OLD | NEW |
1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. | 1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. |
2 // Use of this source code is governed by a BSD-style license that can be | 2 // Use of this source code is governed by a BSD-style license that can be |
3 // found in the LICENSE file. | 3 // found in the LICENSE file. |
4 | 4 |
5 #include "base/base64.h" | 5 #include "base/base64.h" |
6 #include "base/basictypes.h" | 6 #include "base/basictypes.h" |
7 #include "base/strings/string_number_conversions.h" | 7 #include "base/strings/string_number_conversions.h" |
8 #include "base/strings/string_piece.h" | |
9 #include "base/strings/string_tokenizer.h" | 8 #include "base/strings/string_tokenizer.h" |
10 #include "base/strings/string_util.h" | 9 #include "base/strings/string_util.h" |
11 #include "net/http/http_security_headers.h" | 10 #include "net/http/http_security_headers.h" |
12 #include "net/http/http_util.h" | 11 #include "net/http/http_util.h" |
13 #include "url/gurl.h" | |
14 | 12 |
15 namespace net { | 13 namespace net { |
16 | 14 |
17 namespace { | 15 namespace { |
18 | 16 |
19 static_assert(kMaxHSTSAgeSecs <= kuint32max, "kMaxHSTSAgeSecs too large"); | 17 static_assert(kMaxHSTSAgeSecs <= kuint32max, "kMaxHSTSAgeSecs too large"); |
20 | 18 |
21 // MaxAgeToInt converts a string representation of a "whole number" of | 19 // MaxAgeToInt converts a string representation of a "whole number" of |
22 // seconds into a uint32. The string may contain an arbitrarily large number, | 20 // seconds into a uint32. The string may contain an arbitrarily large number, |
23 // which will be clipped to kMaxHSTSAgeSecs and which is guaranteed to fit | 21 // which will be clipped to kMaxHSTSAgeSecs and which is guaranteed to fit |
24 // within a 32-bit unsigned integer. False is returned on any parse error. | 22 // within a 32-bit unsigned integer. False is returned on any parse error. |
25 bool MaxAgeToInt(std::string::const_iterator begin, | 23 bool MaxAgeToInt(std::string::const_iterator begin, |
26 std::string::const_iterator end, | 24 std::string::const_iterator end, |
27 uint32* result) { | 25 uint32* result) { |
28 const base::StringPiece s(begin, end); | 26 const std::string s(begin, end); |
29 if (s.empty()) | |
30 return false; | |
31 | |
32 int64 i = 0; | 27 int64 i = 0; |
33 | 28 |
34 // Return false on any StringToInt64 parse errors *except* for | 29 // Return false on any StringToInt64 parse errors *except* for |
35 // int64 overflow. StringToInt64 is used, rather than StringToUint64, | 30 // int64 overflow. StringToInt64 is used, rather than StringToUint64, |
36 // in order to properly handle and reject negative numbers | 31 // in order to properly handle and reject negative numbers |
37 // (StringToUint64 does not return false on negative numbers). | 32 // (StringToUint64 does not return false on negative numbers). |
38 // For values too large to be stored in an int64, StringToInt64 will | 33 // For values too large to be stored in an int64, StringToInt64 will |
39 // return false with i set to kint64max, so this case is detected | 34 // return false with i set to kint64max, so this case is detected |
40 // by the immediately following if-statement and allowed to fall | 35 // by the immediately following if-statement and allowed to fall |
41 // through so that i gets clipped to kMaxHSTSAgeSecs. | 36 // through so that i gets clipped to kMaxHSTSAgeSecs. |
(...skipping 48 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
90 if (pins.size() < 2) | 85 if (pins.size() < 2) |
91 return false; | 86 return false; |
92 | 87 |
93 if (from_cert_chain.empty()) | 88 if (from_cert_chain.empty()) |
94 return false; | 89 return false; |
95 | 90 |
96 return IsBackupPinPresent(pins, from_cert_chain) && | 91 return IsBackupPinPresent(pins, from_cert_chain) && |
97 HashesIntersect(pins, from_cert_chain); | 92 HashesIntersect(pins, from_cert_chain); |
98 } | 93 } |
99 | 94 |
100 bool ParseAndAppendPin(std::string::const_iterator begin, | 95 std::string Strip(const std::string& source) { |
101 std::string::const_iterator end, | 96 if (source.empty()) |
| 97 return source; |
| 98 |
| 99 std::string::const_iterator start = source.begin(); |
| 100 std::string::const_iterator end = source.end(); |
| 101 HttpUtil::TrimLWS(&start, &end); |
| 102 return std::string(start, end); |
| 103 } |
| 104 |
| 105 typedef std::pair<std::string, std::string> StringPair; |
| 106 |
| 107 StringPair Split(const std::string& source, char delimiter) { |
| 108 StringPair pair; |
| 109 size_t point = source.find(delimiter); |
| 110 |
| 111 pair.first = source.substr(0, point); |
| 112 if (std::string::npos != point) |
| 113 pair.second = source.substr(point + 1); |
| 114 |
| 115 return pair; |
| 116 } |
| 117 |
| 118 bool ParseAndAppendPin(const std::string& value, |
102 HashValueTag tag, | 119 HashValueTag tag, |
103 HashValueVector* hashes) { | 120 HashValueVector* hashes) { |
104 const base::StringPiece value(begin, end); | 121 // Pins are always quoted. |
105 if (value.empty()) | 122 if (value.empty() || !HttpUtil::IsQuote(value[0])) |
106 return false; | 123 return false; |
107 | 124 |
| 125 std::string unquoted = HttpUtil::Unquote(value); |
| 126 if (unquoted.empty()) |
| 127 return false; |
| 128 |
108 std::string decoded; | 129 std::string decoded; |
109 if (!base::Base64Decode(value, &decoded)) | 130 if (!base::Base64Decode(unquoted, &decoded)) |
110 return false; | 131 return false; |
111 | 132 |
112 HashValue hash(tag); | 133 HashValue hash(tag); |
113 if (decoded.size() != hash.size()) | 134 if (decoded.size() != hash.size()) |
114 return false; | 135 return false; |
115 | 136 |
116 memcpy(hash.data(), decoded.data(), hash.size()); | 137 memcpy(hash.data(), decoded.data(), hash.size()); |
117 hashes->push_back(hash); | 138 hashes->push_back(hash); |
118 return true; | 139 return true; |
119 } | 140 } |
(...skipping 125 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
245 case START: | 266 case START: |
246 case AFTER_MAX_AGE_LABEL: | 267 case AFTER_MAX_AGE_LABEL: |
247 case AFTER_MAX_AGE_EQUALS: | 268 case AFTER_MAX_AGE_EQUALS: |
248 return false; | 269 return false; |
249 default: | 270 default: |
250 NOTREACHED(); | 271 NOTREACHED(); |
251 return false; | 272 return false; |
252 } | 273 } |
253 } | 274 } |
254 | 275 |
255 // "Public-Key-Pins[-Report-Only]" ":" | 276 // "Public-Key-Pins" ":" |
256 // "max-age" "=" delta-seconds ";" | 277 // "max-age" "=" delta-seconds ";" |
257 // "pin-" algo "=" base64 [ ";" ... ] | 278 // "pin-" algo "=" base64 [ ";" ... ] |
258 // [ ";" "includeSubdomains" ] | |
259 // [ ";" "report-uri" "=" uri-reference ] | |
260 bool ParseHPKPHeader(const std::string& value, | 279 bool ParseHPKPHeader(const std::string& value, |
261 const HashValueVector& chain_hashes, | 280 const HashValueVector& chain_hashes, |
262 base::TimeDelta* max_age, | 281 base::TimeDelta* max_age, |
263 bool* include_subdomains, | 282 bool* include_subdomains, |
264 HashValueVector* hashes, | 283 HashValueVector* hashes) { |
265 GURL* report_uri) { | |
266 bool parsed_max_age = false; | 284 bool parsed_max_age = false; |
267 bool include_subdomains_candidate = false; | 285 bool include_subdomains_candidate = false; |
268 uint32 max_age_candidate = 0; | 286 uint32 max_age_candidate = 0; |
269 GURL parsed_report_uri; | |
270 HashValueVector pins; | 287 HashValueVector pins; |
271 | 288 |
272 HttpUtil::NameValuePairsIterator name_value_pairs( | 289 std::string source = value; |
273 value.begin(), value.end(), ';', | |
274 HttpUtil::NameValuePairsIterator::VALUES_OPTIONAL); | |
275 | 290 |
276 while (name_value_pairs.GetNext()) { | 291 while (!source.empty()) { |
277 if (base::LowerCaseEqualsASCII(name_value_pairs.name_begin(), | 292 StringPair semicolon = Split(source, ';'); |
278 name_value_pairs.name_end(), "max-age")) { | 293 semicolon.first = Strip(semicolon.first); |
279 if (!MaxAgeToInt(name_value_pairs.value_begin(), | 294 semicolon.second = Strip(semicolon.second); |
280 name_value_pairs.value_end(), &max_age_candidate)) { | 295 StringPair equals = Split(semicolon.first, '='); |
| 296 equals.first = Strip(equals.first); |
| 297 equals.second = Strip(equals.second); |
| 298 |
| 299 if (base::LowerCaseEqualsASCII(equals.first, "max-age")) { |
| 300 if (equals.second.empty() || |
| 301 !MaxAgeToInt(equals.second.begin(), equals.second.end(), |
| 302 &max_age_candidate)) { |
281 return false; | 303 return false; |
282 } | 304 } |
283 parsed_max_age = true; | 305 parsed_max_age = true; |
284 } else if (base::LowerCaseEqualsASCII(name_value_pairs.name_begin(), | 306 } else if (base::LowerCaseEqualsASCII(equals.first, "pin-sha1")) { |
285 name_value_pairs.name_end(), | 307 if (!ParseAndAppendPin(equals.second, HASH_VALUE_SHA1, &pins)) |
286 "pin-sha1")) { | |
287 // Pins are always quoted. | |
288 if (!name_value_pairs.value_is_quoted() || | |
289 !ParseAndAppendPin(name_value_pairs.value_begin(), | |
290 name_value_pairs.value_end(), HASH_VALUE_SHA1, | |
291 &pins)) { | |
292 return false; | 308 return false; |
293 } | 309 } else if (base::LowerCaseEqualsASCII(equals.first, "pin-sha256")) { |
294 } else if (base::LowerCaseEqualsASCII(name_value_pairs.name_begin(), | 310 if (!ParseAndAppendPin(equals.second, HASH_VALUE_SHA256, &pins)) |
295 name_value_pairs.name_end(), | |
296 "pin-sha256")) { | |
297 // Pins are always quoted. | |
298 if (!name_value_pairs.value_is_quoted() || | |
299 !ParseAndAppendPin(name_value_pairs.value_begin(), | |
300 name_value_pairs.value_end(), HASH_VALUE_SHA256, | |
301 &pins)) { | |
302 return false; | 311 return false; |
303 } | 312 } else if (base::LowerCaseEqualsASCII(equals.first, "includesubdomains")) { |
304 } else if (base::LowerCaseEqualsASCII(name_value_pairs.name_begin(), | |
305 name_value_pairs.name_end(), | |
306 "includesubdomains")) { | |
307 include_subdomains_candidate = true; | 313 include_subdomains_candidate = true; |
308 } else if (base::LowerCaseEqualsASCII(name_value_pairs.name_begin(), | |
309 name_value_pairs.name_end(), | |
310 "report-uri")) { | |
311 // report-uris are always quoted. | |
312 if (!name_value_pairs.value_is_quoted()) | |
313 return false; | |
314 | |
315 parsed_report_uri = GURL(name_value_pairs.value()); | |
316 if (parsed_report_uri.is_empty() || !parsed_report_uri.is_valid()) | |
317 return false; | |
318 } else { | 314 } else { |
319 // Silently ignore unknown directives for forward compatibility. | 315 // Silently ignore unknown directives for forward compatibility. |
320 } | 316 } |
| 317 |
| 318 source = semicolon.second; |
321 } | 319 } |
322 | 320 |
323 if (!name_value_pairs.valid()) | |
324 return false; | |
325 | |
326 if (!parsed_max_age) | 321 if (!parsed_max_age) |
327 return false; | 322 return false; |
328 | 323 |
329 if (!IsPinListValid(pins, chain_hashes)) | 324 if (!IsPinListValid(pins, chain_hashes)) |
330 return false; | 325 return false; |
331 | 326 |
332 *max_age = base::TimeDelta::FromSeconds(max_age_candidate); | 327 *max_age = base::TimeDelta::FromSeconds(max_age_candidate); |
333 *include_subdomains = include_subdomains_candidate; | 328 *include_subdomains = include_subdomains_candidate; |
334 hashes->swap(pins); | 329 hashes->swap(pins); |
335 *report_uri = parsed_report_uri; | |
336 | 330 |
337 return true; | 331 return true; |
338 } | 332 } |
339 | 333 |
340 } // namespace net | 334 } // namespace net |
OLD | NEW |