| OLD | NEW |
|---|
| 1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. | 1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. |
| 2 // Use of this source code is governed by a BSD-style license that can be | 2 // Use of this source code is governed by a BSD-style license that can be |
| 3 // found in the LICENSE file. | 3 // found in the LICENSE file. |
| 4 | 4 |
| 5 #include "base/base64.h" | 5 #include "base/base64.h" |
| 6 #include "base/basictypes.h" | 6 #include "base/basictypes.h" |
| 7 #include "base/strings/string_number_conversions.h" | 7 #include "base/strings/string_number_conversions.h" |
| 8 #include "base/strings/string_piece.h" |
| 8 #include "base/strings/string_tokenizer.h" | 9 #include "base/strings/string_tokenizer.h" |
| 9 #include "base/strings/string_util.h" | 10 #include "base/strings/string_util.h" |
| 10 #include "net/http/http_security_headers.h" | 11 #include "net/http/http_security_headers.h" |
| 11 #include "net/http/http_util.h" | 12 #include "net/http/http_util.h" |
| 13 #include "url/gurl.h" |
| 12 | 14 |
| 13 namespace net { | 15 namespace net { |
| 14 | 16 |
| 15 namespace { | 17 namespace { |
| 16 | 18 |
| 17 static_assert(kMaxHSTSAgeSecs <= kuint32max, "kMaxHSTSAgeSecs too large"); | 19 static_assert(kMaxHSTSAgeSecs <= kuint32max, "kMaxHSTSAgeSecs too large"); |
| 18 | 20 |
| 19 // MaxAgeToInt converts a string representation of a "whole number" of | 21 // MaxAgeToInt converts a string representation of a "whole number" of |
| 20 // seconds into a uint32. The string may contain an arbitrarily large number, | 22 // seconds into a uint32. The string may contain an arbitrarily large number, |
| 21 // which will be clipped to kMaxHSTSAgeSecs and which is guaranteed to fit | 23 // which will be clipped to kMaxHSTSAgeSecs and which is guaranteed to fit |
| 22 // within a 32-bit unsigned integer. False is returned on any parse error. | 24 // within a 32-bit unsigned integer. False is returned on any parse error. |
| 23 bool MaxAgeToInt(std::string::const_iterator begin, | 25 bool MaxAgeToInt(std::string::const_iterator begin, |
| 24 std::string::const_iterator end, | 26 std::string::const_iterator end, |
| 25 uint32* result) { | 27 uint32* result) { |
| 26 const std::string s(begin, end); | 28 const base::StringPiece s(begin, end); |
| 29 if (s.empty()) |
| 30 return false; |
| 31 |
| 27 int64 i = 0; | 32 int64 i = 0; |
| 28 | 33 |
| 29 // Return false on any StringToInt64 parse errors *except* for | 34 // Return false on any StringToInt64 parse errors *except* for |
| 30 // int64 overflow. StringToInt64 is used, rather than StringToUint64, | 35 // int64 overflow. StringToInt64 is used, rather than StringToUint64, |
| 31 // in order to properly handle and reject negative numbers | 36 // in order to properly handle and reject negative numbers |
| 32 // (StringToUint64 does not return false on negative numbers). | 37 // (StringToUint64 does not return false on negative numbers). |
| 33 // For values too large to be stored in an int64, StringToInt64 will | 38 // For values too large to be stored in an int64, StringToInt64 will |
| 34 // return false with i set to kint64max, so this case is detected | 39 // return false with i set to kint64max, so this case is detected |
| 35 // by the immediately following if-statement and allowed to fall | 40 // by the immediately following if-statement and allowed to fall |
| 36 // through so that i gets clipped to kMaxHSTSAgeSecs. | 41 // through so that i gets clipped to kMaxHSTSAgeSecs. |
| (...skipping 48 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 85 if (pins.size() < 2) | 90 if (pins.size() < 2) |
| 86 return false; | 91 return false; |
| 87 | 92 |
| 88 if (from_cert_chain.empty()) | 93 if (from_cert_chain.empty()) |
| 89 return false; | 94 return false; |
| 90 | 95 |
| 91 return IsBackupPinPresent(pins, from_cert_chain) && | 96 return IsBackupPinPresent(pins, from_cert_chain) && |
| 92 HashesIntersect(pins, from_cert_chain); | 97 HashesIntersect(pins, from_cert_chain); |
| 93 } | 98 } |
| 94 | 99 |
| 95 std::string Strip(const std::string& source) { | 100 bool ParseAndAppendPin(std::string::const_iterator begin, |
| 96 if (source.empty()) | 101 std::string::const_iterator end, |
| 97 return source; | |
| 98 | |
| 99 std::string::const_iterator start = source.begin(); | |
| 100 std::string::const_iterator end = source.end(); | |
| 101 HttpUtil::TrimLWS(&start, &end); | |
| 102 return std::string(start, end); | |
| 103 } | |
| 104 | |
| 105 typedef std::pair<std::string, std::string> StringPair; | |
| 106 | |
| 107 StringPair Split(const std::string& source, char delimiter) { | |
| 108 StringPair pair; | |
| 109 size_t point = source.find(delimiter); | |
| 110 | |
| 111 pair.first = source.substr(0, point); | |
| 112 if (std::string::npos != point) | |
| 113 pair.second = source.substr(point + 1); | |
| 114 | |
| 115 return pair; | |
| 116 } | |
| 117 | |
| 118 bool ParseAndAppendPin(const std::string& value, | |
| 119 HashValueTag tag, | 102 HashValueTag tag, |
| 120 HashValueVector* hashes) { | 103 HashValueVector* hashes) { |
| 121 // Pins are always quoted. | 104 const base::StringPiece value(begin, end); |
| 122 if (value.empty() || !HttpUtil::IsQuote(value[0])) | 105 if (value.empty()) |
| 123 return false; | 106 return false; |
| 124 | 107 |
| 125 std::string unquoted = HttpUtil::Unquote(value); | |
| 126 if (unquoted.empty()) | |
| 127 return false; | |
| 128 | |
| 129 std::string decoded; | 108 std::string decoded; |
| 130 if (!base::Base64Decode(unquoted, &decoded)) | 109 if (!base::Base64Decode(value, &decoded)) |
| 131 return false; | 110 return false; |
| 132 | 111 |
| 133 HashValue hash(tag); | 112 HashValue hash(tag); |
| 134 if (decoded.size() != hash.size()) | 113 if (decoded.size() != hash.size()) |
| 135 return false; | 114 return false; |
| 136 | 115 |
| 137 memcpy(hash.data(), decoded.data(), hash.size()); | 116 memcpy(hash.data(), decoded.data(), hash.size()); |
| 138 hashes->push_back(hash); | 117 hashes->push_back(hash); |
| 139 return true; | 118 return true; |
| 140 } | 119 } |
| (...skipping 125 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 266 case START: | 245 case START: |
| 267 case AFTER_MAX_AGE_LABEL: | 246 case AFTER_MAX_AGE_LABEL: |
| 268 case AFTER_MAX_AGE_EQUALS: | 247 case AFTER_MAX_AGE_EQUALS: |
| 269 return false; | 248 return false; |
| 270 default: | 249 default: |
| 271 NOTREACHED(); | 250 NOTREACHED(); |
| 272 return false; | 251 return false; |
| 273 } | 252 } |
| 274 } | 253 } |
| 275 | 254 |
| 276 // "Public-Key-Pins" ":" | 255 // "Public-Key-Pins[-Report-Only]" ":" |
| 277 // "max-age" "=" delta-seconds ";" | 256 // "max-age" "=" delta-seconds ";" |
| 278 // "pin-" algo "=" base64 [ ";" ... ] | 257 // "pin-" algo "=" base64 [ ";" ... ] |
| 258 // [ ";" "includeSubdomains" ] |
| 259 // [ ";" "report-uri" "=" uri-reference ] |
| 279 bool ParseHPKPHeader(const std::string& value, | 260 bool ParseHPKPHeader(const std::string& value, |
| 280 const HashValueVector& chain_hashes, | 261 const HashValueVector& chain_hashes, |
| 281 base::TimeDelta* max_age, | 262 base::TimeDelta* max_age, |
| 282 bool* include_subdomains, | 263 bool* include_subdomains, |
| 283 HashValueVector* hashes) { | 264 HashValueVector* hashes, |
| 265 GURL* report_uri) { |
| 284 bool parsed_max_age = false; | 266 bool parsed_max_age = false; |
| 285 bool include_subdomains_candidate = false; | 267 bool include_subdomains_candidate = false; |
| 286 uint32 max_age_candidate = 0; | 268 uint32 max_age_candidate = 0; |
| 269 GURL parsed_report_uri; |
| 287 HashValueVector pins; | 270 HashValueVector pins; |
| 288 | 271 |
| 289 std::string source = value; | 272 HttpUtil::NameValuePairsIterator name_value_pairs( |
| 273 value.begin(), value.end(), ';', |
| 274 HttpUtil::NameValuePairsIterator::VALUES_OPTIONAL); |
| 290 | 275 |
| 291 while (!source.empty()) { | 276 while (name_value_pairs.GetNext()) { |
| 292 StringPair semicolon = Split(source, ';'); | 277 if (base::LowerCaseEqualsASCII( |
| 293 semicolon.first = Strip(semicolon.first); | 278 base::StringPiece(name_value_pairs.name_begin(), |
| 294 semicolon.second = Strip(semicolon.second); | 279 name_value_pairs.name_end()), |
| 295 StringPair equals = Split(semicolon.first, '='); | 280 "max-age")) { |
| 296 equals.first = Strip(equals.first); | 281 if (!MaxAgeToInt(name_value_pairs.value_begin(), |
| 297 equals.second = Strip(equals.second); | 282 name_value_pairs.value_end(), &max_age_candidate)) { |
| 298 | |
| 299 if (base::LowerCaseEqualsASCII(equals.first, "max-age")) { | |
| 300 if (equals.second.empty() || | |
| 301 !MaxAgeToInt(equals.second.begin(), equals.second.end(), | |
| 302 &max_age_candidate)) { | |
| 303 return false; | 283 return false; |
| 304 } | 284 } |
| 305 parsed_max_age = true; | 285 parsed_max_age = true; |
| 306 } else if (base::LowerCaseEqualsASCII(equals.first, "pin-sha1")) { | 286 } else if (base::LowerCaseEqualsASCII( |
| 307 if (!ParseAndAppendPin(equals.second, HASH_VALUE_SHA1, &pins)) | 287 base::StringPiece(name_value_pairs.name_begin(), |
| 288 name_value_pairs.name_end()), |
| 289 "pin-sha1")) { |
| 290 // Pins are always quoted. |
| 291 if (!name_value_pairs.value_is_quoted() || |
| 292 !ParseAndAppendPin(name_value_pairs.value_begin(), |
| 293 name_value_pairs.value_end(), HASH_VALUE_SHA1, |
| 294 &pins)) { |
| 308 return false; | 295 return false; |
| 309 } else if (base::LowerCaseEqualsASCII(equals.first, "pin-sha256")) { | 296 } |
| 310 if (!ParseAndAppendPin(equals.second, HASH_VALUE_SHA256, &pins)) | 297 } else if (base::LowerCaseEqualsASCII( |
| 298 base::StringPiece(name_value_pairs.name_begin(), |
| 299 name_value_pairs.name_end()), |
| 300 "pin-sha256")) { |
| 301 // Pins are always quoted. |
| 302 if (!name_value_pairs.value_is_quoted() || |
| 303 !ParseAndAppendPin(name_value_pairs.value_begin(), |
| 304 name_value_pairs.value_end(), HASH_VALUE_SHA256, |
| 305 &pins)) { |
| 311 return false; | 306 return false; |
| 312 } else if (base::LowerCaseEqualsASCII(equals.first, "includesubdomains")) { | 307 } |
| 308 } else if (base::LowerCaseEqualsASCII( |
| 309 base::StringPiece(name_value_pairs.name_begin(), |
| 310 name_value_pairs.name_end()), |
| 311 "includesubdomains")) { |
| 313 include_subdomains_candidate = true; | 312 include_subdomains_candidate = true; |
| 313 } else if (base::LowerCaseEqualsASCII( |
| 314 base::StringPiece(name_value_pairs.name_begin(), |
| 315 name_value_pairs.name_end()), |
| 316 "report-uri")) { |
| 317 // report-uris are always quoted. |
| 318 if (!name_value_pairs.value_is_quoted()) |
| 319 return false; |
| 320 |
| 321 parsed_report_uri = GURL(name_value_pairs.value()); |
| 322 if (parsed_report_uri.is_empty() || !parsed_report_uri.is_valid()) |
| 323 return false; |
| 314 } else { | 324 } else { |
| 315 // Silently ignore unknown directives for forward compatibility. | 325 // Silently ignore unknown directives for forward compatibility. |
| 316 } | 326 } |
| 327 } |
| 317 | 328 |
| 318 source = semicolon.second; | 329 if (!name_value_pairs.valid()) |
| 319 } | 330 return false; |
| 320 | 331 |
| 321 if (!parsed_max_age) | 332 if (!parsed_max_age) |
| 322 return false; | 333 return false; |
| 323 | 334 |
| 324 if (!IsPinListValid(pins, chain_hashes)) | 335 if (!IsPinListValid(pins, chain_hashes)) |
| 325 return false; | 336 return false; |
| 326 | 337 |
| 327 *max_age = base::TimeDelta::FromSeconds(max_age_candidate); | 338 *max_age = base::TimeDelta::FromSeconds(max_age_candidate); |
| 328 *include_subdomains = include_subdomains_candidate; | 339 *include_subdomains = include_subdomains_candidate; |
| 329 hashes->swap(pins); | 340 hashes->swap(pins); |
| 341 *report_uri = parsed_report_uri; |
| 330 | 342 |
| 331 return true; | 343 return true; |
| 332 } | 344 } |
| 333 | 345 |
| 334 } // namespace net | 346 } // namespace net |
| OLD | NEW |
|---|
Chromium Code Reviews
Issue 1211363005:
Parse HPKP report-uri and persist in TransportSecurityPersister (Closed)
Base URL: https://chromium.googlesource.com/chromium/src.git@master