Chromium Code Reviews Chromium Code Reviews
Issue 2052363002:
Enable public key pinning of local trust anchors (Closed)
Base URL: https://chromium.googlesource.com/chromium/src.git@master| OLD | NEW |
|---|---|
| 1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. | 1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. |
| 2 // Use of this source code is governed by a BSD-style license that can be | 2 // Use of this source code is governed by a BSD-style license that can be |
| 3 // found in the LICENSE file. | 3 // found in the LICENSE file. |
| 4 | 4 |
| 5 #include "net/http/transport_security_state.h" | 5 #include "net/http/transport_security_state.h" |
| 6 | 6 |
| 7 #include <algorithm> | 7 #include <algorithm> |
| 8 #include <memory> | 8 #include <memory> |
| 9 #include <utility> | 9 #include <utility> |
| 10 #include <vector> | 10 #include <vector> |
| (...skipping 598 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... | |
| 609 | 609 |
| 610 return found; | 610 return found; |
| 611 } | 611 } |
| 612 | 612 |
| 613 } // namespace | 613 } // namespace |
| 614 | 614 |
| 615 TransportSecurityState::TransportSecurityState() | 615 TransportSecurityState::TransportSecurityState() |
| 616 : enable_static_pins_(true), | 616 : enable_static_pins_(true), |
| 617 enable_static_expect_ct_(true), | 617 enable_static_expect_ct_(true), |
| 618 enable_static_expect_staple_(false), | 618 enable_static_expect_staple_(false), |
| 619 enable_pkp_bypass_for_local_trust_anchors_(true), | |
| 619 sent_reports_cache_(kMaxHPKPReportCacheEntries) { | 620 sent_reports_cache_(kMaxHPKPReportCacheEntries) { |
| 620 // Static pinning is only enabled for official builds to make sure that | 621 // Static pinning is only enabled for official builds to make sure that |
| 621 // others don't end up with pins that cannot be easily updated. | 622 // others don't end up with pins that cannot be easily updated. |
| 622 #if !defined(OFFICIAL_BUILD) || defined(OS_ANDROID) || defined(OS_IOS) | 623 #if !defined(OFFICIAL_BUILD) || defined(OS_ANDROID) || defined(OS_IOS) |
| 623 enable_static_pins_ = false; | 624 enable_static_pins_ = false; |
| 624 enable_static_expect_ct_ = false; | 625 enable_static_expect_ct_ = false; |
| 625 #endif | 626 #endif |
| 626 DCHECK(CalledOnValidThread()); | 627 DCHECK(CalledOnValidThread()); |
| 627 } | 628 } |
| 628 | 629 |
| (...skipping 138 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... | |
| 767 PKPState pkp_state; | 768 PKPState pkp_state; |
| 768 pkp_state.last_observed = last_observed; | 769 pkp_state.last_observed = last_observed; |
| 769 pkp_state.expiry = expiry; | 770 pkp_state.expiry = expiry; |
| 770 pkp_state.include_subdomains = include_subdomains; | 771 pkp_state.include_subdomains = include_subdomains; |
| 771 pkp_state.spki_hashes = hashes; | 772 pkp_state.spki_hashes = hashes; |
| 772 pkp_state.report_uri = report_uri; | 773 pkp_state.report_uri = report_uri; |
| 773 | 774 |
| 774 EnablePKPHost(host, pkp_state); | 775 EnablePKPHost(host, pkp_state); |
| 775 } | 776 } |
| 776 | 777 |
| 778 void TransportSecurityState:: | |
| 779 SetEnablePublicKeyPinningBypassForLocalTrustAnchors(bool value) { | |
| 780 enable_pkp_bypass_for_local_trust_anchors_ = value; | |
| 781 } | |
| 782 | |
| 777 void TransportSecurityState::EnableSTSHost(const std::string& host, | 783 void TransportSecurityState::EnableSTSHost(const std::string& host, |
| 778 const STSState& state) { | 784 const STSState& state) { |
| 779 DCHECK(CalledOnValidThread()); | 785 DCHECK(CalledOnValidThread()); |
| 780 | 786 |
| 781 const std::string canonicalized_host = CanonicalizeHost(host); | 787 const std::string canonicalized_host = CanonicalizeHost(host); |
| 782 if (canonicalized_host.empty()) | 788 if (canonicalized_host.empty()) |
| 783 return; | 789 return; |
| 784 | 790 |
| 785 // Only store new state when HSTS is explicitly enabled. If it is | 791 // Only store new state when HSTS is explicitly enabled. If it is |
| 786 // disabled, remove the state from the enabled hosts. | 792 // disabled, remove the state from the enabled hosts. |
| (...skipping 44 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... | |
| 831 const TransportSecurityState::PKPState& pkp_state, | 837 const TransportSecurityState::PKPState& pkp_state, |
| 832 const HashValueVector& hashes, | 838 const HashValueVector& hashes, |
| 833 const X509Certificate* served_certificate_chain, | 839 const X509Certificate* served_certificate_chain, |
| 834 const X509Certificate* validated_certificate_chain, | 840 const X509Certificate* validated_certificate_chain, |
| 835 const TransportSecurityState::PublicKeyPinReportStatus report_status, | 841 const TransportSecurityState::PublicKeyPinReportStatus report_status, |
| 836 std::string* failure_log) { | 842 std::string* failure_log) { |
| 837 if (pkp_state.CheckPublicKeyPins(hashes, failure_log)) | 843 if (pkp_state.CheckPublicKeyPins(hashes, failure_log)) |
| 838 return PKPStatus::OK; | 844 return PKPStatus::OK; |
| 839 | 845 |
| 840 // Don't report violations for certificates that chain to local roots. | 846 // Don't report violations for certificates that chain to local roots. |
| 841 if (!is_issued_by_known_root) | 847 if (!is_issued_by_known_root) { |
| 842 return PKPStatus::BYPASSED; | 848 if (enable_pkp_bypass_for_local_trust_anchors_) |
| 849 return PKPStatus::BYPASSED; | |
| 850 else | |
| 851 return PKPStatus::VIOLATED; | |
| 852 } | |
|
Ryan Sleevi
2016/07/01 01:17:24
I would argue the right thing to do, from an API c
kapishnikov
2016/07/01 17:20:54
Agreed. Done.
| |
| 843 | 853 |
| 844 if (!report_sender_ || | 854 if (!report_sender_ || |
| 845 report_status != TransportSecurityState::ENABLE_PIN_REPORTS || | 855 report_status != TransportSecurityState::ENABLE_PIN_REPORTS || |
| 846 pkp_state.report_uri.is_empty()) { | 856 pkp_state.report_uri.is_empty()) { |
| 847 return PKPStatus::VIOLATED; | 857 return PKPStatus::VIOLATED; |
| 848 } | 858 } |
| 849 | 859 |
| 850 DCHECK(pkp_state.report_uri.is_valid()); | 860 DCHECK(pkp_state.report_uri.is_valid()); |
| 851 // Report URIs should not be used if they are the same host as the pin | 861 // Report URIs should not be used if they are the same host as the pin |
| 852 // and are HTTPS, to avoid going into a report-sending loop. | 862 // and are HTTPS, to avoid going into a report-sending loop. |
| (...skipping 564 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... | |
| 1417 TransportSecurityState::PKPStateIterator::PKPStateIterator( | 1427 TransportSecurityState::PKPStateIterator::PKPStateIterator( |
| 1418 const TransportSecurityState& state) | 1428 const TransportSecurityState& state) |
| 1419 : iterator_(state.enabled_pkp_hosts_.begin()), | 1429 : iterator_(state.enabled_pkp_hosts_.begin()), |
| 1420 end_(state.enabled_pkp_hosts_.end()) { | 1430 end_(state.enabled_pkp_hosts_.end()) { |
| 1421 } | 1431 } |
| 1422 | 1432 |
| 1423 TransportSecurityState::PKPStateIterator::~PKPStateIterator() { | 1433 TransportSecurityState::PKPStateIterator::~PKPStateIterator() { |
| 1424 } | 1434 } |
| 1425 | 1435 |
| 1426 } // namespace | 1436 } // namespace |
| OLD | NEW |
