Chromium Code Reviews Chromium Code Reviews
Issue 826423009:
Treat HSTS and HPKP state independently. (Closed)
Base URL: https://chromium.googlesource.com/chromium/src.git@master| OLD | NEW |
|---|---|
| 1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. | 1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. |
| 2 // Use of this source code is governed by a BSD-style license that can be | 2 // Use of this source code is governed by a BSD-style license that can be |
| 3 // found in the LICENSE file. | 3 // found in the LICENSE file. |
| 4 | 4 |
| 5 #ifndef NET_HTTP_TRANSPORT_SECURITY_STATE_H_ | 5 #ifndef NET_HTTP_TRANSPORT_SECURITY_STATE_H_ |
| 6 #define NET_HTTP_TRANSPORT_SECURITY_STATE_H_ | 6 #define NET_HTTP_TRANSPORT_SECURITY_STATE_H_ |
| 7 | 7 |
| 8 #include <map> | 8 #include <map> |
| 9 #include <string> | 9 #include <string> |
| 10 #include <utility> | 10 #include <utility> |
| (...skipping 32 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... | |
| 43 | 43 |
| 44 protected: | 44 protected: |
| 45 virtual ~Delegate() {} | 45 virtual ~Delegate() {} |
| 46 }; | 46 }; |
| 47 | 47 |
| 48 TransportSecurityState(); | 48 TransportSecurityState(); |
| 49 ~TransportSecurityState(); | 49 ~TransportSecurityState(); |
| 50 | 50 |
| 51 // A DomainState describes the transport security state (required upgrade | 51 // A DomainState describes the transport security state (required upgrade |
| 52 // to HTTPS, and/or any public key pins). | 52 // to HTTPS, and/or any public key pins). |
| 53 // | |
| 54 // TODO(davidben): STSState and PKPState are queried and processed | |
| 55 // independently (with the exception of ShouldSSLErrorsBeFatal triggering on | |
| 56 // both and on-disk storage). DomainState should be split into the two. | |
| 53 class NET_EXPORT DomainState { | 57 class NET_EXPORT DomainState { |
| 54 public: | 58 public: |
| 55 enum UpgradeMode { | 59 enum UpgradeMode { |
| 56 // These numbers must match those in hsts_view.js, function modeToString. | 60 // These numbers must match those in hsts_view.js, function modeToString. |
| 57 MODE_FORCE_HTTPS = 0, | 61 MODE_FORCE_HTTPS = 0, |
| 58 MODE_DEFAULT = 1, | 62 MODE_DEFAULT = 1, |
| 59 }; | 63 }; |
| 60 | 64 |
| 61 DomainState(); | 65 DomainState(); |
| 62 ~DomainState(); | 66 ~DomainState(); |
| 63 | 67 |
| 64 struct STSState { | 68 struct STSState { |
| 69 STSState(); | |
| 70 ~STSState(); | |
| 71 | |
| 65 // The absolute time (UTC) when the |upgrade_mode| (and other state) was | 72 // The absolute time (UTC) when the |upgrade_mode| (and other state) was |
| 66 // observed. | 73 // observed. |
| 67 base::Time last_observed; | 74 base::Time last_observed; |
| 68 | 75 |
| 69 // The absolute time (UTC) when the |upgrade_mode|, if set to | 76 // The absolute time (UTC) when the |upgrade_mode|, if set to |
| 70 // MODE_FORCE_HTTPS, downgrades to MODE_DEFAULT. | 77 // MODE_FORCE_HTTPS, downgrades to MODE_DEFAULT. |
| 71 base::Time expiry; | 78 base::Time expiry; |
| 72 | 79 |
| 73 UpgradeMode upgrade_mode; | 80 UpgradeMode upgrade_mode; |
| 74 | 81 |
| 75 // Are subdomains subject to this policy state? | 82 // Are subdomains subject to this policy state? |
| 76 bool include_subdomains; | 83 bool include_subdomains; |
| 84 | |
| 85 // The following members are not valid when stored in |enabled_hosts_|: | |
|
Ryan Sleevi
2015/01/13 21:56:40
This is a public structure, so what does it mean t
davidben
2015/01/13 23:30:47
(I just copied this from below. :-P) Moved the com
| |
| 86 | |
| 87 // The domain which matched during a search for this DomainState entry. | |
| 88 // Updated by |GetDynamicDomainState| and |GetStaticDomainState|. | |
| 89 std::string domain; | |
| 77 }; | 90 }; |
| 78 | 91 |
| 79 struct PKPState { | 92 struct PKPState { |
| 80 PKPState(); | 93 PKPState(); |
| 81 ~PKPState(); | 94 ~PKPState(); |
| 82 | 95 |
| 83 // The absolute time (UTC) when the |spki_hashes| (and other state) were | 96 // The absolute time (UTC) when the |spki_hashes| (and other state) were |
| 84 // observed. | 97 // observed. |
| 85 base::Time last_observed; | 98 base::Time last_observed; |
| 86 | 99 |
| 87 // The absolute time (UTC) when the |spki_hashes| expire. | 100 // The absolute time (UTC) when the |spki_hashes| expire. |
| 88 base::Time expiry; | 101 base::Time expiry; |
| 89 | 102 |
| 90 // Optional; hashes of pinned SubjectPublicKeyInfos. | 103 // Optional; hashes of pinned SubjectPublicKeyInfos. |
| 91 HashValueVector spki_hashes; | 104 HashValueVector spki_hashes; |
| 92 | 105 |
| 93 // Optional; hashes of static known-bad SubjectPublicKeyInfos which MUST | 106 // Optional; hashes of static known-bad SubjectPublicKeyInfos which MUST |
| 94 // NOT intersect with the set of SPKIs in the TLS server's certificate | 107 // NOT intersect with the set of SPKIs in the TLS server's certificate |
| 95 // chain. | 108 // chain. |
| 96 HashValueVector bad_spki_hashes; | 109 HashValueVector bad_spki_hashes; |
| 97 | 110 |
| 98 // Are subdomains subject to this policy state? | 111 // Are subdomains subject to this policy state? |
| 99 bool include_subdomains; | 112 bool include_subdomains; |
| 113 | |
| 114 // The following members are not valid when stored in |enabled_hosts_|: | |
| 115 | |
| 116 // The domain which matched during a search for this DomainState entry. | |
| 117 // Updated by |GetDynamicDomainState| and |GetStaticDomainState|. | |
| 118 std::string domain; | |
| 100 }; | 119 }; |
| 101 | 120 |
| 102 // Takes a set of SubjectPublicKeyInfo |hashes| and returns true if: | 121 // Takes a set of SubjectPublicKeyInfo |hashes| and returns true if: |
| 103 // 1) |bad_static_spki_hashes| does not intersect |hashes|; AND | 122 // 1) |bad_static_spki_hashes| does not intersect |hashes|; AND |
| 104 // 2) Both |static_spki_hashes| and |dynamic_spki_hashes| are empty | 123 // 2) Both |static_spki_hashes| and |dynamic_spki_hashes| are empty |
| 105 // or at least one of them intersects |hashes|. | 124 // or at least one of them intersects |hashes|. |
| 106 // | 125 // |
| 107 // |{dynamic,static}_spki_hashes| contain trustworthy public key hashes, | 126 // |{dynamic,static}_spki_hashes| contain trustworthy public key hashes, |
| 108 // any one of which is sufficient to validate the certificate chain in | 127 // any one of which is sufficient to validate the certificate chain in |
| 109 // question. The public keys could be of a root CA, intermediate CA, or | 128 // question. The public keys could be of a root CA, intermediate CA, or |
| (...skipping 16 matching lines...) Expand all Loading... | |
| 126 // ShouldUpgradeToSSL returns true iff HTTP requests should be internally | 145 // ShouldUpgradeToSSL returns true iff HTTP requests should be internally |
| 127 // redirected to HTTPS (also if WS should be upgraded to WSS). | 146 // redirected to HTTPS (also if WS should be upgraded to WSS). |
| 128 bool ShouldUpgradeToSSL() const; | 147 bool ShouldUpgradeToSSL() const; |
| 129 | 148 |
| 130 // ShouldSSLErrorsBeFatal returns true iff HTTPS errors should cause | 149 // ShouldSSLErrorsBeFatal returns true iff HTTPS errors should cause |
| 131 // hard-fail behavior (e.g. if HSTS is set for the domain). | 150 // hard-fail behavior (e.g. if HSTS is set for the domain). |
| 132 bool ShouldSSLErrorsBeFatal() const; | 151 bool ShouldSSLErrorsBeFatal() const; |
| 133 | 152 |
| 134 STSState sts; | 153 STSState sts; |
| 135 PKPState pkp; | 154 PKPState pkp; |
| 136 | |
| 137 // The following members are not valid when stored in |enabled_hosts_|: | |
| 138 | |
| 139 // The domain which matched during a search for this DomainState entry. | |
| 140 // Updated by |GetDynamicDomainState| and |GetStaticDomainState|. | |
| 141 std::string domain; | |
| 142 }; | 155 }; |
| 143 | 156 |
| 144 class NET_EXPORT Iterator { | 157 class NET_EXPORT Iterator { |
| 145 public: | 158 public: |
| 146 explicit Iterator(const TransportSecurityState& state); | 159 explicit Iterator(const TransportSecurityState& state); |
| 147 ~Iterator(); | 160 ~Iterator(); |
| 148 | 161 |
| 149 bool HasNext() const { return iterator_ != end_; } | 162 bool HasNext() const { return iterator_ != end_; } |
| 150 void Advance() { ++iterator_; } | 163 void Advance() { ++iterator_; } |
| 151 const std::string& hostname() const { return iterator_->first; } | 164 const std::string& hostname() const { return iterator_->first; } |
| (...skipping 48 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... | |
| 200 // Deletes any dynamic data stored for |host| (e.g. HSTS or HPKP data). | 213 // Deletes any dynamic data stored for |host| (e.g. HSTS or HPKP data). |
| 201 // If |host| doesn't have an exact entry then no action is taken. Does | 214 // If |host| doesn't have an exact entry then no action is taken. Does |
| 202 // not delete static (i.e. preloaded) data. Returns true iff an entry | 215 // not delete static (i.e. preloaded) data. Returns true iff an entry |
| 203 // was deleted. | 216 // was deleted. |
| 204 // | 217 // |
| 205 // If an entry is deleted, the new state will be persisted through | 218 // If an entry is deleted, the new state will be persisted through |
| 206 // the Delegate (if any). | 219 // the Delegate (if any). |
| 207 bool DeleteDynamicDataForHost(const std::string& host); | 220 bool DeleteDynamicDataForHost(const std::string& host); |
| 208 | 221 |
| 209 // Returns true and updates |*result| iff there is a static (built-in) | 222 // Returns true and updates |*result| iff there is a static (built-in) |
| 210 // DomainState for |host|. | 223 // DomainState for |host|. If multiple entries match |host|, the most specific |
| 211 // | 224 // match determines the return value. |
| 212 // If |host| matches both an exact entry and is a subdomain of another entry, | 225 bool GetStaticDomainState(const std::string& host, DomainState* result) const; |
| 213 // the exact match determines the return value. | 226 |
| 227 // Returns true and updates |*result| iff |host| has HSTS or HPKP state (or | |
| 228 // both). The two are queried independently and combined into a single | |
| 229 // DomainState. If multiple HSTS (respectively, HPKP) entries match |host|, | |
| 230 // the most specific match determines the HSTS (respectively, HPKP) portion of | |
| 231 // the return value. | |
| 214 // | 232 // |
| 215 // Note that this method is not const because it opportunistically removes | 233 // Note that this method is not const because it opportunistically removes |
| 216 // entries that have expired. | 234 // entries that have expired. |
| 217 bool GetStaticDomainState(const std::string& host, DomainState* result) const; | |
| 218 | |
| 219 // Returns true and updates |*result| iff there is a dynamic DomainState | |
| 220 // (learned from HSTS or HPKP headers, or set by the user, or other means) for | |
| 221 // |host|. | |
| 222 // | 235 // |
| 223 // If |host| matches both an exact entry and is a subdomain of another entry, | 236 // TODO(davidben): STSState and PKPState should be queried independently at |
| 224 // the exact match determines the return value. | 237 // the API level too. |
| 225 // | |
| 226 // Note that this method is not const because it opportunistically removes | |
| 227 // entries that have expired. | |
| 228 bool GetDynamicDomainState(const std::string& host, DomainState* result); | 238 bool GetDynamicDomainState(const std::string& host, DomainState* result); |
| 229 | 239 |
| 230 // Processes an HSTS header value from the host, adding entries to | 240 // Processes an HSTS header value from the host, adding entries to |
| 231 // dynamic state if necessary. | 241 // dynamic state if necessary. |
| 232 bool AddHSTSHeader(const std::string& host, const std::string& value); | 242 bool AddHSTSHeader(const std::string& host, const std::string& value); |
| 233 | 243 |
| 234 // Processes an HPKP header value from the host, adding entries to | 244 // Processes an HPKP header value from the host, adding entries to |
| 235 // dynamic state if necessary. ssl_info is used to check that | 245 // dynamic state if necessary. ssl_info is used to check that |
| 236 // the specified pins overlap with the certificate chain. | 246 // the specified pins overlap with the certificate chain. |
| 237 bool AddHPKPHeader(const std::string& host, const std::string& value, | 247 bool AddHPKPHeader(const std::string& host, const std::string& value, |
| 238 const SSLInfo& ssl_info); | 248 const SSLInfo& ssl_info); |
| 239 | 249 |
| 240 // Adds explicitly-specified data as if it was processed from an | 250 // Adds explicitly-specified data as if it was processed from an |
| 241 // HSTS header (used for net-internals and unit tests). | 251 // HSTS header (used for net-internals and unit tests). |
| 242 bool AddHSTS(const std::string& host, const base::Time& expiry, | 252 void AddHSTS(const std::string& host, |
| 253 const base::Time& expiry, | |
| 243 bool include_subdomains); | 254 bool include_subdomains); |
| 244 | 255 |
| 245 // Adds explicitly-specified data as if it was processed from an | 256 // Adds explicitly-specified data as if it was processed from an |
| 246 // HPKP header (used for net-internals and unit tests). | 257 // HPKP header (used for net-internals and unit tests). |
| 247 bool AddHPKP(const std::string& host, const base::Time& expiry, | 258 void AddHPKP(const std::string& host, |
| 248 bool include_subdomains, const HashValueVector& hashes); | 259 const base::Time& expiry, |
| 260 bool include_subdomains, | |
| 261 const HashValueVector& hashes); | |
| 249 | 262 |
| 250 // Returns true iff we have any static public key pins for the |host| and | 263 // Returns true iff we have any static public key pins for the |host| and |
| 251 // iff its set of required pins is the set we expect for Google | 264 // iff its set of required pins is the set we expect for Google |
| 252 // properties. | 265 // properties. |
| 253 // | 266 // |
| 254 // If |host| matches both an exact entry and is a subdomain of another | 267 // If |host| matches both an exact entry and is a subdomain of another |
| 255 // entry, the exact match determines the return value. | 268 // entry, the exact match determines the return value. |
| 256 static bool IsGooglePinnedProperty(const std::string& host); | 269 static bool IsGooglePinnedProperty(const std::string& host); |
| 257 | 270 |
| 258 // The maximum number of seconds for which we'll cache an HSTS request. | 271 // The maximum number of seconds for which we'll cache an HSTS request. |
| (...skipping 24 matching lines...) Expand all Loading... | |
| 283 | 296 |
| 284 // Helper method for actually checking pins. | 297 // Helper method for actually checking pins. |
| 285 bool CheckPublicKeyPinsImpl(const std::string& host, | 298 bool CheckPublicKeyPinsImpl(const std::string& host, |
| 286 const HashValueVector& hashes, | 299 const HashValueVector& hashes, |
| 287 std::string* failure_log); | 300 std::string* failure_log); |
| 288 | 301 |
| 289 // If a Delegate is present, notify it that the internal state has | 302 // If a Delegate is present, notify it that the internal state has |
| 290 // changed. | 303 // changed. |
| 291 void DirtyNotify(); | 304 void DirtyNotify(); |
| 292 | 305 |
| 306 // Adds HSTS state to |host|. | |
| 307 void AddHSTSInternal(const std::string& host, | |
| 308 DomainState::UpgradeMode upgrade_mode, | |
| 309 const base::Time& expiry, | |
| 310 bool include_subdomains); | |
| 311 | |
| 312 // Adds HPKP state to |host|. | |
| 313 void AddHPKPInternal(const std::string& host, | |
| 314 const base::Time& last_observed, | |
| 315 const base::Time& expiry, | |
| 316 bool include_subdomains, | |
| 317 const HashValueVector& hashes); | |
| 318 | |
| 293 // Enable TransportSecurity for |host|. |state| supercedes any previous | 319 // Enable TransportSecurity for |host|. |state| supercedes any previous |
| 294 // state for the |host|, including static entries. | 320 // state for the |host|, including static entries. |
| 295 // | 321 // |
| 296 // The new state for |host| is persisted using the Delegate (if any). | 322 // The new state for |host| is persisted using the Delegate (if any). |
| 297 void EnableHost(const std::string& host, const DomainState& state); | 323 void EnableHost(const std::string& host, const DomainState& state); |
| 298 | 324 |
| 299 // Converts |hostname| from dotted form ("www.google.com") to the form | 325 // Converts |hostname| from dotted form ("www.google.com") to the form |
| 300 // used in DNS: "\x03www\x06google\x03com", lowercases that, and returns | 326 // used in DNS: "\x03www\x06google\x03com", lowercases that, and returns |
| 301 // the result. | 327 // the result. |
| 302 static std::string CanonicalizeHost(const std::string& hostname); | 328 static std::string CanonicalizeHost(const std::string& hostname); |
| 303 | 329 |
| 304 // The set of hosts that have enabled TransportSecurity. | 330 // The set of hosts that have enabled TransportSecurity. |
| 305 DomainStateMap enabled_hosts_; | 331 DomainStateMap enabled_hosts_; |
| 306 | 332 |
| 307 Delegate* delegate_; | 333 Delegate* delegate_; |
| 308 | 334 |
| 309 // True if static pins should be used. | 335 // True if static pins should be used. |
| 310 bool enable_static_pins_; | 336 bool enable_static_pins_; |
| 311 | 337 |
| 312 DISALLOW_COPY_AND_ASSIGN(TransportSecurityState); | 338 DISALLOW_COPY_AND_ASSIGN(TransportSecurityState); |
| 313 }; | 339 }; |
| 314 | 340 |
| 315 } // namespace net | 341 } // namespace net |
| 316 | 342 |
| 317 #endif // NET_HTTP_TRANSPORT_SECURITY_STATE_H_ | 343 #endif // NET_HTTP_TRANSPORT_SECURITY_STATE_H_ |
| OLD | NEW |
