| OLD | NEW |
|---|
| 1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. | 1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. |
| 2 // Use of this source code is governed by a BSD-style license that can be | 2 // Use of this source code is governed by a BSD-style license that can be |
| 3 // found in the LICENSE file. | 3 // found in the LICENSE file. |
| 4 | 4 |
| 5 #include "chrome/browser/net/transport_security_persister.h" | 5 #include "chrome/browser/net/transport_security_persister.h" |
| 6 | 6 |
| 7 #include "base/base64.h" | 7 #include "base/base64.h" |
| 8 #include "base/bind.h" | 8 #include "base/bind.h" |
| 9 #include "base/file_util.h" | 9 #include "base/file_util.h" |
| 10 #include "base/files/file_path.h" | 10 #include "base/files/file_path.h" |
| (...skipping 62 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 73 const char kExpiry[] = "expiry"; | 73 const char kExpiry[] = "expiry"; |
| 74 const char kDynamicSPKIHashesExpiry[] = "dynamic_spki_hashes_expiry"; | 74 const char kDynamicSPKIHashesExpiry[] = "dynamic_spki_hashes_expiry"; |
| 75 const char kStaticSPKIHashes[] = "static_spki_hashes"; | 75 const char kStaticSPKIHashes[] = "static_spki_hashes"; |
| 76 const char kPreloadedSPKIHashes[] = "preloaded_spki_hashes"; | 76 const char kPreloadedSPKIHashes[] = "preloaded_spki_hashes"; |
| 77 const char kDynamicSPKIHashes[] = "dynamic_spki_hashes"; | 77 const char kDynamicSPKIHashes[] = "dynamic_spki_hashes"; |
| 78 const char kForceHTTPS[] = "force-https"; | 78 const char kForceHTTPS[] = "force-https"; |
| 79 const char kStrict[] = "strict"; | 79 const char kStrict[] = "strict"; |
| 80 const char kDefault[] = "default"; | 80 const char kDefault[] = "default"; |
| 81 const char kPinningOnly[] = "pinning-only"; | 81 const char kPinningOnly[] = "pinning-only"; |
| 82 const char kCreated[] = "created"; | 82 const char kCreated[] = "created"; |
| 83 const char kStsObserved[] = "sts_observed"; |
| 84 const char kPkpObserved[] = "pkp_observed"; |
| 83 | 85 |
| 84 } // namespace | 86 } // namespace |
| 85 | 87 |
| 86 class TransportSecurityPersister::Loader { | 88 class TransportSecurityPersister::Loader { |
| 87 public: | 89 public: |
| 88 Loader(const base::WeakPtr<TransportSecurityPersister>& persister, | 90 Loader(const base::WeakPtr<TransportSecurityPersister>& persister, |
| 89 const base::FilePath& path) | 91 const base::FilePath& path) |
| 90 : persister_(persister), | 92 : persister_(persister), |
| 91 path_(path), | 93 path_(path), |
| 92 state_valid_(false) { | 94 state_valid_(false) { |
| (...skipping 74 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 167 for (; state.HasNext(); state.Advance()) { | 169 for (; state.HasNext(); state.Advance()) { |
| 168 const std::string& hostname = state.hostname(); | 170 const std::string& hostname = state.hostname(); |
| 169 const TransportSecurityState::DomainState& domain_state = | 171 const TransportSecurityState::DomainState& domain_state = |
| 170 state.domain_state(); | 172 state.domain_state(); |
| 171 | 173 |
| 172 DictionaryValue* serialized = new DictionaryValue; | 174 DictionaryValue* serialized = new DictionaryValue; |
| 173 serialized->SetBoolean(kStsIncludeSubdomains, | 175 serialized->SetBoolean(kStsIncludeSubdomains, |
| 174 domain_state.sts_include_subdomains); | 176 domain_state.sts_include_subdomains); |
| 175 serialized->SetBoolean(kPkpIncludeSubdomains, | 177 serialized->SetBoolean(kPkpIncludeSubdomains, |
| 176 domain_state.pkp_include_subdomains); | 178 domain_state.pkp_include_subdomains); |
| 177 serialized->SetDouble(kCreated, domain_state.created.ToDoubleT()); | 179 serialized->SetDouble(kStsObserved, domain_state.sts_observed.ToDoubleT()); |
| 180 serialized->SetDouble(kPkpObserved, domain_state.pkp_observed.ToDoubleT()); |
| 178 serialized->SetDouble(kExpiry, domain_state.upgrade_expiry.ToDoubleT()); | 181 serialized->SetDouble(kExpiry, domain_state.upgrade_expiry.ToDoubleT()); |
| 179 serialized->SetDouble(kDynamicSPKIHashesExpiry, | 182 serialized->SetDouble(kDynamicSPKIHashesExpiry, |
| 180 domain_state.dynamic_spki_hashes_expiry.ToDoubleT()); | 183 domain_state.dynamic_spki_hashes_expiry.ToDoubleT()); |
| 181 | 184 |
| 182 switch (domain_state.upgrade_mode) { | 185 switch (domain_state.upgrade_mode) { |
| 183 case TransportSecurityState::DomainState::MODE_FORCE_HTTPS: | 186 case TransportSecurityState::DomainState::MODE_FORCE_HTTPS: |
| 184 serialized->SetString(kMode, kForceHTTPS); | 187 serialized->SetString(kMode, kForceHTTPS); |
| 185 break; | 188 break; |
| 186 case TransportSecurityState::DomainState::MODE_DEFAULT: | 189 case TransportSecurityState::DomainState::MODE_DEFAULT: |
| 187 serialized->SetString(kMode, kDefault); | 190 serialized->SetString(kMode, kDefault); |
| (...skipping 42 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 230 bool dirtied = false; | 233 bool dirtied = false; |
| 231 | 234 |
| 232 for (DictionaryValue::Iterator i(*dict_value); !i.IsAtEnd(); i.Advance()) { | 235 for (DictionaryValue::Iterator i(*dict_value); !i.IsAtEnd(); i.Advance()) { |
| 233 const DictionaryValue* parsed = NULL; | 236 const DictionaryValue* parsed = NULL; |
| 234 if (!i.value().GetAsDictionary(&parsed)) { | 237 if (!i.value().GetAsDictionary(&parsed)) { |
| 235 LOG(WARNING) << "Could not parse entry " << i.key() << "; skipping entry"; | 238 LOG(WARNING) << "Could not parse entry " << i.key() << "; skipping entry"; |
| 236 continue; | 239 continue; |
| 237 } | 240 } |
| 238 | 241 |
| 239 std::string mode_string; | 242 std::string mode_string; |
| 240 double created; | |
| 241 double expiry; | 243 double expiry; |
| 242 double dynamic_spki_hashes_expiry = 0.0; | 244 double dynamic_spki_hashes_expiry = 0.0; |
| 243 TransportSecurityState::DomainState domain_state; | 245 TransportSecurityState::DomainState domain_state; |
| 244 | 246 |
| 245 // kIncludeSubdomains is a legacy synonym for kStsIncludeSubdomains and | 247 // kIncludeSubdomains is a legacy synonym for kStsIncludeSubdomains and |
| 246 // kPkpIncludeSubdomains. Parse at least one of these properties, | 248 // kPkpIncludeSubdomains. Parse at least one of these properties, |
| 247 // preferably the new ones. | 249 // preferably the new ones. |
| 248 bool include_subdomains = false; | 250 bool include_subdomains = false; |
| 249 bool parsed_include_subdomains = parsed->GetBoolean(kIncludeSubdomains, | 251 bool parsed_include_subdomains = parsed->GetBoolean(kIncludeSubdomains, |
| 250 &include_subdomains); | 252 &include_subdomains); |
| (...skipping 39 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 290 } else { | 292 } else { |
| 291 LOG(WARNING) << "Unknown TransportSecurityState mode string " | 293 LOG(WARNING) << "Unknown TransportSecurityState mode string " |
| 292 << mode_string << " found for entry " << i.key() | 294 << mode_string << " found for entry " << i.key() |
| 293 << "; skipping entry"; | 295 << "; skipping entry"; |
| 294 continue; | 296 continue; |
| 295 } | 297 } |
| 296 | 298 |
| 297 domain_state.upgrade_expiry = base::Time::FromDoubleT(expiry); | 299 domain_state.upgrade_expiry = base::Time::FromDoubleT(expiry); |
| 298 domain_state.dynamic_spki_hashes_expiry = | 300 domain_state.dynamic_spki_hashes_expiry = |
| 299 base::Time::FromDoubleT(dynamic_spki_hashes_expiry); | 301 base::Time::FromDoubleT(dynamic_spki_hashes_expiry); |
| 300 if (parsed->GetDouble(kCreated, &created)) { | 302 |
| 301 domain_state.created = base::Time::FromDoubleT(created); | 303 double sts_observed; |
| 304 double pkp_observed; |
| 305 if (parsed->GetDouble(kStsObserved, &sts_observed)) { |
| 306 domain_state.sts_observed = base::Time::FromDoubleT(sts_observed); |
| 307 } else if (parsed->GetDouble(kCreated, &sts_observed)) { |
| 308 // kCreated is a legacy synonym for both kStsObserved and kPkpObserved. |
| 309 domain_state.sts_observed = base::Time::FromDoubleT(sts_observed); |
| 302 } else { | 310 } else { |
| 303 // We're migrating an old entry with no creation date. Make sure we | 311 // We're migrating an old entry with no creation date. Make sure we |
| 304 // write the new date back in a reasonable time frame. | 312 // write the new date back in a reasonable time frame. |
| 305 dirtied = true; | 313 dirtied = true; |
| 306 domain_state.created = base::Time::Now(); | 314 domain_state.sts_observed = base::Time::Now(); |
| 315 } |
| 316 if (parsed->GetDouble(kPkpObserved, &pkp_observed)) { |
| 317 domain_state.pkp_observed = base::Time::FromDoubleT(pkp_observed); |
| 318 } else if (parsed->GetDouble(kCreated, &pkp_observed)) { |
| 319 domain_state.pkp_observed = base::Time::FromDoubleT(pkp_observed); |
| 320 } else { |
| 321 dirtied = true; |
| 322 domain_state.pkp_observed = base::Time::Now(); |
| 307 } | 323 } |
| 308 | 324 |
| 309 if (domain_state.upgrade_expiry <= current_time && | 325 if (domain_state.upgrade_expiry <= current_time && |
| 310 domain_state.dynamic_spki_hashes_expiry <= current_time) { | 326 domain_state.dynamic_spki_hashes_expiry <= current_time) { |
| 311 // Make sure we dirty the state if we drop an entry. | 327 // Make sure we dirty the state if we drop an entry. |
| 312 dirtied = true; | 328 dirtied = true; |
| 313 continue; | 329 continue; |
| 314 } | 330 } |
| 315 | 331 |
| 316 std::string hashed = ExternalStringToHashedDomain(i.key()); | 332 std::string hashed = ExternalStringToHashedDomain(i.key()); |
| (...skipping 13 matching lines...) Expand all Loading... |
| 330 DCHECK(BrowserThread::CurrentlyOn(BrowserThread::IO)); | 346 DCHECK(BrowserThread::CurrentlyOn(BrowserThread::IO)); |
| 331 | 347 |
| 332 bool dirty = false; | 348 bool dirty = false; |
| 333 if (!LoadEntries(state, &dirty)) { | 349 if (!LoadEntries(state, &dirty)) { |
| 334 LOG(ERROR) << "Failed to deserialize state: " << state; | 350 LOG(ERROR) << "Failed to deserialize state: " << state; |
| 335 return; | 351 return; |
| 336 } | 352 } |
| 337 if (dirty) | 353 if (dirty) |
| 338 StateIsDirty(transport_security_state_); | 354 StateIsDirty(transport_security_state_); |
| 339 } | 355 } |
| OLD | NEW |
|---|
Chromium Code Reviews
Issue 18554002:
Distinguish STS observation times from PKP observation times. (Closed)
Base URL: svn://svn.chromium.org/chrome/trunk/src