OLD | NEW |
1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. | 1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. |
2 // Use of this source code is governed by a BSD-style license that can be | 2 // Use of this source code is governed by a BSD-style license that can be |
3 // found in the LICENSE file. | 3 // found in the LICENSE file. |
4 | 4 |
5 // TransportSecurityState maintains an in memory database containing the | 5 // TransportSecurityState maintains an in memory database containing the |
6 // list of hosts that currently have transport security enabled. This | 6 // list of hosts that currently have transport security enabled. This |
7 // singleton object deals with writing that data out to disk as needed and | 7 // singleton object deals with writing that data out to disk as needed and |
8 // loading it at startup. | 8 // loading it at startup. |
9 | 9 |
10 // At startup we need to load the transport security state from the | 10 // At startup we need to load the transport security state from the |
(...skipping 26 matching lines...) Expand all Loading... |
37 | 37 |
38 #include "base/files/file_path.h" | 38 #include "base/files/file_path.h" |
39 #include "base/files/important_file_writer.h" | 39 #include "base/files/important_file_writer.h" |
40 #include "base/macros.h" | 40 #include "base/macros.h" |
41 #include "base/memory/ref_counted.h" | 41 #include "base/memory/ref_counted.h" |
42 #include "base/memory/weak_ptr.h" | 42 #include "base/memory/weak_ptr.h" |
43 #include "net/base/net_export.h" | 43 #include "net/base/net_export.h" |
44 #include "net/http/transport_security_state.h" | 44 #include "net/http/transport_security_state.h" |
45 | 45 |
46 namespace base { | 46 namespace base { |
47 class DictionaryValue; | |
48 class SequencedTaskRunner; | 47 class SequencedTaskRunner; |
49 } | 48 } |
50 | 49 |
51 namespace net { | 50 namespace net { |
52 | 51 |
53 // Reads and updates on-disk TransportSecurity state. Clients of this class | 52 // Reads and updates on-disk TransportSecurity state. Clients of this class |
54 // should create, destroy, and call into it from one thread. | 53 // should create, destroy, and call into it from one thread. |
55 // | 54 // |
56 // background_runner is the task runner this class should use internally to | 55 // background_runner is the task runner this class should use internally to |
57 // perform file IO, and can optionally be associated with a different thread. | 56 // perform file IO, and can optionally be associated with a different thread. |
58 class NET_EXPORT TransportSecurityPersister | 57 class NET_EXPORT TransportSecurityPersister |
59 : public TransportSecurityState::Delegate, | 58 : public TransportSecurityState::Delegate, |
60 public base::ImportantFileWriter::DataSerializer { | 59 public base::ImportantFileWriter::DataSerializer { |
61 public: | 60 public: |
62 TransportSecurityPersister( | 61 TransportSecurityPersister( |
63 TransportSecurityState* state, | 62 TransportSecurityState* state, |
64 const base::FilePath& profile_path, | 63 const base::FilePath& profile_path, |
65 const scoped_refptr<base::SequencedTaskRunner>& background_runner, | 64 const scoped_refptr<base::SequencedTaskRunner>& background_runner, |
66 bool readonly); | 65 bool readonly); |
67 ~TransportSecurityPersister() override; | 66 ~TransportSecurityPersister() override; |
68 | 67 |
69 // Called by the TransportSecurityState when it changes its state. | 68 // Called by the TransportSecurityState when it changes its state. |
70 void StateIsDirty(TransportSecurityState*) override; | 69 void StateIsDirty(TransportSecurityState*) override; |
71 | 70 |
72 // ImportantFileWriter::DataSerializer: | 71 // ImportantFileWriter::DataSerializer: |
73 // | 72 // |
74 // Serializes |transport_security_state_| into |*output|. Returns true if | 73 // Serializes |transport_security_state_| into |*output|. Returns true if |
75 // all STS and PKP states were serialized correctly. | 74 // all STS, PKP, and Expect_CT states were serialized correctly. |
76 // | 75 // |
77 // The serialization format is JSON; the JSON represents a dictionary of | 76 // The serialization format is JSON; the JSON represents a dictionary of |
78 // host:DomainState pairs (host is a string). The DomainState contains | 77 // host:DomainState pairs (host is a string). The DomainState contains |
79 // the STS and PKP states and is represented as a dictionary containing | 78 // the STS and PKP states and is represented as a dictionary containing |
80 // the following keys and value types (not all keys will always be | 79 // the following keys and value types (not all keys will always be |
81 // present): | 80 // present): |
82 // | 81 // |
83 // "sts_include_subdomains": true|false | 82 // "sts_include_subdomains": true|false |
84 // "pkp_include_subdomains": true|false | 83 // "pkp_include_subdomains": true|false |
85 // "created": double | 84 // "created": double |
86 // "expiry": double | 85 // "expiry": double |
87 // "dynamic_spki_hashes_expiry": double | 86 // "dynamic_spki_hashes_expiry": double |
88 // "mode": "default"|"force-https" | 87 // "mode": "default"|"force-https" |
89 // legacy value synonyms "strict" = "force-https" | 88 // legacy value synonyms "strict" = "force-https" |
90 // "pinning-only" = "default" | 89 // "pinning-only" = "default" |
91 // legacy value "spdy-only" is unused and ignored | 90 // legacy value "spdy-only" is unused and ignored |
92 // "static_spki_hashes": list of strings | 91 // "static_spki_hashes": list of strings |
93 // legacy key synonym "preloaded_spki_hashes" | 92 // legacy key synonym "preloaded_spki_hashes" |
94 // "bad_static_spki_hashes": list of strings | 93 // "bad_static_spki_hashes": list of strings |
95 // legacy key synonym "bad_preloaded_spki_hashes" | 94 // legacy key synonym "bad_preloaded_spki_hashes" |
96 // "dynamic_spki_hashes": list of strings | 95 // "dynamic_spki_hashes": list of strings |
| 96 // "dynamic_spki_hashes_expiry": double |
| 97 // "report-uri": string |
| 98 // "sts_observed": double |
| 99 // "pkp_observed": double |
| 100 // "expect_ct": dictionary with keys: |
| 101 // "expect_ct_expiry": double |
| 102 // "expect_ct_observed": double |
| 103 // "expect_ct_enforce": true|false |
| 104 // "expect_ct_report_uri": string |
97 // | 105 // |
98 // The JSON dictionary keys are strings containing | 106 // The JSON dictionary keys are strings containing |
99 // Base64(SHA256(TransportSecurityState::CanonicalizeHost(domain))). | 107 // Base64(SHA256(TransportSecurityState::CanonicalizeHost(domain))). |
100 // The reason for hashing them is so that the stored state does not | 108 // The reason for hashing them is so that the stored state does not |
101 // trivially reveal a user's browsing history to an attacker reading the | 109 // trivially reveal a user's browsing history to an attacker reading the |
102 // serialized state on disk. | 110 // serialized state on disk. |
103 bool SerializeData(std::string* data) override; | 111 bool SerializeData(std::string* data) override; |
104 | 112 |
105 // Clears any existing non-static entries, and then re-populates | 113 // Clears any existing non-static entries, and then re-populates |
106 // |transport_security_state_|. | 114 // |transport_security_state_|. |
107 // | 115 // |
108 // Sets |*dirty| to true if the new state differs from the persisted | 116 // Sets |*dirty| to true if the new state differs from the persisted |
109 // state; false otherwise. | 117 // state; false otherwise. |
110 bool LoadEntries(const std::string& serialized, bool* dirty); | 118 bool LoadEntries(const std::string& serialized, bool* dirty); |
111 | 119 |
112 private: | 120 private: |
113 // Populates |state| from the JSON string |serialized|. Returns true if | 121 // Populates |state| from the JSON string |serialized|. Returns true if |
114 // all entries were parsed and deserialized correctly. | 122 // all entries were parsed and deserialized correctly. |
115 // | 123 // |
116 // Sets |*dirty| to true if the new state differs from the persisted | 124 // Sets |*dirty| to true if the new state differs from the persisted |
117 // state; false otherwise. | 125 // state; false otherwise. |
118 static bool Deserialize(const std::string& serialized, | 126 static bool Deserialize(const std::string& serialized, |
119 bool* dirty, | 127 bool* dirty, |
120 TransportSecurityState* state); | 128 TransportSecurityState* state); |
121 | 129 |
122 // Populates |host| with default values for the STS and PKP states. | |
123 // These default values represent "null" states and are only useful to keep | |
124 // the entries in the resulting JSON consistent. The deserializer will ignore | |
125 // "null" states. | |
126 // TODO(davidben): This can be removed when the STS and PKP states are stored | |
127 // independently on disk. https://crbug.com/470295 | |
128 void PopulateEntryWithDefaults(base::DictionaryValue* host); | |
129 | |
130 void CompleteLoad(const std::string& state); | 130 void CompleteLoad(const std::string& state); |
131 | 131 |
132 TransportSecurityState* transport_security_state_; | 132 TransportSecurityState* transport_security_state_; |
133 | 133 |
134 // Helper for safely writing the data. | 134 // Helper for safely writing the data. |
135 base::ImportantFileWriter writer_; | 135 base::ImportantFileWriter writer_; |
136 | 136 |
137 scoped_refptr<base::SequencedTaskRunner> foreground_runner_; | 137 scoped_refptr<base::SequencedTaskRunner> foreground_runner_; |
138 scoped_refptr<base::SequencedTaskRunner> background_runner_; | 138 scoped_refptr<base::SequencedTaskRunner> background_runner_; |
139 | 139 |
140 // Whether or not we're in read-only mode. | 140 // Whether or not we're in read-only mode. |
141 const bool readonly_; | 141 const bool readonly_; |
142 | 142 |
143 base::WeakPtrFactory<TransportSecurityPersister> weak_ptr_factory_; | 143 base::WeakPtrFactory<TransportSecurityPersister> weak_ptr_factory_; |
144 | 144 |
145 DISALLOW_COPY_AND_ASSIGN(TransportSecurityPersister); | 145 DISALLOW_COPY_AND_ASSIGN(TransportSecurityPersister); |
146 }; | 146 }; |
147 | 147 |
148 } // namespace net | 148 } // namespace net |
149 | 149 |
150 #endif // NET_HTTP_TRANSPORT_SECURITY_PERSISTER_H_ | 150 #endif // NET_HTTP_TRANSPORT_SECURITY_PERSISTER_H_ |
OLD | NEW |