Chromium Code Reviews
chromiumcodereview-hr@appspot.gserviceaccount.com (chromiumcodereview-hr) | Please choose your nickname with Settings | Help | Chromium Project | Gerrit Changes | Sign out
(347)

Issues Search
    My Issues | Starred     Open | Closed | All

Side by Side Diff: net/http/http_security_headers.cc

Issue 1211933005: Initial (partial) implementation of HPKP violation reporting (Closed) Base URL: https://chromium.googlesource.com/chromium/src.git@master
Patch Set: style fixes, comments Created 5 years, 5 months ago
Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.
Jump to:
View unified diff | Download patch
« no previous file with comments | « net/http/http_security_headers.h ('k') | net/http/http_security_headers_unittest.cc » ('j') | no next file with comments »
Toggle Intra-line Diffs ('i') | Expand Comments ('e') | Collapse Comments ('c') | Show Comments Hide Comments ('s')
OLDNEW
1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. 1 // Copyright (c) 2012 The Chromium Authors. All rights reserved.
2 // Use of this source code is governed by a BSD-style license that can be 2 // Use of this source code is governed by a BSD-style license that can be
3 // found in the LICENSE file. 3 // found in the LICENSE file.
4 4
5 #include "base/base64.h" 5 #include "base/base64.h"
6 #include "base/basictypes.h" 6 #include "base/basictypes.h"
7 #include "base/strings/string_number_conversions.h" 7 #include "base/strings/string_number_conversions.h"
8 #include "base/strings/string_tokenizer.h" 8 #include "base/strings/string_tokenizer.h"
9 #include "base/strings/string_util.h" 9 #include "base/strings/string_util.h"
10 #include "net/http/http_security_headers.h" 10 #include "net/http/http_security_headers.h"
(...skipping 255 matching lines...) Expand 10 before | Expand all | Expand 10 after
266 case START: 266 case START:
267 case AFTER_MAX_AGE_LABEL: 267 case AFTER_MAX_AGE_LABEL:
268 case AFTER_MAX_AGE_EQUALS: 268 case AFTER_MAX_AGE_EQUALS:
269 return false; 269 return false;
270 default: 270 default:
271 NOTREACHED(); 271 NOTREACHED();
272 return false; 272 return false;
273 } 273 }
274 } 274 }
275 275
276 // "Public-Key-Pins" ":" 276 // "Public-Key-Pins[-Report-Only]" ":"
277 // "max-age" "=" delta-seconds ";" 277 // "max-age" "=" delta-seconds ";"
278 // "pin-" algo "=" base64 [ ";" ... ] 278 // "pin-" algo "=" base64 [ ";" ... ]
279 // [ ";" "includeSubdomains" ]
280 // [ ";" "report-uri" "=" uri-reference ]
279 bool ParseHPKPHeader(const std::string& value, 281 bool ParseHPKPHeader(const std::string& value,
280 const HashValueVector& chain_hashes, 282 const HashValueVector& chain_hashes,
281 base::TimeDelta* max_age, 283 base::TimeDelta* max_age,
282 bool* include_subdomains, 284 bool* include_subdomains,
283 HashValueVector* hashes) { 285 HashValueVector* hashes,
286 std::string* report_uri) {
284 bool parsed_max_age = false; 287 bool parsed_max_age = false;
285 bool include_subdomains_candidate = false; 288 bool include_subdomains_candidate = false;
286 uint32 max_age_candidate = 0; 289 uint32 max_age_candidate = 0;
287 HashValueVector pins; 290 HashValueVector pins;
288 291
289 std::string source = value; 292 std::string source = value;
290 293
291 while (!source.empty()) { 294 while (!source.empty()) {
292 StringPair semicolon = Split(source, ';'); 295 StringPair semicolon = Split(source, ';');
293 semicolon.first = Strip(semicolon.first); 296 semicolon.first = Strip(semicolon.first);
(...skipping 10 matching lines...) Expand all
304 } 307 }
305 parsed_max_age = true; 308 parsed_max_age = true;
306 } else if (base::LowerCaseEqualsASCII(equals.first, "pin-sha1")) { 309 } else if (base::LowerCaseEqualsASCII(equals.first, "pin-sha1")) {
307 if (!ParseAndAppendPin(equals.second, HASH_VALUE_SHA1, &pins)) 310 if (!ParseAndAppendPin(equals.second, HASH_VALUE_SHA1, &pins))
308 return false; 311 return false;
309 } else if (base::LowerCaseEqualsASCII(equals.first, "pin-sha256")) { 312 } else if (base::LowerCaseEqualsASCII(equals.first, "pin-sha256")) {
310 if (!ParseAndAppendPin(equals.second, HASH_VALUE_SHA256, &pins)) 313 if (!ParseAndAppendPin(equals.second, HASH_VALUE_SHA256, &pins))
311 return false; 314 return false;
312 } else if (base::LowerCaseEqualsASCII(equals.first, "includesubdomains")) { 315 } else if (base::LowerCaseEqualsASCII(equals.first, "includesubdomains")) {
313 include_subdomains_candidate = true; 316 include_subdomains_candidate = true;
317 } else if (base::LowerCaseEqualsASCII(equals.first, "report-uri")) {
318 // report-uris are always quoted.
319 if (!HttpUtil::IsQuote(equals.second[0]))
320 return false;
321
322 *report_uri = HttpUtil::Unquote(equals.second);
323 if (report_uri->empty())
324 return false;
314 } else { 325 } else {
315 // Silently ignore unknown directives for forward compatibility. 326 // Silently ignore unknown directives for forward compatibility.
316 } 327 }
317 328
318 source = semicolon.second; 329 source = semicolon.second;
319 } 330 }
320 331
321 if (!parsed_max_age) 332 if (!parsed_max_age)
322 return false; 333 return false;
323 334
324 if (!IsPinListValid(pins, chain_hashes)) 335 if (!IsPinListValid(pins, chain_hashes))
325 return false; 336 return false;
326 337
327 *max_age = base::TimeDelta::FromSeconds(max_age_candidate); 338 *max_age = base::TimeDelta::FromSeconds(max_age_candidate);
328 *include_subdomains = include_subdomains_candidate; 339 *include_subdomains = include_subdomains_candidate;
329 hashes->swap(pins); 340 hashes->swap(pins);
330 341
331 return true; 342 return true;
332 } 343 }
333 344
334 } // namespace net 345 } // namespace net
OLDNEW
« no previous file with comments | « net/http/http_security_headers.h ('k') | net/http/http_security_headers_unittest.cc » ('j') | no next file with comments »

Powered by Google App Engine
This is Rietveld 408576698