Enable SDCH support over HTTPS.

net/base/sdch_manager.cc

 // Copyright (c) 2012 The Chromium Authors. All rights reserved.
 // Use of this source code is governed by a BSD-style license that can be
 // found in the LICENSE file.
 
 #include "net/base/sdch_manager.h"
 
 #include "base/base64.h"
 #include "base/logging.h"
 #include "base/metrics/histogram.h"
 #include "base/strings/string_number_conversions.h"
@@ skipping 10 matching lines @@
 
 // static
 const size_t SdchManager::kMaxDictionaryCount = 20;
 
 // static
 SdchManager* SdchManager::global_ = NULL;
 
 // static
 bool SdchManager::g_sdch_enabled_ = true;
 
+// static
+bool SdchManager::g_secure_scheme_supported_ = false;
+
 //------------------------------------------------------------------------------
 SdchManager::Dictionary::Dictionary(const std::string& dictionary_text,
                                     size_t offset,
                                     const std::string& client_hash,
                                     const GURL& gurl,
                                     const std::string& domain,
                                     const std::string& path,
                                     const base::Time& expiration,
                                     const std::set<int>& ports)
     : text_(dictionary_text, offset),
@@ skipping 15 matching lines @@
      Avail-Dictionary header are modeled after the rules for cookie scoping. The
      terms "domain-match" and "pathmatch" are defined in RFC 2965 [6]. A
      dictionary may be advertised in the Avail-Dictionaries header exactly when
      all of the following are true:
       1. The server's effective host name domain-matches the Domain attribute of
          the dictionary.
       2. If the dictionary has a Port attribute, the request port is one of the
          ports listed in the Port attribute.
       3. The request URI path-matches the path header of the dictionary.
       4. The request is not an HTTPS request.
+     We can override (ignore) item (4) only when we have explicitly enabled
+     HTTPS support AND dictionary has been acquired over HTTPS.
     */
   if (!DomainMatch(target_url, domain_))
     return false;
   if (!ports_.empty() && 0 == ports_.count(target_url.EffectiveIntPort()))
     return false;
   if (path_.size() && !PathMatch(target_url.path(), path_))
     return false;
-  if (target_url.SchemeIsSecure())
+  if (!SdchManager::secure_scheme_supported() && target_url.SchemeIsSecure())
+    return false;
+  if (target_url.SchemeIsSecure() && !url_.SchemeIsSecure())
     return false;
   if (base::Time::Now() > expiration_)
     return false;
   return true;
 }
 
 //------------------------------------------------------------------------------
 // Security functions restricting loads and use of dictionaries.
 
 // static
@@ skipping 61 matching lines @@
 bool SdchManager::Dictionary::CanUse(const GURL& referring_url) {
   if (!SdchManager::Global()->IsInSupportedDomain(referring_url))
     return false;
   /*
     1. The request URL's host name domain-matches the Domain attribute of the
       dictionary.
     2. If the dictionary has a Port attribute, the request port is one of the
       ports listed in the Port attribute.
     3. The request URL path-matches the path attribute of the dictionary.
     4. The request is not an HTTPS request.
+    We can override (ignore) item (4) only when we have explicitly enabled
+    HTTPS support AND dictionary has been acquired over HTTPS.
 */
   if (!DomainMatch(referring_url, domain_)) {
     SdchErrorRecovery(DICTIONARY_FOUND_HAS_WRONG_DOMAIN);
     return false;
   }
   if (!ports_.empty()
       && 0 == ports_.count(referring_url.EffectiveIntPort())) {
     SdchErrorRecovery(DICTIONARY_FOUND_HAS_WRONG_PORT_LIST);
     return false;
   }
   if (path_.size() && !PathMatch(referring_url.path(), path_)) {
     SdchErrorRecovery(DICTIONARY_FOUND_HAS_WRONG_PATH);
     return false;
   }
-  if (referring_url.SchemeIsSecure()) {
+  if (!SdchManager::secure_scheme_supported() &&
+      referring_url.SchemeIsSecure()) {
+    SdchErrorRecovery(DICTIONARY_FOUND_HAS_WRONG_SCHEME);
+    return false;
+  }
+  if (referring_url.SchemeIsSecure() && !url_.SchemeIsSecure()) {
     SdchErrorRecovery(DICTIONARY_FOUND_HAS_WRONG_SCHEME);
     return false;
   }
 
   // TODO(jar): Remove overly restrictive failsafe test (added per security
   // review) when we have a need to be more general.
-  if (!referring_url.SchemeIs("http")) {
+  if (!referring_url.SchemeIsHTTPOrHTTPS()) {
     SdchErrorRecovery(ATTEMPT_TO_DECODE_NON_HTTP_DATA);
     return false;
   }
 
   return true;
 }
 
 bool SdchManager::Dictionary::PathMatch(const std::string& path,
                                         const std::string& restriction) {
   /*  Must be either:
@@ skipping 58 matching lines @@
   DCHECK(CalledOnValidThread());
   fetcher_.reset(fetcher);
 }
 
 // static
 void SdchManager::EnableSdchSupport(bool enabled) {
   g_sdch_enabled_ = enabled;
 }
 
 // static
+void SdchManager::EnableSecureSchemeSupport(bool enabled) {
+  g_secure_scheme_supported_ = enabled;
+}
+
+// static
 void SdchManager::BlacklistDomain(const GURL& url) {
   if (!global_ )
     return;
   global_->SetAllowLatencyExperiment(url, false);
 
   std::string domain(StringToLowerASCII(url.host()));
   int count = global_->blacklisted_domains_[domain];
   if (count > 0)
     return;  // Domain is already blacklisted.
 
@@ skipping 72 matching lines @@
   if (SdchManager::Global()->CanFetchDictionary(request_url, dictionary_url) &&
       fetcher_.get())
     fetcher_->Schedule(dictionary_url);
 }
 
 bool SdchManager::CanFetchDictionary(const GURL& referring_url,
                                      const GURL& dictionary_url) const {
   DCHECK(CalledOnValidThread());
   /* The user agent may retrieve a dictionary from the dictionary URL if all of
      the following are true:
-       1 The dictionary URL host name matches the referrer URL host name
+       1 The dictionary URL host name matches the referrer URL host name and
+           scheme.
        2 The dictionary URL host name domain matches the parent domain of the
            referrer URL host name
        3 The parent domain of the referrer URL host name is not a top level
            domain
        4 The dictionary URL is not an HTTPS URL.
    */
   // Item (1) above implies item (2).  Spec should be updated.
   // I take "host name match" to be "is identical to"
-  if (referring_url.host() != dictionary_url.host()) {
+  if (referring_url.host() != dictionary_url.host() ||
+      referring_url.scheme() != dictionary_url.scheme()) {
     SdchErrorRecovery(DICTIONARY_LOAD_ATTEMPT_FROM_DIFFERENT_HOST);
     return false;
   }
-  if (referring_url.SchemeIs("https")) {
+  if (!secure_scheme_supported() && referring_url.SchemeIsSecure()) {
     SdchErrorRecovery(DICTIONARY_SELECTED_FOR_SSL);
     return false;
   }
 
   // TODO(jar): Remove this failsafe conservative hack which is more restrictive
   // than current SDCH spec when needed, and justified by security audit.
-  if (!referring_url.SchemeIs("http")) {
+  if (!referring_url.SchemeIsHTTPOrHTTPS()) {
     SdchErrorRecovery(DICTIONARY_SELECTED_FROM_NON_HTTP);
     return false;
   }
 
   return true;
 }
 
 bool SdchManager::AddSdchDictionary(const std::string& dictionary_text,
     const GURL& dictionary_url) {
   DCHECK(CalledOnValidThread());
@@ skipping 179 matching lines @@
       case '/':
         (*output)[i] = '_';
         continue;
       default:
         continue;
     }
   }
 }
 
 }  // namespace net