DescriptionTreat HSTS and HPKP state independently.
Although we have historically, and in static preloads, treated HSTS and HPKP as
part of the same underlying mechanism, the new headers consider them completely
orthogonal. Our current implementation has bugs where, particular where
includeSubdomains is involved, HPKP and HSTS entries get mixed together. This
CL does the following:
- Include separate domain strings for HPKP and HSTS in the output of
GetDynamicDomainState. This allows net-internals to report on the two
separately.
- Switch tests to query TransportSecurityState's public API rather than
manipulate DomainState directly, to reduce dependency on it.
- Make AddHSTSHeader, AddHSTS, etc., follow the same codepath. Notably the
header variants called GetDynamicDomainState to get the template which means
an includeSubdomains HPKP state on a parent domain would get copied over.
- AddHPKPHeader no longer appends the old pins to the new set.
- Make DeleteAllDynamicDataSince clear STS and PKP state independently.
Notably, the old version would almost never drop DomainState entries because
pkp.last_observed would be uninitialized and never pass the check.
- Make GetDynamicDomainState stitch together the appropriate STS and PKP
results to form its output DomainState. This avoids includeSubdomains and
expiration from one mechanism interacting with that of another.
- Add tests for all this.
We should remove DomainState altogether and leave PKPState and STSState as
separate entities (with some consideration for how they were historically
stored on disk), but this CL leaves that alone for now.
BUG=444511
Committed: https://crrev.com/ffd3a3bf5a45013052f6ae319983a7a249f4db38
Cr-Commit-Position: refs/heads/master@{#311734}
Patch Set 1 #Patch Set 2 : Add another test and simplify some code. #Patch Set 3 : test header parsing too #
Total comments: 22
Patch Set 4 : rsleevi comments #
Messages
Total messages: 13 (3 generated)
|