OLD | NEW |
| (Empty) |
1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. | |
2 // Use of this source code is governed by a BSD-style license that can be | |
3 // found in the LICENSE file. | |
4 | |
5 // NB: Modelled after Mozilla's code (originally written by Pamela Greene, | |
6 // later modified by others), but almost entirely rewritten for Chrome. | |
7 // (netwerk/dns/src/nsEffectiveTLDService.cpp) | |
8 /* ***** BEGIN LICENSE BLOCK ***** | |
9 * Version: MPL 1.1/GPL 2.0/LGPL 2.1 | |
10 * | |
11 * The contents of this file are subject to the Mozilla Public License Version | |
12 * 1.1 (the "License"); you may not use this file except in compliance with | |
13 * the License. You may obtain a copy of the License at | |
14 * http://www.mozilla.org/MPL/ | |
15 * | |
16 * Software distributed under the License is distributed on an "AS IS" basis, | |
17 * WITHOUT WARRANTY OF ANY KIND, either express or implied. See the License | |
18 * for the specific language governing rights and limitations under the | |
19 * License. | |
20 * | |
21 * The Original Code is Mozilla Effective-TLD Service | |
22 * | |
23 * The Initial Developer of the Original Code is | |
24 * Google Inc. | |
25 * Portions created by the Initial Developer are Copyright (C) 2006 | |
26 * the Initial Developer. All Rights Reserved. | |
27 * | |
28 * Contributor(s): | |
29 * Pamela Greene <pamg.bugs@gmail.com> (original author) | |
30 * Daniel Witte <dwitte@stanford.edu> | |
31 * | |
32 * Alternatively, the contents of this file may be used under the terms of | |
33 * either the GNU General Public License Version 2 or later (the "GPL"), or | |
34 * the GNU Lesser General Public License Version 2.1 or later (the "LGPL"), | |
35 * in which case the provisions of the GPL or the LGPL are applicable instead | |
36 * of those above. If you wish to allow use of your version of this file only | |
37 * under the terms of either the GPL or the LGPL, and not to allow others to | |
38 * use your version of this file under the terms of the MPL, indicate your | |
39 * decision by deleting the provisions above and replace them with the notice | |
40 * and other provisions required by the GPL or the LGPL. If you do not delete | |
41 * the provisions above, a recipient may use your version of this file under | |
42 * the terms of any one of the MPL, the GPL or the LGPL. | |
43 * | |
44 * ***** END LICENSE BLOCK ***** */ | |
45 | |
46 #include "net/base/registry_controlled_domains/registry_controlled_domain.h" | |
47 | |
48 #include "base/logging.h" | |
49 #include "base/strings/string_util.h" | |
50 #include "base/strings/utf_string_conversions.h" | |
51 #include "net/base/net_module.h" | |
52 #include "net/base/net_util.h" | |
53 #include "url/gurl.h" | |
54 #include "url/url_parse.h" | |
55 | |
56 namespace net { | |
57 namespace registry_controlled_domains { | |
58 | |
59 namespace { | |
60 #include "net/base/registry_controlled_domains/effective_tld_names-inc.cc" | |
61 | |
62 // See make_dafsa.py for documentation of the generated dafsa byte array. | |
63 | |
64 const unsigned char* g_graph = kDafsa; | |
65 size_t g_graph_length = sizeof(kDafsa); | |
66 | |
67 const int kNotFound = -1; | |
68 const int kExceptionRule = 1; | |
69 const int kWildcardRule = 2; | |
70 const int kPrivateRule = 4; | |
71 | |
72 // Read next offset from pos. | |
73 // Returns true if an offset could be read, false otherwise. | |
74 bool GetNextOffset(const unsigned char** pos, const unsigned char* end, | |
75 const unsigned char** offset) { | |
76 if (*pos == end) | |
77 return false; | |
78 | |
79 // When reading an offset the byte array must always contain at least | |
80 // three more bytes to consume. First the offset to read, then a node | |
81 // to skip over and finally a destination node. No object can be smaller | |
82 // than one byte. | |
83 CHECK_LT(*pos + 2, end); | |
84 size_t bytes_consumed; | |
85 switch (**pos & 0x60) { | |
86 case 0x60: // Read three byte offset | |
87 *offset += (((*pos)[0] & 0x1F) << 16) | ((*pos)[1] << 8) | (*pos)[2]; | |
88 bytes_consumed = 3; | |
89 break; | |
90 case 0x40: // Read two byte offset | |
91 *offset += (((*pos)[0] & 0x1F) << 8) | (*pos)[1]; | |
92 bytes_consumed = 2; | |
93 break; | |
94 default: | |
95 *offset += (*pos)[0] & 0x3F; | |
96 bytes_consumed = 1; | |
97 } | |
98 if ((**pos & 0x80) != 0) { | |
99 *pos = end; | |
100 } else { | |
101 *pos += bytes_consumed; | |
102 } | |
103 return true; | |
104 } | |
105 | |
106 // Check if byte at offset is last in label. | |
107 bool IsEOL(const unsigned char* offset, const unsigned char* end) { | |
108 CHECK_LT(offset, end); | |
109 return (*offset & 0x80) != 0; | |
110 } | |
111 | |
112 // Check if byte at offset matches first character in key. | |
113 // This version matches characters not last in label. | |
114 bool IsMatch(const unsigned char* offset, const unsigned char* end, | |
115 const char* key) { | |
116 CHECK_LT(offset, end); | |
117 return *offset == *key; | |
118 } | |
119 | |
120 // Check if byte at offset matches first character in key. | |
121 // This version matches characters last in label. | |
122 bool IsEndCharMatch(const unsigned char* offset, const unsigned char* end, | |
123 const char* key) { | |
124 CHECK_LT(offset, end); | |
125 return *offset == (*key | 0x80); | |
126 } | |
127 | |
128 // Read return value at offset. | |
129 // Returns true if a return value could be read, false otherwise. | |
130 bool GetReturnValue(const unsigned char* offset, const unsigned char* end, | |
131 int* return_value) { | |
132 CHECK_LT(offset, end); | |
133 if ((*offset & 0xE0) == 0x80) { | |
134 *return_value = *offset & 0x0F; | |
135 return true; | |
136 } | |
137 return false; | |
138 } | |
139 | |
140 // Lookup a domain key in a byte array generated by make_dafsa.py. | |
141 // The rule type is returned if key is found, otherwise kNotFound is returned. | |
142 int LookupString(const unsigned char* graph, size_t length, const char* key, | |
143 size_t key_length) { | |
144 const unsigned char* pos = graph; | |
145 const unsigned char* end = graph + length; | |
146 const unsigned char* offset = pos; | |
147 const char* key_end = key + key_length; | |
148 while (GetNextOffset(&pos, end, &offset)) { | |
149 // char <char>+ end_char offsets | |
150 // char <char>+ return value | |
151 // char end_char offsets | |
152 // char return value | |
153 // end_char offsets | |
154 // return_value | |
155 bool did_consume = false; | |
156 if (key != key_end && !IsEOL(offset, end)) { | |
157 // Leading <char> is not a match. Don't dive into this child | |
158 if (!IsMatch(offset, end, key)) | |
159 continue; | |
160 did_consume = true; | |
161 ++offset; | |
162 ++key; | |
163 // Possible matches at this point: | |
164 // <char>+ end_char offsets | |
165 // <char>+ return value | |
166 // end_char offsets | |
167 // return value | |
168 // Remove all remaining <char> nodes possible | |
169 while (!IsEOL(offset, end) && key != key_end) { | |
170 if (!IsMatch(offset, end, key)) | |
171 return kNotFound; | |
172 ++key; | |
173 ++offset; | |
174 } | |
175 } | |
176 // Possible matches at this point: | |
177 // end_char offsets | |
178 // return_value | |
179 // If one or more <char> elements were consumed, a failure | |
180 // to match is terminal. Otherwise, try the next node. | |
181 if (key == key_end) { | |
182 int return_value; | |
183 if (GetReturnValue(offset, end, &return_value)) | |
184 return return_value; | |
185 // The DAFSA guarantees that if the first char is a match, all | |
186 // remaining char elements MUST match if the key is truly present. | |
187 if (did_consume) | |
188 return kNotFound; | |
189 continue; | |
190 } | |
191 if (!IsEndCharMatch(offset, end, key)) { | |
192 if (did_consume) | |
193 return kNotFound; // Unexpected | |
194 continue; | |
195 } | |
196 ++key; | |
197 pos = ++offset; // Dive into child | |
198 } | |
199 return kNotFound; // No match | |
200 } | |
201 | |
202 size_t GetRegistryLengthImpl( | |
203 const std::string& host, | |
204 UnknownRegistryFilter unknown_filter, | |
205 PrivateRegistryFilter private_filter) { | |
206 DCHECK(!host.empty()); | |
207 | |
208 // Skip leading dots. | |
209 const size_t host_check_begin = host.find_first_not_of('.'); | |
210 if (host_check_begin == std::string::npos) | |
211 return 0; // Host is only dots. | |
212 | |
213 // A single trailing dot isn't relevant in this determination, but does need | |
214 // to be included in the final returned length. | |
215 size_t host_check_len = host.length(); | |
216 if (host[host_check_len - 1] == '.') { | |
217 --host_check_len; | |
218 DCHECK(host_check_len > 0); // If this weren't true, the host would be ".", | |
219 // and we'd have already returned above. | |
220 if (host[host_check_len - 1] == '.') | |
221 return 0; // Multiple trailing dots. | |
222 } | |
223 | |
224 // Walk up the domain tree, most specific to least specific, | |
225 // looking for matches at each level. | |
226 size_t prev_start = std::string::npos; | |
227 size_t curr_start = host_check_begin; | |
228 size_t next_dot = host.find('.', curr_start); | |
229 if (next_dot >= host_check_len) // Catches std::string::npos as well. | |
230 return 0; // This can't have a registry + domain. | |
231 while (1) { | |
232 const char* domain_str = host.data() + curr_start; | |
233 size_t domain_length = host_check_len - curr_start; | |
234 int type = LookupString(g_graph, g_graph_length, domain_str, domain_length); | |
235 bool do_check = | |
236 type != kNotFound && (!(type & kPrivateRule) || | |
237 private_filter == INCLUDE_PRIVATE_REGISTRIES); | |
238 | |
239 // If the apparent match is a private registry and we're not including | |
240 // those, it can't be an actual match. | |
241 if (do_check) { | |
242 // Exception rules override wildcard rules when the domain is an exact | |
243 // match, but wildcards take precedence when there's a subdomain. | |
244 if (type & kWildcardRule && (prev_start != std::string::npos)) { | |
245 // If prev_start == host_check_begin, then the host is the registry | |
246 // itself, so return 0. | |
247 return (prev_start == host_check_begin) ? 0 | |
248 : (host.length() - prev_start); | |
249 } | |
250 | |
251 if (type & kExceptionRule) { | |
252 if (next_dot == std::string::npos) { | |
253 // If we get here, we had an exception rule with no dots (e.g. | |
254 // "!foo"). This would only be valid if we had a corresponding | |
255 // wildcard rule, which would have to be "*". But we explicitly | |
256 // disallow that case, so this kind of rule is invalid. | |
257 NOTREACHED() << "Invalid exception rule"; | |
258 return 0; | |
259 } | |
260 return host.length() - next_dot - 1; | |
261 } | |
262 | |
263 // If curr_start == host_check_begin, then the host is the registry | |
264 // itself, so return 0. | |
265 return (curr_start == host_check_begin) ? 0 | |
266 : (host.length() - curr_start); | |
267 } | |
268 | |
269 if (next_dot >= host_check_len) // Catches std::string::npos as well. | |
270 break; | |
271 | |
272 prev_start = curr_start; | |
273 curr_start = next_dot + 1; | |
274 next_dot = host.find('.', curr_start); | |
275 } | |
276 | |
277 // No rule found in the registry. curr_start now points to the first | |
278 // character of the last subcomponent of the host, so if we allow unknown | |
279 // registries, return the length of this subcomponent. | |
280 return unknown_filter == INCLUDE_UNKNOWN_REGISTRIES ? | |
281 (host.length() - curr_start) : 0; | |
282 } | |
283 | |
284 std::string GetDomainAndRegistryImpl( | |
285 const std::string& host, PrivateRegistryFilter private_filter) { | |
286 DCHECK(!host.empty()); | |
287 | |
288 // Find the length of the registry for this host. | |
289 const size_t registry_length = | |
290 GetRegistryLengthImpl(host, INCLUDE_UNKNOWN_REGISTRIES, private_filter); | |
291 if ((registry_length == std::string::npos) || (registry_length == 0)) | |
292 return std::string(); // No registry. | |
293 // The "2" in this next line is 1 for the dot, plus a 1-char minimum preceding | |
294 // subcomponent length. | |
295 DCHECK(host.length() >= 2); | |
296 if (registry_length > (host.length() - 2)) { | |
297 NOTREACHED() << | |
298 "Host does not have at least one subcomponent before registry!"; | |
299 return std::string(); | |
300 } | |
301 | |
302 // Move past the dot preceding the registry, and search for the next previous | |
303 // dot. Return the host from after that dot, or the whole host when there is | |
304 // no dot. | |
305 const size_t dot = host.rfind('.', host.length() - registry_length - 2); | |
306 if (dot == std::string::npos) | |
307 return host; | |
308 return host.substr(dot + 1); | |
309 } | |
310 | |
311 } // namespace | |
312 | |
313 std::string GetDomainAndRegistry( | |
314 const GURL& gurl, | |
315 PrivateRegistryFilter filter) { | |
316 const url::Component host = gurl.parsed_for_possibly_invalid_spec().host; | |
317 if ((host.len <= 0) || gurl.HostIsIPAddress()) | |
318 return std::string(); | |
319 return GetDomainAndRegistryImpl(std::string( | |
320 gurl.possibly_invalid_spec().data() + host.begin, host.len), filter); | |
321 } | |
322 | |
323 std::string GetDomainAndRegistry( | |
324 const std::string& host, | |
325 PrivateRegistryFilter filter) { | |
326 url::CanonHostInfo host_info; | |
327 const std::string canon_host(CanonicalizeHost(host, &host_info)); | |
328 if (canon_host.empty() || host_info.IsIPAddress()) | |
329 return std::string(); | |
330 return GetDomainAndRegistryImpl(canon_host, filter); | |
331 } | |
332 | |
333 bool SameDomainOrHost( | |
334 const GURL& gurl1, | |
335 const GURL& gurl2, | |
336 PrivateRegistryFilter filter) { | |
337 // See if both URLs have a known domain + registry, and those values are the | |
338 // same. | |
339 const std::string domain1(GetDomainAndRegistry(gurl1, filter)); | |
340 const std::string domain2(GetDomainAndRegistry(gurl2, filter)); | |
341 if (!domain1.empty() || !domain2.empty()) | |
342 return domain1 == domain2; | |
343 | |
344 // No domains. See if the hosts are identical. | |
345 const url::Component host1 = gurl1.parsed_for_possibly_invalid_spec().host; | |
346 const url::Component host2 = gurl2.parsed_for_possibly_invalid_spec().host; | |
347 if ((host1.len <= 0) || (host1.len != host2.len)) | |
348 return false; | |
349 return !strncmp(gurl1.possibly_invalid_spec().data() + host1.begin, | |
350 gurl2.possibly_invalid_spec().data() + host2.begin, | |
351 host1.len); | |
352 } | |
353 | |
354 size_t GetRegistryLength( | |
355 const GURL& gurl, | |
356 UnknownRegistryFilter unknown_filter, | |
357 PrivateRegistryFilter private_filter) { | |
358 const url::Component host = gurl.parsed_for_possibly_invalid_spec().host; | |
359 if (host.len <= 0) | |
360 return std::string::npos; | |
361 if (gurl.HostIsIPAddress()) | |
362 return 0; | |
363 return GetRegistryLengthImpl( | |
364 std::string(gurl.possibly_invalid_spec().data() + host.begin, host.len), | |
365 unknown_filter, | |
366 private_filter); | |
367 } | |
368 | |
369 size_t GetRegistryLength( | |
370 const std::string& host, | |
371 UnknownRegistryFilter unknown_filter, | |
372 PrivateRegistryFilter private_filter) { | |
373 url::CanonHostInfo host_info; | |
374 const std::string canon_host(CanonicalizeHost(host, &host_info)); | |
375 if (canon_host.empty()) | |
376 return std::string::npos; | |
377 if (host_info.IsIPAddress()) | |
378 return 0; | |
379 return GetRegistryLengthImpl(canon_host, unknown_filter, private_filter); | |
380 } | |
381 | |
382 void SetFindDomainGraph() { | |
383 g_graph = kDafsa; | |
384 g_graph_length = sizeof(kDafsa); | |
385 } | |
386 | |
387 void SetFindDomainGraph(const unsigned char* domains, size_t length) { | |
388 CHECK(domains); | |
389 CHECK_NE(length, 0u); | |
390 g_graph = domains; | |
391 g_graph_length = length; | |
392 } | |
393 | |
394 } // namespace registry_controlled_domains | |
395 } // namespace net | |
OLD | NEW |