OLD | NEW |
1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. | 1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. |
2 // Use of this source code is governed by a BSD-style license that can be | 2 // Use of this source code is governed by a BSD-style license that can be |
3 // found in the LICENSE file. | 3 // found in the LICENSE file. |
4 | 4 |
5 #include "base/base64.h" | 5 #include "base/base64.h" |
6 #include "base/basictypes.h" | 6 #include "base/basictypes.h" |
7 #include "base/strings/string_number_conversions.h" | 7 #include "base/strings/string_number_conversions.h" |
| 8 #include "base/strings/string_piece.h" |
8 #include "base/strings/string_tokenizer.h" | 9 #include "base/strings/string_tokenizer.h" |
9 #include "base/strings/string_util.h" | 10 #include "base/strings/string_util.h" |
10 #include "net/http/http_security_headers.h" | 11 #include "net/http/http_security_headers.h" |
11 #include "net/http/http_util.h" | 12 #include "net/http/http_util.h" |
| 13 #include "url/gurl.h" |
12 | 14 |
13 namespace net { | 15 namespace net { |
14 | 16 |
15 namespace { | 17 namespace { |
16 | 18 |
17 static_assert(kMaxHSTSAgeSecs <= kuint32max, "kMaxHSTSAgeSecs too large"); | 19 static_assert(kMaxHSTSAgeSecs <= kuint32max, "kMaxHSTSAgeSecs too large"); |
18 | 20 |
19 // MaxAgeToInt converts a string representation of a "whole number" of | 21 // MaxAgeToInt converts a string representation of a "whole number" of |
20 // seconds into a uint32. The string may contain an arbitrarily large number, | 22 // seconds into a uint32. The string may contain an arbitrarily large number, |
21 // which will be clipped to kMaxHSTSAgeSecs and which is guaranteed to fit | 23 // which will be clipped to kMaxHSTSAgeSecs and which is guaranteed to fit |
22 // within a 32-bit unsigned integer. False is returned on any parse error. | 24 // within a 32-bit unsigned integer. False is returned on any parse error. |
23 bool MaxAgeToInt(std::string::const_iterator begin, | 25 bool MaxAgeToInt(std::string::const_iterator begin, |
24 std::string::const_iterator end, | 26 std::string::const_iterator end, |
25 uint32* result) { | 27 uint32* result) { |
26 const std::string s(begin, end); | 28 const base::StringPiece s(begin, end); |
| 29 if (s.empty()) |
| 30 return false; |
| 31 |
27 int64 i = 0; | 32 int64 i = 0; |
28 | 33 |
29 // Return false on any StringToInt64 parse errors *except* for | 34 // Return false on any StringToInt64 parse errors *except* for |
30 // int64 overflow. StringToInt64 is used, rather than StringToUint64, | 35 // int64 overflow. StringToInt64 is used, rather than StringToUint64, |
31 // in order to properly handle and reject negative numbers | 36 // in order to properly handle and reject negative numbers |
32 // (StringToUint64 does not return false on negative numbers). | 37 // (StringToUint64 does not return false on negative numbers). |
33 // For values too large to be stored in an int64, StringToInt64 will | 38 // For values too large to be stored in an int64, StringToInt64 will |
34 // return false with i set to kint64max, so this case is detected | 39 // return false with i set to kint64max, so this case is detected |
35 // by the immediately following if-statement and allowed to fall | 40 // by the immediately following if-statement and allowed to fall |
36 // through so that i gets clipped to kMaxHSTSAgeSecs. | 41 // through so that i gets clipped to kMaxHSTSAgeSecs. |
(...skipping 48 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
85 if (pins.size() < 2) | 90 if (pins.size() < 2) |
86 return false; | 91 return false; |
87 | 92 |
88 if (from_cert_chain.empty()) | 93 if (from_cert_chain.empty()) |
89 return false; | 94 return false; |
90 | 95 |
91 return IsBackupPinPresent(pins, from_cert_chain) && | 96 return IsBackupPinPresent(pins, from_cert_chain) && |
92 HashesIntersect(pins, from_cert_chain); | 97 HashesIntersect(pins, from_cert_chain); |
93 } | 98 } |
94 | 99 |
95 std::string Strip(const std::string& source) { | 100 bool ParseAndAppendPin(std::string::const_iterator begin, |
96 if (source.empty()) | 101 std::string::const_iterator end, |
97 return source; | |
98 | |
99 std::string::const_iterator start = source.begin(); | |
100 std::string::const_iterator end = source.end(); | |
101 HttpUtil::TrimLWS(&start, &end); | |
102 return std::string(start, end); | |
103 } | |
104 | |
105 typedef std::pair<std::string, std::string> StringPair; | |
106 | |
107 StringPair Split(const std::string& source, char delimiter) { | |
108 StringPair pair; | |
109 size_t point = source.find(delimiter); | |
110 | |
111 pair.first = source.substr(0, point); | |
112 if (std::string::npos != point) | |
113 pair.second = source.substr(point + 1); | |
114 | |
115 return pair; | |
116 } | |
117 | |
118 bool ParseAndAppendPin(const std::string& value, | |
119 HashValueTag tag, | 102 HashValueTag tag, |
120 HashValueVector* hashes) { | 103 HashValueVector* hashes) { |
121 // Pins are always quoted. | 104 const base::StringPiece value(begin, end); |
122 if (value.empty() || !HttpUtil::IsQuote(value[0])) | 105 if (value.empty()) |
123 return false; | 106 return false; |
124 | 107 |
125 std::string unquoted = HttpUtil::Unquote(value); | |
126 if (unquoted.empty()) | |
127 return false; | |
128 | |
129 std::string decoded; | 108 std::string decoded; |
130 if (!base::Base64Decode(unquoted, &decoded)) | 109 if (!base::Base64Decode(value, &decoded)) |
131 return false; | 110 return false; |
132 | 111 |
133 HashValue hash(tag); | 112 HashValue hash(tag); |
134 if (decoded.size() != hash.size()) | 113 if (decoded.size() != hash.size()) |
135 return false; | 114 return false; |
136 | 115 |
137 memcpy(hash.data(), decoded.data(), hash.size()); | 116 memcpy(hash.data(), decoded.data(), hash.size()); |
138 hashes->push_back(hash); | 117 hashes->push_back(hash); |
139 return true; | 118 return true; |
140 } | 119 } |
(...skipping 125 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
266 case START: | 245 case START: |
267 case AFTER_MAX_AGE_LABEL: | 246 case AFTER_MAX_AGE_LABEL: |
268 case AFTER_MAX_AGE_EQUALS: | 247 case AFTER_MAX_AGE_EQUALS: |
269 return false; | 248 return false; |
270 default: | 249 default: |
271 NOTREACHED(); | 250 NOTREACHED(); |
272 return false; | 251 return false; |
273 } | 252 } |
274 } | 253 } |
275 | 254 |
276 // "Public-Key-Pins" ":" | 255 // "Public-Key-Pins[-Report-Only]" ":" |
277 // "max-age" "=" delta-seconds ";" | 256 // "max-age" "=" delta-seconds ";" |
278 // "pin-" algo "=" base64 [ ";" ... ] | 257 // "pin-" algo "=" base64 [ ";" ... ] |
| 258 // [ ";" "includeSubdomains" ] |
| 259 // [ ";" "report-uri" "=" uri-reference ] |
279 bool ParseHPKPHeader(const std::string& value, | 260 bool ParseHPKPHeader(const std::string& value, |
280 const HashValueVector& chain_hashes, | 261 const HashValueVector& chain_hashes, |
281 base::TimeDelta* max_age, | 262 base::TimeDelta* max_age, |
282 bool* include_subdomains, | 263 bool* include_subdomains, |
283 HashValueVector* hashes) { | 264 HashValueVector* hashes, |
| 265 GURL* report_uri) { |
284 bool parsed_max_age = false; | 266 bool parsed_max_age = false; |
285 bool include_subdomains_candidate = false; | 267 bool include_subdomains_candidate = false; |
286 uint32 max_age_candidate = 0; | 268 uint32 max_age_candidate = 0; |
| 269 GURL parsed_report_uri; |
287 HashValueVector pins; | 270 HashValueVector pins; |
288 | 271 |
289 std::string source = value; | 272 HttpUtil::NameValuePairsIterator name_value_pairs( |
| 273 value.begin(), value.end(), ';', |
| 274 HttpUtil::NameValuePairsIterator::VALUES_OPTIONAL); |
290 | 275 |
291 while (!source.empty()) { | 276 while (name_value_pairs.GetNext()) { |
292 StringPair semicolon = Split(source, ';'); | 277 if (base::LowerCaseEqualsASCII( |
293 semicolon.first = Strip(semicolon.first); | 278 base::StringPiece(name_value_pairs.name_begin(), |
294 semicolon.second = Strip(semicolon.second); | 279 name_value_pairs.name_end()), |
295 StringPair equals = Split(semicolon.first, '='); | 280 "max-age")) { |
296 equals.first = Strip(equals.first); | 281 if (!MaxAgeToInt(name_value_pairs.value_begin(), |
297 equals.second = Strip(equals.second); | 282 name_value_pairs.value_end(), &max_age_candidate)) { |
298 | |
299 if (base::LowerCaseEqualsASCII(equals.first, "max-age")) { | |
300 if (equals.second.empty() || | |
301 !MaxAgeToInt(equals.second.begin(), equals.second.end(), | |
302 &max_age_candidate)) { | |
303 return false; | 283 return false; |
304 } | 284 } |
305 parsed_max_age = true; | 285 parsed_max_age = true; |
306 } else if (base::LowerCaseEqualsASCII(equals.first, "pin-sha1")) { | 286 } else if (base::LowerCaseEqualsASCII( |
307 if (!ParseAndAppendPin(equals.second, HASH_VALUE_SHA1, &pins)) | 287 base::StringPiece(name_value_pairs.name_begin(), |
| 288 name_value_pairs.name_end()), |
| 289 "pin-sha1")) { |
| 290 // Pins are always quoted. |
| 291 if (!name_value_pairs.value_is_quoted() || |
| 292 !ParseAndAppendPin(name_value_pairs.value_begin(), |
| 293 name_value_pairs.value_end(), HASH_VALUE_SHA1, |
| 294 &pins)) { |
308 return false; | 295 return false; |
309 } else if (base::LowerCaseEqualsASCII(equals.first, "pin-sha256")) { | 296 } |
310 if (!ParseAndAppendPin(equals.second, HASH_VALUE_SHA256, &pins)) | 297 } else if (base::LowerCaseEqualsASCII( |
| 298 base::StringPiece(name_value_pairs.name_begin(), |
| 299 name_value_pairs.name_end()), |
| 300 "pin-sha256")) { |
| 301 // Pins are always quoted. |
| 302 if (!name_value_pairs.value_is_quoted() || |
| 303 !ParseAndAppendPin(name_value_pairs.value_begin(), |
| 304 name_value_pairs.value_end(), HASH_VALUE_SHA256, |
| 305 &pins)) { |
311 return false; | 306 return false; |
312 } else if (base::LowerCaseEqualsASCII(equals.first, "includesubdomains")) { | 307 } |
| 308 } else if (base::LowerCaseEqualsASCII( |
| 309 base::StringPiece(name_value_pairs.name_begin(), |
| 310 name_value_pairs.name_end()), |
| 311 "includesubdomains")) { |
313 include_subdomains_candidate = true; | 312 include_subdomains_candidate = true; |
| 313 } else if (base::LowerCaseEqualsASCII( |
| 314 base::StringPiece(name_value_pairs.name_begin(), |
| 315 name_value_pairs.name_end()), |
| 316 "report-uri")) { |
| 317 // report-uris are always quoted. |
| 318 if (!name_value_pairs.value_is_quoted()) |
| 319 return false; |
| 320 |
| 321 parsed_report_uri = GURL(name_value_pairs.value()); |
| 322 if (parsed_report_uri.is_empty() || !parsed_report_uri.is_valid()) |
| 323 return false; |
314 } else { | 324 } else { |
315 // Silently ignore unknown directives for forward compatibility. | 325 // Silently ignore unknown directives for forward compatibility. |
316 } | 326 } |
| 327 } |
317 | 328 |
318 source = semicolon.second; | 329 if (!name_value_pairs.valid()) |
319 } | 330 return false; |
320 | 331 |
321 if (!parsed_max_age) | 332 if (!parsed_max_age) |
322 return false; | 333 return false; |
323 | 334 |
324 if (!IsPinListValid(pins, chain_hashes)) | 335 if (!IsPinListValid(pins, chain_hashes)) |
325 return false; | 336 return false; |
326 | 337 |
327 *max_age = base::TimeDelta::FromSeconds(max_age_candidate); | 338 *max_age = base::TimeDelta::FromSeconds(max_age_candidate); |
328 *include_subdomains = include_subdomains_candidate; | 339 *include_subdomains = include_subdomains_candidate; |
329 hashes->swap(pins); | 340 hashes->swap(pins); |
| 341 *report_uri = parsed_report_uri; |
330 | 342 |
331 return true; | 343 return true; |
332 } | 344 } |
333 | 345 |
334 } // namespace net | 346 } // namespace net |
OLD | NEW |