Chromium Code Reviews
chromiumcodereview-hr@appspot.gserviceaccount.com (chromiumcodereview-hr) | Please choose your nickname with Settings | Help | Chromium Project | Gerrit Changes | Sign out
(54)

Side by Side Diff: net/http/transport_security_state.cc

Issue 433123003: Centralize the logic for checking public key pins (Closed) Base URL: svn://svn.chromium.org/chrome/trunk/src
Patch Set: fix comments from agl Created 6 years, 4 months ago
Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.
Jump to:
View unified diff | Download patch | Annotate | Revision Log
OLDNEW
1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. 1 // Copyright (c) 2012 The Chromium Authors. All rights reserved.
2 // Use of this source code is governed by a BSD-style license that can be 2 // Use of this source code is governed by a BSD-style license that can be
3 // found in the LICENSE file. 3 // found in the LICENSE file.
4 4
5 #include "net/http/transport_security_state.h" 5 #include "net/http/transport_security_state.h"
6 6
7 #if defined(USE_OPENSSL) 7 #if defined(USE_OPENSSL)
8 #include <openssl/ecdsa.h> 8 #include <openssl/ecdsa.h>
9 #include <openssl/ssl.h> 9 #include <openssl/ssl.h>
10 #else // !defined(USE_OPENSSL) 10 #else // !defined(USE_OPENSSL)
(...skipping 648 matching lines...) Expand 10 before | Expand all | Expand 10 after
659 if (max_age.InSeconds() == 0) 659 if (max_age.InSeconds() == 0)
660 domain_state.pkp.spki_hashes.clear(); 660 domain_state.pkp.spki_hashes.clear();
661 domain_state.pkp.last_observed = now; 661 domain_state.pkp.last_observed = now;
662 domain_state.pkp.expiry = now + max_age; 662 domain_state.pkp.expiry = now + max_age;
663 EnableHost(host, domain_state); 663 EnableHost(host, domain_state);
664 return true; 664 return true;
665 } 665 }
666 return false; 666 return false;
667 } 667 }
668 668
669 bool TransportSecurityState::VerifyPinning(
670 const HashValueVector& public_key_hashes,
671 bool is_issued_by_known_root,
672 bool sni_available,
673 const std::string& host,
674 std::string* pinning_failure_log) {
675 #if !defined(OFFICIAL_BUILD) || defined(OS_ANDROID) || defined(OS_IOS)
676 return true;
Ryan Sleevi 2014/08/07 18:58:41 // TODO(rsleevi): http://crbug.com/391035 - Enable
Ryan Hamilton 2014/08/07 22:07:12 Done.
677 #else
678 // Take care of any mandates for public key pinning.
679 //
680 // Pinning is only enabled for official builds to make sure that others don't
681 // end up with pins that cannot be easily updated.
Ryan Sleevi 2014/08/07 18:58:41 // TODO(rsleevi): http://crbug.com/391035 - Only d
Ryan Hamilton 2014/08/07 22:07:12 Done.
682 //
683 // TODO(agl): We might have an issue here where a request for foo.example.com
684 // merges into a SPDY connection to www.example.com, and gets a different
685 // certificate.
Ryan Sleevi 2014/08/07 18:58:41 This TODO(agl) no longer applies, does it?
Ryan Hamilton 2014/08/07 22:07:11 Done.
686
687 // Perform pin validation if, and only if, all these conditions obtain:
688 //
689 // * a TransportSecurityState object is available;
690 // * the server's certificate chain is valid (or suffers from only a minor
691 // error);
Ryan Sleevi 2014/08/07 18:58:41 This bullet is no longer correct - this is handled
Ryan Hamilton 2014/08/07 22:07:11 Done. (As is the previous bullet)
692 // * the server's certificate chain chains up to a known root (i.e. not a
693 // user-installed trust anchor); and
694 // * the build is recent (very old builds should fail open so that users
695 // have some chance to recover).
696 //
697 if (!is_issued_by_known_root ||
698 !TransportSecurityState::IsBuildTimely() ||
699 !HasPublicKeyPins(host, sni_available)) {
700 return true;
701 }
702
703 if (CheckPublicKeyPins(host,
704 sni_available,
705 public_key_hashes,
706 pinning_failure_log)) {
707 UMA_HISTOGRAM_BOOLEAN("Net.PublicKeyPinSuccess", true);
708 return true;
709 }
710
711 LOG(ERROR) << *pinning_failure_log;
712 UMA_HISTOGRAM_BOOLEAN("Net.PublicKeyPinSuccess", false);
713 TransportSecurityState::ReportUMAOnPinFailure(host);
Ryan Sleevi 2014/08/07 18:58:41 No need for ReportUMAOnPinFailure to be public sta
Ryan Hamilton 2014/08/07 22:07:11 Done. Same for IsBuildTimely()
714 return false;
715 #endif
716 }
717
669 bool TransportSecurityState::AddHSTS(const std::string& host, 718 bool TransportSecurityState::AddHSTS(const std::string& host,
670 const base::Time& expiry, 719 const base::Time& expiry,
671 bool include_subdomains) { 720 bool include_subdomains) {
672 DCHECK(CalledOnValidThread()); 721 DCHECK(CalledOnValidThread());
673 722
674 // Copy-and-modify the existing DomainState for this host (if any). 723 // Copy-and-modify the existing DomainState for this host (if any).
675 TransportSecurityState::DomainState domain_state; 724 TransportSecurityState::DomainState domain_state;
676 const std::string canonicalized_host = CanonicalizeHost(host); 725 const std::string canonicalized_host = CanonicalizeHost(host);
677 const std::string hashed_host = HashHost(canonicalized_host); 726 const std::string hashed_host = HashHost(canonicalized_host);
678 DomainStateMap::const_iterator i = enabled_hosts_.find( 727 DomainStateMap::const_iterator i = enabled_hosts_.find(
(...skipping 222 matching lines...) Expand 10 before | Expand all | Expand 10 after
901 return pkp.spki_hashes.size() > 0 || pkp.bad_spki_hashes.size() > 0; 950 return pkp.spki_hashes.size() > 0 || pkp.bad_spki_hashes.size() > 0;
902 } 951 }
903 952
904 TransportSecurityState::DomainState::PKPState::PKPState() { 953 TransportSecurityState::DomainState::PKPState::PKPState() {
905 } 954 }
906 955
907 TransportSecurityState::DomainState::PKPState::~PKPState() { 956 TransportSecurityState::DomainState::PKPState::~PKPState() {
908 } 957 }
909 958
910 } // namespace 959 } // namespace
OLDNEW

Powered by Google App Engine
This is Rietveld 408576698