OLD | NEW |
1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. | 1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. |
2 // Use of this source code is governed by a BSD-style license that can be | 2 // Use of this source code is governed by a BSD-style license that can be |
3 // found in the LICENSE file. | 3 // found in the LICENSE file. |
4 | 4 |
5 #ifndef NET_HTTP_TRANSPORT_SECURITY_STATE_H_ | 5 #ifndef NET_HTTP_TRANSPORT_SECURITY_STATE_H_ |
6 #define NET_HTTP_TRANSPORT_SECURITY_STATE_H_ | 6 #define NET_HTTP_TRANSPORT_SECURITY_STATE_H_ |
7 | 7 |
| 8 #include <stdint.h> |
| 9 |
8 #include <map> | 10 #include <map> |
9 #include <string> | 11 #include <string> |
10 #include <utility> | 12 #include <utility> |
11 #include <vector> | 13 #include <vector> |
12 | 14 |
13 #include "base/basictypes.h" | |
14 #include "base/gtest_prod_util.h" | 15 #include "base/gtest_prod_util.h" |
15 #include "base/threading/non_thread_safe.h" | 16 #include "base/threading/non_thread_safe.h" |
16 #include "base/time/time.h" | 17 #include "base/time/time.h" |
17 #include "net/base/net_export.h" | 18 #include "net/base/net_export.h" |
18 #include "net/cert/x509_cert_types.h" | 19 #include "net/cert/x509_cert_types.h" |
19 #include "net/cert/x509_certificate.h" | 20 #include "net/cert/x509_certificate.h" |
20 #include "url/gurl.h" | 21 #include "url/gurl.h" |
21 | 22 |
| 23 class GURL; |
| 24 |
22 namespace net { | 25 namespace net { |
23 | 26 |
| 27 class HostPortPair; |
24 class SSLInfo; | 28 class SSLInfo; |
25 | 29 |
26 // Tracks which hosts have enabled strict transport security and/or public | 30 // Tracks which hosts have enabled strict transport security and/or public |
27 // key pins. | 31 // key pins. |
28 // | 32 // |
29 // This object manages the in-memory store. Register a Delegate with | 33 // This object manages the in-memory store. Register a Delegate with |
30 // |SetDelegate| to persist the state to disk. | 34 // |SetDelegate| to persist the state to disk. |
31 // | 35 // |
32 // HTTP strict transport security (HSTS) is defined in | 36 // HTTP strict transport security (HSTS) is defined in |
33 // http://tools.ietf.org/html/ietf-websec-strict-transport-sec, and | 37 // http://tools.ietf.org/html/ietf-websec-strict-transport-sec, and |
34 // HTTP-based dynamic public key pinning (HPKP) is defined in | 38 // HTTP-based dynamic public key pinning (HPKP) is defined in |
35 // http://tools.ietf.org/html/ietf-websec-key-pinning. | 39 // http://tools.ietf.org/html/ietf-websec-key-pinning. |
36 class NET_EXPORT TransportSecurityState | 40 class NET_EXPORT TransportSecurityState |
37 : NON_EXPORTED_BASE(public base::NonThreadSafe) { | 41 : NON_EXPORTED_BASE(public base::NonThreadSafe) { |
38 public: | 42 public: |
39 class NET_EXPORT Delegate { | 43 class NET_EXPORT Delegate { |
40 public: | 44 public: |
41 // This function may not block and may be called with internal locks held. | 45 // This function may not block and may be called with internal locks held. |
42 // Thus it must not reenter the TransportSecurityState object. | 46 // Thus it must not reenter the TransportSecurityState object. |
43 virtual void StateIsDirty(TransportSecurityState* state) = 0; | 47 virtual void StateIsDirty(TransportSecurityState* state) = 0; |
44 | 48 |
45 protected: | 49 protected: |
46 virtual ~Delegate() {} | 50 virtual ~Delegate() {} |
47 }; | 51 }; |
48 | 52 |
49 // An interface for asynchronously sending HPKP violation reports. | |
50 class NET_EXPORT ReportSender { | |
51 public: | |
52 // Sends the given serialized |report| to |report_uri|. | |
53 virtual void Send(const GURL& report_uri, const std::string& report) = 0; | |
54 | |
55 protected: | |
56 virtual ~ReportSender() {} | |
57 }; | |
58 | |
59 TransportSecurityState(); | |
60 ~TransportSecurityState(); | |
61 | |
62 // A STSState describes the strict transport security state (required | 53 // A STSState describes the strict transport security state (required |
63 // upgrade to HTTPS). | 54 // upgrade to HTTPS). |
64 class NET_EXPORT STSState { | 55 class NET_EXPORT STSState { |
65 public: | 56 public: |
66 enum UpgradeMode { | 57 enum UpgradeMode { |
67 // These numbers must match those in hsts_view.js, function modeToString. | 58 // These numbers must match those in hsts_view.js, function modeToString. |
68 MODE_FORCE_HTTPS = 0, | 59 MODE_FORCE_HTTPS = 0, |
69 MODE_DEFAULT = 1, | 60 MODE_DEFAULT = 1, |
70 }; | 61 }; |
71 | 62 |
(...skipping 110 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
182 bool HasNext() const { return iterator_ != end_; } | 173 bool HasNext() const { return iterator_ != end_; } |
183 void Advance() { ++iterator_; } | 174 void Advance() { ++iterator_; } |
184 const std::string& hostname() const { return iterator_->first; } | 175 const std::string& hostname() const { return iterator_->first; } |
185 const PKPState& domain_state() const { return iterator_->second; } | 176 const PKPState& domain_state() const { return iterator_->second; } |
186 | 177 |
187 private: | 178 private: |
188 std::map<std::string, PKPState>::const_iterator iterator_; | 179 std::map<std::string, PKPState>::const_iterator iterator_; |
189 std::map<std::string, PKPState>::const_iterator end_; | 180 std::map<std::string, PKPState>::const_iterator end_; |
190 }; | 181 }; |
191 | 182 |
| 183 // An interface for asynchronously sending HPKP violation reports. |
| 184 class NET_EXPORT ReportSender { |
| 185 public: |
| 186 // Sends the given serialized |report| to |report_uri|. |
| 187 virtual void Send(const GURL& report_uri, const std::string& report) = 0; |
| 188 |
| 189 protected: |
| 190 virtual ~ReportSender() {} |
| 191 }; |
| 192 |
| 193 // Indicates whether or not a public key pin check should send a |
| 194 // report if a violation is detected. |
| 195 enum PublicKeyPinReportStatus { ENABLE_PIN_REPORTS, DISABLE_PIN_REPORTS }; |
| 196 |
| 197 TransportSecurityState(); |
| 198 ~TransportSecurityState(); |
| 199 |
192 // These functions search for static and dynamic STS and PKP states, and | 200 // These functions search for static and dynamic STS and PKP states, and |
193 // invoke the | 201 // invoke the functions of the same name on them. These functions are the |
194 // functions of the same name on them. These functions are the primary public | 202 // primary public interface; direct access to STS and PKP states is best |
195 // interface; direct access to STS and PKP states is best left to tests. | 203 // left to tests. |
196 bool ShouldSSLErrorsBeFatal(const std::string& host); | 204 bool ShouldSSLErrorsBeFatal(const std::string& host); |
197 bool ShouldUpgradeToSSL(const std::string& host); | 205 bool ShouldUpgradeToSSL(const std::string& host); |
198 bool CheckPublicKeyPins(const std::string& host, | 206 bool CheckPublicKeyPins(const HostPortPair& host_port_pair, |
199 bool is_issued_by_known_root, | 207 bool is_issued_by_known_root, |
200 const HashValueVector& hashes, | 208 const HashValueVector& hashes, |
| 209 const X509Certificate* served_certificate_chain, |
| 210 const X509Certificate* validated_certificate_chain, |
| 211 const PublicKeyPinReportStatus report_status, |
201 std::string* failure_log); | 212 std::string* failure_log); |
202 bool HasPublicKeyPins(const std::string& host); | 213 bool HasPublicKeyPins(const std::string& host); |
203 | 214 |
204 // Assign a |Delegate| for persisting the transport security state. If | 215 // Assign a |Delegate| for persisting the transport security state. If |
205 // |NULL|, state will not be persisted. The caller retains | 216 // |NULL|, state will not be persisted. The caller retains |
206 // ownership of |delegate|. | 217 // ownership of |delegate|. |
207 // Note: This is only used for serializing/deserializing the | 218 // Note: This is only used for serializing/deserializing the |
208 // TransportSecurityState. | 219 // TransportSecurityState. |
209 void SetDelegate(Delegate* delegate); | 220 void SetDelegate(Delegate* delegate); |
210 | 221 |
| 222 void SetReportSender(ReportSender* report_sender); |
| 223 |
211 // Clears all dynamic data (e.g. HSTS and HPKP data). | 224 // Clears all dynamic data (e.g. HSTS and HPKP data). |
212 // | 225 // |
213 // Does NOT persist changes using the Delegate, as this function is only | 226 // Does NOT persist changes using the Delegate, as this function is only |
214 // used to clear any dynamic data prior to re-loading it from a file. | 227 // used to clear any dynamic data prior to re-loading it from a file. |
215 // Note: This is only used for serializing/deserializing the | 228 // Note: This is only used for serializing/deserializing the |
216 // TransportSecurityState. | 229 // TransportSecurityState. |
217 void ClearDynamicData(); | 230 void ClearDynamicData(); |
218 | 231 |
219 // Inserts |state| into |enabled_sts_hosts_| under the key |hashed_host|. | 232 // Inserts |state| into |enabled_sts_hosts_| under the key |hashed_host|. |
220 // |hashed_host| is already in the internal representation. | 233 // |hashed_host| is already in the internal representation. |
(...skipping 94 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
315 // representation of first-class DomainStates, and exposing the preloads | 328 // representation of first-class DomainStates, and exposing the preloads |
316 // to the caller with |GetStaticDomainState|. | 329 // to the caller with |GetStaticDomainState|. |
317 static void ReportUMAOnPinFailure(const std::string& host); | 330 static void ReportUMAOnPinFailure(const std::string& host); |
318 | 331 |
319 // IsBuildTimely returns true if the current build is new enough ensure that | 332 // IsBuildTimely returns true if the current build is new enough ensure that |
320 // built in security information (i.e. HSTS preloading and pinning | 333 // built in security information (i.e. HSTS preloading and pinning |
321 // information) is timely. | 334 // information) is timely. |
322 static bool IsBuildTimely(); | 335 static bool IsBuildTimely(); |
323 | 336 |
324 // Helper method for actually checking pins. | 337 // Helper method for actually checking pins. |
325 bool CheckPublicKeyPinsImpl(const std::string& host, | 338 bool CheckPublicKeyPinsImpl( |
326 const HashValueVector& hashes, | 339 const HostPortPair& host_port_pair, |
327 std::string* failure_log); | 340 const HashValueVector& hashes, |
| 341 const X509Certificate* served_certificate_chain, |
| 342 const X509Certificate* validated_certificate_chain, |
| 343 const PublicKeyPinReportStatus report_status, |
| 344 std::string* failure_log); |
328 | 345 |
329 // If a Delegate is present, notify it that the internal state has | 346 // If a Delegate is present, notify it that the internal state has |
330 // changed. | 347 // changed. |
331 void DirtyNotify(); | 348 void DirtyNotify(); |
332 | 349 |
333 // Adds HSTS state to |host|. | 350 // Adds HSTS state to |host|. |
334 void AddHSTSInternal(const std::string& host, | 351 void AddHSTSInternal(const std::string& host, |
335 STSState::UpgradeMode upgrade_mode, | 352 STSState::UpgradeMode upgrade_mode, |
336 const base::Time& expiry, | 353 const base::Time& expiry, |
337 bool include_subdomains); | 354 bool include_subdomains); |
(...skipping 16 matching lines...) Expand all Loading... |
354 // The sets of hosts that have enabled TransportSecurity. |domain| will always | 371 // The sets of hosts that have enabled TransportSecurity. |domain| will always |
355 // be empty for a STSState or PKPState in these maps; the domain | 372 // be empty for a STSState or PKPState in these maps; the domain |
356 // comes from the map keys instead. In addition, |upgrade_mode| in the | 373 // comes from the map keys instead. In addition, |upgrade_mode| in the |
357 // STSState is never MODE_DEFAULT and |HasPublicKeyPins| in the PKPState | 374 // STSState is never MODE_DEFAULT and |HasPublicKeyPins| in the PKPState |
358 // always returns true. | 375 // always returns true. |
359 STSStateMap enabled_sts_hosts_; | 376 STSStateMap enabled_sts_hosts_; |
360 PKPStateMap enabled_pkp_hosts_; | 377 PKPStateMap enabled_pkp_hosts_; |
361 | 378 |
362 Delegate* delegate_; | 379 Delegate* delegate_; |
363 | 380 |
| 381 ReportSender* report_sender_; |
| 382 |
364 // True if static pins should be used. | 383 // True if static pins should be used. |
365 bool enable_static_pins_; | 384 bool enable_static_pins_; |
366 | 385 |
367 DISALLOW_COPY_AND_ASSIGN(TransportSecurityState); | 386 DISALLOW_COPY_AND_ASSIGN(TransportSecurityState); |
368 }; | 387 }; |
369 | 388 |
370 } // namespace net | 389 } // namespace net |
371 | 390 |
372 #endif // NET_HTTP_TRANSPORT_SECURITY_STATE_H_ | 391 #endif // NET_HTTP_TRANSPORT_SECURITY_STATE_H_ |
OLD | NEW |