OLD | NEW |
1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. | 1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. |
2 // Use of this source code is governed by a BSD-style license that can be | 2 // Use of this source code is governed by a BSD-style license that can be |
3 // found in the LICENSE file. | 3 // found in the LICENSE file. |
4 | 4 |
5 #include "chrome/browser/internal_auth.h" | 5 #include "chrome/browser/internal_auth.h" |
6 | 6 |
7 #include <algorithm> | 7 #include <algorithm> |
8 #include <deque> | 8 #include <deque> |
9 | 9 |
10 #include "base/base64.h" | 10 #include "base/base64.h" |
(...skipping 19 matching lines...) Expand all Loading... |
30 | 30 |
31 // Verification window size in ticks; that means any passport expires in | 31 // Verification window size in ticks; that means any passport expires in |
32 // (kVerificationWindowTicks * TickUs / kMicrosecondsPerSecond) seconds. | 32 // (kVerificationWindowTicks * TickUs / kMicrosecondsPerSecond) seconds. |
33 const int kVerificationWindowTicks = 2000; | 33 const int kVerificationWindowTicks = 2000; |
34 | 34 |
35 // Generation window determines how well we are able to cope with bursts of | 35 // Generation window determines how well we are able to cope with bursts of |
36 // GeneratePassport calls those exceed upper bound on average speed. | 36 // GeneratePassport calls those exceed upper bound on average speed. |
37 const int kGenerationWindowTicks = 20; | 37 const int kGenerationWindowTicks = 20; |
38 | 38 |
39 // Makes no sense to compare other way round. | 39 // Makes no sense to compare other way round. |
40 COMPILE_ASSERT(kGenerationWindowTicks <= kVerificationWindowTicks, | 40 static_assert(kGenerationWindowTicks <= kVerificationWindowTicks, |
41 makes_no_sense_to_have_generation_window_larger_than_verification_one); | 41 "generation window should not be larger than the verification window"); |
42 // We are not optimized for high value of kGenerationWindowTicks. | 42 // We are not optimized for high value of kGenerationWindowTicks. |
43 COMPILE_ASSERT(kGenerationWindowTicks < 30, too_large_generation_window); | 43 static_assert(kGenerationWindowTicks < 30, |
| 44 "generation window should not be too large"); |
44 | 45 |
45 // Regenerate key after this number of ticks. | 46 // Regenerate key after this number of ticks. |
46 const int kKeyRegenerationSoftTicks = 500000; | 47 const int kKeyRegenerationSoftTicks = 500000; |
47 // Reject passports if key has not been regenerated in that number of ticks. | 48 // Reject passports if key has not been regenerated in that number of ticks. |
48 const int kKeyRegenerationHardTicks = kKeyRegenerationSoftTicks * 2; | 49 const int kKeyRegenerationHardTicks = kKeyRegenerationSoftTicks * 2; |
49 | 50 |
50 // Limit for number of accepted var=value pairs. Feel free to bump this limit | 51 // Limit for number of accepted var=value pairs. Feel free to bump this limit |
51 // higher once needed. | 52 // higher once needed. |
52 const size_t kVarsLimit = 16; | 53 const size_t kVarsLimit = 16; |
53 | 54 |
(...skipping 38 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
92 base::IsStringUTF8(domain) && | 93 base::IsStringUTF8(domain) && |
93 domain.find_first_of(kItemSeparator) == std::string::npos; | 94 domain.find_first_of(kItemSeparator) == std::string::npos; |
94 } | 95 } |
95 | 96 |
96 bool IsVarSane(const std::string& var) { | 97 bool IsVarSane(const std::string& var) { |
97 static const char kAllowedChars[] = | 98 static const char kAllowedChars[] = |
98 "ABCDEFGHIJKLMNOPQRSTUVWXYZ" | 99 "ABCDEFGHIJKLMNOPQRSTUVWXYZ" |
99 "abcdefghijklmnopqrstuvwxyz" | 100 "abcdefghijklmnopqrstuvwxyz" |
100 "0123456789" | 101 "0123456789" |
101 "_"; | 102 "_"; |
102 COMPILE_ASSERT( | 103 static_assert( |
103 sizeof(kAllowedChars) == 26 + 26 + 10 + 1 + 1, some_mess_with_chars); | 104 sizeof(kAllowedChars) == 26 + 26 + 10 + 1 + 1, "some mess with chars"); |
104 // We must not allow kItemSeparator in anything used as an input to construct | 105 // We must not allow kItemSeparator in anything used as an input to construct |
105 // message to sign. | 106 // message to sign. |
106 DCHECK(std::find(kAllowedChars, kAllowedChars + arraysize(kAllowedChars), | 107 DCHECK(std::find(kAllowedChars, kAllowedChars + arraysize(kAllowedChars), |
107 kItemSeparator) == kAllowedChars + arraysize(kAllowedChars)); | 108 kItemSeparator) == kAllowedChars + arraysize(kAllowedChars)); |
108 DCHECK(std::find(kAllowedChars, kAllowedChars + arraysize(kAllowedChars), | 109 DCHECK(std::find(kAllowedChars, kAllowedChars + arraysize(kAllowedChars), |
109 kVarValueSeparator) == kAllowedChars + arraysize(kAllowedChars)); | 110 kVarValueSeparator) == kAllowedChars + arraysize(kAllowedChars)); |
110 return !var.empty() && | 111 return !var.empty() && |
111 var.size() <= kStringLengthLimit && | 112 var.size() <= kStringLengthLimit && |
112 base::IsStringASCII(var) && | 113 base::IsStringASCII(var) && |
113 var.find_first_not_of(kAllowedChars) == std::string::npos && | 114 var.find_first_not_of(kAllowedChars) == std::string::npos && |
(...skipping 351 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
465 const std::string& domain, const VarValueMap& var_value_map) { | 466 const std::string& domain, const VarValueMap& var_value_map) { |
466 return g_generation_service.Get().GeneratePassport(domain, var_value_map, 0); | 467 return g_generation_service.Get().GeneratePassport(domain, var_value_map, 0); |
467 } | 468 } |
468 | 469 |
469 // static | 470 // static |
470 void InternalAuthGeneration::GenerateNewKey() { | 471 void InternalAuthGeneration::GenerateNewKey() { |
471 g_generation_service.Get().GenerateNewKey(); | 472 g_generation_service.Get().GenerateNewKey(); |
472 } | 473 } |
473 | 474 |
474 } // namespace chrome | 475 } // namespace chrome |
OLD | NEW |