| OLD | NEW |
|---|
| 1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. | 1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. |
| 2 // Use of this source code is governed by a BSD-style license that can be | 2 // Use of this source code is governed by a BSD-style license that can be |
| 3 // found in the LICENSE file. | 3 // found in the LICENSE file. |
| 4 | 4 |
| 5 #include "base/base64.h" | 5 #include "base/base64.h" |
| 6 #include "base/basictypes.h" | 6 #include "base/basictypes.h" |
| 7 #include "base/strings/string_number_conversions.h" | 7 #include "base/strings/string_number_conversions.h" |
| 8 #include "base/strings/string_piece.h" | |
| 9 #include "base/strings/string_tokenizer.h" | 8 #include "base/strings/string_tokenizer.h" |
| 10 #include "base/strings/string_util.h" | 9 #include "base/strings/string_util.h" |
| 11 #include "net/http/http_security_headers.h" | 10 #include "net/http/http_security_headers.h" |
| 12 #include "net/http/http_util.h" | 11 #include "net/http/http_util.h" |
| 13 #include "url/gurl.h" | |
| 14 | 12 |
| 15 namespace net { | 13 namespace net { |
| 16 | 14 |
| 17 namespace { | 15 namespace { |
| 18 | 16 |
| 19 static_assert(kMaxHSTSAgeSecs <= kuint32max, "kMaxHSTSAgeSecs too large"); | 17 static_assert(kMaxHSTSAgeSecs <= kuint32max, "kMaxHSTSAgeSecs too large"); |
| 20 | 18 |
| 21 // MaxAgeToInt converts a string representation of a "whole number" of | 19 // MaxAgeToInt converts a string representation of a "whole number" of |
| 22 // seconds into a uint32. The string may contain an arbitrarily large number, | 20 // seconds into a uint32. The string may contain an arbitrarily large number, |
| 23 // which will be clipped to kMaxHSTSAgeSecs and which is guaranteed to fit | 21 // which will be clipped to kMaxHSTSAgeSecs and which is guaranteed to fit |
| 24 // within a 32-bit unsigned integer. False is returned on any parse error. | 22 // within a 32-bit unsigned integer. False is returned on any parse error. |
| 25 bool MaxAgeToInt(std::string::const_iterator begin, | 23 bool MaxAgeToInt(std::string::const_iterator begin, |
| 26 std::string::const_iterator end, | 24 std::string::const_iterator end, |
| 27 uint32* result) { | 25 uint32* result) { |
| 28 const base::StringPiece s(begin, end); | 26 const std::string s(begin, end); |
| 29 if (s.empty()) | |
| 30 return false; | |
| 31 | |
| 32 int64 i = 0; | 27 int64 i = 0; |
| 33 | 28 |
| 34 // Return false on any StringToInt64 parse errors *except* for | 29 // Return false on any StringToInt64 parse errors *except* for |
| 35 // int64 overflow. StringToInt64 is used, rather than StringToUint64, | 30 // int64 overflow. StringToInt64 is used, rather than StringToUint64, |
| 36 // in order to properly handle and reject negative numbers | 31 // in order to properly handle and reject negative numbers |
| 37 // (StringToUint64 does not return false on negative numbers). | 32 // (StringToUint64 does not return false on negative numbers). |
| 38 // For values too large to be stored in an int64, StringToInt64 will | 33 // For values too large to be stored in an int64, StringToInt64 will |
| 39 // return false with i set to kint64max, so this case is detected | 34 // return false with i set to kint64max, so this case is detected |
| 40 // by the immediately following if-statement and allowed to fall | 35 // by the immediately following if-statement and allowed to fall |
| 41 // through so that i gets clipped to kMaxHSTSAgeSecs. | 36 // through so that i gets clipped to kMaxHSTSAgeSecs. |
| (...skipping 48 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 90 if (pins.size() < 2) | 85 if (pins.size() < 2) |
| 91 return false; | 86 return false; |
| 92 | 87 |
| 93 if (from_cert_chain.empty()) | 88 if (from_cert_chain.empty()) |
| 94 return false; | 89 return false; |
| 95 | 90 |
| 96 return IsBackupPinPresent(pins, from_cert_chain) && | 91 return IsBackupPinPresent(pins, from_cert_chain) && |
| 97 HashesIntersect(pins, from_cert_chain); | 92 HashesIntersect(pins, from_cert_chain); |
| 98 } | 93 } |
| 99 | 94 |
| 100 bool ParseAndAppendPin(std::string::const_iterator begin, | 95 std::string Strip(const std::string& source) { |
| 101 std::string::const_iterator end, | 96 if (source.empty()) |
| 97 return source; |
| 98 |
| 99 std::string::const_iterator start = source.begin(); |
| 100 std::string::const_iterator end = source.end(); |
| 101 HttpUtil::TrimLWS(&start, &end); |
| 102 return std::string(start, end); |
| 103 } |
| 104 |
| 105 typedef std::pair<std::string, std::string> StringPair; |
| 106 |
| 107 StringPair Split(const std::string& source, char delimiter) { |
| 108 StringPair pair; |
| 109 size_t point = source.find(delimiter); |
| 110 |
| 111 pair.first = source.substr(0, point); |
| 112 if (std::string::npos != point) |
| 113 pair.second = source.substr(point + 1); |
| 114 |
| 115 return pair; |
| 116 } |
| 117 |
| 118 bool ParseAndAppendPin(const std::string& value, |
| 102 HashValueTag tag, | 119 HashValueTag tag, |
| 103 HashValueVector* hashes) { | 120 HashValueVector* hashes) { |
| 104 const base::StringPiece value(begin, end); | 121 // Pins are always quoted. |
| 105 if (value.empty()) | 122 if (value.empty() || !HttpUtil::IsQuote(value[0])) |
| 106 return false; | 123 return false; |
| 107 | 124 |
| 125 std::string unquoted = HttpUtil::Unquote(value); |
| 126 if (unquoted.empty()) |
| 127 return false; |
| 128 |
| 108 std::string decoded; | 129 std::string decoded; |
| 109 if (!base::Base64Decode(value, &decoded)) | 130 if (!base::Base64Decode(unquoted, &decoded)) |
| 110 return false; | 131 return false; |
| 111 | 132 |
| 112 HashValue hash(tag); | 133 HashValue hash(tag); |
| 113 if (decoded.size() != hash.size()) | 134 if (decoded.size() != hash.size()) |
| 114 return false; | 135 return false; |
| 115 | 136 |
| 116 memcpy(hash.data(), decoded.data(), hash.size()); | 137 memcpy(hash.data(), decoded.data(), hash.size()); |
| 117 hashes->push_back(hash); | 138 hashes->push_back(hash); |
| 118 return true; | 139 return true; |
| 119 } | 140 } |
| (...skipping 125 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 245 case START: | 266 case START: |
| 246 case AFTER_MAX_AGE_LABEL: | 267 case AFTER_MAX_AGE_LABEL: |
| 247 case AFTER_MAX_AGE_EQUALS: | 268 case AFTER_MAX_AGE_EQUALS: |
| 248 return false; | 269 return false; |
| 249 default: | 270 default: |
| 250 NOTREACHED(); | 271 NOTREACHED(); |
| 251 return false; | 272 return false; |
| 252 } | 273 } |
| 253 } | 274 } |
| 254 | 275 |
| 255 // "Public-Key-Pins[-Report-Only]" ":" | 276 // "Public-Key-Pins" ":" |
| 256 // "max-age" "=" delta-seconds ";" | 277 // "max-age" "=" delta-seconds ";" |
| 257 // "pin-" algo "=" base64 [ ";" ... ] | 278 // "pin-" algo "=" base64 [ ";" ... ] |
| 258 // [ ";" "includeSubdomains" ] | |
| 259 // [ ";" "report-uri" "=" uri-reference ] | |
| 260 bool ParseHPKPHeader(const std::string& value, | 279 bool ParseHPKPHeader(const std::string& value, |
| 261 const HashValueVector& chain_hashes, | 280 const HashValueVector& chain_hashes, |
| 262 base::TimeDelta* max_age, | 281 base::TimeDelta* max_age, |
| 263 bool* include_subdomains, | 282 bool* include_subdomains, |
| 264 HashValueVector* hashes, | 283 HashValueVector* hashes) { |
| 265 GURL* report_uri) { | |
| 266 bool parsed_max_age = false; | 284 bool parsed_max_age = false; |
| 267 bool include_subdomains_candidate = false; | 285 bool include_subdomains_candidate = false; |
| 268 uint32 max_age_candidate = 0; | 286 uint32 max_age_candidate = 0; |
| 269 GURL parsed_report_uri; | |
| 270 HashValueVector pins; | 287 HashValueVector pins; |
| 271 | 288 |
| 272 HttpUtil::NameValuePairsIterator name_value_pairs( | 289 std::string source = value; |
| 273 value.begin(), value.end(), ';', | |
| 274 HttpUtil::NameValuePairsIterator::VALUES_OPTIONAL); | |
| 275 | 290 |
| 276 while (name_value_pairs.GetNext()) { | 291 while (!source.empty()) { |
| 277 if (base::LowerCaseEqualsASCII(name_value_pairs.name_begin(), | 292 StringPair semicolon = Split(source, ';'); |
| 278 name_value_pairs.name_end(), "max-age")) { | 293 semicolon.first = Strip(semicolon.first); |
| 279 if (!MaxAgeToInt(name_value_pairs.value_begin(), | 294 semicolon.second = Strip(semicolon.second); |
| 280 name_value_pairs.value_end(), &max_age_candidate)) { | 295 StringPair equals = Split(semicolon.first, '='); |
| 296 equals.first = Strip(equals.first); |
| 297 equals.second = Strip(equals.second); |
| 298 |
| 299 if (base::LowerCaseEqualsASCII(equals.first, "max-age")) { |
| 300 if (equals.second.empty() || |
| 301 !MaxAgeToInt(equals.second.begin(), equals.second.end(), |
| 302 &max_age_candidate)) { |
| 281 return false; | 303 return false; |
| 282 } | 304 } |
| 283 parsed_max_age = true; | 305 parsed_max_age = true; |
| 284 } else if (base::LowerCaseEqualsASCII(name_value_pairs.name_begin(), | 306 } else if (base::LowerCaseEqualsASCII(equals.first, "pin-sha1")) { |
| 285 name_value_pairs.name_end(), | 307 if (!ParseAndAppendPin(equals.second, HASH_VALUE_SHA1, &pins)) |
| 286 "pin-sha1")) { | |
| 287 // Pins are always quoted. | |
| 288 if (!name_value_pairs.value_is_quoted() || | |
| 289 !ParseAndAppendPin(name_value_pairs.value_begin(), | |
| 290 name_value_pairs.value_end(), HASH_VALUE_SHA1, | |
| 291 &pins)) { | |
| 292 return false; | 308 return false; |
| 293 } | 309 } else if (base::LowerCaseEqualsASCII(equals.first, "pin-sha256")) { |
| 294 } else if (base::LowerCaseEqualsASCII(name_value_pairs.name_begin(), | 310 if (!ParseAndAppendPin(equals.second, HASH_VALUE_SHA256, &pins)) |
| 295 name_value_pairs.name_end(), | |
| 296 "pin-sha256")) { | |
| 297 // Pins are always quoted. | |
| 298 if (!name_value_pairs.value_is_quoted() || | |
| 299 !ParseAndAppendPin(name_value_pairs.value_begin(), | |
| 300 name_value_pairs.value_end(), HASH_VALUE_SHA256, | |
| 301 &pins)) { | |
| 302 return false; | 311 return false; |
| 303 } | 312 } else if (base::LowerCaseEqualsASCII(equals.first, "includesubdomains")) { |
| 304 } else if (base::LowerCaseEqualsASCII(name_value_pairs.name_begin(), | |
| 305 name_value_pairs.name_end(), | |
| 306 "includesubdomains")) { | |
| 307 include_subdomains_candidate = true; | 313 include_subdomains_candidate = true; |
| 308 } else if (base::LowerCaseEqualsASCII(name_value_pairs.name_begin(), | |
| 309 name_value_pairs.name_end(), | |
| 310 "report-uri")) { | |
| 311 // report-uris are always quoted. | |
| 312 if (!name_value_pairs.value_is_quoted()) | |
| 313 return false; | |
| 314 | |
| 315 parsed_report_uri = GURL(name_value_pairs.value()); | |
| 316 if (parsed_report_uri.is_empty() || !parsed_report_uri.is_valid()) | |
| 317 return false; | |
| 318 } else { | 314 } else { |
| 319 // Silently ignore unknown directives for forward compatibility. | 315 // Silently ignore unknown directives for forward compatibility. |
| 320 } | 316 } |
| 317 |
| 318 source = semicolon.second; |
| 321 } | 319 } |
| 322 | 320 |
| 323 if (!name_value_pairs.valid()) | |
| 324 return false; | |
| 325 | |
| 326 if (!parsed_max_age) | 321 if (!parsed_max_age) |
| 327 return false; | 322 return false; |
| 328 | 323 |
| 329 if (!IsPinListValid(pins, chain_hashes)) | 324 if (!IsPinListValid(pins, chain_hashes)) |
| 330 return false; | 325 return false; |
| 331 | 326 |
| 332 *max_age = base::TimeDelta::FromSeconds(max_age_candidate); | 327 *max_age = base::TimeDelta::FromSeconds(max_age_candidate); |
| 333 *include_subdomains = include_subdomains_candidate; | 328 *include_subdomains = include_subdomains_candidate; |
| 334 hashes->swap(pins); | 329 hashes->swap(pins); |
| 335 *report_uri = parsed_report_uri; | |
| 336 | 330 |
| 337 return true; | 331 return true; |
| 338 } | 332 } |
| 339 | 333 |
| 340 } // namespace net | 334 } // namespace net |
| OLD | NEW |
|---|
Chromium Code Reviews
Issue 1249823002:
Revert of Parse HPKP report-uri and persist in TransportSecurityPersister (Closed)
Base URL: https://chromium.googlesource.com/chromium/src.git@master