Chromium Code Reviews
chromiumcodereview-hr@appspot.gserviceaccount.com (chromiumcodereview-hr) | Please choose your nickname with Settings | Help | Chromium Project | Gerrit Changes | Sign out
(187)

Issues Search
    My Issues | Starred     Open | Closed | All

Side by Side Diff: net/http/http_security_headers.cc

Issue 2753703002: Add Expect-CT header parsing (Closed)
Patch Set: comment tweaks Created 3 years, 8 months ago
Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.
Jump to:
View unified diff | Download patch
« no previous file with comments | « net/http/http_security_headers.h ('k') | net/http/http_security_headers_expect_ct_fuzzer.cc » ('j') | net/http/http_security_headers_unittest.cc » ('J')
Toggle Intra-line Diffs ('i') | Expand Comments ('e') | Collapse Comments ('c') | Show Comments Hide Comments ('s')
OLDNEW
1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. 1 // Copyright (c) 2012 The Chromium Authors. All rights reserved.
2 // Use of this source code is governed by a BSD-style license that can be 2 // Use of this source code is governed by a BSD-style license that can be
3 // found in the LICENSE file. 3 // found in the LICENSE file.
4 4
5 #include <limits> 5 #include <limits>
6 6
7 #include "base/base64.h" 7 #include "base/base64.h"
8 #include "base/strings/string_piece.h" 8 #include "base/strings/string_piece.h"
9 #include "base/strings/string_tokenizer.h" 9 #include "base/strings/string_tokenizer.h"
10 #include "base/strings/string_util.h" 10 #include "base/strings/string_util.h"
(...skipping 347 matching lines...) Expand 10 before | Expand all | Expand 10 after
358 bool ParseHPKPReportOnlyHeader(const std::string& value, 358 bool ParseHPKPReportOnlyHeader(const std::string& value,
359 bool* include_subdomains, 359 bool* include_subdomains,
360 HashValueVector* hashes, 360 HashValueVector* hashes,
361 GURL* report_uri) { 361 GURL* report_uri) {
362 // max-age is irrelevant for Report-Only headers. 362 // max-age is irrelevant for Report-Only headers.
363 base::TimeDelta unused_max_age; 363 base::TimeDelta unused_max_age;
364 return ParseHPKPHeaderImpl(value, DO_NOT_REQUIRE_MAX_AGE, &unused_max_age, 364 return ParseHPKPHeaderImpl(value, DO_NOT_REQUIRE_MAX_AGE, &unused_max_age,
365 include_subdomains, hashes, report_uri); 365 include_subdomains, hashes, report_uri);
366 } 366 }
367 367
368 // "Expect-CT" ":"
369 // "max-age" "=" delta-seconds
370 // [ "," "enforce" ]
371 // [ "," "report-uri" "=" uri-reference ]
372 bool ParseExpectCTHeader(const std::string& value,
373 base::TimeDelta* max_age,
374 bool* enforce,
375 GURL* report_uri) {
376 bool parsed_max_age = false;
377 bool enforce_candidate = false;
378 uint32_t max_age_candidate = 0;
379 GURL parsed_report_uri;
380
381 HttpUtil::NameValuePairsIterator name_value_pairs(
382 value.begin(), value.end(), ',',
mattm 2017/04/20 05:48:29 Am I reading the draft wrong or does it define the
estark 2017/04/20 22:36:08 No, my bad, I haven't published an updated draft s
383 HttpUtil::NameValuePairsIterator::Values::NOT_REQUIRED,
384 HttpUtil::NameValuePairsIterator::Quotes::NOT_STRICT);
mattm 2017/04/20 05:48:29 should that be STRICT_QUOTES? (from section 2.1 "
estark 2017/04/20 22:36:08 Done.
385
386 while (name_value_pairs.GetNext()) {
387 if (base::LowerCaseEqualsASCII(
388 base::StringPiece(name_value_pairs.name_begin(),
389 name_value_pairs.name_end()),
mattm 2017/04/20 05:48:29 could make this StringPiece once at the beginning
estark 2017/04/20 22:36:08 Done.
390 "max-age")) {
391 if (!MaxAgeToLimitedInt(name_value_pairs.value_begin(),
392 name_value_pairs.value_end(), kMaxExpectCTAgeSecs,
393 &max_age_candidate)) {
394 return false;
395 }
396 parsed_max_age = true;
mattm 2017/04/20 05:48:29 should there be checks that each directive is only
estark 2017/04/20 22:36:08 Done.
397 } else if (base::LowerCaseEqualsASCII(
398 base::StringPiece(name_value_pairs.name_begin(),
399 name_value_pairs.name_end()),
400 "enforce")) {
mattm 2017/04/20 05:48:29 check that no value was given for enforce?
estark 2017/04/20 22:36:08 Done.
401 enforce_candidate = true;
402 } else if (base::LowerCaseEqualsASCII(
403 base::StringPiece(name_value_pairs.name_begin(),
404 name_value_pairs.name_end()),
405 "report-uri")) {
406 // report-uris are always quoted.
407 if (!name_value_pairs.value_is_quoted())
408 return false;
409
410 parsed_report_uri = GURL(name_value_pairs.value());
mattm 2017/04/20 05:48:29 could use a StringPiece for the GURL param too
estark 2017/04/20 22:36:08 Done.
411 if (parsed_report_uri.is_empty() || !parsed_report_uri.is_valid())
412 return false;
413 } else {
414 // Silently ignore unknown directives for forward compatibility.
415 }
416 }
417
418 if (!name_value_pairs.valid())
419 return false;
420
421 if (!parsed_max_age)
422 return false;
423
424 *max_age = base::TimeDelta::FromSeconds(max_age_candidate);
425 *enforce = enforce_candidate;
426 *report_uri = parsed_report_uri;
427 return true;
428 }
429
368 } // namespace net 430 } // namespace net
OLDNEW
« no previous file with comments | « net/http/http_security_headers.h ('k') | net/http/http_security_headers_expect_ct_fuzzer.cc » ('j') | net/http/http_security_headers_unittest.cc » ('J')

Powered by Google App Engine
This is Rietveld 408576698