OLD | NEW |
---|---|
1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. | 1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. |
2 // Use of this source code is governed by a BSD-style license that can be | 2 // Use of this source code is governed by a BSD-style license that can be |
3 // found in the LICENSE file. | 3 // found in the LICENSE file. |
4 | 4 |
5 #ifndef NET_HTTP_TRANSPORT_SECURITY_STATE_H_ | 5 #ifndef NET_HTTP_TRANSPORT_SECURITY_STATE_H_ |
6 #define NET_HTTP_TRANSPORT_SECURITY_STATE_H_ | 6 #define NET_HTTP_TRANSPORT_SECURITY_STATE_H_ |
7 | 7 |
8 #include <stdint.h> | |
9 | |
8 #include <map> | 10 #include <map> |
9 #include <string> | 11 #include <string> |
10 #include <utility> | 12 #include <utility> |
11 #include <vector> | 13 #include <vector> |
12 | 14 |
13 #include "base/basictypes.h" | |
14 #include "base/gtest_prod_util.h" | 15 #include "base/gtest_prod_util.h" |
15 #include "base/threading/non_thread_safe.h" | 16 #include "base/threading/non_thread_safe.h" |
16 #include "base/time/time.h" | 17 #include "base/time/time.h" |
17 #include "net/base/net_export.h" | 18 #include "net/base/net_export.h" |
18 #include "net/cert/x509_cert_types.h" | 19 #include "net/cert/x509_cert_types.h" |
19 #include "net/cert/x509_certificate.h" | 20 #include "net/cert/x509_certificate.h" |
20 #include "url/gurl.h" | 21 #include "url/gurl.h" |
21 | 22 |
23 class GURL; | |
24 | |
22 namespace net { | 25 namespace net { |
23 | 26 |
24 class SSLInfo; | 27 class SSLInfo; |
25 | 28 |
26 // Tracks which hosts have enabled strict transport security and/or public | 29 // Tracks which hosts have enabled strict transport security and/or public |
27 // key pins. | 30 // key pins. |
28 // | 31 // |
29 // This object manages the in-memory store. Register a Delegate with | 32 // This object manages the in-memory store. Register a Delegate with |
30 // |SetDelegate| to persist the state to disk. | 33 // |SetDelegate| to persist the state to disk. |
31 // | 34 // |
32 // HTTP strict transport security (HSTS) is defined in | 35 // HTTP strict transport security (HSTS) is defined in |
33 // http://tools.ietf.org/html/ietf-websec-strict-transport-sec, and | 36 // http://tools.ietf.org/html/ietf-websec-strict-transport-sec, and |
34 // HTTP-based dynamic public key pinning (HPKP) is defined in | 37 // HTTP-based dynamic public key pinning (HPKP) is defined in |
35 // http://tools.ietf.org/html/ietf-websec-key-pinning. | 38 // http://tools.ietf.org/html/ietf-websec-key-pinning. |
36 class NET_EXPORT TransportSecurityState | 39 class NET_EXPORT TransportSecurityState |
37 : NON_EXPORTED_BASE(public base::NonThreadSafe) { | 40 : NON_EXPORTED_BASE(public base::NonThreadSafe) { |
38 public: | 41 public: |
39 class NET_EXPORT Delegate { | 42 class NET_EXPORT Delegate { |
40 public: | 43 public: |
41 // This function may not block and may be called with internal locks held. | 44 // This function may not block and may be called with internal locks held. |
42 // Thus it must not reenter the TransportSecurityState object. | 45 // Thus it must not reenter the TransportSecurityState object. |
43 virtual void StateIsDirty(TransportSecurityState* state) = 0; | 46 virtual void StateIsDirty(TransportSecurityState* state) = 0; |
44 | 47 |
45 protected: | 48 protected: |
46 virtual ~Delegate() {} | 49 virtual ~Delegate() {} |
47 }; | 50 }; |
48 | 51 |
49 TransportSecurityState(); | |
50 ~TransportSecurityState(); | |
51 | |
52 // A STSState describes the strict transport security state (required | 52 // A STSState describes the strict transport security state (required |
53 // upgrade to HTTPS). | 53 // upgrade to HTTPS). |
54 class NET_EXPORT STSState { | 54 class NET_EXPORT STSState { |
55 public: | 55 public: |
56 enum UpgradeMode { | 56 enum UpgradeMode { |
57 // These numbers must match those in hsts_view.js, function modeToString. | 57 // These numbers must match those in hsts_view.js, function modeToString. |
58 MODE_FORCE_HTTPS = 0, | 58 MODE_FORCE_HTTPS = 0, |
59 MODE_DEFAULT = 1, | 59 MODE_DEFAULT = 1, |
60 }; | 60 }; |
61 | 61 |
(...skipping 110 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... | |
172 bool HasNext() const { return iterator_ != end_; } | 172 bool HasNext() const { return iterator_ != end_; } |
173 void Advance() { ++iterator_; } | 173 void Advance() { ++iterator_; } |
174 const std::string& hostname() const { return iterator_->first; } | 174 const std::string& hostname() const { return iterator_->first; } |
175 const PKPState& domain_state() const { return iterator_->second; } | 175 const PKPState& domain_state() const { return iterator_->second; } |
176 | 176 |
177 private: | 177 private: |
178 std::map<std::string, PKPState>::const_iterator iterator_; | 178 std::map<std::string, PKPState>::const_iterator iterator_; |
179 std::map<std::string, PKPState>::const_iterator end_; | 179 std::map<std::string, PKPState>::const_iterator end_; |
180 }; | 180 }; |
181 | 181 |
182 class NET_EXPORT Reporter { | |
183 public: | |
184 // Determines if a HPKP violation report should be sent for the | |
185 // given |hostname|, which was found to violate the pins in | |
186 // |pkp_state|. Returns true if the report should be sent, with the | |
187 // report URI in |report_uri| and the serialized report in | |
188 // |serialized_report|, and false otherwise. Allows embedders to | |
189 // override the report uri and/or format for some pins. | |
190 // | |
191 // Additional information to be included in the report (beyond | |
192 // fields in |pkp_state|): | |
193 // | |
194 // - The |port| of the request that violated the pin. | |
195 // - |served_certificate_chain| and |validated_certificate_chain|, | |
196 // the certificate chains as received by the client and as built | |
197 // during certificate verification. | |
198 virtual bool GetHPKPReport( | |
199 const std::string& hostname, | |
200 const PKPState& pkp_state, | |
201 bool is_static_pin, | |
202 uint16_t port, | |
davidben
2015/07/22 21:36:43
hostname and port can be folded together to a Host
estark
2015/07/23 00:03:57
Done.
| |
203 const X509Certificate* served_certificate_chain, | |
204 const X509Certificate* validated_certificate_chain, | |
205 GURL* report_uri, | |
206 std::string* serialized_report) = 0; | |
207 | |
208 // Sends the given serialized |report| to |report_uri|. | |
209 virtual void SendHPKPReport(const GURL& report_uri, | |
210 const std::string& report) = 0; | |
211 | |
212 protected: | |
213 virtual ~Reporter() {} | |
214 }; | |
215 | |
216 TransportSecurityState(); | |
217 ~TransportSecurityState(); | |
218 | |
182 // These functions search for static and dynamic STS and PKP states, and | 219 // These functions search for static and dynamic STS and PKP states, and |
183 // invoke the | 220 // invoke the functions of the same name on them. These functions are the |
184 // functions of the same name on them. These functions are the primary public | 221 // primary public interface; direct access to STS and PKP states is best |
185 // interface; direct access to STS and PKP states is best left to tests. | 222 // left to tests. |
186 bool ShouldSSLErrorsBeFatal(const std::string& host); | 223 bool ShouldSSLErrorsBeFatal(const std::string& host); |
187 bool ShouldUpgradeToSSL(const std::string& host); | 224 bool ShouldUpgradeToSSL(const std::string& host); |
188 bool CheckPublicKeyPins(const std::string& host, | 225 bool CheckPublicKeyPins(const std::string& host, |
189 bool is_issued_by_known_root, | 226 bool is_issued_by_known_root, |
190 const HashValueVector& hashes, | 227 const HashValueVector& hashes, |
191 std::string* failure_log); | 228 std::string* failure_log); |
192 bool HasPublicKeyPins(const std::string& host); | 229 bool HasPublicKeyPins(const std::string& host); |
193 | 230 |
194 // Assign a |Delegate| for persisting the transport security state. If | 231 // Assign a |Delegate| for persisting the transport security state. If |
195 // |NULL|, state will not be persisted. The caller retains | 232 // |NULL|, state will not be persisted. The caller retains |
196 // ownership of |delegate|. | 233 // ownership of |delegate|. |
197 // Note: This is only used for serializing/deserializing the | 234 // Note: This is only used for serializing/deserializing the |
198 // TransportSecurityState. | 235 // TransportSecurityState. |
199 void SetDelegate(Delegate* delegate); | 236 void SetDelegate(Delegate* delegate); |
200 | 237 |
238 void SetReporter(Reporter* reporter); | |
239 | |
201 // Clears all dynamic data (e.g. HSTS and HPKP data). | 240 // Clears all dynamic data (e.g. HSTS and HPKP data). |
202 // | 241 // |
203 // Does NOT persist changes using the Delegate, as this function is only | 242 // Does NOT persist changes using the Delegate, as this function is only |
204 // used to clear any dynamic data prior to re-loading it from a file. | 243 // used to clear any dynamic data prior to re-loading it from a file. |
205 // Note: This is only used for serializing/deserializing the | 244 // Note: This is only used for serializing/deserializing the |
206 // TransportSecurityState. | 245 // TransportSecurityState. |
207 void ClearDynamicData(); | 246 void ClearDynamicData(); |
208 | 247 |
209 // Inserts |state| into |enabled_sts_hosts_| under the key |hashed_host|. | 248 // Inserts |state| into |enabled_sts_hosts_| under the key |hashed_host|. |
210 // |hashed_host| is already in the internal representation. | 249 // |hashed_host| is already in the internal representation. |
(...skipping 133 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... | |
344 // The sets of hosts that have enabled TransportSecurity. |domain| will always | 383 // The sets of hosts that have enabled TransportSecurity. |domain| will always |
345 // be empty for a STSState or PKPState in these maps; the domain | 384 // be empty for a STSState or PKPState in these maps; the domain |
346 // comes from the map keys instead. In addition, |upgrade_mode| in the | 385 // comes from the map keys instead. In addition, |upgrade_mode| in the |
347 // STSState is never MODE_DEFAULT and |HasPublicKeyPins| in the PKPState | 386 // STSState is never MODE_DEFAULT and |HasPublicKeyPins| in the PKPState |
348 // always returns true. | 387 // always returns true. |
349 STSStateMap enabled_sts_hosts_; | 388 STSStateMap enabled_sts_hosts_; |
350 PKPStateMap enabled_pkp_hosts_; | 389 PKPStateMap enabled_pkp_hosts_; |
351 | 390 |
352 Delegate* delegate_; | 391 Delegate* delegate_; |
353 | 392 |
393 Reporter* reporter_; | |
394 | |
354 // True if static pins should be used. | 395 // True if static pins should be used. |
355 bool enable_static_pins_; | 396 bool enable_static_pins_; |
356 | 397 |
357 DISALLOW_COPY_AND_ASSIGN(TransportSecurityState); | 398 DISALLOW_COPY_AND_ASSIGN(TransportSecurityState); |
358 }; | 399 }; |
359 | 400 |
360 } // namespace net | 401 } // namespace net |
361 | 402 |
362 #endif // NET_HTTP_TRANSPORT_SECURITY_STATE_H_ | 403 #endif // NET_HTTP_TRANSPORT_SECURITY_STATE_H_ |
OLD | NEW |