OLD | NEW |
1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. | 1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. |
2 // Use of this source code is governed by a BSD-style license that can be | 2 // Use of this source code is governed by a BSD-style license that can be |
3 // found in the LICENSE file. | 3 // found in the LICENSE file. |
4 | 4 |
5 #ifndef NET_HTTP_TRANSPORT_SECURITY_STATE_H_ | 5 #ifndef NET_HTTP_TRANSPORT_SECURITY_STATE_H_ |
6 #define NET_HTTP_TRANSPORT_SECURITY_STATE_H_ | 6 #define NET_HTTP_TRANSPORT_SECURITY_STATE_H_ |
7 | 7 |
8 #include <map> | 8 #include <map> |
9 #include <string> | 9 #include <string> |
10 #include <utility> | 10 #include <utility> |
(...skipping 32 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
43 | 43 |
44 protected: | 44 protected: |
45 virtual ~Delegate() {} | 45 virtual ~Delegate() {} |
46 }; | 46 }; |
47 | 47 |
48 TransportSecurityState(); | 48 TransportSecurityState(); |
49 ~TransportSecurityState(); | 49 ~TransportSecurityState(); |
50 | 50 |
51 // A DomainState describes the transport security state (required upgrade | 51 // A DomainState describes the transport security state (required upgrade |
52 // to HTTPS, and/or any public key pins). | 52 // to HTTPS, and/or any public key pins). |
| 53 // |
| 54 // TODO(davidben): STSState and PKPState are queried and processed |
| 55 // independently (with the exception of ShouldSSLErrorsBeFatal triggering on |
| 56 // both and on-disk storage). DomainState should be split into the two. |
53 class NET_EXPORT DomainState { | 57 class NET_EXPORT DomainState { |
54 public: | 58 public: |
55 enum UpgradeMode { | 59 enum UpgradeMode { |
56 // These numbers must match those in hsts_view.js, function modeToString. | 60 // These numbers must match those in hsts_view.js, function modeToString. |
57 MODE_FORCE_HTTPS = 0, | 61 MODE_FORCE_HTTPS = 0, |
58 MODE_DEFAULT = 1, | 62 MODE_DEFAULT = 1, |
59 }; | 63 }; |
60 | 64 |
61 DomainState(); | 65 DomainState(); |
62 ~DomainState(); | 66 ~DomainState(); |
63 | 67 |
64 struct STSState { | 68 struct STSState { |
| 69 STSState(); |
| 70 ~STSState(); |
| 71 |
65 // The absolute time (UTC) when the |upgrade_mode| (and other state) was | 72 // The absolute time (UTC) when the |upgrade_mode| (and other state) was |
66 // observed. | 73 // observed. |
67 base::Time last_observed; | 74 base::Time last_observed; |
68 | 75 |
69 // The absolute time (UTC) when the |upgrade_mode|, if set to | 76 // The absolute time (UTC) when the |upgrade_mode|, if set to |
70 // MODE_FORCE_HTTPS, downgrades to MODE_DEFAULT. | 77 // MODE_FORCE_HTTPS, downgrades to MODE_DEFAULT. |
71 base::Time expiry; | 78 base::Time expiry; |
72 | 79 |
73 UpgradeMode upgrade_mode; | 80 UpgradeMode upgrade_mode; |
74 | 81 |
75 // Are subdomains subject to this policy state? | 82 // Are subdomains subject to this policy state? |
76 bool include_subdomains; | 83 bool include_subdomains; |
| 84 |
| 85 // The domain which matched during a search for this DomainState entry. |
| 86 // Updated by |GetDynamicDomainState| and |GetStaticDomainState|. |
| 87 std::string domain; |
77 }; | 88 }; |
78 | 89 |
79 struct PKPState { | 90 struct PKPState { |
80 PKPState(); | 91 PKPState(); |
81 ~PKPState(); | 92 ~PKPState(); |
82 | 93 |
83 // The absolute time (UTC) when the |spki_hashes| (and other state) were | 94 // The absolute time (UTC) when the |spki_hashes| (and other state) were |
84 // observed. | 95 // observed. |
85 base::Time last_observed; | 96 base::Time last_observed; |
86 | 97 |
87 // The absolute time (UTC) when the |spki_hashes| expire. | 98 // The absolute time (UTC) when the |spki_hashes| expire. |
88 base::Time expiry; | 99 base::Time expiry; |
89 | 100 |
90 // Optional; hashes of pinned SubjectPublicKeyInfos. | 101 // Optional; hashes of pinned SubjectPublicKeyInfos. |
91 HashValueVector spki_hashes; | 102 HashValueVector spki_hashes; |
92 | 103 |
93 // Optional; hashes of static known-bad SubjectPublicKeyInfos which MUST | 104 // Optional; hashes of static known-bad SubjectPublicKeyInfos which MUST |
94 // NOT intersect with the set of SPKIs in the TLS server's certificate | 105 // NOT intersect with the set of SPKIs in the TLS server's certificate |
95 // chain. | 106 // chain. |
96 HashValueVector bad_spki_hashes; | 107 HashValueVector bad_spki_hashes; |
97 | 108 |
98 // Are subdomains subject to this policy state? | 109 // Are subdomains subject to this policy state? |
99 bool include_subdomains; | 110 bool include_subdomains; |
| 111 |
| 112 // The domain which matched during a search for this DomainState entry. |
| 113 // Updated by |GetDynamicDomainState| and |GetStaticDomainState|. |
| 114 std::string domain; |
100 }; | 115 }; |
101 | 116 |
102 // Takes a set of SubjectPublicKeyInfo |hashes| and returns true if: | 117 // Takes a set of SubjectPublicKeyInfo |hashes| and returns true if: |
103 // 1) |bad_static_spki_hashes| does not intersect |hashes|; AND | 118 // 1) |bad_static_spki_hashes| does not intersect |hashes|; AND |
104 // 2) Both |static_spki_hashes| and |dynamic_spki_hashes| are empty | 119 // 2) Both |static_spki_hashes| and |dynamic_spki_hashes| are empty |
105 // or at least one of them intersects |hashes|. | 120 // or at least one of them intersects |hashes|. |
106 // | 121 // |
107 // |{dynamic,static}_spki_hashes| contain trustworthy public key hashes, | 122 // |{dynamic,static}_spki_hashes| contain trustworthy public key hashes, |
108 // any one of which is sufficient to validate the certificate chain in | 123 // any one of which is sufficient to validate the certificate chain in |
109 // question. The public keys could be of a root CA, intermediate CA, or | 124 // question. The public keys could be of a root CA, intermediate CA, or |
(...skipping 16 matching lines...) Expand all Loading... |
126 // ShouldUpgradeToSSL returns true iff HTTP requests should be internally | 141 // ShouldUpgradeToSSL returns true iff HTTP requests should be internally |
127 // redirected to HTTPS (also if WS should be upgraded to WSS). | 142 // redirected to HTTPS (also if WS should be upgraded to WSS). |
128 bool ShouldUpgradeToSSL() const; | 143 bool ShouldUpgradeToSSL() const; |
129 | 144 |
130 // ShouldSSLErrorsBeFatal returns true iff HTTPS errors should cause | 145 // ShouldSSLErrorsBeFatal returns true iff HTTPS errors should cause |
131 // hard-fail behavior (e.g. if HSTS is set for the domain). | 146 // hard-fail behavior (e.g. if HSTS is set for the domain). |
132 bool ShouldSSLErrorsBeFatal() const; | 147 bool ShouldSSLErrorsBeFatal() const; |
133 | 148 |
134 STSState sts; | 149 STSState sts; |
135 PKPState pkp; | 150 PKPState pkp; |
136 | |
137 // The following members are not valid when stored in |enabled_hosts_|: | |
138 | |
139 // The domain which matched during a search for this DomainState entry. | |
140 // Updated by |GetDynamicDomainState| and |GetStaticDomainState|. | |
141 std::string domain; | |
142 }; | 151 }; |
143 | 152 |
144 class NET_EXPORT Iterator { | 153 class NET_EXPORT Iterator { |
145 public: | 154 public: |
146 explicit Iterator(const TransportSecurityState& state); | 155 explicit Iterator(const TransportSecurityState& state); |
147 ~Iterator(); | 156 ~Iterator(); |
148 | 157 |
149 bool HasNext() const { return iterator_ != end_; } | 158 bool HasNext() const { return iterator_ != end_; } |
150 void Advance() { ++iterator_; } | 159 void Advance() { ++iterator_; } |
151 const std::string& hostname() const { return iterator_->first; } | 160 const std::string& hostname() const { return iterator_->first; } |
(...skipping 48 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
200 // Deletes any dynamic data stored for |host| (e.g. HSTS or HPKP data). | 209 // Deletes any dynamic data stored for |host| (e.g. HSTS or HPKP data). |
201 // If |host| doesn't have an exact entry then no action is taken. Does | 210 // If |host| doesn't have an exact entry then no action is taken. Does |
202 // not delete static (i.e. preloaded) data. Returns true iff an entry | 211 // not delete static (i.e. preloaded) data. Returns true iff an entry |
203 // was deleted. | 212 // was deleted. |
204 // | 213 // |
205 // If an entry is deleted, the new state will be persisted through | 214 // If an entry is deleted, the new state will be persisted through |
206 // the Delegate (if any). | 215 // the Delegate (if any). |
207 bool DeleteDynamicDataForHost(const std::string& host); | 216 bool DeleteDynamicDataForHost(const std::string& host); |
208 | 217 |
209 // Returns true and updates |*result| iff there is a static (built-in) | 218 // Returns true and updates |*result| iff there is a static (built-in) |
210 // DomainState for |host|. | 219 // DomainState for |host|. If multiple entries match |host|, the most specific |
211 // | 220 // match determines the return value. |
212 // If |host| matches both an exact entry and is a subdomain of another entry, | 221 bool GetStaticDomainState(const std::string& host, DomainState* result) const; |
213 // the exact match determines the return value. | 222 |
| 223 // Returns true and updates |*result| iff |host| has HSTS or HPKP state (or |
| 224 // both). The two are queried independently and combined into a single |
| 225 // DomainState. If multiple HSTS (respectively, HPKP) entries match |host|, |
| 226 // the most specific match determines the HSTS (respectively, HPKP) portion of |
| 227 // the return value. |
214 // | 228 // |
215 // Note that this method is not const because it opportunistically removes | 229 // Note that this method is not const because it opportunistically removes |
216 // entries that have expired. | 230 // entries that have expired. |
217 bool GetStaticDomainState(const std::string& host, DomainState* result) const; | |
218 | |
219 // Returns true and updates |*result| iff there is a dynamic DomainState | |
220 // (learned from HSTS or HPKP headers, or set by the user, or other means) for | |
221 // |host|. | |
222 // | 231 // |
223 // If |host| matches both an exact entry and is a subdomain of another entry, | 232 // TODO(davidben): STSState and PKPState should be queried independently at |
224 // the exact match determines the return value. | 233 // the API level too. |
225 // | |
226 // Note that this method is not const because it opportunistically removes | |
227 // entries that have expired. | |
228 bool GetDynamicDomainState(const std::string& host, DomainState* result); | 234 bool GetDynamicDomainState(const std::string& host, DomainState* result); |
229 | 235 |
230 // Processes an HSTS header value from the host, adding entries to | 236 // Processes an HSTS header value from the host, adding entries to |
231 // dynamic state if necessary. | 237 // dynamic state if necessary. |
232 bool AddHSTSHeader(const std::string& host, const std::string& value); | 238 bool AddHSTSHeader(const std::string& host, const std::string& value); |
233 | 239 |
234 // Processes an HPKP header value from the host, adding entries to | 240 // Processes an HPKP header value from the host, adding entries to |
235 // dynamic state if necessary. ssl_info is used to check that | 241 // dynamic state if necessary. ssl_info is used to check that |
236 // the specified pins overlap with the certificate chain. | 242 // the specified pins overlap with the certificate chain. |
237 bool AddHPKPHeader(const std::string& host, const std::string& value, | 243 bool AddHPKPHeader(const std::string& host, const std::string& value, |
238 const SSLInfo& ssl_info); | 244 const SSLInfo& ssl_info); |
239 | 245 |
240 // Adds explicitly-specified data as if it was processed from an | 246 // Adds explicitly-specified data as if it was processed from an |
241 // HSTS header (used for net-internals and unit tests). | 247 // HSTS header (used for net-internals and unit tests). |
242 bool AddHSTS(const std::string& host, const base::Time& expiry, | 248 void AddHSTS(const std::string& host, |
| 249 const base::Time& expiry, |
243 bool include_subdomains); | 250 bool include_subdomains); |
244 | 251 |
245 // Adds explicitly-specified data as if it was processed from an | 252 // Adds explicitly-specified data as if it was processed from an |
246 // HPKP header (used for net-internals and unit tests). | 253 // HPKP header (used for net-internals and unit tests). |
247 bool AddHPKP(const std::string& host, const base::Time& expiry, | 254 void AddHPKP(const std::string& host, |
248 bool include_subdomains, const HashValueVector& hashes); | 255 const base::Time& expiry, |
| 256 bool include_subdomains, |
| 257 const HashValueVector& hashes); |
249 | 258 |
250 // Returns true iff we have any static public key pins for the |host| and | 259 // Returns true iff we have any static public key pins for the |host| and |
251 // iff its set of required pins is the set we expect for Google | 260 // iff its set of required pins is the set we expect for Google |
252 // properties. | 261 // properties. |
253 // | 262 // |
254 // If |host| matches both an exact entry and is a subdomain of another | 263 // If |host| matches both an exact entry and is a subdomain of another |
255 // entry, the exact match determines the return value. | 264 // entry, the exact match determines the return value. |
256 static bool IsGooglePinnedProperty(const std::string& host); | 265 static bool IsGooglePinnedProperty(const std::string& host); |
257 | 266 |
258 // The maximum number of seconds for which we'll cache an HSTS request. | 267 // The maximum number of seconds for which we'll cache an HSTS request. |
(...skipping 24 matching lines...) Expand all Loading... |
283 | 292 |
284 // Helper method for actually checking pins. | 293 // Helper method for actually checking pins. |
285 bool CheckPublicKeyPinsImpl(const std::string& host, | 294 bool CheckPublicKeyPinsImpl(const std::string& host, |
286 const HashValueVector& hashes, | 295 const HashValueVector& hashes, |
287 std::string* failure_log); | 296 std::string* failure_log); |
288 | 297 |
289 // If a Delegate is present, notify it that the internal state has | 298 // If a Delegate is present, notify it that the internal state has |
290 // changed. | 299 // changed. |
291 void DirtyNotify(); | 300 void DirtyNotify(); |
292 | 301 |
| 302 // Adds HSTS state to |host|. |
| 303 void AddHSTSInternal(const std::string& host, |
| 304 DomainState::UpgradeMode upgrade_mode, |
| 305 const base::Time& expiry, |
| 306 bool include_subdomains); |
| 307 |
| 308 // Adds HPKP state to |host|. |
| 309 void AddHPKPInternal(const std::string& host, |
| 310 const base::Time& last_observed, |
| 311 const base::Time& expiry, |
| 312 bool include_subdomains, |
| 313 const HashValueVector& hashes); |
| 314 |
293 // Enable TransportSecurity for |host|. |state| supercedes any previous | 315 // Enable TransportSecurity for |host|. |state| supercedes any previous |
294 // state for the |host|, including static entries. | 316 // state for the |host|, including static entries. |
295 // | 317 // |
296 // The new state for |host| is persisted using the Delegate (if any). | 318 // The new state for |host| is persisted using the Delegate (if any). |
297 void EnableHost(const std::string& host, const DomainState& state); | 319 void EnableHost(const std::string& host, const DomainState& state); |
298 | 320 |
299 // Converts |hostname| from dotted form ("www.google.com") to the form | 321 // Converts |hostname| from dotted form ("www.google.com") to the form |
300 // used in DNS: "\x03www\x06google\x03com", lowercases that, and returns | 322 // used in DNS: "\x03www\x06google\x03com", lowercases that, and returns |
301 // the result. | 323 // the result. |
302 static std::string CanonicalizeHost(const std::string& hostname); | 324 static std::string CanonicalizeHost(const std::string& hostname); |
303 | 325 |
304 // The set of hosts that have enabled TransportSecurity. | 326 // The set of hosts that have enabled TransportSecurity. |sts.domain| and |
| 327 // |pkp.domain| will always be empty for a DomainState in this map; the domain |
| 328 // comes from the map key instead. |
305 DomainStateMap enabled_hosts_; | 329 DomainStateMap enabled_hosts_; |
306 | 330 |
307 Delegate* delegate_; | 331 Delegate* delegate_; |
308 | 332 |
309 // True if static pins should be used. | 333 // True if static pins should be used. |
310 bool enable_static_pins_; | 334 bool enable_static_pins_; |
311 | 335 |
312 DISALLOW_COPY_AND_ASSIGN(TransportSecurityState); | 336 DISALLOW_COPY_AND_ASSIGN(TransportSecurityState); |
313 }; | 337 }; |
314 | 338 |
315 } // namespace net | 339 } // namespace net |
316 | 340 |
317 #endif // NET_HTTP_TRANSPORT_SECURITY_STATE_H_ | 341 #endif // NET_HTTP_TRANSPORT_SECURITY_STATE_H_ |
OLD | NEW |