OLD | NEW |
---|---|
1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. | 1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. |
2 // Use of this source code is governed by a BSD-style license that can be | 2 // Use of this source code is governed by a BSD-style license that can be |
3 // found in the LICENSE file. | 3 // found in the LICENSE file. |
4 | 4 |
5 #ifndef NET_HTTP_TRANSPORT_SECURITY_STATE_H_ | 5 #ifndef NET_HTTP_TRANSPORT_SECURITY_STATE_H_ |
6 #define NET_HTTP_TRANSPORT_SECURITY_STATE_H_ | 6 #define NET_HTTP_TRANSPORT_SECURITY_STATE_H_ |
7 | 7 |
8 #include <stdint.h> | |
9 | |
8 #include <map> | 10 #include <map> |
9 #include <string> | 11 #include <string> |
10 #include <utility> | 12 #include <utility> |
11 #include <vector> | 13 #include <vector> |
12 | 14 |
13 #include "base/basictypes.h" | |
14 #include "base/gtest_prod_util.h" | 15 #include "base/gtest_prod_util.h" |
15 #include "base/threading/non_thread_safe.h" | 16 #include "base/threading/non_thread_safe.h" |
16 #include "base/time/time.h" | 17 #include "base/time/time.h" |
17 #include "net/base/net_export.h" | 18 #include "net/base/net_export.h" |
18 #include "net/cert/x509_cert_types.h" | 19 #include "net/cert/x509_cert_types.h" |
19 #include "net/cert/x509_certificate.h" | 20 #include "net/cert/x509_certificate.h" |
20 | 21 |
22 class GURL; | |
23 | |
21 namespace net { | 24 namespace net { |
22 | 25 |
23 class SSLInfo; | 26 class SSLInfo; |
24 | 27 |
25 // Tracks which hosts have enabled strict transport security and/or public | 28 // Tracks which hosts have enabled strict transport security and/or public |
26 // key pins. | 29 // key pins. |
27 // | 30 // |
28 // This object manages the in-memory store. Register a Delegate with | 31 // This object manages the in-memory store. Register a Delegate with |
29 // |SetDelegate| to persist the state to disk. | 32 // |SetDelegate| to persist the state to disk. |
30 // | 33 // |
31 // HTTP strict transport security (HSTS) is defined in | 34 // HTTP strict transport security (HSTS) is defined in |
32 // http://tools.ietf.org/html/ietf-websec-strict-transport-sec, and | 35 // http://tools.ietf.org/html/ietf-websec-strict-transport-sec, and |
33 // HTTP-based dynamic public key pinning (HPKP) is defined in | 36 // HTTP-based dynamic public key pinning (HPKP) is defined in |
34 // http://tools.ietf.org/html/ietf-websec-key-pinning. | 37 // http://tools.ietf.org/html/ietf-websec-key-pinning. |
35 class NET_EXPORT TransportSecurityState | 38 class NET_EXPORT TransportSecurityState |
36 : NON_EXPORTED_BASE(public base::NonThreadSafe) { | 39 : NON_EXPORTED_BASE(public base::NonThreadSafe) { |
37 public: | 40 public: |
38 class NET_EXPORT Delegate { | 41 class NET_EXPORT Delegate { |
39 public: | 42 public: |
40 // This function may not block and may be called with internal locks held. | 43 // This function may not block and may be called with internal locks held. |
41 // Thus it must not reenter the TransportSecurityState object. | 44 // Thus it must not reenter the TransportSecurityState object. |
42 virtual void StateIsDirty(TransportSecurityState* state) = 0; | 45 virtual void StateIsDirty(TransportSecurityState* state) = 0; |
43 | 46 |
44 protected: | 47 protected: |
45 virtual ~Delegate() {} | 48 virtual ~Delegate() {} |
46 }; | 49 }; |
47 | 50 |
48 TransportSecurityState(); | |
49 ~TransportSecurityState(); | |
50 | |
51 // A STSState describes the strict transport security state (required | 51 // A STSState describes the strict transport security state (required |
52 // upgrade to HTTPS). | 52 // upgrade to HTTPS). |
53 class NET_EXPORT STSState { | 53 class NET_EXPORT STSState { |
54 public: | 54 public: |
55 enum UpgradeMode { | 55 enum UpgradeMode { |
56 // These numbers must match those in hsts_view.js, function modeToString. | 56 // These numbers must match those in hsts_view.js, function modeToString. |
57 MODE_FORCE_HTTPS = 0, | 57 MODE_FORCE_HTTPS = 0, |
58 MODE_DEFAULT = 1, | 58 MODE_DEFAULT = 1, |
59 }; | 59 }; |
60 | 60 |
(...skipping 110 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... | |
171 bool HasNext() const { return iterator_ != end_; } | 171 bool HasNext() const { return iterator_ != end_; } |
172 void Advance() { ++iterator_; } | 172 void Advance() { ++iterator_; } |
173 const std::string& hostname() const { return iterator_->first; } | 173 const std::string& hostname() const { return iterator_->first; } |
174 const PKPState& domain_state() const { return iterator_->second; } | 174 const PKPState& domain_state() const { return iterator_->second; } |
175 | 175 |
176 private: | 176 private: |
177 std::map<std::string, PKPState>::const_iterator iterator_; | 177 std::map<std::string, PKPState>::const_iterator iterator_; |
178 std::map<std::string, PKPState>::const_iterator end_; | 178 std::map<std::string, PKPState>::const_iterator end_; |
179 }; | 179 }; |
180 | 180 |
181 class NET_EXPORT Reporter { | |
182 public: | |
183 // Allows the reporter to override the reporting state in some cases | |
184 // (for example, if reports should always be sent for certain | |
185 // hostnames regardless of the HPKP state). Returns true if a | |
186 // violation report should be sent for the host in the given | |
187 // |pkp_state|, and returns the report destination URI in | |
188 // |report_uri|. Returns false if a report should not be sent. | |
davidben
2015/07/15 23:38:35
It seems Ryan partially asked this, but where are
estark
2015/07/15 23:51:36
Hmm, sorry, maybe it would have been clearer if I
davidben
2015/07/16 00:22:53
Ah, gotcha. Would it work to model that as another
estark
2015/07/16 01:41:13
I was thinking that the ChromeTransportSecurityRep
davidben
2015/07/16 22:39:19
Ah, okay. How would you then know in BuildHPKPRepo
| |
189 virtual bool GetHPKPReportUri(const PKPState& pkp_state, | |
190 GURL* report_uri) = 0; | |
191 | |
192 // Builds a serialized HPKP violation report in | |
193 // |serialized_report|. The information included in the report is: | |
194 // | |
195 // - The |hostname| and |port| to which the request was sent that | |
196 // triggered this report. | |
197 // - |expiry|, the time at which the HPKP state that triggered this | |
198 // report will expire. | |
199 // - |include_subdomains|, indicating whether the includeSubdomains | |
200 // directive was observed for this pin. | |
201 // - |effective_hostname|, the hostname that was noted for the | |
202 // pin. This can be different than |hostname| if, for example, | |
203 // the pin was for foo.com with includeSubdomains and the request | |
204 // that triggered the report was example.foo.com. | |
205 // - |served_certificate_chain| and |validated_certificate_chain|, | |
206 // the certificate chains as received by the client and as built | |
207 // during certificate verification. | |
208 // - The |spki_hashes| to which the |effective_hostname| is pinned. | |
209 // | |
210 // Returns true on success and false on failure. | |
211 virtual bool BuildHPKPReport( | |
212 const std::string& hostname, | |
213 uint16_t port, | |
214 const base::Time& expiry, | |
215 bool include_subdomains, | |
216 const std::string& effective_hostname, | |
217 const X509Certificate* served_certificate_chain, | |
218 const X509Certificate* validated_certificate_chain, | |
219 const HashValueVector& spki_hashes, | |
220 std::string* serialized_report) = 0; | |
davidben
2015/07/15 23:38:35
Can this not be in TransportSecurityState? There's
estark
2015/07/15 23:51:37
ChromeTransportSecurityReporter will have two repo
| |
221 | |
222 // Sends the given serialized |report| to |report_uri|. | |
223 virtual void SendHPKPReport(const GURL& report_uri, | |
224 const std::string& report) = 0; | |
davidben
2015/07/15 23:38:35
If we could get rid of GetHPKPReportUri or do it d
estark
2015/07/15 23:51:36
Here is what I'm thinking:
- TransportSecurityStat
davidben
2015/07/16 00:22:53
Ah, okay, so the CertificateReportSender is less b
| |
225 | |
226 protected: | |
227 virtual ~Reporter() {} | |
228 }; | |
229 | |
230 TransportSecurityState(); | |
231 ~TransportSecurityState(); | |
232 | |
181 // These functions search for static and dynamic STS and PKP states, and | 233 // These functions search for static and dynamic STS and PKP states, and |
182 // invoke the | 234 // invoke the functions of the same name on them. These functions are the |
183 // functions of the same name on them. These functions are the primary public | 235 // primary public interface; direct access to STS and PKP states is best |
184 // interface; direct access to STS and PKP states is best left to tests. | 236 // left to tests. |
185 bool ShouldSSLErrorsBeFatal(const std::string& host); | 237 bool ShouldSSLErrorsBeFatal(const std::string& host); |
186 bool ShouldUpgradeToSSL(const std::string& host); | 238 bool ShouldUpgradeToSSL(const std::string& host); |
187 bool CheckPublicKeyPins(const std::string& host, | 239 bool CheckPublicKeyPins(const std::string& host, |
188 bool is_issued_by_known_root, | 240 bool is_issued_by_known_root, |
189 const HashValueVector& hashes, | 241 const HashValueVector& hashes, |
190 std::string* failure_log); | 242 std::string* failure_log); |
191 bool HasPublicKeyPins(const std::string& host); | 243 bool HasPublicKeyPins(const std::string& host); |
192 | 244 |
193 // Assign a |Delegate| for persisting the transport security state. If | 245 // Assign a |Delegate| for persisting the transport security state. If |
194 // |NULL|, state will not be persisted. The caller retains | 246 // |NULL|, state will not be persisted. The caller retains |
195 // ownership of |delegate|. | 247 // ownership of |delegate|. |
196 // Note: This is only used for serializing/deserializing the | 248 // Note: This is only used for serializing/deserializing the |
197 // TransportSecurityState. | 249 // TransportSecurityState. |
198 void SetDelegate(Delegate* delegate); | 250 void SetDelegate(Delegate* delegate); |
199 | 251 |
252 void SetReporter(Reporter* reporter); | |
253 | |
200 // Clears all dynamic data (e.g. HSTS and HPKP data). | 254 // Clears all dynamic data (e.g. HSTS and HPKP data). |
201 // | 255 // |
202 // Does NOT persist changes using the Delegate, as this function is only | 256 // Does NOT persist changes using the Delegate, as this function is only |
203 // used to clear any dynamic data prior to re-loading it from a file. | 257 // used to clear any dynamic data prior to re-loading it from a file. |
204 // Note: This is only used for serializing/deserializing the | 258 // Note: This is only used for serializing/deserializing the |
205 // TransportSecurityState. | 259 // TransportSecurityState. |
206 void ClearDynamicData(); | 260 void ClearDynamicData(); |
207 | 261 |
208 // Inserts |state| into |enabled_sts_hosts_| under the key |hashed_host|. | 262 // Inserts |state| into |enabled_sts_hosts_| under the key |hashed_host|. |
209 // |hashed_host| is already in the internal representation. | 263 // |hashed_host| is already in the internal representation. |
(...skipping 133 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... | |
343 // The sets of hosts that have enabled TransportSecurity. |domain| will always | 397 // The sets of hosts that have enabled TransportSecurity. |domain| will always |
344 // be empty for a STSState or PKPState in these maps; the domain | 398 // be empty for a STSState or PKPState in these maps; the domain |
345 // comes from the map keys instead. In addition, |upgrade_mode| in the | 399 // comes from the map keys instead. In addition, |upgrade_mode| in the |
346 // STSState is never MODE_DEFAULT and |HasPublicKeyPins| in the PKPState | 400 // STSState is never MODE_DEFAULT and |HasPublicKeyPins| in the PKPState |
347 // always returns true. | 401 // always returns true. |
348 STSStateMap enabled_sts_hosts_; | 402 STSStateMap enabled_sts_hosts_; |
349 PKPStateMap enabled_pkp_hosts_; | 403 PKPStateMap enabled_pkp_hosts_; |
350 | 404 |
351 Delegate* delegate_; | 405 Delegate* delegate_; |
352 | 406 |
407 Reporter* reporter_; | |
408 | |
353 // True if static pins should be used. | 409 // True if static pins should be used. |
354 bool enable_static_pins_; | 410 bool enable_static_pins_; |
355 | 411 |
356 DISALLOW_COPY_AND_ASSIGN(TransportSecurityState); | 412 DISALLOW_COPY_AND_ASSIGN(TransportSecurityState); |
357 }; | 413 }; |
358 | 414 |
359 } // namespace net | 415 } // namespace net |
360 | 416 |
361 #endif // NET_HTTP_TRANSPORT_SECURITY_STATE_H_ | 417 #endif // NET_HTTP_TRANSPORT_SECURITY_STATE_H_ |
OLD | NEW |