OLD | NEW |
---|---|
(Empty) | |
1 // Copyright 2016 The Chromium Authors. All rights reserved. | |
2 // Use of this source code is governed by a BSD-style license that can be | |
3 // found in the LICENSE file. | |
4 | |
5 #include "components/certificate_transparency/ct_policy_manager.h" | |
6 | |
7 #include <map> | |
8 #include <set> | |
9 #include <string> | |
10 | |
11 #include "base/bind.h" | |
12 #include "base/callback.h" | |
13 #include "base/location.h" | |
14 #include "base/logging.h" | |
15 #include "base/sequenced_task_runner.h" | |
16 #include "base/strings/string_util.h" | |
17 #include "base/threading/sequenced_task_runner_handle.h" | |
18 #include "base/values.h" | |
19 #include "components/certificate_transparency/pref_names.h" | |
20 #include "components/pref_registry/pref_registry_syncable.h" | |
21 #include "components/prefs/pref_service.h" | |
22 #include "components/url_formatter/url_fixer.h" | |
23 #include "components/url_matcher/url_matcher.h" | |
24 | |
25 namespace certificate_transparency { | |
26 | |
27 class CTPolicyManager::CTDelegate | |
28 : public net::TransportSecurityState::RequireCTDelegate { | |
29 public: | |
30 explicit CTDelegate( | |
31 scoped_refptr<base::SequencedTaskRunner> network_task_runner); | |
32 ~CTDelegate() override = default; | |
33 | |
34 // Called on the prefs thread, updates the CTDelegate to require CT for | |
35 // |required_hosts|, and exclude |excluded_hosts| from CT policies. | |
36 void UpdateFromPrefs(const base::ListValue* required_hosts, | |
37 const base::ListValue* excluded_hosts); | |
38 | |
39 // RequireCTDelegate implementation | |
40 CTRequirementLevel IsCTRequiredForHost(const std::string& hostname) override; | |
41 | |
42 private: | |
43 struct Filter { | |
44 bool ct_required = false; | |
45 bool match_subdomains = false; | |
46 size_t host_length = 0; | |
47 }; | |
48 | |
49 // Called on the |network_task_runner_|, updates the |url_matcher_| to | |
50 // require CT for |required_hosts| and exclude |excluded_hosts|, both | |
51 // of which are Lists of Strings which are URLBlacklist filters. | |
52 void Update(base::ListValue* required_hosts, base::ListValue* excluded_hosts); | |
53 | |
54 // Parses the filters from |host_patterns|, adding them as filters to | |
55 // |filters_| (with |ct_required| indicating whether or not CT is required | |
56 // for that host), and updating |*conditions| with the corresponding | |
57 // URLMatcher::Conditions to match the host. | |
58 void AddFilters(bool ct_required, | |
59 base::ListValue* host_patterns, | |
60 url_matcher::URLMatcherConditionSet::Vector* conditions); | |
61 | |
62 // Returns true if |lhs| has greater precedence than |rhs|. | |
63 bool FilterTakesPrecedence(const Filter& lhs, const Filter& rhs) const; | |
64 | |
65 scoped_refptr<base::SequencedTaskRunner> network_task_runner_; | |
66 std::unique_ptr<url_matcher::URLMatcher> url_matcher_; | |
67 url_matcher::URLMatcherConditionSet::ID id_; | |
mmenke
2016/06/27 22:14:53
Should this be called something like next_id_? At
| |
68 std::map<url_matcher::URLMatcherConditionSet::ID, Filter> filters_; | |
69 | |
70 DISALLOW_COPY_AND_ASSIGN(CTDelegate); | |
71 }; | |
72 | |
73 CTPolicyManager::CTDelegate::CTDelegate( | |
74 scoped_refptr<base::SequencedTaskRunner> network_task_runner) | |
75 : network_task_runner_(std::move(network_task_runner)), | |
76 url_matcher_(new url_matcher::URLMatcher), | |
77 id_(0) {} | |
78 | |
79 void CTPolicyManager::CTDelegate::UpdateFromPrefs( | |
80 const base::ListValue* required_hosts, | |
81 const base::ListValue* excluded_hosts) { | |
82 network_task_runner_->PostTask( | |
83 FROM_HERE, | |
84 base::Bind(&CTDelegate::Update, base::Unretained(this), | |
85 base::Owned(required_hosts->CreateDeepCopy().release()), | |
86 base::Owned(excluded_hosts->CreateDeepCopy().release()))); | |
87 } | |
88 | |
89 net::TransportSecurityState::RequireCTDelegate::CTRequirementLevel | |
90 CTPolicyManager::CTDelegate::IsCTRequiredForHost(const std::string& hostname) { | |
91 DCHECK(network_task_runner_->RunsTasksOnCurrentThread()); | |
92 | |
93 // The scheme and port are ignored in the policy, and the contract of a | |
94 // RequireCTDelegate is that the host is always in URL form. | |
95 // TODO(rsleevi): Guarantee this | |
96 std::set<url_matcher::URLMatcherConditionSet::ID> matching_ids = | |
97 url_matcher_->MatchURL(GURL("https://" + hostname)); | |
98 if (matching_ids.empty()) | |
99 return CTRequirementLevel::DEFAULT; | |
100 | |
101 // Determine the overall policy by determining the most specific policy. | |
102 std::map<url_matcher::URLMatcherConditionSet::ID, Filter>::const_iterator it = | |
103 filters_.begin(); | |
104 const Filter* active_filter = nullptr; | |
105 for (const auto& match : matching_ids) { | |
106 // Because both |filters_| and |matching_ids| are sorted on the ID, | |
107 // treat both as forward-only iterators. | |
108 while (it != filters_.end() && it->first < match) | |
109 ++it; | |
110 if (it == filters_.end()) { | |
111 NOTREACHED(); | |
112 break; | |
113 } | |
114 | |
115 if (!active_filter || FilterTakesPrecedence(it->second, *active_filter)) | |
116 active_filter = &it->second; | |
117 } | |
118 CHECK(active_filter); | |
119 | |
120 return active_filter->ct_required ? CTRequirementLevel::REQUIRED | |
121 : CTRequirementLevel::NOT_REQUIRED; | |
122 } | |
123 | |
124 void CTPolicyManager::CTDelegate::Update(base::ListValue* required_hosts, | |
125 base::ListValue* excluded_hosts) { | |
126 DCHECK(network_task_runner_->RunsTasksOnCurrentThread()); | |
127 | |
128 url_matcher_.reset(new url_matcher::URLMatcher); | |
129 filters_.clear(); | |
130 id_ = 0; | |
131 | |
132 url_matcher::URLMatcherConditionSet::Vector all_conditions; | |
133 AddFilters(true, required_hosts, &all_conditions); | |
134 AddFilters(false, excluded_hosts, &all_conditions); | |
135 | |
136 url_matcher_->AddConditionSets(all_conditions); | |
137 } | |
138 | |
139 void CTPolicyManager::CTDelegate::AddFilters( | |
140 bool ct_required, | |
141 base::ListValue* hosts, | |
142 url_matcher::URLMatcherConditionSet::Vector* conditions) { | |
143 for (size_t i = 0; i < hosts->GetSize(); ++i) { | |
144 std::string pattern; | |
145 if (!hosts->GetString(i, &pattern)) | |
146 continue; | |
147 | |
148 Filter filter; | |
149 filter.ct_required = ct_required; | |
150 | |
151 // Parse the pattern just to the hostname, ignoring all other portions of | |
152 // the URL. | |
153 url::Parsed parsed; | |
154 std::string ignored_scheme = url_formatter::SegmentURL(pattern, &parsed); | |
155 if (!parsed.host.is_nonempty()) | |
156 continue; // If there is no host to match, can't apply the filter. | |
157 | |
158 std::string lc_host = base::ToLowerASCII( | |
159 base::StringPiece(pattern).substr(parsed.host.begin, parsed.host.len)); | |
160 if (lc_host == "*") { | |
161 // Wildcard hosts are not allowed and ignored. | |
162 continue; | |
163 } else if (lc_host[0] == '.') { | |
164 // A leading dot means exact match and to not match subdomains. | |
165 lc_host.erase(0, 1); | |
166 filter.match_subdomains = false; | |
167 } else { | |
168 // Canonicalize the host to make sure it's not an IP address, as | |
169 // matching subdomains is not desirable for those. | |
170 url::RawCanonOutputT<char> output; | |
171 url::CanonHostInfo host_info; | |
172 url::CanonicalizeHostVerbose(pattern.c_str(), parsed.host, &output, | |
173 &host_info); | |
174 if (host_info.family == url::CanonHostInfo::NEUTRAL) { | |
175 // Match subdomains (implicit by the omission of '.'). Add in a | |
176 // leading dot to make sure matches only happen at the domain | |
177 // component boundary. | |
178 lc_host.insert(lc_host.begin(), '.'); | |
179 filter.match_subdomains = true; | |
180 } else { | |
181 filter.match_subdomains = false; | |
182 } | |
183 } | |
184 filter.host_length = lc_host.size(); | |
185 | |
186 // Create a condition for the URLMatcher that matches the hostname (and/or | |
187 // subdomains). | |
188 url_matcher::URLMatcherConditionFactory* condition_factory = | |
189 url_matcher_->condition_factory(); | |
190 std::set<url_matcher::URLMatcherCondition> condition_set; | |
191 condition_set.insert( | |
192 filter.match_subdomains | |
193 ? condition_factory->CreateHostSuffixCondition(lc_host) | |
194 : condition_factory->CreateHostEqualsCondition(lc_host)); | |
195 conditions->push_back( | |
196 new url_matcher::URLMatcherConditionSet(id_, condition_set)); | |
197 filters_[id_] = filter; | |
198 ++id_; | |
199 } | |
200 } | |
201 | |
202 bool CTPolicyManager::CTDelegate::FilterTakesPrecedence( | |
203 const Filter& lhs, | |
204 const Filter& rhs) const { | |
205 if (lhs.match_subdomains != rhs.match_subdomains) | |
206 return !lhs.match_subdomains; // Prefer the more explicit policy. | |
207 | |
208 if (lhs.host_length != rhs.host_length) | |
209 return lhs.host_length > rhs.host_length; // Prefer the longer host match. | |
210 | |
211 if (lhs.ct_required != rhs.ct_required) | |
212 return lhs.ct_required; // Prefer the policy that requires CT. | |
213 | |
214 return false; | |
215 } | |
216 | |
217 // static | |
218 void CTPolicyManager::RegisterPrefs( | |
219 user_prefs::PrefRegistrySyncable* registry) { | |
220 registry->RegisterListPref(prefs::kCTRequiredHosts); | |
221 registry->RegisterListPref(prefs::kCTExcludedHosts); | |
222 } | |
223 | |
224 CTPolicyManager::CTPolicyManager( | |
225 PrefService* pref_service, | |
226 scoped_refptr<base::SequencedTaskRunner> network_task_runner) | |
227 : delegate_(new CTDelegate(std::move(network_task_runner))), | |
228 weak_factory_(this) { | |
229 pref_change_registrar_.Init(pref_service); | |
230 pref_change_registrar_.Add( | |
231 prefs::kCTRequiredHosts, | |
232 base::Bind(&CTPolicyManager::ScheduleUpdate, base::Unretained(this))); | |
233 pref_change_registrar_.Add( | |
234 prefs::kCTExcludedHosts, | |
235 base::Bind(&CTPolicyManager::ScheduleUpdate, base::Unretained(this))); | |
236 | |
237 ScheduleUpdate(); | |
238 } | |
239 | |
240 CTPolicyManager::~CTPolicyManager() {} | |
241 | |
242 void CTPolicyManager::Shutdown() { | |
243 pref_change_registrar_.RemoveAll(); | |
244 } | |
245 | |
246 net::TransportSecurityState::RequireCTDelegate* CTPolicyManager::GetDelegate() { | |
247 return delegate_.get(); | |
248 } | |
249 | |
250 void CTPolicyManager::ScheduleUpdate() { | |
251 // Cancel any pending updates, and schedule a new update. If this method | |
252 // is called again, this pending update will be cancelled because the weak | |
253 // pointer is invalidated, and the new update will take precedence. | |
254 weak_factory_.InvalidateWeakPtrs(); | |
255 base::SequencedTaskRunnerHandle::Get()->PostTask( | |
256 FROM_HERE, | |
257 base::Bind(&CTPolicyManager::Update, weak_factory_.GetWeakPtr())); | |
258 } | |
259 | |
260 void CTPolicyManager::Update() { | |
261 delegate_->UpdateFromPrefs( | |
262 pref_change_registrar_.prefs()->GetList(prefs::kCTRequiredHosts), | |
263 pref_change_registrar_.prefs()->GetList(prefs::kCTExcludedHosts)); | |
264 } | |
265 | |
266 } // namespace certificate_transparency | |
OLD | NEW |