This is the first in an intended sequence of CLs to refactor
TransportSecurityState, fix some book-keeping bugs, and hopefully add TACK.
This sequence of CLs will be derived from the original, overly-large CL
#11191005.
This CL does a few things:
- Adds a high-level API for processing HSTS/HPKP
- Move the code for handling HSTS/HPKP headers out of transport_security_state
- Move HashValue out of x509_cert_types
- Addresses several HSTS/HPKP parsing bugs identified during review of the cleanup
- Ignore unknown HSTS/HPKP directives
- Ignore unknown hash algorithms
- Handle overly-large (> int64) expirations without parsing issues
- Reject invalid pins entered by users
Review URL: https://chromiumcodereview.appspot.com/11274032
git-svn-id: svn://svn.chromium.org/chrome/trunk/src@175595 0039d316-1c4b-4281-b951-d872f2087c98
diff --git a/net/url_request/url_request_http_job.cc b/net/url_request/url_request_http_job.cc
index 982e76f..fe5f325 100644
--- a/net/url_request/url_request_http_job.cc
+++ b/net/url_request/url_request_http_job.cc
@@ -685,93 +685,50 @@
// NOTE: |ProcessStrictTransportSecurityHeader| and
// |ProcessPublicKeyPinsHeader| have very similar structures, by design.
-// They manipulate different parts of |TransportSecurityState::DomainState|,
-// and they must remain complementary. If, in future changes here, there is
-// any conflict between their policies (such as in |domain_state.mode|), you
-// should resolve the conflict in favor of the more strict policy.
void URLRequestHttpJob::ProcessStrictTransportSecurityHeader() {
DCHECK(response_info_);
-
- const URLRequestContext* ctx = request_->context();
+ TransportSecurityState* security_state =
+ request_->context()->transport_security_state();
const SSLInfo& ssl_info = response_info_->ssl_info;
- // Only accept strict transport security headers on HTTPS connections that
- // have no certificate errors.
+ // Only accept HSTS headers on HTTPS connections that have no
+ // certificate errors.
if (!ssl_info.is_valid() || IsCertStatusError(ssl_info.cert_status) ||
- !ctx->transport_security_state()) {
+ !security_state)
return;
- }
-
- TransportSecurityState* security_state = ctx->transport_security_state();
- TransportSecurityState::DomainState domain_state;
- const std::string& host = request_info_.url.host();
-
- bool sni_available =
- SSLConfigService::IsSNIAvailable(ctx->ssl_config_service());
- if (!security_state->GetDomainState(host, sni_available, &domain_state))
- // |GetDomainState| may have altered |domain_state| while searching. If
- // not found, start with a fresh state.
- domain_state.upgrade_mode =
- TransportSecurityState::DomainState::MODE_FORCE_HTTPS;
-
- HttpResponseHeaders* headers = GetResponseHeaders();
- std::string value;
- void* iter = NULL;
- base::Time now = base::Time::Now();
// http://tools.ietf.org/html/draft-ietf-websec-strict-transport-sec:
//
// If a UA receives more than one STS header field in a HTTP response
// message over secure transport, then the UA MUST process only the
// first such header field.
- bool seen_sts = false;
- while (headers->EnumerateHeader(&iter, "Strict-Transport-Security", &value)) {
- if (seen_sts)
- return;
- seen_sts = true;
- TransportSecurityState::DomainState domain_state;
- if (domain_state.ParseSTSHeader(now, value))
- security_state->EnableHost(host, domain_state);
- }
+ HttpResponseHeaders* headers = GetResponseHeaders();
+ std::string value;
+ if (headers->EnumerateHeader(NULL, "Strict-Transport-Security", &value))
+ security_state->AddHSTSHeader(request_info_.url.host(), value);
}
void URLRequestHttpJob::ProcessPublicKeyPinsHeader() {
DCHECK(response_info_);
-
- const URLRequestContext* ctx = request_->context();
+ TransportSecurityState* security_state =
+ request_->context()->transport_security_state();
const SSLInfo& ssl_info = response_info_->ssl_info;
- // Only accept public key pins headers on HTTPS connections that have no
+ // Only accept HPKP headers on HTTPS connections that have no
// certificate errors.
if (!ssl_info.is_valid() || IsCertStatusError(ssl_info.cert_status) ||
- !ctx->transport_security_state()) {
+ !security_state)
return;
- }
- TransportSecurityState* security_state = ctx->transport_security_state();
- TransportSecurityState::DomainState domain_state;
- const std::string& host = request_info_.url.host();
-
- bool sni_available =
- SSLConfigService::IsSNIAvailable(ctx->ssl_config_service());
- if (!security_state->GetDomainState(host, sni_available, &domain_state))
- // |GetDomainState| may have altered |domain_state| while searching. If
- // not found, start with a fresh state.
- domain_state.upgrade_mode =
- TransportSecurityState::DomainState::MODE_DEFAULT;
-
+ // http://tools.ietf.org/html/draft-ietf-websec-key-pinning:
+ //
+ // If a UA receives more than one PKP header field in an HTTP
+ // response message over secure transport, then the UA MUST process
+ // only the first such header field.
HttpResponseHeaders* headers = GetResponseHeaders();
- void* iter = NULL;
std::string value;
- base::Time now = base::Time::Now();
-
- while (headers->EnumerateHeader(&iter, "Public-Key-Pins", &value)) {
- // Note that ParsePinsHeader updates |domain_state| (iff the header parses
- // correctly), but does not completely overwrite it. It just updates the
- // dynamic pinning metadata.
- if (domain_state.ParsePinsHeader(now, value, ssl_info))
- security_state->EnableHost(host, domain_state);
- }
+ if (headers->EnumerateHeader(NULL, "Public-Key-Pins", &value))
+ security_state->AddHPKPHeader(request_info_.url.host(), value, ssl_info);
}
void URLRequestHttpJob::OnStartCompleted(int result) {
