Chromium Code Reviews
chromiumcodereview-hr@appspot.gserviceaccount.com (chromiumcodereview-hr) | Please choose your nickname with Settings | Help | Chromium Project | Gerrit Changes | Sign out
(1055)

Issues Search
    My Issues | Starred     Open | Closed | All

Side by Side Diff: net/http/transport_security_persister.cc

Issue 1211933005: Initial (partial) implementation of HPKP violation reporting (Closed) Base URL: https://chromium.googlesource.com/chromium/src.git@master
Patch Set: style fixes, comments Created 5 years, 6 months ago
Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.
Jump to:
View unified diff | Download patch
« no previous file with comments | « net/http/http_security_headers_unittest.cc ('k') | net/http/transport_security_persister_unittest.cc » ('j') | no next file with comments »
Toggle Intra-line Diffs ('i') | Expand Comments ('e') | Collapse Comments ('c') | Show Comments Hide Comments ('s')
OLDNEW
1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. 1 // Copyright (c) 2012 The Chromium Authors. All rights reserved.
2 // Use of this source code is governed by a BSD-style license that can be 2 // Use of this source code is governed by a BSD-style license that can be
3 // found in the LICENSE file. 3 // found in the LICENSE file.
4 4
5 #include "net/http/transport_security_persister.h" 5 #include "net/http/transport_security_persister.h"
6 6
7 #include "base/base64.h" 7 #include "base/base64.h"
8 #include "base/bind.h" 8 #include "base/bind.h"
9 #include "base/files/file_path.h" 9 #include "base/files/file_path.h"
10 #include "base/files/file_util.h" 10 #include "base/files/file_util.h"
(...skipping 59 matching lines...) Expand 10 before | Expand all | Expand 10 after
70 const char kExpiry[] = "expiry"; 70 const char kExpiry[] = "expiry";
71 const char kDynamicSPKIHashesExpiry[] = "dynamic_spki_hashes_expiry"; 71 const char kDynamicSPKIHashesExpiry[] = "dynamic_spki_hashes_expiry";
72 const char kDynamicSPKIHashes[] = "dynamic_spki_hashes"; 72 const char kDynamicSPKIHashes[] = "dynamic_spki_hashes";
73 const char kForceHTTPS[] = "force-https"; 73 const char kForceHTTPS[] = "force-https";
74 const char kStrict[] = "strict"; 74 const char kStrict[] = "strict";
75 const char kDefault[] = "default"; 75 const char kDefault[] = "default";
76 const char kPinningOnly[] = "pinning-only"; 76 const char kPinningOnly[] = "pinning-only";
77 const char kCreated[] = "created"; 77 const char kCreated[] = "created";
78 const char kStsObserved[] = "sts_observed"; 78 const char kStsObserved[] = "sts_observed";
79 const char kPkpObserved[] = "pkp_observed"; 79 const char kPkpObserved[] = "pkp_observed";
80 const char kReportUri[] = "report-uri";
80 81
81 std::string LoadState(const base::FilePath& path) { 82 std::string LoadState(const base::FilePath& path) {
82 std::string result; 83 std::string result;
83 if (!base::ReadFileToString(path, &result)) { 84 if (!base::ReadFileToString(path, &result)) {
84 return ""; 85 return "";
85 } 86 }
86 return result; 87 return result;
87 } 88 }
88 89
89 } // namespace 90 } // namespace
(...skipping 71 matching lines...) Expand 10 before | Expand all | Expand 10 after
161 NOTREACHED() << "DomainState with unknown mode"; 162 NOTREACHED() << "DomainState with unknown mode";
162 delete serialized; 163 delete serialized;
163 continue; 164 continue;
164 } 165 }
165 166
166 if (now < domain_state.pkp.expiry) { 167 if (now < domain_state.pkp.expiry) {
167 serialized->Set(kDynamicSPKIHashes, 168 serialized->Set(kDynamicSPKIHashes,
168 SPKIHashesToListValue(domain_state.pkp.spki_hashes)); 169 SPKIHashesToListValue(domain_state.pkp.spki_hashes));
169 } 170 }
170 171
172 serialized->SetString(kReportUri, domain_state.pkp.report_uri);
173
171 toplevel.Set(HashedDomainToExternalString(hostname), serialized); 174 toplevel.Set(HashedDomainToExternalString(hostname), serialized);
172 } 175 }
173 176
174 base::JSONWriter::WriteWithOptions( 177 base::JSONWriter::WriteWithOptions(
175 toplevel, base::JSONWriter::OPTIONS_PRETTY_PRINT, output); 178 toplevel, base::JSONWriter::OPTIONS_PRETTY_PRINT, output);
176 return true; 179 return true;
177 } 180 }
178 181
179 bool TransportSecurityPersister::LoadEntries(const std::string& serialized, 182 bool TransportSecurityPersister::LoadEntries(const std::string& serialized,
180 bool* dirty) { 183 bool* dirty) {
(...skipping 72 matching lines...) Expand 10 before | Expand all | Expand 10 after
253 LOG(WARNING) << "Unknown TransportSecurityState mode string " 256 LOG(WARNING) << "Unknown TransportSecurityState mode string "
254 << mode_string << " found for entry " << i.key() 257 << mode_string << " found for entry " << i.key()
255 << "; skipping entry"; 258 << "; skipping entry";
256 continue; 259 continue;
257 } 260 }
258 261
259 domain_state.sts.expiry = base::Time::FromDoubleT(expiry); 262 domain_state.sts.expiry = base::Time::FromDoubleT(expiry);
260 domain_state.pkp.expiry = 263 domain_state.pkp.expiry =
261 base::Time::FromDoubleT(dynamic_spki_hashes_expiry); 264 base::Time::FromDoubleT(dynamic_spki_hashes_expiry);
262 265
266 // Don't fail if this key is not present.
267 parsed->GetString(kReportUri, &domain_state.pkp.report_uri);
268
263 double sts_observed; 269 double sts_observed;
264 double pkp_observed; 270 double pkp_observed;
265 if (parsed->GetDouble(kStsObserved, &sts_observed)) { 271 if (parsed->GetDouble(kStsObserved, &sts_observed)) {
266 domain_state.sts.last_observed = base::Time::FromDoubleT(sts_observed); 272 domain_state.sts.last_observed = base::Time::FromDoubleT(sts_observed);
267 } else if (parsed->GetDouble(kCreated, &sts_observed)) { 273 } else if (parsed->GetDouble(kCreated, &sts_observed)) {
268 // kCreated is a legacy synonym for both kStsObserved and kPkpObserved. 274 // kCreated is a legacy synonym for both kStsObserved and kPkpObserved.
269 domain_state.sts.last_observed = base::Time::FromDoubleT(sts_observed); 275 domain_state.sts.last_observed = base::Time::FromDoubleT(sts_observed);
270 } else { 276 } else {
271 // We're migrating an old entry with no observation date. Make sure we 277 // We're migrating an old entry with no observation date. Make sure we
272 // write the new date back in a reasonable time frame. 278 // write the new date back in a reasonable time frame.
(...skipping 38 matching lines...) Expand 10 before | Expand all | Expand 10 after
311 bool dirty = false; 317 bool dirty = false;
312 if (!LoadEntries(state, &dirty)) { 318 if (!LoadEntries(state, &dirty)) {
313 LOG(ERROR) << "Failed to deserialize state: " << state; 319 LOG(ERROR) << "Failed to deserialize state: " << state;
314 return; 320 return;
315 } 321 }
316 if (dirty) 322 if (dirty)
317 StateIsDirty(transport_security_state_); 323 StateIsDirty(transport_security_state_);
318 } 324 }
319 325
320 } // namespace net 326 } // namespace net
OLDNEW
« no previous file with comments | « net/http/http_security_headers_unittest.cc ('k') | net/http/transport_security_persister_unittest.cc » ('j') | no next file with comments »

Powered by Google App Engine
This is Rietveld 408576698