| OLD | NEW |
|---|
| 1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. | 1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. |
| 2 // Use of this source code is governed by a BSD-style license that can be | 2 // Use of this source code is governed by a BSD-style license that can be |
| 3 // found in the LICENSE file. | 3 // found in the LICENSE file. |
| 4 | 4 |
| 5 #include "net/http/transport_security_persister.h" | 5 #include "net/http/transport_security_persister.h" |
| 6 | 6 |
| 7 #include "base/base64.h" | 7 #include "base/base64.h" |
| 8 #include "base/bind.h" | 8 #include "base/bind.h" |
| 9 #include "base/file_util.h" | 9 #include "base/file_util.h" |
| 10 #include "base/files/file_path.h" | 10 #include "base/files/file_path.h" |
| (...skipping 61 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 72 const char kExpiry[] = "expiry"; | 72 const char kExpiry[] = "expiry"; |
| 73 const char kDynamicSPKIHashesExpiry[] = "dynamic_spki_hashes_expiry"; | 73 const char kDynamicSPKIHashesExpiry[] = "dynamic_spki_hashes_expiry"; |
| 74 const char kStaticSPKIHashes[] = "static_spki_hashes"; | 74 const char kStaticSPKIHashes[] = "static_spki_hashes"; |
| 75 const char kPreloadedSPKIHashes[] = "preloaded_spki_hashes"; | 75 const char kPreloadedSPKIHashes[] = "preloaded_spki_hashes"; |
| 76 const char kDynamicSPKIHashes[] = "dynamic_spki_hashes"; | 76 const char kDynamicSPKIHashes[] = "dynamic_spki_hashes"; |
| 77 const char kForceHTTPS[] = "force-https"; | 77 const char kForceHTTPS[] = "force-https"; |
| 78 const char kStrict[] = "strict"; | 78 const char kStrict[] = "strict"; |
| 79 const char kDefault[] = "default"; | 79 const char kDefault[] = "default"; |
| 80 const char kPinningOnly[] = "pinning-only"; | 80 const char kPinningOnly[] = "pinning-only"; |
| 81 const char kCreated[] = "created"; | 81 const char kCreated[] = "created"; |
| 82 const char kStsObserved[] = "sts_observed"; |
| 83 const char kPkpObserved[] = "pkp_observed"; |
| 82 | 84 |
| 83 std::string LoadState(const base::FilePath& path) { | 85 std::string LoadState(const base::FilePath& path) { |
| 84 std::string result; | 86 std::string result; |
| 85 if (!base::ReadFileToString(path, &result)) { | 87 if (!base::ReadFileToString(path, &result)) { |
| 86 return ""; | 88 return ""; |
| 87 } | 89 } |
| 88 return result; | 90 return result; |
| 89 } | 91 } |
| 90 | 92 |
| 91 } // namespace | 93 } // namespace |
| (...skipping 49 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 141 for (; state.HasNext(); state.Advance()) { | 143 for (; state.HasNext(); state.Advance()) { |
| 142 const std::string& hostname = state.hostname(); | 144 const std::string& hostname = state.hostname(); |
| 143 const TransportSecurityState::DomainState& domain_state = | 145 const TransportSecurityState::DomainState& domain_state = |
| 144 state.domain_state(); | 146 state.domain_state(); |
| 145 | 147 |
| 146 DictionaryValue* serialized = new DictionaryValue; | 148 DictionaryValue* serialized = new DictionaryValue; |
| 147 serialized->SetBoolean(kStsIncludeSubdomains, | 149 serialized->SetBoolean(kStsIncludeSubdomains, |
| 148 domain_state.sts_include_subdomains); | 150 domain_state.sts_include_subdomains); |
| 149 serialized->SetBoolean(kPkpIncludeSubdomains, | 151 serialized->SetBoolean(kPkpIncludeSubdomains, |
| 150 domain_state.pkp_include_subdomains); | 152 domain_state.pkp_include_subdomains); |
| 151 serialized->SetDouble(kCreated, domain_state.created.ToDoubleT()); | 153 serialized->SetDouble(kStsObserved, domain_state.sts_observed.ToDoubleT()); |
| 154 serialized->SetDouble(kPkpObserved, domain_state.pkp_observed.ToDoubleT()); |
| 152 serialized->SetDouble(kExpiry, domain_state.upgrade_expiry.ToDoubleT()); | 155 serialized->SetDouble(kExpiry, domain_state.upgrade_expiry.ToDoubleT()); |
| 153 serialized->SetDouble(kDynamicSPKIHashesExpiry, | 156 serialized->SetDouble(kDynamicSPKIHashesExpiry, |
| 154 domain_state.dynamic_spki_hashes_expiry.ToDoubleT()); | 157 domain_state.dynamic_spki_hashes_expiry.ToDoubleT()); |
| 155 | 158 |
| 156 switch (domain_state.upgrade_mode) { | 159 switch (domain_state.upgrade_mode) { |
| 157 case TransportSecurityState::DomainState::MODE_FORCE_HTTPS: | 160 case TransportSecurityState::DomainState::MODE_FORCE_HTTPS: |
| 158 serialized->SetString(kMode, kForceHTTPS); | 161 serialized->SetString(kMode, kForceHTTPS); |
| 159 break; | 162 break; |
| 160 case TransportSecurityState::DomainState::MODE_DEFAULT: | 163 case TransportSecurityState::DomainState::MODE_DEFAULT: |
| 161 serialized->SetString(kMode, kDefault); | 164 serialized->SetString(kMode, kDefault); |
| (...skipping 42 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 204 bool dirtied = false; | 207 bool dirtied = false; |
| 205 | 208 |
| 206 for (DictionaryValue::Iterator i(*dict_value); !i.IsAtEnd(); i.Advance()) { | 209 for (DictionaryValue::Iterator i(*dict_value); !i.IsAtEnd(); i.Advance()) { |
| 207 const DictionaryValue* parsed = NULL; | 210 const DictionaryValue* parsed = NULL; |
| 208 if (!i.value().GetAsDictionary(&parsed)) { | 211 if (!i.value().GetAsDictionary(&parsed)) { |
| 209 LOG(WARNING) << "Could not parse entry " << i.key() << "; skipping entry"; | 212 LOG(WARNING) << "Could not parse entry " << i.key() << "; skipping entry"; |
| 210 continue; | 213 continue; |
| 211 } | 214 } |
| 212 | 215 |
| 213 std::string mode_string; | 216 std::string mode_string; |
| 214 double created; | |
| 215 double expiry; | 217 double expiry; |
| 216 double dynamic_spki_hashes_expiry = 0.0; | 218 double dynamic_spki_hashes_expiry = 0.0; |
| 217 TransportSecurityState::DomainState domain_state; | 219 TransportSecurityState::DomainState domain_state; |
| 218 | 220 |
| 219 // kIncludeSubdomains is a legacy synonym for kStsIncludeSubdomains and | 221 // kIncludeSubdomains is a legacy synonym for kStsIncludeSubdomains and |
| 220 // kPkpIncludeSubdomains. Parse at least one of these properties, | 222 // kPkpIncludeSubdomains. Parse at least one of these properties, |
| 221 // preferably the new ones. | 223 // preferably the new ones. |
| 222 bool include_subdomains = false; | 224 bool include_subdomains = false; |
| 223 bool parsed_include_subdomains = parsed->GetBoolean(kIncludeSubdomains, | 225 bool parsed_include_subdomains = parsed->GetBoolean(kIncludeSubdomains, |
| 224 &include_subdomains); | 226 &include_subdomains); |
| (...skipping 39 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 264 } else { | 266 } else { |
| 265 LOG(WARNING) << "Unknown TransportSecurityState mode string " | 267 LOG(WARNING) << "Unknown TransportSecurityState mode string " |
| 266 << mode_string << " found for entry " << i.key() | 268 << mode_string << " found for entry " << i.key() |
| 267 << "; skipping entry"; | 269 << "; skipping entry"; |
| 268 continue; | 270 continue; |
| 269 } | 271 } |
| 270 | 272 |
| 271 domain_state.upgrade_expiry = base::Time::FromDoubleT(expiry); | 273 domain_state.upgrade_expiry = base::Time::FromDoubleT(expiry); |
| 272 domain_state.dynamic_spki_hashes_expiry = | 274 domain_state.dynamic_spki_hashes_expiry = |
| 273 base::Time::FromDoubleT(dynamic_spki_hashes_expiry); | 275 base::Time::FromDoubleT(dynamic_spki_hashes_expiry); |
| 274 if (parsed->GetDouble(kCreated, &created)) { | 276 |
| 275 domain_state.created = base::Time::FromDoubleT(created); | 277 double sts_observed; |
| 278 double pkp_observed; |
| 279 if (parsed->GetDouble(kStsObserved, &sts_observed)) { |
| 280 domain_state.sts_observed = base::Time::FromDoubleT(sts_observed); |
| 281 } else if (parsed->GetDouble(kCreated, &sts_observed)) { |
| 282 // kCreated is a legacy synonym for both kStsObserved and kPkpObserved. |
| 283 domain_state.sts_observed = base::Time::FromDoubleT(sts_observed); |
| 276 } else { | 284 } else { |
| 277 // We're migrating an old entry with no creation date. Make sure we | 285 // We're migrating an old entry with no observation date. Make sure we |
| 278 // write the new date back in a reasonable time frame. | 286 // write the new date back in a reasonable time frame. |
| 279 dirtied = true; | 287 dirtied = true; |
| 280 domain_state.created = base::Time::Now(); | 288 domain_state.sts_observed = base::Time::Now(); |
| 289 } |
| 290 if (parsed->GetDouble(kPkpObserved, &pkp_observed)) { |
| 291 domain_state.pkp_observed = base::Time::FromDoubleT(pkp_observed); |
| 292 } else if (parsed->GetDouble(kCreated, &pkp_observed)) { |
| 293 domain_state.pkp_observed = base::Time::FromDoubleT(pkp_observed); |
| 294 } else { |
| 295 dirtied = true; |
| 296 domain_state.pkp_observed = base::Time::Now(); |
| 281 } | 297 } |
| 282 | 298 |
| 283 if (domain_state.upgrade_expiry <= current_time && | 299 if (domain_state.upgrade_expiry <= current_time && |
| 284 domain_state.dynamic_spki_hashes_expiry <= current_time) { | 300 domain_state.dynamic_spki_hashes_expiry <= current_time) { |
| 285 // Make sure we dirty the state if we drop an entry. | 301 // Make sure we dirty the state if we drop an entry. |
| 286 dirtied = true; | 302 dirtied = true; |
| 287 continue; | 303 continue; |
| 288 } | 304 } |
| 289 | 305 |
| 290 std::string hashed = ExternalStringToHashedDomain(i.key()); | 306 std::string hashed = ExternalStringToHashedDomain(i.key()); |
| (...skipping 18 matching lines...) Expand all Loading... |
| 309 bool dirty = false; | 325 bool dirty = false; |
| 310 if (!LoadEntries(state, &dirty)) { | 326 if (!LoadEntries(state, &dirty)) { |
| 311 LOG(ERROR) << "Failed to deserialize state: " << state; | 327 LOG(ERROR) << "Failed to deserialize state: " << state; |
| 312 return; | 328 return; |
| 313 } | 329 } |
| 314 if (dirty) | 330 if (dirty) |
| 315 StateIsDirty(transport_security_state_); | 331 StateIsDirty(transport_security_state_); |
| 316 } | 332 } |
| 317 | 333 |
| 318 } // namespace net | 334 } // namespace net |
| OLD | NEW |
|---|
Chromium Code Reviews
Issue 18554002:
Distinguish STS observation times from PKP observation times. (Closed)
Base URL: svn://svn.chromium.org/chrome/trunk/src