Chromium Code Reviews Chromium Code Reviews
Issue 826423009:
Treat HSTS and HPKP state independently. (Closed)
Base URL: https://chromium.googlesource.com/chromium/src.git@master| Index: net/http/transport_security_state.h |
| diff --git a/net/http/transport_security_state.h b/net/http/transport_security_state.h |
| index f9e82c7553c137873cd5b5fb3df19b8fe554501b..31bf9a26ae2fcc7112f3ce0a1855e16e5d0b854b 100644 |
| --- a/net/http/transport_security_state.h |
| +++ b/net/http/transport_security_state.h |
| @@ -50,6 +50,10 @@ class NET_EXPORT TransportSecurityState |
| // A DomainState describes the transport security state (required upgrade |
| // to HTTPS, and/or any public key pins). |
| + // |
| + // TODO(davidben): STSState and PKPState are queried and processed |
| + // independently (with the exception of ShouldSSLErrorsBeFatal triggering on |
| + // both and on-disk storage). DomainState should be split into the two. |
| class NET_EXPORT DomainState { |
| public: |
| enum UpgradeMode { |
| @@ -62,6 +66,9 @@ class NET_EXPORT TransportSecurityState |
| ~DomainState(); |
| struct STSState { |
| + STSState(); |
| + ~STSState(); |
| + |
| // The absolute time (UTC) when the |upgrade_mode| (and other state) was |
| // observed. |
| base::Time last_observed; |
| @@ -74,6 +81,12 @@ class NET_EXPORT TransportSecurityState |
| // Are subdomains subject to this policy state? |
| bool include_subdomains; |
| + |
| + // The following members are not valid when stored in |enabled_hosts_|: |
|
Ryan Sleevi
2015/01/13 21:56:40
This is a public structure, so what does it mean t
davidben
2015/01/13 23:30:47
(I just copied this from below. :-P) Moved the com
|
| + |
| + // The domain which matched during a search for this DomainState entry. |
| + // Updated by |GetDynamicDomainState| and |GetStaticDomainState|. |
| + std::string domain; |
| }; |
| struct PKPState { |
| @@ -97,6 +110,12 @@ class NET_EXPORT TransportSecurityState |
| // Are subdomains subject to this policy state? |
| bool include_subdomains; |
| + |
| + // The following members are not valid when stored in |enabled_hosts_|: |
| + |
| + // The domain which matched during a search for this DomainState entry. |
| + // Updated by |GetDynamicDomainState| and |GetStaticDomainState|. |
| + std::string domain; |
| }; |
| // Takes a set of SubjectPublicKeyInfo |hashes| and returns true if: |
| @@ -133,12 +152,6 @@ class NET_EXPORT TransportSecurityState |
| STSState sts; |
| PKPState pkp; |
| - |
| - // The following members are not valid when stored in |enabled_hosts_|: |
| - |
| - // The domain which matched during a search for this DomainState entry. |
| - // Updated by |GetDynamicDomainState| and |GetStaticDomainState|. |
| - std::string domain; |
| }; |
| class NET_EXPORT Iterator { |
| @@ -207,24 +220,21 @@ class NET_EXPORT TransportSecurityState |
| bool DeleteDynamicDataForHost(const std::string& host); |
| // Returns true and updates |*result| iff there is a static (built-in) |
| - // DomainState for |host|. |
| - // |
| - // If |host| matches both an exact entry and is a subdomain of another entry, |
| - // the exact match determines the return value. |
| - // |
| - // Note that this method is not const because it opportunistically removes |
| - // entries that have expired. |
| + // DomainState for |host|. If multiple entries match |host|, the most specific |
| + // match determines the return value. |
| bool GetStaticDomainState(const std::string& host, DomainState* result) const; |
| - // Returns true and updates |*result| iff there is a dynamic DomainState |
| - // (learned from HSTS or HPKP headers, or set by the user, or other means) for |
| - // |host|. |
| - // |
| - // If |host| matches both an exact entry and is a subdomain of another entry, |
| - // the exact match determines the return value. |
| + // Returns true and updates |*result| iff |host| has HSTS or HPKP state (or |
| + // both). The two are queried independently and combined into a single |
| + // DomainState. If multiple HSTS (respectively, HPKP) entries match |host|, |
| + // the most specific match determines the HSTS (respectively, HPKP) portion of |
| + // the return value. |
| // |
| // Note that this method is not const because it opportunistically removes |
| // entries that have expired. |
| + // |
| + // TODO(davidben): STSState and PKPState should be queried independently at |
| + // the API level too. |
| bool GetDynamicDomainState(const std::string& host, DomainState* result); |
| // Processes an HSTS header value from the host, adding entries to |
| @@ -239,13 +249,16 @@ class NET_EXPORT TransportSecurityState |
| // Adds explicitly-specified data as if it was processed from an |
| // HSTS header (used for net-internals and unit tests). |
| - bool AddHSTS(const std::string& host, const base::Time& expiry, |
| + void AddHSTS(const std::string& host, |
| + const base::Time& expiry, |
| bool include_subdomains); |
| // Adds explicitly-specified data as if it was processed from an |
| // HPKP header (used for net-internals and unit tests). |
| - bool AddHPKP(const std::string& host, const base::Time& expiry, |
| - bool include_subdomains, const HashValueVector& hashes); |
| + void AddHPKP(const std::string& host, |
| + const base::Time& expiry, |
| + bool include_subdomains, |
| + const HashValueVector& hashes); |
| // Returns true iff we have any static public key pins for the |host| and |
| // iff its set of required pins is the set we expect for Google |
| @@ -290,6 +303,19 @@ class NET_EXPORT TransportSecurityState |
| // changed. |
| void DirtyNotify(); |
| + // Adds HSTS state to |host|. |
| + void AddHSTSInternal(const std::string& host, |
| + DomainState::UpgradeMode upgrade_mode, |
| + const base::Time& expiry, |
| + bool include_subdomains); |
| + |
| + // Adds HPKP state to |host|. |
| + void AddHPKPInternal(const std::string& host, |
| + const base::Time& last_observed, |
| + const base::Time& expiry, |
| + bool include_subdomains, |
| + const HashValueVector& hashes); |
| + |
| // Enable TransportSecurity for |host|. |state| supercedes any previous |
| // state for the |host|, including static entries. |
| // |
