1 // Copyright (c) 2012 The Chromium Authors. All rights reserved.
2 // Use of this source code is governed by a BSD-style license that can be
3 // found in the LICENSE file.
5 #include "net/http/transport_security_state.h"
7 #if defined(USE_OPENSSL)
8 #include <openssl/ecdsa.h>
9 #include <openssl/ssl.h>
10 #else // !defined(USE_OPENSSL)
20 #include "base/base64.h"
21 #include "base/build_time.h"
22 #include "base/logging.h"
23 #include "base/memory/scoped_ptr.h"
24 #include "base/metrics/histogram.h"
25 #include "base/sha1.h"
26 #include "base/strings/string_number_conversions.h"
27 #include "base/strings/string_util.h"
28 #include "base/strings/utf_string_conversions.h"
29 #include "base/time/time.h"
30 #include "base/values.h"
31 #include "crypto/sha2.h"
32 #include "net/base/dns_util.h"
33 #include "net/cert/x509_cert_types.h"
34 #include "net/cert/x509_certificate.h"
35 #include "net/http/http_security_headers.h"
36 #include "net/ssl/ssl_info.h"
39 #if defined(USE_OPENSSL)
40 #include "crypto/openssl_util.h"
47 std::string
HashesToBase64String(const HashValueVector
& hashes
) {
49 for (size_t i
= 0; i
!= hashes
.size(); ++i
) {
52 str
+= hashes
[i
].ToString();
57 std::string
HashHost(const std::string
& canonicalized_host
) {
58 char hashed
[crypto::kSHA256Length
];
59 crypto::SHA256HashString(canonicalized_host
, hashed
, sizeof(hashed
));
60 return std::string(hashed
, sizeof(hashed
));
63 // Returns true if the intersection of |a| and |b| is not empty. If either
64 // |a| or |b| is empty, returns false.
65 bool HashesIntersect(const HashValueVector
& a
,
66 const HashValueVector
& b
) {
67 for (HashValueVector::const_iterator i
= a
.begin(); i
!= a
.end(); ++i
) {
68 HashValueVector::const_iterator j
=
69 std::find_if(b
.begin(), b
.end(), HashValuesEqual(*i
));
76 bool AddHash(const char* sha1_hash
,
77 HashValueVector
* out
) {
78 HashValue
hash(HASH_VALUE_SHA1
);
79 memcpy(hash
.data(), sha1_hash
, hash
.size());
86 TransportSecurityState::TransportSecurityState()
88 DCHECK(CalledOnValidThread());
91 TransportSecurityState::Iterator::Iterator(const TransportSecurityState
& state
)
92 : iterator_(state
.enabled_hosts_
.begin()),
93 end_(state
.enabled_hosts_
.end()) {
96 TransportSecurityState::Iterator::~Iterator() {}
98 void TransportSecurityState::SetDelegate(
99 TransportSecurityState::Delegate
* delegate
) {
100 DCHECK(CalledOnValidThread());
101 delegate_
= delegate
;
104 void TransportSecurityState::EnableHost(const std::string
& host
,
105 const DomainState
& state
) {
106 DCHECK(CalledOnValidThread());
108 const std::string canonicalized_host
= CanonicalizeHost(host
);
109 if (canonicalized_host
.empty())
112 DomainState
state_copy(state
);
113 // No need to store this value since it is redundant. (|canonicalized_host|
115 state_copy
.domain
.clear();
117 enabled_hosts_
[HashHost(canonicalized_host
)] = state_copy
;
121 bool TransportSecurityState::DeleteDynamicDataForHost(const std::string
& host
) {
122 DCHECK(CalledOnValidThread());
124 const std::string canonicalized_host
= CanonicalizeHost(host
);
125 if (canonicalized_host
.empty())
128 DomainStateMap::iterator i
= enabled_hosts_
.find(
129 HashHost(canonicalized_host
));
130 if (i
!= enabled_hosts_
.end()) {
131 enabled_hosts_
.erase(i
);
138 bool TransportSecurityState::GetDomainState(const std::string
& host
,
140 DomainState
* result
) {
141 DCHECK(CalledOnValidThread());
144 const std::string canonicalized_host
= CanonicalizeHost(host
);
145 if (canonicalized_host
.empty())
148 bool has_preload
= GetStaticDomainState(canonicalized_host
, sni_enabled
,
150 std::string canonicalized_preload
= CanonicalizeHost(state
.domain
);
151 GetDynamicDomainState(host
, &state
);
153 base::Time
current_time(base::Time::Now());
155 for (size_t i
= 0; canonicalized_host
[i
]; i
+= canonicalized_host
[i
] + 1) {
156 std::string
host_sub_chunk(&canonicalized_host
[i
],
157 canonicalized_host
.size() - i
);
158 // Exact match of a preload always wins.
159 if (has_preload
&& host_sub_chunk
== canonicalized_preload
) {
164 DomainStateMap::iterator j
=
165 enabled_hosts_
.find(HashHost(host_sub_chunk
));
166 if (j
== enabled_hosts_
.end())
169 if (current_time
> j
->second
.upgrade_expiry
&&
170 current_time
> j
->second
.dynamic_spki_hashes_expiry
) {
171 enabled_hosts_
.erase(j
);
177 state
.domain
= DNSDomainToString(host_sub_chunk
);
179 // Succeed if we matched the domain exactly or if subdomain matches are
181 if (i
== 0 || j
->second
.sts_include_subdomains
||
182 j
->second
.pkp_include_subdomains
) {
193 void TransportSecurityState::ClearDynamicData() {
194 DCHECK(CalledOnValidThread());
195 enabled_hosts_
.clear();
198 void TransportSecurityState::DeleteAllDynamicDataSince(const base::Time
& time
) {
199 DCHECK(CalledOnValidThread());
201 bool dirtied
= false;
202 DomainStateMap::iterator i
= enabled_hosts_
.begin();
203 while (i
!= enabled_hosts_
.end()) {
204 if (i
->second
.sts_observed
>= time
&& i
->second
.pkp_observed
>= time
) {
206 enabled_hosts_
.erase(i
++);
210 if (i
->second
.sts_observed
>= time
) {
212 i
->second
.upgrade_mode
= DomainState::MODE_DEFAULT
;
213 } else if (i
->second
.pkp_observed
>= time
) {
215 i
->second
.dynamic_spki_hashes
.clear();
224 TransportSecurityState::~TransportSecurityState() {
225 DCHECK(CalledOnValidThread());
228 void TransportSecurityState::DirtyNotify() {
229 DCHECK(CalledOnValidThread());
232 delegate_
->StateIsDirty(this);
236 std::string
TransportSecurityState::CanonicalizeHost(const std::string
& host
) {
237 // We cannot perform the operations as detailed in the spec here as |host|
238 // has already undergone IDN processing before it reached us. Thus, we check
239 // that there are no invalid characters in the host and lowercase the result.
241 std::string new_host
;
242 if (!DNSDomainFromDot(host
, &new_host
)) {
243 // DNSDomainFromDot can fail if any label is > 63 bytes or if the whole
244 // name is >255 bytes. However, search terms can have those properties.
245 return std::string();
248 for (size_t i
= 0; new_host
[i
]; i
+= new_host
[i
] + 1) {
249 const unsigned label_length
= static_cast<unsigned>(new_host
[i
]);
253 for (size_t j
= 0; j
< label_length
; ++j
) {
254 new_host
[i
+ 1 + j
] = tolower(new_host
[i
+ 1 + j
]);
261 // |ReportUMAOnPinFailure| uses these to report which domain was associated
262 // with the public key pinning failure.
264 // DO NOT CHANGE THE ORDERING OF THESE NAMES OR REMOVE ANY OF THEM. Add new
265 // domains at the END of the listing (but before DOMAIN_NUM_EVENTS).
266 enum SecondLevelDomainName
{
271 DOMAIN_GOOGLE_ANALYTICS_COM
,
272 DOMAIN_GOOGLEPLEX_COM
,
274 DOMAIN_GOOGLEUSERCONTENT_COM
,
276 DOMAIN_GOOGLEAPIS_COM
,
277 DOMAIN_GOOGLEADSERVICES_COM
,
278 DOMAIN_GOOGLECODE_COM
,
280 DOMAIN_GOOGLESYNDICATION_COM
,
281 DOMAIN_DOUBLECLICK_NET
,
284 DOMAIN_GOOGLEMAIL_COM
,
285 DOMAIN_GOOGLEGROUPS_COM
,
287 DOMAIN_TORPROJECT_ORG
,
297 DOMAIN_GOOGLECOMMERCE_COM
,
524 DOMAIN_GOOGLETAGMANAGER_COM
,
526 // Boundary value for UMA_HISTOGRAM_ENUMERATION:
530 // PublicKeyPins contains a number of SubjectPublicKeyInfo hashes for a site.
531 // The validated certificate chain for the site must not include any of
532 // |excluded_hashes| and must include one or more of |required_hashes|.
533 struct PublicKeyPins
{
534 const char* const* required_hashes
;
535 const char* const* excluded_hashes
;
540 bool include_subdomains
;
544 SecondLevelDomainName second_level_domain_name
;
547 static bool HasPreload(const struct HSTSPreload
* entries
, size_t num_entries
,
548 const std::string
& canonicalized_host
, size_t i
,
549 TransportSecurityState::DomainState
* out
, bool* ret
) {
550 for (size_t j
= 0; j
< num_entries
; j
++) {
551 if (entries
[j
].length
== canonicalized_host
.size() - i
&&
552 memcmp(entries
[j
].dns_name
, &canonicalized_host
[i
],
553 entries
[j
].length
) == 0) {
554 if (!entries
[j
].include_subdomains
&& i
!= 0) {
557 out
->sts_include_subdomains
= entries
[j
].include_subdomains
;
558 out
->pkp_include_subdomains
= entries
[j
].include_subdomains
;
560 if (!entries
[j
].https_required
)
561 out
->upgrade_mode
= TransportSecurityState::DomainState::MODE_DEFAULT
;
562 if (entries
[j
].pins
.required_hashes
) {
563 const char* const* sha1_hash
= entries
[j
].pins
.required_hashes
;
565 AddHash(*sha1_hash
, &out
->static_spki_hashes
);
569 if (entries
[j
].pins
.excluded_hashes
) {
570 const char* const* sha1_hash
= entries
[j
].pins
.excluded_hashes
;
572 AddHash(*sha1_hash
, &out
->bad_static_spki_hashes
);
583 #include "net/http/transport_security_state_static.h"
585 // Returns the HSTSPreload entry for the |canonicalized_host| in |entries|,
586 // or NULL if there is none. Prefers exact hostname matches to those that
587 // match only because HSTSPreload.include_subdomains is true.
589 // |canonicalized_host| should be the hostname as canonicalized by
591 static const struct HSTSPreload
* GetHSTSPreload(
592 const std::string
& canonicalized_host
,
593 const struct HSTSPreload
* entries
,
594 size_t num_entries
) {
595 for (size_t i
= 0; canonicalized_host
[i
]; i
+= canonicalized_host
[i
] + 1) {
596 for (size_t j
= 0; j
< num_entries
; j
++) {
597 const struct HSTSPreload
* entry
= entries
+ j
;
599 if (i
!= 0 && !entry
->include_subdomains
)
602 if (entry
->length
== canonicalized_host
.size() - i
&&
603 memcmp(entry
->dns_name
, &canonicalized_host
[i
], entry
->length
) == 0) {
612 bool TransportSecurityState::AddHSTSHeader(const std::string
& host
,
613 const std::string
& value
) {
614 DCHECK(CalledOnValidThread());
616 base::Time now
= base::Time::Now();
617 base::TimeDelta max_age
;
618 TransportSecurityState::DomainState domain_state
;
619 GetDynamicDomainState(host
, &domain_state
);
620 if (ParseHSTSHeader(value
, &max_age
, &domain_state
.sts_include_subdomains
)) {
621 // Handle max-age == 0
622 if (max_age
.InSeconds() == 0)
623 domain_state
.upgrade_mode
= DomainState::MODE_DEFAULT
;
625 domain_state
.upgrade_mode
= DomainState::MODE_FORCE_HTTPS
;
626 domain_state
.sts_observed
= now
;
627 domain_state
.upgrade_expiry
= now
+ max_age
;
628 EnableHost(host
, domain_state
);
634 bool TransportSecurityState::AddHPKPHeader(const std::string
& host
,
635 const std::string
& value
,
636 const SSLInfo
& ssl_info
) {
637 DCHECK(CalledOnValidThread());
639 base::Time now
= base::Time::Now();
640 base::TimeDelta max_age
;
641 TransportSecurityState::DomainState domain_state
;
642 GetDynamicDomainState(host
, &domain_state
);
643 if (ParseHPKPHeader(value
, ssl_info
.public_key_hashes
,
644 &max_age
, &domain_state
.pkp_include_subdomains
,
645 &domain_state
.dynamic_spki_hashes
)) {
646 // TODO(palmer): http://crbug.com/243865 handle max-age == 0.
647 domain_state
.pkp_observed
= now
;
648 domain_state
.dynamic_spki_hashes_expiry
= now
+ max_age
;
649 EnableHost(host
, domain_state
);
655 bool TransportSecurityState::AddHSTS(const std::string
& host
,
656 const base::Time
& expiry
,
657 bool include_subdomains
) {
658 DCHECK(CalledOnValidThread());
660 // Copy-and-modify the existing DomainState for this host (if any).
661 TransportSecurityState::DomainState domain_state
;
662 const std::string canonicalized_host
= CanonicalizeHost(host
);
663 const std::string hashed_host
= HashHost(canonicalized_host
);
664 DomainStateMap::const_iterator i
= enabled_hosts_
.find(
666 if (i
!= enabled_hosts_
.end())
667 domain_state
= i
->second
;
669 domain_state
.sts_observed
= base::Time::Now();
670 domain_state
.sts_include_subdomains
= include_subdomains
;
671 domain_state
.upgrade_expiry
= expiry
;
672 domain_state
.upgrade_mode
= DomainState::MODE_FORCE_HTTPS
;
673 EnableHost(host
, domain_state
);
677 bool TransportSecurityState::AddHPKP(const std::string
& host
,
678 const base::Time
& expiry
,
679 bool include_subdomains
,
680 const HashValueVector
& hashes
) {
681 DCHECK(CalledOnValidThread());
683 // Copy-and-modify the existing DomainState for this host (if any).
684 TransportSecurityState::DomainState domain_state
;
685 const std::string canonicalized_host
= CanonicalizeHost(host
);
686 const std::string hashed_host
= HashHost(canonicalized_host
);
687 DomainStateMap::const_iterator i
= enabled_hosts_
.find(
689 if (i
!= enabled_hosts_
.end())
690 domain_state
= i
->second
;
692 domain_state
.pkp_observed
= base::Time::Now();
693 domain_state
.pkp_include_subdomains
= include_subdomains
;
694 domain_state
.dynamic_spki_hashes_expiry
= expiry
;
695 domain_state
.dynamic_spki_hashes
= hashes
;
696 EnableHost(host
, domain_state
);
701 bool TransportSecurityState::IsGooglePinnedProperty(const std::string
& host
,
703 std::string canonicalized_host
= CanonicalizeHost(host
);
704 const struct HSTSPreload
* entry
=
705 GetHSTSPreload(canonicalized_host
, kPreloadedSTS
, kNumPreloadedSTS
);
707 if (entry
&& entry
->pins
.required_hashes
== kGoogleAcceptableCerts
)
711 entry
= GetHSTSPreload(canonicalized_host
, kPreloadedSNISTS
,
712 kNumPreloadedSNISTS
);
713 if (entry
&& entry
->pins
.required_hashes
== kGoogleAcceptableCerts
)
721 bool TransportSecurityState::GetPinsForDebugging(
722 const std::string
& host
,
723 const char* const** out_required_pins
,
724 const char* const** out_excluded_pins
) {
725 const std::string canonicalized_host
= CanonicalizeHost(host
);
726 const struct HSTSPreload
* entry
=
727 GetHSTSPreload(canonicalized_host
, kPreloadedSTS
, kNumPreloadedSTS
);
730 *out_required_pins
= entry
->pins
.required_hashes
;
731 *out_excluded_pins
= entry
->pins
.excluded_hashes
;
736 void TransportSecurityState::ReportUMAOnPinFailure(const std::string
& host
) {
737 std::string canonicalized_host
= CanonicalizeHost(host
);
739 const struct HSTSPreload
* entry
=
740 GetHSTSPreload(canonicalized_host
, kPreloadedSTS
, kNumPreloadedSTS
);
743 entry
= GetHSTSPreload(canonicalized_host
, kPreloadedSNISTS
,
744 kNumPreloadedSNISTS
);
748 // We don't care to report pin failures for dynamic pins.
753 DCHECK(entry
->pins
.required_hashes
);
754 DCHECK(entry
->second_level_domain_name
!= DOMAIN_NOT_PINNED
);
756 UMA_HISTOGRAM_ENUMERATION("Net.PublicKeyPinFailureDomain",
757 entry
->second_level_domain_name
, DOMAIN_NUM_EVENTS
);
761 bool TransportSecurityState::IsBuildTimely() {
762 const base::Time build_time
= base::GetBuildTime();
763 // We consider built-in information to be timely for 10 weeks.
764 return (base::Time::Now() - build_time
).InDays() < 70 /* 10 weeks */;
767 bool TransportSecurityState::GetStaticDomainState(
768 const std::string
& canonicalized_host
,
771 DCHECK(CalledOnValidThread());
773 out
->upgrade_mode
= DomainState::MODE_FORCE_HTTPS
;
774 out
->sts_include_subdomains
= false;
775 out
->pkp_include_subdomains
= false;
777 const bool is_build_timely
= IsBuildTimely();
779 for (size_t i
= 0; canonicalized_host
[i
]; i
+= canonicalized_host
[i
] + 1) {
780 std::string
host_sub_chunk(&canonicalized_host
[i
],
781 canonicalized_host
.size() - i
);
782 out
->domain
= DNSDomainToString(host_sub_chunk
);
784 if (is_build_timely
&&
785 HasPreload(kPreloadedSTS
, kNumPreloadedSTS
, canonicalized_host
, i
, out
,
791 HasPreload(kPreloadedSNISTS
, kNumPreloadedSNISTS
, canonicalized_host
, i
,
800 bool TransportSecurityState::GetDynamicDomainState(const std::string
& host
,
801 DomainState
* result
) {
802 DCHECK(CalledOnValidThread());
805 const std::string canonicalized_host
= CanonicalizeHost(host
);
806 if (canonicalized_host
.empty())
809 base::Time
current_time(base::Time::Now());
811 for (size_t i
= 0; canonicalized_host
[i
]; i
+= canonicalized_host
[i
] + 1) {
812 std::string
host_sub_chunk(&canonicalized_host
[i
],
813 canonicalized_host
.size() - i
);
814 DomainStateMap::iterator j
=
815 enabled_hosts_
.find(HashHost(host_sub_chunk
));
816 if (j
== enabled_hosts_
.end())
819 if (current_time
> j
->second
.upgrade_expiry
&&
820 current_time
> j
->second
.dynamic_spki_hashes_expiry
) {
821 enabled_hosts_
.erase(j
);
827 state
.domain
= DNSDomainToString(host_sub_chunk
);
829 // Succeed if we matched the domain exactly or if subdomain matches are
831 if (i
== 0 || j
->second
.sts_include_subdomains
||
832 j
->second
.pkp_include_subdomains
) {
844 void TransportSecurityState::AddOrUpdateEnabledHosts(
845 const std::string
& hashed_host
, const DomainState
& state
) {
846 DCHECK(CalledOnValidThread());
847 enabled_hosts_
[hashed_host
] = state
;
850 TransportSecurityState::DomainState::DomainState()
851 : upgrade_mode(MODE_DEFAULT
),
852 sts_include_subdomains(false),
853 pkp_include_subdomains(false) {
854 base::Time
now(base::Time::Now());
859 TransportSecurityState::DomainState::~DomainState() {
862 bool TransportSecurityState::DomainState::CheckPublicKeyPins(
863 const HashValueVector
& hashes
) const {
864 // Validate that hashes is not empty. By the time this code is called (in
865 // production), that should never happen, but it's good to be defensive.
866 // And, hashes *can* be empty in some test scenarios.
867 if (hashes
.empty()) {
868 LOG(ERROR
) << "Rejecting empty public key chain for public-key-pinned "
873 if (HashesIntersect(bad_static_spki_hashes
, hashes
)) {
874 LOG(ERROR
) << "Rejecting public key chain for domain " << domain
875 << ". Validated chain: " << HashesToBase64String(hashes
)
876 << ", matches one or more bad hashes: "
877 << HashesToBase64String(bad_static_spki_hashes
);
881 // If there are no pins, then any valid chain is acceptable.
882 if (dynamic_spki_hashes
.empty() && static_spki_hashes
.empty())
885 if (HashesIntersect(dynamic_spki_hashes
, hashes
) ||
886 HashesIntersect(static_spki_hashes
, hashes
)) {
890 LOG(ERROR
) << "Rejecting public key chain for domain " << domain
891 << ". Validated chain: " << HashesToBase64String(hashes
)
892 << ", expected: " << HashesToBase64String(dynamic_spki_hashes
)
893 << " or: " << HashesToBase64String(static_spki_hashes
);
897 bool TransportSecurityState::DomainState::ShouldUpgradeToSSL() const {
898 return upgrade_mode
== MODE_FORCE_HTTPS
;
901 bool TransportSecurityState::DomainState::ShouldSSLErrorsBeFatal() const {
905 bool TransportSecurityState::DomainState::HasPublicKeyPins() const {
906 return static_spki_hashes
.size() > 0 ||
907 bad_static_spki_hashes
.size() > 0 ||
908 dynamic_spki_hashes
.size() > 0;