Store dynamic Expect-CT state

net/http/transport_security_state.h

 // Copyright (c) 2012 The Chromium Authors. All rights reserved.
 // Use of this source code is governed by a BSD-style license that can be
 // found in the LICENSE file.
 
 #ifndef NET_HTTP_TRANSPORT_SECURITY_STATE_H_
 #define NET_HTTP_TRANSPORT_SECURITY_STATE_H_
 
 #include <stdint.h>
 
 #include <map>
 #include <string>
 
 #include "base/callback.h"
+#include "base/feature_list.h"
 #include "base/gtest_prod_util.h"
 #include "base/macros.h"
 #include "base/strings/string_piece.h"
 #include "base/threading/non_thread_safe.h"
 #include "base/time/time.h"
 #include "net/base/expiring_cache.h"
 #include "net/base/hash_value.h"
 #include "net/base/net_export.h"
 #include "net/http/transport_security_state_source.h"
 #include "url/gurl.h"
@@ skipping 204 matching lines @@
   class NET_EXPORT ExpectCTState {
    public:
     ExpectCTState();
     ~ExpectCTState();
 
     // The domain which matched during a search for this DomainState entry.
     std::string domain;
     // The URI to which reports should be sent if valid CT info is not
     // provided.
     GURL report_uri;
+    // True if connections should be closed if they do not comply with the CT
+    // policy. If false, noncompliant connections will be allowed but reports
+    // will be sent about the violation.
+    bool enforce;
+    // The absolute time (UTC) when the Expect-CT state was last observed.
+    base::Time last_observed;
+    // The absolute time (UTC) when the Expect-CT state expires.
+    base::Time expiry;
+  };
+
+  class NET_EXPORT ExpectCTStateIterator {
+   public:
+    explicit ExpectCTStateIterator(const TransportSecurityState& state);
+    ~ExpectCTStateIterator();
+
+    bool HasNext() const { return iterator_ != end_; }
+    void Advance() { ++iterator_; }
+    const std::string& hostname() const { return iterator_->first; }
+    const ExpectCTState& domain_state() const { return iterator_->second; }
+
+   private:
+    std::map<std::string, ExpectCTState>::const_iterator iterator_;
+    std::map<std::string, ExpectCTState>::const_iterator end_;
   };
 
   // An ExpectStapleState describes a site that expects valid OCSP information
   // to be stapled to its certificate on every connection.
   class NET_EXPORT ExpectStapleState {
    public:
     ExpectStapleState();
     ~ExpectStapleState();
 
     // The domain which matched during a search for this Expect-Staple entry
@@ skipping 38 matching lines @@
                                   const net::SSLInfo& ssl_info) = 0;
 
    protected:
     virtual ~ExpectCTReporter() {}
   };
 
   // Indicates whether or not a public key pin check should send a
   // report if a violation is detected.
   enum PublicKeyPinReportStatus { ENABLE_PIN_REPORTS, DISABLE_PIN_REPORTS };
 
+  // Feature that controls whether Expect-CT HTTP headers are parsed, processed,
+  // and stored.
+  static const base::Feature kDynamicExpectCTFeature;
+
   TransportSecurityState();
   ~TransportSecurityState();
 
   // These functions search for static and dynamic STS and PKP states, and
   // invoke the functions of the same name on them. These functions are the
   // primary public interface; direct access to STS and PKP states is best
   // left to tests. The caller needs to handle the optional pinning override
   // when is_issued_by_known_root is false.
   bool ShouldSSLErrorsBeFatal(const std::string& host);
   bool ShouldUpgradeToSSL(const std::string& host);
@@ skipping 69 matching lines @@
   void AddOrUpdateEnabledSTSHosts(const std::string& hashed_host,
                                   const STSState& state);
 
   // Inserts |state| into |enabled_pkp_hosts_| under the key |hashed_host|.
   // |hashed_host| is already in the internal representation.
   // Note: This is only used for serializing/deserializing the
   // TransportSecurityState.
   void AddOrUpdateEnabledPKPHosts(const std::string& hashed_host,
                                   const PKPState& state);
 
+  // Inserts |state| into |enabled_expect_ct_hosts_| under the key
+  // |hashed_host|. |hashed_host| is already in the internal representation.
+  // Note: This is only used for serializing/deserializing the
+  // TransportSecurityState.
+  void AddOrUpdateEnabledExpectCTHosts(const std::string& hashed_host,
+                                       const ExpectCTState& state);
+
   // Deletes all dynamic data (e.g. HSTS or HPKP data) created since a given
   // time.
   //
   // If any entries are deleted, the new state will be persisted through
   // the Delegate (if any).
   void DeleteAllDynamicDataSince(const base::Time& time);
 
   // Deletes any dynamic data stored for |host| (e.g. HSTS or HPKP data).
   // If |host| doesn't have an exact entry then no action is taken. Does
   // not delete static (i.e. preloaded) data.  Returns true iff an entry
   // was deleted.
   //
   // If an entry is deleted, the new state will be persisted through
   // the Delegate (if any).
   bool DeleteDynamicDataForHost(const std::string& host);
 
   // Returns true and updates |*sts_result| and |*pkp_result| iff there is a
   // static (built-in) state for |host|. If multiple entries match |host|,
   // the most specific match determines the return value.
   bool GetStaticDomainState(const std::string& host,
                             STSState* sts_result,
                             PKPState* pkp_result) const;
 
   // Returns true iff there is static (built-in) state for |host| that
   // references the Google pins.
   // TODO(rch): Remove this temporary gross layering violation once QUIC 32 is
   // deployed.
   bool IsGooglePinnedHost(const std::string& host) const;
 
-  // Returns true and updates |*result| iff |host| has HSTS (respectively, HPKP)
-  // state. If multiple HSTS (respectively, HPKP) entries match |host|,  the
-  // most specific match determines the HSTS (respectively, HPKP) return value.
+  // Returns true and updates |*result| iff |host| has HSTS/HPKP/Expect-CT
+  // (respectively) state. If multiple entries match |host|, the most specific
+  // match determines the return value.
   //
   // Note that these methods are not const because they opportunistically remove
   // entries that have expired.
   bool GetDynamicSTSState(const std::string& host, STSState* result);
   bool GetDynamicPKPState(const std::string& host, PKPState* result);
+  bool GetDynamicExpectCTState(const std::string& host, ExpectCTState* result);
 
   // Processes an HSTS header value from the host, adding entries to
   // dynamic state if necessary.
   bool AddHSTSHeader(const std::string& host, const std::string& value);
 
   // Processes an HPKP header value from the host, adding entries to
   // dynamic state if necessary.  ssl_info is used to check that
   // the specified pins overlap with the certificate chain.
   bool AddHPKPHeader(const std::string& host, const std::string& value,
                      const SSLInfo& ssl_info);
 
   // Adds explicitly-specified data as if it was processed from an
   // HSTS header (used for net-internals and unit tests).
   void AddHSTS(const std::string& host,
                const base::Time& expiry,
                bool include_subdomains);
 
   // Adds explicitly-specified data as if it was processed from an HPKP header.
   // Note: This method will persist the HPKP if a Delegate is present. Make sure
   //       that the delegate is nullptr if the persistence is not desired.
   //       See |SetDelegate| method for more details.
   void AddHPKP(const std::string& host,
                const base::Time& expiry,
                bool include_subdomains,
                const HashValueVector& hashes,
                const GURL& report_uri);
 
+  // Adds explicitly-specified data as if it was processed from an Expect-CT
+  // header.
+  // Note: This method will persist the Expect-CT data if a Delegate is present.
+  //       Make sure that the delegate is nullptr if the persistence is not
+  //       desired. See |SetDelegate| method for more details.
+  void AddExpectCT(const std::string& host,
+                   const base::Time& expiry,
+                   bool enforce,
+                   const GURL& report_uri);
+
   // Enables or disables public key pinning bypass for local trust anchors.
   // Disabling the bypass for local trust anchors is highly discouraged.
   // This method is used by Cronet only and *** MUST NOT *** be used by any
   // other consumer. For more information see "How does key pinning interact
   // with local proxies and filters?" at
   // https://www.chromium.org/Home/chromium-security/security-faq
   void SetEnablePublicKeyPinningBypassForLocalTrustAnchors(bool value);
 
   // Parses |value| as a Public-Key-Pins-Report-Only header value and
   // sends a HPKP report for |host_port_pair| if |ssl_info| violates the
@@ skipping 23 matching lines @@
  private:
   friend class TransportSecurityStateTest;
   friend class TransportSecurityStateStaticFuzzer;
   FRIEND_TEST_ALL_PREFIXES(HttpSecurityHeadersTest, UpdateDynamicPKPOnly);
   FRIEND_TEST_ALL_PREFIXES(HttpSecurityHeadersTest, UpdateDynamicPKPMaxAge0);
   FRIEND_TEST_ALL_PREFIXES(HttpSecurityHeadersTest, NoClobberPins);
   FRIEND_TEST_ALL_PREFIXES(URLRequestTestHTTP, ExpectCTHeader);
 
   typedef std::map<std::string, STSState> STSStateMap;
   typedef std::map<std::string, PKPState> PKPStateMap;
+  typedef std::map<std::string, ExpectCTState> ExpectCTStateMap;
 
   // Send an UMA report on pin validation failure, if the host is in a
   // statically-defined list of domains.
   //
   // TODO(palmer): This doesn't really belong here, and should be moved into
   // the exactly one call site. This requires unifying |struct HSTSPreload|
   // (an implementation detail of this class) with a more generic
   // representation of first-class DomainStates, and exposing the preloads
   // to the caller with |GetStaticDomainState|.
   static void ReportUMAOnPinFailure(const std::string& host);
@@ skipping 24 matching lines @@
                        bool include_subdomains);
 
   // Adds HPKP state to |host|.
   void AddHPKPInternal(const std::string& host,
                        const base::Time& last_observed,
                        const base::Time& expiry,
                        bool include_subdomains,
                        const HashValueVector& hashes,
                        const GURL& report_uri);
 
+  // Adds Expect-CT state to |host|.
+  void AddExpectCTInternal(const std::string& host,
+                           const base::Time& last_observed,
+                           const base::Time& expiry,
+                           bool enforce,
+                           const GURL& report_uri);
+
   // Enable TransportSecurity for |host|. |state| supercedes any previous
   // state for the |host|, including static entries.
   //
   // The new state for |host| is persisted using the Delegate (if any).
   void EnableSTSHost(const std::string& host, const STSState& state);
   void EnablePKPHost(const std::string& host, const PKPState& state);
+  void EnableExpectCTHost(const std::string& host, const ExpectCTState& state);
 
   // Returns true if a request to |host_port_pair| with the given
   // SubjectPublicKeyInfo |hashes| satisfies the pins in |pkp_state|,
   // and false otherwise. If a violation is found and reporting is
   // configured (i.e. there is a report URI in |pkp_state| and
   // |report_status| says to), this method sends an HPKP violation
   // report containing |served_certificate_chain| and
   // |validated_certificate_chain|.
   PKPStatus CheckPinsAndMaybeSendReport(
       const HostPortPair& host_port_pair,
@@ skipping 12 matching lines @@
 
   // Returns true and updates |*expect_staple_result| iff there is a static
   // (built-in) state for |host| with expect_staple=true, or if |host| is a
   // subdomain of another domain with expect_staple=true and
   // include_subdomains_for_expect_staple=true.
   bool GetStaticExpectStapleState(
       const std::string& host,
       ExpectStapleState* expect_staple_result) const;
 
   // The sets of hosts that have enabled TransportSecurity. |domain| will always
-  // be empty for a STSState or PKPState in these maps; the domain
-  // comes from the map keys instead. In addition, |upgrade_mode| in the
+  // be empty for a STSState, PKPState, or ExpectCTState in these maps; the
+  // domain comes from the map keys instead. In addition, |upgrade_mode| in the
   // STSState is never MODE_DEFAULT and |HasPublicKeyPins| in the PKPState
   // always returns true.
   STSStateMap enabled_sts_hosts_;
   PKPStateMap enabled_pkp_hosts_;
+  ExpectCTStateMap enabled_expect_ct_hosts_;
 
   Delegate* delegate_ = nullptr;
 
   ReportSenderInterface* report_sender_ = nullptr;
 
   // True if static pins should be used.
   bool enable_static_pins_;
 
   // True if static expect-CT state should be used.
   bool enable_static_expect_ct_;
@@ skipping 12 matching lines @@
   // rate-limiting.
   ExpiringCache<std::string, bool, base::TimeTicks, std::less<base::TimeTicks>>
       sent_reports_cache_;
 
   DISALLOW_COPY_AND_ASSIGN(TransportSecurityState);
 };
 
 }  // namespace net
 
 #endif  // NET_HTTP_TRANSPORT_SECURITY_STATE_H_