Chromium Code Reviews Chromium Code Reviews
Issue 433123003:
Centralize the logic for checking public key pins (Closed)
Base URL: svn://svn.chromium.org/chrome/trunk/src| OLD | NEW |
|---|---|
| 1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. | 1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. |
| 2 // Use of this source code is governed by a BSD-style license that can be | 2 // Use of this source code is governed by a BSD-style license that can be |
| 3 // found in the LICENSE file. | 3 // found in the LICENSE file. |
| 4 | 4 |
| 5 #include "net/http/transport_security_state.h" | 5 #include "net/http/transport_security_state.h" |
| 6 | 6 |
| 7 #if defined(USE_OPENSSL) | 7 #if defined(USE_OPENSSL) |
| 8 #include <openssl/ecdsa.h> | 8 #include <openssl/ecdsa.h> |
| 9 #include <openssl/ssl.h> | 9 #include <openssl/ssl.h> |
| 10 #else // !defined(USE_OPENSSL) | 10 #else // !defined(USE_OPENSSL) |
| (...skipping 648 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... | |
| 659 if (max_age.InSeconds() == 0) | 659 if (max_age.InSeconds() == 0) |
| 660 domain_state.pkp.spki_hashes.clear(); | 660 domain_state.pkp.spki_hashes.clear(); |
| 661 domain_state.pkp.last_observed = now; | 661 domain_state.pkp.last_observed = now; |
| 662 domain_state.pkp.expiry = now + max_age; | 662 domain_state.pkp.expiry = now + max_age; |
| 663 EnableHost(host, domain_state); | 663 EnableHost(host, domain_state); |
| 664 return true; | 664 return true; |
| 665 } | 665 } |
| 666 return false; | 666 return false; |
| 667 } | 667 } |
| 668 | 668 |
| 669 bool TransportSecurityState::VerifyPinning( | |
| 670 const HashValueVector& public_key_hashes, | |
| 671 bool is_issued_by_known_root, | |
| 672 bool sni_available, | |
| 673 const std::string& host, | |
| 674 std::string* pinning_failure_log) { | |
| 675 #if !defined(OFFICIAL_BUILD) || defined(OS_ANDROID) || defined(OS_IOS) | |
| 676 return true; | |
|
Ryan Sleevi
2014/08/07 18:58:41
// TODO(rsleevi): http://crbug.com/391035 - Enable
Ryan Hamilton
2014/08/07 22:07:12
Done.
| |
| 677 #else | |
| 678 // Take care of any mandates for public key pinning. | |
| 679 // | |
| 680 // Pinning is only enabled for official builds to make sure that others don't | |
| 681 // end up with pins that cannot be easily updated. | |
|
Ryan Sleevi
2014/08/07 18:58:41
// TODO(rsleevi): http://crbug.com/391035 - Only d
Ryan Hamilton
2014/08/07 22:07:12
Done.
| |
| 682 // | |
| 683 // TODO(agl): We might have an issue here where a request for foo.example.com | |
| 684 // merges into a SPDY connection to www.example.com, and gets a different | |
| 685 // certificate. | |
|
Ryan Sleevi
2014/08/07 18:58:41
This TODO(agl) no longer applies, does it?
Ryan Hamilton
2014/08/07 22:07:11
Done.
| |
| 686 | |
| 687 // Perform pin validation if, and only if, all these conditions obtain: | |
| 688 // | |
| 689 // * a TransportSecurityState object is available; | |
| 690 // * the server's certificate chain is valid (or suffers from only a minor | |
| 691 // error); | |
|
Ryan Sleevi
2014/08/07 18:58:41
This bullet is no longer correct - this is handled
Ryan Hamilton
2014/08/07 22:07:11
Done. (As is the previous bullet)
| |
| 692 // * the server's certificate chain chains up to a known root (i.e. not a | |
| 693 // user-installed trust anchor); and | |
| 694 // * the build is recent (very old builds should fail open so that users | |
| 695 // have some chance to recover). | |
| 696 // | |
| 697 if (!is_issued_by_known_root || | |
| 698 !TransportSecurityState::IsBuildTimely() || | |
| 699 !HasPublicKeyPins(host, sni_available)) { | |
| 700 return true; | |
| 701 } | |
| 702 | |
| 703 if (CheckPublicKeyPins(host, | |
| 704 sni_available, | |
| 705 public_key_hashes, | |
| 706 pinning_failure_log)) { | |
| 707 UMA_HISTOGRAM_BOOLEAN("Net.PublicKeyPinSuccess", true); | |
| 708 return true; | |
| 709 } | |
| 710 | |
| 711 LOG(ERROR) << *pinning_failure_log; | |
| 712 UMA_HISTOGRAM_BOOLEAN("Net.PublicKeyPinSuccess", false); | |
| 713 TransportSecurityState::ReportUMAOnPinFailure(host); | |
|
Ryan Sleevi
2014/08/07 18:58:41
No need for ReportUMAOnPinFailure to be public sta
Ryan Hamilton
2014/08/07 22:07:11
Done. Same for IsBuildTimely()
| |
| 714 return false; | |
| 715 #endif | |
| 716 } | |
| 717 | |
| 669 bool TransportSecurityState::AddHSTS(const std::string& host, | 718 bool TransportSecurityState::AddHSTS(const std::string& host, |
| 670 const base::Time& expiry, | 719 const base::Time& expiry, |
| 671 bool include_subdomains) { | 720 bool include_subdomains) { |
| 672 DCHECK(CalledOnValidThread()); | 721 DCHECK(CalledOnValidThread()); |
| 673 | 722 |
| 674 // Copy-and-modify the existing DomainState for this host (if any). | 723 // Copy-and-modify the existing DomainState for this host (if any). |
| 675 TransportSecurityState::DomainState domain_state; | 724 TransportSecurityState::DomainState domain_state; |
| 676 const std::string canonicalized_host = CanonicalizeHost(host); | 725 const std::string canonicalized_host = CanonicalizeHost(host); |
| 677 const std::string hashed_host = HashHost(canonicalized_host); | 726 const std::string hashed_host = HashHost(canonicalized_host); |
| 678 DomainStateMap::const_iterator i = enabled_hosts_.find( | 727 DomainStateMap::const_iterator i = enabled_hosts_.find( |
| (...skipping 222 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... | |
| 901 return pkp.spki_hashes.size() > 0 || pkp.bad_spki_hashes.size() > 0; | 950 return pkp.spki_hashes.size() > 0 || pkp.bad_spki_hashes.size() > 0; |
| 902 } | 951 } |
| 903 | 952 |
| 904 TransportSecurityState::DomainState::PKPState::PKPState() { | 953 TransportSecurityState::DomainState::PKPState::PKPState() { |
| 905 } | 954 } |
| 906 | 955 |
| 907 TransportSecurityState::DomainState::PKPState::~PKPState() { | 956 TransportSecurityState::DomainState::PKPState::~PKPState() { |
| 908 } | 957 } |
| 909 | 958 |
| 910 } // namespace | 959 } // namespace |
| OLD | NEW |
