OLD | NEW |
---|---|
1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. | 1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. |
2 // Use of this source code is governed by a BSD-style license that can be | 2 // Use of this source code is governed by a BSD-style license that can be |
3 // found in the LICENSE file. | 3 // found in the LICENSE file. |
4 | 4 |
5 #include "base/base64.h" | 5 #include "base/base64.h" |
6 #include "base/basictypes.h" | 6 #include "base/basictypes.h" |
7 #include "base/strings/string_number_conversions.h" | 7 #include "base/strings/string_number_conversions.h" |
8 #include "base/strings/string_piece.h" | 8 #include "base/strings/string_piece.h" |
9 #include "base/strings/string_tokenizer.h" | 9 #include "base/strings/string_tokenizer.h" |
10 #include "base/strings/string_util.h" | 10 #include "base/strings/string_util.h" |
11 #include "net/http/http_security_headers.h" | 11 #include "net/http/http_security_headers.h" |
12 #include "net/http/http_util.h" | 12 #include "net/http/http_util.h" |
13 #include "url/gurl.h" | 13 #include "url/gurl.h" |
14 | 14 |
15 namespace net { | 15 namespace net { |
16 | 16 |
17 namespace { | 17 namespace { |
18 | 18 |
19 enum MaxAgeParsing { REQUIRE_MAX_AGE, DO_NOT_REQUIRE_MAX_AGE }; | |
20 | |
19 static_assert(kMaxHSTSAgeSecs <= kuint32max, "kMaxHSTSAgeSecs too large"); | 21 static_assert(kMaxHSTSAgeSecs <= kuint32max, "kMaxHSTSAgeSecs too large"); |
20 | 22 |
21 // MaxAgeToInt converts a string representation of a "whole number" of | 23 // MaxAgeToInt converts a string representation of a "whole number" of |
22 // seconds into a uint32. The string may contain an arbitrarily large number, | 24 // seconds into a uint32. The string may contain an arbitrarily large number, |
23 // which will be clipped to kMaxHSTSAgeSecs and which is guaranteed to fit | 25 // which will be clipped to kMaxHSTSAgeSecs and which is guaranteed to fit |
24 // within a 32-bit unsigned integer. False is returned on any parse error. | 26 // within a 32-bit unsigned integer. False is returned on any parse error. |
25 bool MaxAgeToInt(std::string::const_iterator begin, | 27 bool MaxAgeToInt(std::string::const_iterator begin, |
26 std::string::const_iterator end, | 28 std::string::const_iterator end, |
27 uint32* result) { | 29 uint32* result) { |
28 const base::StringPiece s(begin, end); | 30 const base::StringPiece s(begin, end); |
(...skipping 82 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... | |
111 | 113 |
112 HashValue hash(tag); | 114 HashValue hash(tag); |
113 if (decoded.size() != hash.size()) | 115 if (decoded.size() != hash.size()) |
114 return false; | 116 return false; |
115 | 117 |
116 memcpy(hash.data(), decoded.data(), hash.size()); | 118 memcpy(hash.data(), decoded.data(), hash.size()); |
117 hashes->push_back(hash); | 119 hashes->push_back(hash); |
118 return true; | 120 return true; |
119 } | 121 } |
120 | 122 |
123 bool ParseHPKPHeaderImpl(const std::string& value, | |
124 MaxAgeParsing max_age_status, | |
125 base::TimeDelta* max_age, | |
126 bool* include_subdomains, | |
127 HashValueVector* hashes, | |
128 GURL* report_uri) { | |
129 bool parsed_max_age = false; | |
130 bool include_subdomains_candidate = false; | |
131 uint32 max_age_candidate = 0; | |
132 GURL parsed_report_uri; | |
133 HashValueVector pins; | |
134 bool require_max_age = max_age_status == REQUIRE_MAX_AGE; | |
135 | |
136 HttpUtil::NameValuePairsIterator name_value_pairs( | |
137 value.begin(), value.end(), ';', | |
138 HttpUtil::NameValuePairsIterator::VALUES_OPTIONAL); | |
139 | |
140 while (name_value_pairs.GetNext()) { | |
141 if (base::LowerCaseEqualsASCII( | |
142 base::StringPiece(name_value_pairs.name_begin(), | |
143 name_value_pairs.name_end()), | |
144 "max-age")) { | |
145 if (!MaxAgeToInt(name_value_pairs.value_begin(), | |
146 name_value_pairs.value_end(), &max_age_candidate)) { | |
147 return false; | |
148 } | |
149 parsed_max_age = true; | |
150 } else if (base::LowerCaseEqualsASCII( | |
151 base::StringPiece(name_value_pairs.name_begin(), | |
152 name_value_pairs.name_end()), | |
153 "pin-sha1")) { | |
154 // Pins are always quoted. | |
155 if (!name_value_pairs.value_is_quoted() || | |
156 !ParseAndAppendPin(name_value_pairs.value_begin(), | |
157 name_value_pairs.value_end(), HASH_VALUE_SHA1, | |
158 &pins)) { | |
159 return false; | |
160 } | |
161 } else if (base::LowerCaseEqualsASCII( | |
162 base::StringPiece(name_value_pairs.name_begin(), | |
163 name_value_pairs.name_end()), | |
164 "pin-sha256")) { | |
165 // Pins are always quoted. | |
166 if (!name_value_pairs.value_is_quoted() || | |
167 !ParseAndAppendPin(name_value_pairs.value_begin(), | |
168 name_value_pairs.value_end(), HASH_VALUE_SHA256, | |
169 &pins)) { | |
170 return false; | |
171 } | |
172 } else if (base::LowerCaseEqualsASCII( | |
173 base::StringPiece(name_value_pairs.name_begin(), | |
174 name_value_pairs.name_end()), | |
175 "includesubdomains")) { | |
176 include_subdomains_candidate = true; | |
177 } else if (base::LowerCaseEqualsASCII( | |
178 base::StringPiece(name_value_pairs.name_begin(), | |
179 name_value_pairs.name_end()), | |
180 "report-uri")) { | |
181 // report-uris are always quoted. | |
182 if (!name_value_pairs.value_is_quoted()) | |
183 return false; | |
184 | |
185 parsed_report_uri = GURL(name_value_pairs.value()); | |
186 if (parsed_report_uri.is_empty() || !parsed_report_uri.is_valid()) | |
187 return false; | |
188 } else { | |
189 // Silently ignore unknown directives for forward compatibility. | |
190 } | |
191 } | |
192 | |
193 if (!name_value_pairs.valid()) | |
194 return false; | |
195 | |
196 if (!parsed_max_age && require_max_age) | |
197 return false; | |
198 | |
199 *max_age = base::TimeDelta::FromSeconds(max_age_candidate); | |
200 *include_subdomains = include_subdomains_candidate; | |
201 hashes->swap(pins); | |
202 *report_uri = parsed_report_uri; | |
203 | |
204 return true; | |
205 } | |
206 | |
121 } // namespace | 207 } // namespace |
122 | 208 |
123 // Parse the Strict-Transport-Security header, as currently defined in | 209 // Parse the Strict-Transport-Security header, as currently defined in |
124 // http://tools.ietf.org/html/draft-ietf-websec-strict-transport-sec-14: | 210 // http://tools.ietf.org/html/draft-ietf-websec-strict-transport-sec-14: |
125 // | 211 // |
126 // Strict-Transport-Security = "Strict-Transport-Security" ":" | 212 // Strict-Transport-Security = "Strict-Transport-Security" ":" |
127 // [ directive ] *( ";" [ directive ] ) | 213 // [ directive ] *( ";" [ directive ] ) |
128 // | 214 // |
129 // directive = directive-name [ "=" directive-value ] | 215 // directive = directive-name [ "=" directive-value ] |
130 // directive-name = token | 216 // directive-name = token |
(...skipping 114 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... | |
245 case START: | 331 case START: |
246 case AFTER_MAX_AGE_LABEL: | 332 case AFTER_MAX_AGE_LABEL: |
247 case AFTER_MAX_AGE_EQUALS: | 333 case AFTER_MAX_AGE_EQUALS: |
248 return false; | 334 return false; |
249 default: | 335 default: |
250 NOTREACHED(); | 336 NOTREACHED(); |
251 return false; | 337 return false; |
252 } | 338 } |
253 } | 339 } |
254 | 340 |
255 // "Public-Key-Pins[-Report-Only]" ":" | 341 // "Public-Key-Pins" ":" |
256 // "max-age" "=" delta-seconds ";" | 342 // "max-age" "=" delta-seconds ";" |
257 // "pin-" algo "=" base64 [ ";" ... ] | 343 // "pin-" algo "=" base64 [ ";" ... ] |
258 // [ ";" "includeSubdomains" ] | 344 // [ ";" "includeSubdomains" ] |
259 // [ ";" "report-uri" "=" uri-reference ] | 345 // [ ";" "report-uri" "=" uri-reference ] |
260 bool ParseHPKPHeader(const std::string& value, | 346 bool ParseHPKPHeader(const std::string& value, |
261 const HashValueVector& chain_hashes, | 347 const HashValueVector& chain_hashes, |
262 base::TimeDelta* max_age, | 348 base::TimeDelta* max_age, |
263 bool* include_subdomains, | 349 bool* include_subdomains, |
264 HashValueVector* hashes, | 350 HashValueVector* hashes, |
265 GURL* report_uri) { | 351 GURL* report_uri) { |
266 bool parsed_max_age = false; | 352 base::TimeDelta candidate_max_age; |
267 bool include_subdomains_candidate = false; | 353 bool candidate_include_subdomains; |
268 uint32 max_age_candidate = 0; | 354 HashValueVector candidate_hashes; |
269 GURL parsed_report_uri; | 355 GURL candidate_report_uri; |
davidben
2015/07/31 19:53:23
[Incidentally, this "candidate" silliness is why I
| |
270 HashValueVector pins; | |
271 | 356 |
272 HttpUtil::NameValuePairsIterator name_value_pairs( | 357 if (!ParseHPKPHeaderImpl(value, REQUIRE_MAX_AGE, &candidate_max_age, |
273 value.begin(), value.end(), ';', | 358 &candidate_include_subdomains, &candidate_hashes, |
274 HttpUtil::NameValuePairsIterator::VALUES_OPTIONAL); | 359 &candidate_report_uri)) { |
275 | 360 return false; |
276 while (name_value_pairs.GetNext()) { | |
277 if (base::LowerCaseEqualsASCII( | |
278 base::StringPiece(name_value_pairs.name_begin(), | |
279 name_value_pairs.name_end()), | |
280 "max-age")) { | |
281 if (!MaxAgeToInt(name_value_pairs.value_begin(), | |
282 name_value_pairs.value_end(), &max_age_candidate)) { | |
283 return false; | |
284 } | |
285 parsed_max_age = true; | |
286 } else if (base::LowerCaseEqualsASCII( | |
287 base::StringPiece(name_value_pairs.name_begin(), | |
288 name_value_pairs.name_end()), | |
289 "pin-sha1")) { | |
290 // Pins are always quoted. | |
291 if (!name_value_pairs.value_is_quoted() || | |
292 !ParseAndAppendPin(name_value_pairs.value_begin(), | |
293 name_value_pairs.value_end(), HASH_VALUE_SHA1, | |
294 &pins)) { | |
295 return false; | |
296 } | |
297 } else if (base::LowerCaseEqualsASCII( | |
298 base::StringPiece(name_value_pairs.name_begin(), | |
299 name_value_pairs.name_end()), | |
300 "pin-sha256")) { | |
301 // Pins are always quoted. | |
302 if (!name_value_pairs.value_is_quoted() || | |
303 !ParseAndAppendPin(name_value_pairs.value_begin(), | |
304 name_value_pairs.value_end(), HASH_VALUE_SHA256, | |
305 &pins)) { | |
306 return false; | |
307 } | |
308 } else if (base::LowerCaseEqualsASCII( | |
309 base::StringPiece(name_value_pairs.name_begin(), | |
310 name_value_pairs.name_end()), | |
311 "includesubdomains")) { | |
312 include_subdomains_candidate = true; | |
313 } else if (base::LowerCaseEqualsASCII( | |
314 base::StringPiece(name_value_pairs.name_begin(), | |
315 name_value_pairs.name_end()), | |
316 "report-uri")) { | |
317 // report-uris are always quoted. | |
318 if (!name_value_pairs.value_is_quoted()) | |
319 return false; | |
320 | |
321 parsed_report_uri = GURL(name_value_pairs.value()); | |
322 if (parsed_report_uri.is_empty() || !parsed_report_uri.is_valid()) | |
323 return false; | |
324 } else { | |
325 // Silently ignore unknown directives for forward compatibility. | |
326 } | |
327 } | 361 } |
328 | 362 |
329 if (!name_value_pairs.valid()) | 363 if (!IsPinListValid(candidate_hashes, chain_hashes)) |
330 return false; | 364 return false; |
331 | 365 |
332 if (!parsed_max_age) | 366 *max_age = candidate_max_age; |
333 return false; | 367 *include_subdomains = candidate_include_subdomains; |
334 | 368 hashes->swap(candidate_hashes); |
335 if (!IsPinListValid(pins, chain_hashes)) | 369 *report_uri = candidate_report_uri; |
336 return false; | |
337 | |
338 *max_age = base::TimeDelta::FromSeconds(max_age_candidate); | |
339 *include_subdomains = include_subdomains_candidate; | |
340 hashes->swap(pins); | |
341 *report_uri = parsed_report_uri; | |
342 | |
343 return true; | 370 return true; |
344 } | 371 } |
345 | 372 |
373 // "Public-Key-Pins-Report-Only" ":" | |
374 // [ "max-age" "=" delta-seconds ";" ] | |
375 // "pin-" algo "=" base64 [ ";" ... ] | |
376 // [ ";" "includeSubdomains" ] | |
377 // [ ";" "report-uri" "=" uri-reference ] | |
378 bool ParseHPKPReportOnlyHeader(const std::string& value, | |
379 bool* include_subdomains, | |
380 HashValueVector* hashes, | |
381 GURL* report_uri) { | |
382 // max-age and includeSubdomains are irrelevant for Report-Only | |
383 // headers. | |
davidben
2015/07/31 19:53:23
and includeSubdomains are -> is?
(Hrm. Looks like
estark
2015/07/31 20:29:47
Yeah, just fixed it here too.
| |
384 base::TimeDelta unused_max_age; | |
385 | |
386 return ParseHPKPHeaderImpl(value, DO_NOT_REQUIRE_MAX_AGE, &unused_max_age, | |
387 include_subdomains, hashes, report_uri); | |
388 } | |
389 | |
346 } // namespace net | 390 } // namespace net |
OLD | NEW |