OLD | NEW |
---|---|
1 // Copyright (c) 2016 The Chromium Authors. All rights reserved. | 1 // Copyright (c) 2016 The Chromium Authors. All rights reserved. |
2 // Use of this source code is governed by a BSD-style license that can be | 2 // Use of this source code is governed by a BSD-style license that can be |
3 // found in the LICENSE file. | 3 // found in the LICENSE file. |
4 | 4 |
5 #include "net/tools/transport_security_state_generator/preloaded_state_generator .h" | 5 #include "net/tools/transport_security_state_generator/preloaded_state_generator .h" |
6 | 6 |
7 #include <iostream> | |
8 | |
9 #include <string> | 7 #include <string> |
10 | 8 |
11 #include "base/strings/string_util.h" | 9 #include "base/strings/string_util.h" |
12 #include "base/strings/stringprintf.h" | 10 #include "base/strings/stringprintf.h" |
13 #include "net/tools/transport_security_state_generator/cert_util.h" | 11 #include "net/tools/transport_security_state_generator/cert_util.h" |
14 #include "net/tools/transport_security_state_generator/huffman/huffman_builder.h " | 12 #include "net/tools/transport_security_state_generator/huffman/huffman_builder.h " |
15 #include "net/tools/transport_security_state_generator/spki_hash.h" | 13 #include "net/tools/transport_security_state_generator/spki_hash.h" |
16 | 14 |
17 namespace net { | 15 namespace net { |
18 | 16 |
(...skipping 103 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... | |
122 | 120 |
123 return huffman_builder.ToTable(); | 121 return huffman_builder.ToTable(); |
124 } | 122 } |
125 | 123 |
126 } // namespace | 124 } // namespace |
127 | 125 |
128 PreloadedStateGenerator::PreloadedStateGenerator() {} | 126 PreloadedStateGenerator::PreloadedStateGenerator() {} |
129 | 127 |
130 PreloadedStateGenerator::~PreloadedStateGenerator() {} | 128 PreloadedStateGenerator::~PreloadedStateGenerator() {} |
131 | 129 |
132 std::string PreloadedStateGenerator::Generate( | 130 bool PreloadedStateGenerator::Generate( |
133 const std::string& preload_template, | 131 const std::string& preload_template, |
134 const TransportSecurityStateEntries& entries, | 132 const TransportSecurityStateEntries& entries, |
135 const DomainIDList& domain_ids, | 133 const DomainIDList& domain_ids, |
136 const Pinsets& pinsets, | 134 const Pinsets& pinsets, |
137 bool verbose) { | 135 std::string* output) { |
138 std::string output = preload_template; | 136 DCHECK(output); |
137 *output = preload_template; | |
139 | 138 |
140 NameIDMap domain_ids_map; | 139 NameIDMap domain_ids_map; |
141 ProcessDomainIds(domain_ids, &domain_ids_map, &output); | 140 ProcessDomainIds(domain_ids, &domain_ids_map, output); |
142 | 141 |
143 ProcessSPKIHashes(pinsets, &output); | 142 ProcessSPKIHashes(pinsets, output); |
144 | 143 |
145 NameIDMap expect_ct_report_uri_map; | 144 NameIDMap expect_ct_report_uri_map; |
146 ProcessExpectCTURIs(entries, &expect_ct_report_uri_map, &output); | 145 ProcessExpectCTURIs(entries, &expect_ct_report_uri_map, output); |
147 | 146 |
148 NameIDMap expect_staple_report_uri_map; | 147 NameIDMap expect_staple_report_uri_map; |
149 ProcessExpectStapleURIs(entries, &expect_staple_report_uri_map, &output); | 148 ProcessExpectStapleURIs(entries, &expect_staple_report_uri_map, output); |
150 | 149 |
151 NameIDMap pinsets_map; | 150 NameIDMap pinsets_map; |
152 ProcessPinsets(pinsets, &pinsets_map, &output); | 151 ProcessPinsets(pinsets, &pinsets_map, output); |
153 | 152 |
154 // The trie generation process is ran twice, the first time using an | 153 // The trie generation process is ran twice, the first time using an |
155 // approximate Huffman table. During this first run, the correct character | 154 // approximate Huffman table. During this first run, the correct character |
156 // frequencies are collected which are then used to calculate the most space | 155 // frequencies are collected which are then used to calculate the most space |
157 // efficient Huffman table for the given inputs. This table is used for the | 156 // efficient Huffman table for the given inputs. This table is used for the |
158 // second run. | 157 // second run. |
159 HuffmanRepresentationTable table = ApproximateHuffman(entries); | 158 HuffmanRepresentationTable table = ApproximateHuffman(entries); |
160 HuffmanBuilder huffman_builder; | 159 HuffmanBuilder huffman_builder; |
161 TrieWriter writer(table, domain_ids_map, expect_ct_report_uri_map, | 160 TrieWriter writer(table, domain_ids_map, expect_ct_report_uri_map, |
162 expect_staple_report_uri_map, pinsets_map, | 161 expect_staple_report_uri_map, pinsets_map, |
163 &huffman_builder); | 162 &huffman_builder); |
164 writer.WriteEntries(entries); | 163 uint32_t root_position; |
165 uint32_t initial_length = writer.position(); | 164 bool success = writer.WriteEntries(entries, &root_position); |
166 | 165 |
167 HuffmanRepresentationTable optimal_table = huffman_builder.ToTable(); | 166 HuffmanRepresentationTable optimal_table = huffman_builder.ToTable(); |
168 TrieWriter new_writer(optimal_table, domain_ids_map, expect_ct_report_uri_map, | 167 TrieWriter new_writer(optimal_table, domain_ids_map, expect_ct_report_uri_map, |
169 expect_staple_report_uri_map, pinsets_map, nullptr); | 168 expect_staple_report_uri_map, pinsets_map, nullptr); |
170 | 169 |
171 uint32_t root_position = new_writer.WriteEntries(entries); | 170 success = success && new_writer.WriteEntries(entries, &root_position); |
172 uint32_t new_length = new_writer.position(); | 171 uint32_t new_length = new_writer.position(); |
173 | 172 |
174 std::vector<uint8_t> huffman_tree = huffman_builder.ToVector(); | 173 std::vector<uint8_t> huffman_tree = huffman_builder.ToVector(); |
175 | 174 |
176 new_writer.Flush(); | 175 new_writer.Flush(); |
177 | 176 |
178 ReplaceTag("HUFFMAN_TREE", FormatVectorAsArray(huffman_tree), &output); | 177 ReplaceTag("HUFFMAN_TREE", FormatVectorAsArray(huffman_tree), output); |
179 ReplaceTag("HSTS_TRIE", FormatVectorAsArray(new_writer.bytes()), &output); | 178 ReplaceTag("HSTS_TRIE", FormatVectorAsArray(new_writer.bytes()), output); |
180 | 179 |
181 ReplaceTag("HSTS_TRIE_BITS", std::to_string(new_length), &output); | 180 ReplaceTag("HSTS_TRIE_BITS", std::to_string(new_length), output); |
182 ReplaceTag("HSTS_TRIE_ROOT", std::to_string(root_position), &output); | 181 ReplaceTag("HSTS_TRIE_ROOT", std::to_string(root_position), output); |
183 | 182 |
184 if (verbose) { | 183 return success; |
185 std::cout << "Saved " << std::to_string(initial_length - new_length) | |
186 << " bits by using accurate Huffman counts." << std::endl; | |
187 std::cout << "Bit length " << std::to_string(new_length) << std::endl; | |
188 std::cout << "Root position " << std::to_string(root_position) << std::endl; | |
189 } | |
190 | |
191 return output; | |
192 } | 184 } |
193 | 185 |
194 void PreloadedStateGenerator::ProcessDomainIds(const DomainIDList& domain_ids, | 186 void PreloadedStateGenerator::ProcessDomainIds(const DomainIDList& domain_ids, |
195 NameIDMap* map, | 187 NameIDMap* map, |
196 std::string* tpl) { | 188 std::string* tpl) { |
197 std::string output = "{"; | 189 std::string output = "{"; |
198 output.append(kNewLine); | 190 output.append(kNewLine); |
199 | 191 |
200 for (size_t i = 0; i < domain_ids.size(); ++i) { | 192 for (size_t i = 0; i < domain_ids.size(); ++i) { |
201 const std::string& current = domain_ids.at(i); | 193 const std::string& current = domain_ids.at(i); |
(...skipping 66 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... | |
268 output.append(kIndent); | 260 output.append(kIndent); |
269 output.append("\"" + entry->expect_ct_report_uri + "\","); | 261 output.append("\"" + entry->expect_ct_report_uri + "\","); |
270 output.append(kNewLine); | 262 output.append(kNewLine); |
271 | 263 |
272 expect_ct_report_uri_map->insert( | 264 expect_ct_report_uri_map->insert( |
273 NameIDPair(entry->expect_ct_report_uri, | 265 NameIDPair(entry->expect_ct_report_uri, |
274 static_cast<uint32_t>(expect_ct_report_uri_map->size()))); | 266 static_cast<uint32_t>(expect_ct_report_uri_map->size()))); |
275 } | 267 } |
276 } | 268 } |
277 | 269 |
270 output.append(kIndent); | |
martijnc
2017/02/08 20:58:21
There are tests without Expect-CT and Expect-Stapl
| |
271 output.append(kIndent); | |
272 output.append("NULL,"); | |
273 output.append(kNewLine); | |
274 | |
278 output.append("}"); | 275 output.append("}"); |
279 ReplaceTag("EXPECT_CT_REPORT_URIS", output, tpl); | 276 ReplaceTag("EXPECT_CT_REPORT_URIS", output, tpl); |
280 } | 277 } |
281 | 278 |
282 void PreloadedStateGenerator::ProcessExpectStapleURIs( | 279 void PreloadedStateGenerator::ProcessExpectStapleURIs( |
283 const TransportSecurityStateEntries& entries, | 280 const TransportSecurityStateEntries& entries, |
284 NameIDMap* expect_staple_report_uri_map, | 281 NameIDMap* expect_staple_report_uri_map, |
285 std::string* tpl) { | 282 std::string* tpl) { |
286 std::string output = "{"; | 283 std::string output = "{"; |
287 output.append(kNewLine); | 284 output.append(kNewLine); |
288 | 285 |
289 for (const auto& entry : entries) { | 286 for (const auto& entry : entries) { |
290 const std::string& url = entry->expect_staple_report_uri; | 287 const std::string& url = entry->expect_staple_report_uri; |
291 if (entry->expect_staple && url.size() && | 288 if (entry->expect_staple && url.size() && |
292 expect_staple_report_uri_map->find(url) == | 289 expect_staple_report_uri_map->find(url) == |
293 expect_staple_report_uri_map->cend()) { | 290 expect_staple_report_uri_map->cend()) { |
294 output.append(kIndent); | 291 output.append(kIndent); |
295 output.append(kIndent); | 292 output.append(kIndent); |
296 output.append("\"" + entry->expect_staple_report_uri + "\","); | 293 output.append("\"" + entry->expect_staple_report_uri + "\","); |
297 output.append(kNewLine); | 294 output.append(kNewLine); |
298 | 295 |
299 expect_staple_report_uri_map->insert(NameIDPair( | 296 expect_staple_report_uri_map->insert(NameIDPair( |
300 entry->expect_staple_report_uri, | 297 entry->expect_staple_report_uri, |
301 static_cast<uint32_t>(expect_staple_report_uri_map->size()))); | 298 static_cast<uint32_t>(expect_staple_report_uri_map->size()))); |
302 } | 299 } |
303 } | 300 } |
304 | 301 |
302 output.append(kIndent); | |
303 output.append(kIndent); | |
304 output.append("NULL,"); | |
305 output.append(kNewLine); | |
306 | |
305 output.append("}"); | 307 output.append("}"); |
306 ReplaceTag("EXPECT_STAPLE_REPORT_URIS", output, tpl); | 308 ReplaceTag("EXPECT_STAPLE_REPORT_URIS", output, tpl); |
307 } | 309 } |
308 | 310 |
309 void PreloadedStateGenerator::ProcessPinsets(const Pinsets& pinset, | 311 void PreloadedStateGenerator::ProcessPinsets(const Pinsets& pinset, |
310 NameIDMap* pinset_map, | 312 NameIDMap* pinset_map, |
311 std::string* tpl) { | 313 std::string* tpl) { |
312 std::string certs_output; | 314 std::string certs_output; |
313 std::string pinsets_output = "{"; | 315 std::string pinsets_output = "{"; |
314 pinsets_output.append(kNewLine); | 316 pinsets_output.append(kNewLine); |
(...skipping 43 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... | |
358 | 360 |
359 base::TrimString(certs_output, kNewLine, &certs_output); | 361 base::TrimString(certs_output, kNewLine, &certs_output); |
360 | 362 |
361 ReplaceTag("ACCEPTABLE_CERTS", certs_output, tpl); | 363 ReplaceTag("ACCEPTABLE_CERTS", certs_output, tpl); |
362 ReplaceTag("PINSETS", pinsets_output, tpl); | 364 ReplaceTag("PINSETS", pinsets_output, tpl); |
363 } | 365 } |
364 | 366 |
365 } // namespace transport_security_state | 367 } // namespace transport_security_state |
366 | 368 |
367 } // namespace net | 369 } // namespace net |
OLD | NEW |