OLD | NEW |
---|---|
1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. | 1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. |
2 // Use of this source code is governed by a BSD-style license that can be | 2 // Use of this source code is governed by a BSD-style license that can be |
3 // found in the LICENSE file. | 3 // found in the LICENSE file. |
4 | 4 |
5 #ifndef NET_HTTP_TRANSPORT_SECURITY_STATE_H_ | 5 #ifndef NET_HTTP_TRANSPORT_SECURITY_STATE_H_ |
6 #define NET_HTTP_TRANSPORT_SECURITY_STATE_H_ | 6 #define NET_HTTP_TRANSPORT_SECURITY_STATE_H_ |
7 | 7 |
8 #include <map> | 8 #include <map> |
9 #include <string> | 9 #include <string> |
10 #include <utility> | 10 #include <utility> |
(...skipping 32 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... | |
43 | 43 |
44 protected: | 44 protected: |
45 virtual ~Delegate() {} | 45 virtual ~Delegate() {} |
46 }; | 46 }; |
47 | 47 |
48 TransportSecurityState(); | 48 TransportSecurityState(); |
49 ~TransportSecurityState(); | 49 ~TransportSecurityState(); |
50 | 50 |
51 // A DomainState describes the transport security state (required upgrade | 51 // A DomainState describes the transport security state (required upgrade |
52 // to HTTPS, and/or any public key pins). | 52 // to HTTPS, and/or any public key pins). |
53 // | |
54 // TODO(davidben): STSState and PKPState are queried and processed | |
55 // independently (with the exception of ShouldSSLErrorsBeFatal triggering on | |
56 // both and on-disk storage). DomainState should be split into the two. | |
53 class NET_EXPORT DomainState { | 57 class NET_EXPORT DomainState { |
54 public: | 58 public: |
55 enum UpgradeMode { | 59 enum UpgradeMode { |
56 // These numbers must match those in hsts_view.js, function modeToString. | 60 // These numbers must match those in hsts_view.js, function modeToString. |
57 MODE_FORCE_HTTPS = 0, | 61 MODE_FORCE_HTTPS = 0, |
58 MODE_DEFAULT = 1, | 62 MODE_DEFAULT = 1, |
59 }; | 63 }; |
60 | 64 |
61 DomainState(); | 65 DomainState(); |
62 ~DomainState(); | 66 ~DomainState(); |
63 | 67 |
64 struct STSState { | 68 struct STSState { |
69 STSState(); | |
70 ~STSState(); | |
71 | |
65 // The absolute time (UTC) when the |upgrade_mode| (and other state) was | 72 // The absolute time (UTC) when the |upgrade_mode| (and other state) was |
66 // observed. | 73 // observed. |
67 base::Time last_observed; | 74 base::Time last_observed; |
68 | 75 |
69 // The absolute time (UTC) when the |upgrade_mode|, if set to | 76 // The absolute time (UTC) when the |upgrade_mode|, if set to |
70 // MODE_FORCE_HTTPS, downgrades to MODE_DEFAULT. | 77 // MODE_FORCE_HTTPS, downgrades to MODE_DEFAULT. |
71 base::Time expiry; | 78 base::Time expiry; |
72 | 79 |
73 UpgradeMode upgrade_mode; | 80 UpgradeMode upgrade_mode; |
74 | 81 |
75 // Are subdomains subject to this policy state? | 82 // Are subdomains subject to this policy state? |
76 bool include_subdomains; | 83 bool include_subdomains; |
84 | |
85 // The following members are not valid when stored in |enabled_hosts_|: | |
Ryan Sleevi
2015/01/13 21:56:40
This is a public structure, so what does it mean t
davidben
2015/01/13 23:30:47
(I just copied this from below. :-P) Moved the com
| |
86 | |
87 // The domain which matched during a search for this DomainState entry. | |
88 // Updated by |GetDynamicDomainState| and |GetStaticDomainState|. | |
89 std::string domain; | |
77 }; | 90 }; |
78 | 91 |
79 struct PKPState { | 92 struct PKPState { |
80 PKPState(); | 93 PKPState(); |
81 ~PKPState(); | 94 ~PKPState(); |
82 | 95 |
83 // The absolute time (UTC) when the |spki_hashes| (and other state) were | 96 // The absolute time (UTC) when the |spki_hashes| (and other state) were |
84 // observed. | 97 // observed. |
85 base::Time last_observed; | 98 base::Time last_observed; |
86 | 99 |
87 // The absolute time (UTC) when the |spki_hashes| expire. | 100 // The absolute time (UTC) when the |spki_hashes| expire. |
88 base::Time expiry; | 101 base::Time expiry; |
89 | 102 |
90 // Optional; hashes of pinned SubjectPublicKeyInfos. | 103 // Optional; hashes of pinned SubjectPublicKeyInfos. |
91 HashValueVector spki_hashes; | 104 HashValueVector spki_hashes; |
92 | 105 |
93 // Optional; hashes of static known-bad SubjectPublicKeyInfos which MUST | 106 // Optional; hashes of static known-bad SubjectPublicKeyInfos which MUST |
94 // NOT intersect with the set of SPKIs in the TLS server's certificate | 107 // NOT intersect with the set of SPKIs in the TLS server's certificate |
95 // chain. | 108 // chain. |
96 HashValueVector bad_spki_hashes; | 109 HashValueVector bad_spki_hashes; |
97 | 110 |
98 // Are subdomains subject to this policy state? | 111 // Are subdomains subject to this policy state? |
99 bool include_subdomains; | 112 bool include_subdomains; |
113 | |
114 // The following members are not valid when stored in |enabled_hosts_|: | |
115 | |
116 // The domain which matched during a search for this DomainState entry. | |
117 // Updated by |GetDynamicDomainState| and |GetStaticDomainState|. | |
118 std::string domain; | |
100 }; | 119 }; |
101 | 120 |
102 // Takes a set of SubjectPublicKeyInfo |hashes| and returns true if: | 121 // Takes a set of SubjectPublicKeyInfo |hashes| and returns true if: |
103 // 1) |bad_static_spki_hashes| does not intersect |hashes|; AND | 122 // 1) |bad_static_spki_hashes| does not intersect |hashes|; AND |
104 // 2) Both |static_spki_hashes| and |dynamic_spki_hashes| are empty | 123 // 2) Both |static_spki_hashes| and |dynamic_spki_hashes| are empty |
105 // or at least one of them intersects |hashes|. | 124 // or at least one of them intersects |hashes|. |
106 // | 125 // |
107 // |{dynamic,static}_spki_hashes| contain trustworthy public key hashes, | 126 // |{dynamic,static}_spki_hashes| contain trustworthy public key hashes, |
108 // any one of which is sufficient to validate the certificate chain in | 127 // any one of which is sufficient to validate the certificate chain in |
109 // question. The public keys could be of a root CA, intermediate CA, or | 128 // question. The public keys could be of a root CA, intermediate CA, or |
(...skipping 16 matching lines...) Expand all Loading... | |
126 // ShouldUpgradeToSSL returns true iff HTTP requests should be internally | 145 // ShouldUpgradeToSSL returns true iff HTTP requests should be internally |
127 // redirected to HTTPS (also if WS should be upgraded to WSS). | 146 // redirected to HTTPS (also if WS should be upgraded to WSS). |
128 bool ShouldUpgradeToSSL() const; | 147 bool ShouldUpgradeToSSL() const; |
129 | 148 |
130 // ShouldSSLErrorsBeFatal returns true iff HTTPS errors should cause | 149 // ShouldSSLErrorsBeFatal returns true iff HTTPS errors should cause |
131 // hard-fail behavior (e.g. if HSTS is set for the domain). | 150 // hard-fail behavior (e.g. if HSTS is set for the domain). |
132 bool ShouldSSLErrorsBeFatal() const; | 151 bool ShouldSSLErrorsBeFatal() const; |
133 | 152 |
134 STSState sts; | 153 STSState sts; |
135 PKPState pkp; | 154 PKPState pkp; |
136 | |
137 // The following members are not valid when stored in |enabled_hosts_|: | |
138 | |
139 // The domain which matched during a search for this DomainState entry. | |
140 // Updated by |GetDynamicDomainState| and |GetStaticDomainState|. | |
141 std::string domain; | |
142 }; | 155 }; |
143 | 156 |
144 class NET_EXPORT Iterator { | 157 class NET_EXPORT Iterator { |
145 public: | 158 public: |
146 explicit Iterator(const TransportSecurityState& state); | 159 explicit Iterator(const TransportSecurityState& state); |
147 ~Iterator(); | 160 ~Iterator(); |
148 | 161 |
149 bool HasNext() const { return iterator_ != end_; } | 162 bool HasNext() const { return iterator_ != end_; } |
150 void Advance() { ++iterator_; } | 163 void Advance() { ++iterator_; } |
151 const std::string& hostname() const { return iterator_->first; } | 164 const std::string& hostname() const { return iterator_->first; } |
(...skipping 48 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... | |
200 // Deletes any dynamic data stored for |host| (e.g. HSTS or HPKP data). | 213 // Deletes any dynamic data stored for |host| (e.g. HSTS or HPKP data). |
201 // If |host| doesn't have an exact entry then no action is taken. Does | 214 // If |host| doesn't have an exact entry then no action is taken. Does |
202 // not delete static (i.e. preloaded) data. Returns true iff an entry | 215 // not delete static (i.e. preloaded) data. Returns true iff an entry |
203 // was deleted. | 216 // was deleted. |
204 // | 217 // |
205 // If an entry is deleted, the new state will be persisted through | 218 // If an entry is deleted, the new state will be persisted through |
206 // the Delegate (if any). | 219 // the Delegate (if any). |
207 bool DeleteDynamicDataForHost(const std::string& host); | 220 bool DeleteDynamicDataForHost(const std::string& host); |
208 | 221 |
209 // Returns true and updates |*result| iff there is a static (built-in) | 222 // Returns true and updates |*result| iff there is a static (built-in) |
210 // DomainState for |host|. | 223 // DomainState for |host|. If multiple entries match |host|, the most specific |
211 // | 224 // match determines the return value. |
212 // If |host| matches both an exact entry and is a subdomain of another entry, | 225 bool GetStaticDomainState(const std::string& host, DomainState* result) const; |
213 // the exact match determines the return value. | 226 |
227 // Returns true and updates |*result| iff |host| has HSTS or HPKP state (or | |
228 // both). The two are queried independently and combined into a single | |
229 // DomainState. If multiple HSTS (respectively, HPKP) entries match |host|, | |
230 // the most specific match determines the HSTS (respectively, HPKP) portion of | |
231 // the return value. | |
214 // | 232 // |
215 // Note that this method is not const because it opportunistically removes | 233 // Note that this method is not const because it opportunistically removes |
216 // entries that have expired. | 234 // entries that have expired. |
217 bool GetStaticDomainState(const std::string& host, DomainState* result) const; | |
218 | |
219 // Returns true and updates |*result| iff there is a dynamic DomainState | |
220 // (learned from HSTS or HPKP headers, or set by the user, or other means) for | |
221 // |host|. | |
222 // | 235 // |
223 // If |host| matches both an exact entry and is a subdomain of another entry, | 236 // TODO(davidben): STSState and PKPState should be queried independently at |
224 // the exact match determines the return value. | 237 // the API level too. |
225 // | |
226 // Note that this method is not const because it opportunistically removes | |
227 // entries that have expired. | |
228 bool GetDynamicDomainState(const std::string& host, DomainState* result); | 238 bool GetDynamicDomainState(const std::string& host, DomainState* result); |
229 | 239 |
230 // Processes an HSTS header value from the host, adding entries to | 240 // Processes an HSTS header value from the host, adding entries to |
231 // dynamic state if necessary. | 241 // dynamic state if necessary. |
232 bool AddHSTSHeader(const std::string& host, const std::string& value); | 242 bool AddHSTSHeader(const std::string& host, const std::string& value); |
233 | 243 |
234 // Processes an HPKP header value from the host, adding entries to | 244 // Processes an HPKP header value from the host, adding entries to |
235 // dynamic state if necessary. ssl_info is used to check that | 245 // dynamic state if necessary. ssl_info is used to check that |
236 // the specified pins overlap with the certificate chain. | 246 // the specified pins overlap with the certificate chain. |
237 bool AddHPKPHeader(const std::string& host, const std::string& value, | 247 bool AddHPKPHeader(const std::string& host, const std::string& value, |
238 const SSLInfo& ssl_info); | 248 const SSLInfo& ssl_info); |
239 | 249 |
240 // Adds explicitly-specified data as if it was processed from an | 250 // Adds explicitly-specified data as if it was processed from an |
241 // HSTS header (used for net-internals and unit tests). | 251 // HSTS header (used for net-internals and unit tests). |
242 bool AddHSTS(const std::string& host, const base::Time& expiry, | 252 void AddHSTS(const std::string& host, |
253 const base::Time& expiry, | |
243 bool include_subdomains); | 254 bool include_subdomains); |
244 | 255 |
245 // Adds explicitly-specified data as if it was processed from an | 256 // Adds explicitly-specified data as if it was processed from an |
246 // HPKP header (used for net-internals and unit tests). | 257 // HPKP header (used for net-internals and unit tests). |
247 bool AddHPKP(const std::string& host, const base::Time& expiry, | 258 void AddHPKP(const std::string& host, |
248 bool include_subdomains, const HashValueVector& hashes); | 259 const base::Time& expiry, |
260 bool include_subdomains, | |
261 const HashValueVector& hashes); | |
249 | 262 |
250 // Returns true iff we have any static public key pins for the |host| and | 263 // Returns true iff we have any static public key pins for the |host| and |
251 // iff its set of required pins is the set we expect for Google | 264 // iff its set of required pins is the set we expect for Google |
252 // properties. | 265 // properties. |
253 // | 266 // |
254 // If |host| matches both an exact entry and is a subdomain of another | 267 // If |host| matches both an exact entry and is a subdomain of another |
255 // entry, the exact match determines the return value. | 268 // entry, the exact match determines the return value. |
256 static bool IsGooglePinnedProperty(const std::string& host); | 269 static bool IsGooglePinnedProperty(const std::string& host); |
257 | 270 |
258 // The maximum number of seconds for which we'll cache an HSTS request. | 271 // The maximum number of seconds for which we'll cache an HSTS request. |
(...skipping 24 matching lines...) Expand all Loading... | |
283 | 296 |
284 // Helper method for actually checking pins. | 297 // Helper method for actually checking pins. |
285 bool CheckPublicKeyPinsImpl(const std::string& host, | 298 bool CheckPublicKeyPinsImpl(const std::string& host, |
286 const HashValueVector& hashes, | 299 const HashValueVector& hashes, |
287 std::string* failure_log); | 300 std::string* failure_log); |
288 | 301 |
289 // If a Delegate is present, notify it that the internal state has | 302 // If a Delegate is present, notify it that the internal state has |
290 // changed. | 303 // changed. |
291 void DirtyNotify(); | 304 void DirtyNotify(); |
292 | 305 |
306 // Adds HSTS state to |host|. | |
307 void AddHSTSInternal(const std::string& host, | |
308 DomainState::UpgradeMode upgrade_mode, | |
309 const base::Time& expiry, | |
310 bool include_subdomains); | |
311 | |
312 // Adds HPKP state to |host|. | |
313 void AddHPKPInternal(const std::string& host, | |
314 const base::Time& last_observed, | |
315 const base::Time& expiry, | |
316 bool include_subdomains, | |
317 const HashValueVector& hashes); | |
318 | |
293 // Enable TransportSecurity for |host|. |state| supercedes any previous | 319 // Enable TransportSecurity for |host|. |state| supercedes any previous |
294 // state for the |host|, including static entries. | 320 // state for the |host|, including static entries. |
295 // | 321 // |
296 // The new state for |host| is persisted using the Delegate (if any). | 322 // The new state for |host| is persisted using the Delegate (if any). |
297 void EnableHost(const std::string& host, const DomainState& state); | 323 void EnableHost(const std::string& host, const DomainState& state); |
298 | 324 |
299 // Converts |hostname| from dotted form ("www.google.com") to the form | 325 // Converts |hostname| from dotted form ("www.google.com") to the form |
300 // used in DNS: "\x03www\x06google\x03com", lowercases that, and returns | 326 // used in DNS: "\x03www\x06google\x03com", lowercases that, and returns |
301 // the result. | 327 // the result. |
302 static std::string CanonicalizeHost(const std::string& hostname); | 328 static std::string CanonicalizeHost(const std::string& hostname); |
303 | 329 |
304 // The set of hosts that have enabled TransportSecurity. | 330 // The set of hosts that have enabled TransportSecurity. |
305 DomainStateMap enabled_hosts_; | 331 DomainStateMap enabled_hosts_; |
306 | 332 |
307 Delegate* delegate_; | 333 Delegate* delegate_; |
308 | 334 |
309 // True if static pins should be used. | 335 // True if static pins should be used. |
310 bool enable_static_pins_; | 336 bool enable_static_pins_; |
311 | 337 |
312 DISALLOW_COPY_AND_ASSIGN(TransportSecurityState); | 338 DISALLOW_COPY_AND_ASSIGN(TransportSecurityState); |
313 }; | 339 }; |
314 | 340 |
315 } // namespace net | 341 } // namespace net |
316 | 342 |
317 #endif // NET_HTTP_TRANSPORT_SECURITY_STATE_H_ | 343 #endif // NET_HTTP_TRANSPORT_SECURITY_STATE_H_ |
OLD | NEW |