::const_iterator i = enabled_hosts_.find(hashed_host); | 597 DomainStateMap::const_iterator i = enabled_hosts_.find(hashed_host); |
597 if (i != enabled_hosts_.end()) | 598 if (i != enabled_hosts_.end()) |
598 domain_state = i->second; | 599 domain_state = i->second; |
599 | 600 |
600 domain_state.pkp.last_observed = last_observed; | 601 domain_state.pkp.last_observed = last_observed; |
601 domain_state.pkp.expiry = expiry; | 602 domain_state.pkp.expiry = expiry; |
602 domain_state.pkp.include_subdomains = include_subdomains; | 603 domain_state.pkp.include_subdomains = include_subdomains; |
603 domain_state.pkp.spki_hashes = hashes; | 604 domain_state.pkp.spki_hashes = hashes; |
| 605 domain_state.pkp.report_uri = report_uri; |
604 EnableHost(host, domain_state); | 606 EnableHost(host, domain_state); |
605 } | 607 } |
606 | 608 |
607 void TransportSecurityState::EnableHost(const std::string& host, | 609 void TransportSecurityState::EnableHost(const std::string& host, |
608 const DomainState& state) { | 610 const DomainState& state) { |
609 DCHECK(CalledOnValidThread()); | 611 DCHECK(CalledOnValidThread()); |
610 | 612 |
611 const std::string canonicalized_host = CanonicalizeHost(host); | 613 const std::string canonicalized_host = CanonicalizeHost(host); |
612 if (canonicalized_host.empty()) | 614 if (canonicalized_host.empty()) |
613 return; | 615 return; |
(...skipping 97 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
711 | 713 |
712 bool TransportSecurityState::AddHPKPHeader(const std::string& host, | 714 bool TransportSecurityState::AddHPKPHeader(const std::string& host, |
713 const std::string& value, | 715 const std::string& value, |
714 const SSLInfo& ssl_info) { | 716 const SSLInfo& ssl_info) { |
715 DCHECK(CalledOnValidThread()); | 717 DCHECK(CalledOnValidThread()); |
716 | 718 |
717 base::Time now = base::Time::Now(); | 719 base::Time now = base::Time::Now(); |
718 base::TimeDelta max_age; | 720 base::TimeDelta max_age; |
719 bool include_subdomains; | 721 bool include_subdomains; |
720 HashValueVector spki_hashes; | 722 HashValueVector spki_hashes; |
| 723 std::string report_uri; |
| 724 |
721 if (!ParseHPKPHeader(value, ssl_info.public_key_hashes, &max_age, | 725 if (!ParseHPKPHeader(value, ssl_info.public_key_hashes, &max_age, |
722 &include_subdomains, &spki_hashes)) { | 726 &include_subdomains, &spki_hashes, &report_uri)) { |
723 return false; | 727 return false; |
724 } | 728 } |
725 // Handle max-age == 0. | 729 // Handle max-age == 0. |
726 if (max_age.InSeconds() == 0) | 730 if (max_age.InSeconds() == 0) |
727 spki_hashes.clear(); | 731 spki_hashes.clear(); |
728 AddHPKPInternal(host, now, now + max_age, include_subdomains, spki_hashes); | 732 AddHPKPInternal(host, now, now + max_age, include_subdomains, spki_hashes, |
| 733 report_uri); |
729 return true; | 734 return true; |
730 } | 735 } |
731 | 736 |
732 void TransportSecurityState::AddHSTS(const std::string& host, | 737 void TransportSecurityState::AddHSTS(const std::string& host, |
733 const base::Time& expiry, | 738 const base::Time& expiry, |
734 bool include_subdomains) { | 739 bool include_subdomains) { |
735 DCHECK(CalledOnValidThread()); | 740 DCHECK(CalledOnValidThread()); |
736 AddHSTSInternal(host, DomainState::MODE_FORCE_HTTPS, expiry, | 741 AddHSTSInternal(host, DomainState::MODE_FORCE_HTTPS, expiry, |
737 include_subdomains); | 742 include_subdomains); |
738 } | 743 } |
739 | 744 |
740 void TransportSecurityState::AddHPKP(const std::string& host, | 745 void TransportSecurityState::AddHPKP(const std::string& host, |
741 const base::Time& expiry, | 746 const base::Time& expiry, |
742 bool include_subdomains, | 747 bool include_subdomains, |
743 const HashValueVector& hashes) { | 748 const HashValueVector& hashes, |
| 749 const std::string& report_uri) { |
744 DCHECK(CalledOnValidThread()); | 750 DCHECK(CalledOnValidThread()); |
745 AddHPKPInternal(host, base::Time::Now(), expiry, include_subdomains, hashes); | 751 AddHPKPInternal(host, base::Time::Now(), expiry, include_subdomains, hashes, |
| 752 report_uri); |
746 } | 753 } |
747 | 754 |
748 // static | 755 // static |
749 bool TransportSecurityState::IsGooglePinnedProperty(const std::string& host) { | 756 bool TransportSecurityState::IsGooglePinnedProperty(const std::string& host) { |
750 PreloadResult result; | 757 PreloadResult result; |
751 return DecodeHSTSPreload(host, &result) && result.has_pins && | 758 return DecodeHSTSPreload(host, &result) && result.has_pins && |
752 kPinsets[result.pinset_id].accepted_pins == kGoogleAcceptableCerts; | 759 kPinsets[result.pinset_id].accepted_pins == kGoogleAcceptableCerts; |
753 } | 760 } |
754 | 761 |
755 // static | 762 // static |
(...skipping 237 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
993 TransportSecurityState::DomainState::STSState::~STSState() { | 1000 TransportSecurityState::DomainState::STSState::~STSState() { |
994 } | 1001 } |
995 | 1002 |
996 TransportSecurityState::DomainState::PKPState::PKPState() { | 1003 TransportSecurityState::DomainState::PKPState::PKPState() { |
997 } | 1004 } |
998 | 1005 |
999 TransportSecurityState::DomainState::PKPState::~PKPState() { | 1006 TransportSecurityState::DomainState::PKPState::~PKPState() { |
1000 } | 1007 } |
1001 | 1008 |
1002 } // namespace | 1009 } // namespace |
OLD | NEW |