Chromium Code Reviews
chromiumcodereview-hr@appspot.gserviceaccount.com (chromiumcodereview-hr) | Please choose your nickname with Settings | Help | Chromium Project | Gerrit Changes | Sign out
(179)

Side by Side Diff: components/data_reduction_proxy/common/data_reduction_proxy_headers.cc

Issue 387353003: Modify data_reduction_proxy_header to support tamper detection logic. (Closed) Base URL: https://chromium.googlesource.com/chromium/src.git@work
Patch Set: Created 6 years, 4 months ago
Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.
Jump to:
View unified diff | Download patch
OLDNEW
1 // Copyright 2014 The Chromium Authors. All rights reserved. 1 // Copyright 2014 The Chromium Authors. All rights reserved.
2 // Use of this source code is governed by a BSD-style license that can be 2 // Use of this source code is governed by a BSD-style license that can be
3 // found in the LICENSE file. 3 // found in the LICENSE file.
4 4
5 #include "components/data_reduction_proxy/common/data_reduction_proxy_headers.h" 5 #include "components/data_reduction_proxy/common/data_reduction_proxy_headers.h"
6 6
7 #include <string> 7 #include <string>
8 8
9 #include "base/rand_util.h" 9 #include "base/rand_util.h"
10 #include "base/strings/string_number_conversions.h" 10 #include "base/strings/string_number_conversions.h"
11 #include "base/strings/string_piece.h" 11 #include "base/strings/string_piece.h"
12 #include "base/strings/string_util.h" 12 #include "base/strings/string_util.h"
13 #include "base/time/time.h" 13 #include "base/time/time.h"
14 #include "net/http/http_response_headers.h" 14 #include "net/http/http_response_headers.h"
15 #include "net/http/http_status_code.h" 15 #include "net/http/http_status_code.h"
16 #include "net/proxy/proxy_service.h" 16 #include "net/proxy/proxy_service.h"
17 17
18 using base::StringPiece; 18 using base::StringPiece;
19 using base::TimeDelta; 19 using base::TimeDelta;
20 using net::ProxyService; 20 using net::ProxyService;
21 21
22 namespace { 22 namespace {
23 23
24 const char kChromeProxyHeader[] = "chrome-proxy";
25 const char kActionValueDelimiter = '=';
26
27 const char kChromeProxyActionBlock[] = "block";
28 const char kChromeProxyActionBypass[] = "bypass";
29
30 // Actions for tamper detection fingerprints.
31 const char kChromeProxyActionFingerprintChromeProxy[] = "fcp";
32 const char kChromeProxyActionFingerprintVia[] = "fvia";
33 const char kChromeProxyActionFingerprintOtherHeaders[] = "foh";
34 const char kChromeProxyActionFingerprintContentLength[] = "fcl";
35
24 const int kShortBypassMaxSeconds = 59; 36 const int kShortBypassMaxSeconds = 59;
25 const int kMediumBypassMaxSeconds = 300; 37 const int kMediumBypassMaxSeconds = 300;
26 38
27 // Returns a random bypass duration between 1 and 5 minutes. 39 // Returns a random bypass duration between 1 and 5 minutes.
28 base::TimeDelta GetDefaultBypassDuration() { 40 base::TimeDelta GetDefaultBypassDuration() {
29 const int64 delta_ms = 41 const int64 delta_ms =
30 base::RandInt(base::TimeDelta::FromMinutes(1).InMilliseconds(), 42 base::RandInt(base::TimeDelta::FromMinutes(1).InMilliseconds(),
31 base::TimeDelta::FromMinutes(5).InMilliseconds()); 43 base::TimeDelta::FromMinutes(5).InMilliseconds());
32 return TimeDelta::FromMilliseconds(delta_ms); 44 return TimeDelta::FromMilliseconds(delta_ms);
33 } 45 }
34 } // namespace 46 } // namespace
35 47
36 namespace data_reduction_proxy { 48 namespace data_reduction_proxy {
37 49
50 bool GetDataReductionProxyActionValue(
51 const net::HttpResponseHeaders* headers,
52 const std::string& action_prefix,
53 std::string* action_value) {
54 DCHECK(headers);
55 DCHECK(!action_prefix.empty());
56 // A valid action does not include a trailing '='.
57 DCHECK(action_prefix[action_prefix.size() - 1] != kActionValueDelimiter);
58 void* iter = NULL;
59 std::string value;
60 std::string prefix = action_prefix + kActionValueDelimiter;
61
62 while (headers->EnumerateHeader(&iter, kChromeProxyHeader, &value)) {
63 if (value.size() > prefix.size()) {
64 if (LowerCaseEqualsASCII(value.begin(),
65 value.begin() + prefix.size(),
66 prefix.c_str())) {
67 if (action_value)
68 *action_value = value.substr(prefix.size());
69 return true;
70 }
71 }
72 }
73 return false;
74 }
75
38 bool ParseHeadersAndSetBypassDuration(const net::HttpResponseHeaders* headers, 76 bool ParseHeadersAndSetBypassDuration(const net::HttpResponseHeaders* headers,
39 const std::string& action_prefix, 77 const std::string& action_prefix,
40 base::TimeDelta* bypass_duration) { 78 base::TimeDelta* bypass_duration) {
79 DCHECK(headers);
80 DCHECK(!action_prefix.empty());
81 // A valid action does not include a trailing '='.
82 DCHECK(action_prefix[action_prefix.size() - 1] != kActionValueDelimiter);
41 void* iter = NULL; 83 void* iter = NULL;
42 std::string value; 84 std::string value;
43 std::string name = "chrome-proxy"; 85 std::string prefix = action_prefix + kActionValueDelimiter;
44 86
45 while (headers->EnumerateHeader(&iter, name, &value)) { 87 while (headers->EnumerateHeader(&iter, kChromeProxyHeader, &value)) {
46 if (value.size() > action_prefix.size()) { 88 if (value.size() > prefix.size()) {
47 if (LowerCaseEqualsASCII(value.begin(), 89 if (LowerCaseEqualsASCII(value.begin(),
48 value.begin() + action_prefix.size(), 90 value.begin() + prefix.size(),
49 action_prefix.c_str())) { 91 prefix.c_str())) {
50 int64 seconds; 92 int64 seconds;
51 if (!base::StringToInt64( 93 if (!base::StringToInt64(
52 StringPiece(value.begin() + action_prefix.size(), value.end()), 94 StringPiece(value.begin() + prefix.size(), value.end()),
53 &seconds) || seconds < 0) { 95 &seconds) || seconds < 0) {
54 continue; // In case there is a well formed instruction. 96 continue; // In case there is a well formed instruction.
55 } 97 }
56 if (seconds != 0) { 98 if (seconds != 0) {
57 *bypass_duration = TimeDelta::FromSeconds(seconds); 99 *bypass_duration = TimeDelta::FromSeconds(seconds);
58 } else { 100 } else {
59 // Server deferred to us to choose a duration. Default to a random 101 // Server deferred to us to choose a duration. Default to a random
60 // duration between one and five minutes. 102 // duration between one and five minutes.
61 *bypass_duration = GetDefaultBypassDuration(); 103 *bypass_duration = GetDefaultBypassDuration();
62 } 104 }
(...skipping 12 matching lines...) Expand all
75 // <duration> is the number of seconds to wait before retrying 117 // <duration> is the number of seconds to wait before retrying
76 // the proxy. If the duration is 0, then the default proxy retry delay 118 // the proxy. If the duration is 0, then the default proxy retry delay
77 // (specified in |ProxyList::UpdateRetryInfoOnFallback|) will be used. 119 // (specified in |ProxyList::UpdateRetryInfoOnFallback|) will be used.
78 // 'bypass' instructs Chrome to bypass the currently connected data reduction 120 // 'bypass' instructs Chrome to bypass the currently connected data reduction
79 // proxy, whereas 'block' instructs Chrome to bypass all available data 121 // proxy, whereas 'block' instructs Chrome to bypass all available data
80 // reduction proxies. 122 // reduction proxies.
81 123
82 // 'block' takes precedence over 'bypass', so look for it first. 124 // 'block' takes precedence over 'bypass', so look for it first.
83 // TODO(bengr): Reduce checks for 'block' and 'bypass' to a single loop. 125 // TODO(bengr): Reduce checks for 'block' and 'bypass' to a single loop.
84 if (ParseHeadersAndSetBypassDuration( 126 if (ParseHeadersAndSetBypassDuration(
85 headers, "block=", &proxy_info->bypass_duration)) { 127 headers, kChromeProxyActionBlock, &proxy_info->bypass_duration)) {
86 proxy_info->bypass_all = true; 128 proxy_info->bypass_all = true;
87 return true; 129 return true;
88 } 130 }
89 131
90 // Next, look for 'bypass'. 132 // Next, look for 'bypass'.
91 if (ParseHeadersAndSetBypassDuration( 133 if (ParseHeadersAndSetBypassDuration(
92 headers, "bypass=", &proxy_info->bypass_duration)) { 134 headers, kChromeProxyActionBypass, &proxy_info->bypass_duration)) {
93 return true; 135 return true;
94 } 136 }
95 return false; 137 return false;
96 } 138 }
97 139
98 bool HasDataReductionProxyViaHeader(const net::HttpResponseHeaders* headers) { 140 bool HasDataReductionProxyViaHeader(const net::HttpResponseHeaders* headers,
141 bool* has_intermediary) {
99 const size_t kVersionSize = 4; 142 const size_t kVersionSize = 4;
100 const char kDataReductionProxyViaValue[] = "Chrome-Compression-Proxy"; 143 const char kDataReductionProxyViaValue[] = "Chrome-Compression-Proxy";
101 size_t value_len = strlen(kDataReductionProxyViaValue); 144 size_t value_len = strlen(kDataReductionProxyViaValue);
102 void* iter = NULL; 145 void* iter = NULL;
103 std::string value; 146 std::string value;
104 147
105 // Case-sensitive comparison of |value|. Assumes the received protocol and the 148 // Case-sensitive comparison of |value|. Assumes the received protocol and the
106 // space following it are always |kVersionSize| characters. E.g., 149 // space following it are always |kVersionSize| characters. E.g.,
107 // 'Via: 1.1 Chrome-Compression-Proxy' 150 // 'Via: 1.1 Chrome-Compression-Proxy'
108 while (headers->EnumerateHeader(&iter, "via", &value)) { 151 while (headers->EnumerateHeader(&iter, "via", &value)) {
109 if (value.size() >= kVersionSize + value_len && 152 if (value.size() >= kVersionSize + value_len &&
110 !value.compare(kVersionSize, value_len, kDataReductionProxyViaValue)) 153 !value.compare(kVersionSize, value_len, kDataReductionProxyViaValue)) {
154 if (has_intermediary)
155 // We assume intermediary exists if there is another Via header after
156 // the data reduction proxy's Via header.
157 *has_intermediary = !(headers->EnumerateHeader(&iter, "via", &value));
111 return true; 158 return true;
159 }
112 } 160 }
113 161
114 // TODO(bengr): Remove deprecated header value. 162 // TODO(bengr): Remove deprecated header value.
115 const char kDeprecatedDataReductionProxyViaValue[] = 163 const char kDeprecatedDataReductionProxyViaValue[] =
116 "1.1 Chrome Compression Proxy"; 164 "1.1 Chrome Compression Proxy";
117 iter = NULL; 165 iter = NULL;
118 while (headers->EnumerateHeader(&iter, "via", &value)) 166 while (headers->EnumerateHeader(&iter, "via", &value))
119 if (value == kDeprecatedDataReductionProxyViaValue) 167 if (value == kDeprecatedDataReductionProxyViaValue) {
168 if (has_intermediary)
169 *has_intermediary = !(headers->EnumerateHeader(&iter, "via", &value));
120 return true; 170 return true;
171 }
121 172
122 return false; 173 return false;
123 } 174 }
124 175
125 net::ProxyService::DataReductionProxyBypassType 176 net::ProxyService::DataReductionProxyBypassType
126 GetDataReductionProxyBypassType( 177 GetDataReductionProxyBypassType(
127 const net::HttpResponseHeaders* headers, 178 const net::HttpResponseHeaders* headers,
128 DataReductionProxyInfo* data_reduction_proxy_info) { 179 DataReductionProxyInfo* data_reduction_proxy_info) {
129 DCHECK(data_reduction_proxy_info); 180 DCHECK(data_reduction_proxy_info);
130 if (ParseHeadersAndSetProxyInfo(headers, data_reduction_proxy_info)) { 181 if (ParseHeadersAndSetProxyInfo(headers, data_reduction_proxy_info)) {
(...skipping 13 matching lines...) Expand all
144 if (headers->response_code() == net::HTTP_BAD_GATEWAY) 195 if (headers->response_code() == net::HTTP_BAD_GATEWAY)
145 return ProxyService::STATUS_502_HTTP_BAD_GATEWAY; 196 return ProxyService::STATUS_502_HTTP_BAD_GATEWAY;
146 if (headers->response_code() == net::HTTP_SERVICE_UNAVAILABLE) 197 if (headers->response_code() == net::HTTP_SERVICE_UNAVAILABLE)
147 return ProxyService::STATUS_503_HTTP_SERVICE_UNAVAILABLE; 198 return ProxyService::STATUS_503_HTTP_SERVICE_UNAVAILABLE;
148 // TODO(kundaji): Bypass if Proxy-Authenticate header value cannot be 199 // TODO(kundaji): Bypass if Proxy-Authenticate header value cannot be
149 // interpreted by data reduction proxy. 200 // interpreted by data reduction proxy.
150 if (headers->response_code() == net::HTTP_PROXY_AUTHENTICATION_REQUIRED && 201 if (headers->response_code() == net::HTTP_PROXY_AUTHENTICATION_REQUIRED &&
151 !headers->HasHeader("Proxy-Authenticate")) { 202 !headers->HasHeader("Proxy-Authenticate")) {
152 return ProxyService::MALFORMED_407; 203 return ProxyService::MALFORMED_407;
153 } 204 }
154 if (!HasDataReductionProxyViaHeader(headers) && 205 if (!HasDataReductionProxyViaHeader(headers, NULL) &&
155 (headers->response_code() != net::HTTP_NOT_MODIFIED)) { 206 (headers->response_code() != net::HTTP_NOT_MODIFIED)) {
156 // A Via header might not be present in a 304. Since the goal of a 304 207 // A Via header might not be present in a 304. Since the goal of a 304
157 // response is to minimize information transfer, a sender in general 208 // response is to minimize information transfer, a sender in general
158 // should not generate representation metadata other than Cache-Control, 209 // should not generate representation metadata other than Cache-Control,
159 // Content-Location, Date, ETag, Expires, and Vary. 210 // Content-Location, Date, ETag, Expires, and Vary.
160 211
161 // The proxy Via header might also not be present in a 4xx response. 212 // The proxy Via header might also not be present in a 4xx response.
162 // Separate this case from other responses that are missing the header. 213 // Separate this case from other responses that are missing the header.
163 if (headers->response_code() >= net::HTTP_BAD_REQUEST && 214 if (headers->response_code() >= net::HTTP_BAD_REQUEST &&
164 headers->response_code() < net::HTTP_INTERNAL_SERVER_ERROR) { 215 headers->response_code() < net::HTTP_INTERNAL_SERVER_ERROR) {
165 return ProxyService::MISSING_VIA_HEADER_4XX; 216 return ProxyService::MISSING_VIA_HEADER_4XX;
166 } 217 }
167 return ProxyService::MISSING_VIA_HEADER_OTHER; 218 return ProxyService::MISSING_VIA_HEADER_OTHER;
168 } 219 }
169 // There is no bypass event. 220 // There is no bypass event.
170 return ProxyService::BYPASS_EVENT_TYPE_MAX; 221 return ProxyService::BYPASS_EVENT_TYPE_MAX;
171 } 222 }
172 223
224 bool GetDataReductionProxyActionFingerprintChromeProxy(
225 const net::HttpResponseHeaders* headers,
226 std::string* chrome_proxy_fingerprint) {
227 return GetDataReductionProxyActionValue(
228 headers,
229 kChromeProxyActionFingerprintChromeProxy,
230 chrome_proxy_fingerprint);
231 }
232
233 bool GetDataReductionProxyActionFingerprintVia(
234 const net::HttpResponseHeaders* headers,
235 std::string* via_fingerprint) {
236 return GetDataReductionProxyActionValue(
237 headers,
238 kChromeProxyActionFingerprintVia,
239 via_fingerprint);
240 }
241
242 bool GetDataReductionProxyActionFingerprintOtherHeaders(
243 const net::HttpResponseHeaders* headers,
244 std::string* other_headers_fingerprint) {
245 return GetDataReductionProxyActionValue(
246 headers,
247 kChromeProxyActionFingerprintOtherHeaders,
248 other_headers_fingerprint);
249 }
250
251 bool GetDataReductionProxyActionFingerprintContentLength(
252 const net::HttpResponseHeaders* headers,
253 std::string* content_length_fingerprint) {
254 return GetDataReductionProxyActionValue(
255 headers,
256 kChromeProxyActionFingerprintContentLength,
257 content_length_fingerprint);
258 }
259
260 void GetDataReductionProxyHeaderWithFingerprintRemoved(
261 const net::HttpResponseHeaders* headers,
262 std::vector<std::string>* values) {
263 DCHECK(values);
264 std::string chrome_proxy_fingerprint_prefix = std::string(
265 kChromeProxyActionFingerprintChromeProxy) + kActionValueDelimiter;
266
267 std::string value;
268 void* iter = NULL;
269 while (headers->EnumerateHeader(&iter, kChromeProxyHeader, &value)) {
270 if (!LowerCaseEqualsASCII(
271 value.begin(),
272 value.begin() + chrome_proxy_fingerprint_prefix.size(),
273 chrome_proxy_fingerprint_prefix.c_str())) {
274 values->push_back(value);
275 }
276 }
277 }
278
173 } // namespace data_reduction_proxy 279 } // namespace data_reduction_proxy
OLDNEW

Powered by Google App Engine
This is Rietveld 408576698