search:
summary | log | graphiclog1 | graphiclog2 | commit | commitdiff | tree | refs | edit | fork
blame | history | raw | HEAD
Extract protobuf database into a new 'leveldb_proto' component
[chromium-blink-merge.git] / net / http / transport_security_persister.cc
blob7310b590f7e2d100b10a7678731f733ed1315e6c
1 // Copyright (c) 2012 The Chromium Authors. All rights reserved.
2 // Use of this source code is governed by a BSD-style license that can be
3 // found in the LICENSE file.
4
5 #include "net/http/transport_security_persister.h"
6
7 #include "base/base64.h"
8 #include "base/bind.h"
9 #include "base/file_util.h"
10 #include "base/files/file_path.h"
11 #include "base/json/json_reader.h"
12 #include "base/json/json_writer.h"
13 #include "base/message_loop/message_loop.h"
14 #include "base/message_loop/message_loop_proxy.h"
15 #include "base/sequenced_task_runner.h"
16 #include "base/task_runner_util.h"
17 #include "base/values.h"
18 #include "crypto/sha2.h"
19 #include "net/cert/x509_certificate.h"
20 #include "net/http/transport_security_state.h"
21
22 using net::HashValue;
23 using net::HashValueTag;
24 using net::HashValueVector;
25 using net::TransportSecurityState;
26
27 namespace {
28
29 base::ListValue* SPKIHashesToListValue(const HashValueVector& hashes) {
30 base::ListValue* pins = new base::ListValue;
31 for (size_t i = 0; i != hashes.size(); i++)
32 pins->Append(new base::StringValue(hashes[i].ToString()));
33 return pins;
34 }
35
36 void SPKIHashesFromListValue(const base::ListValue& pins,
37 HashValueVector* hashes) {
38 size_t num_pins = pins.GetSize();
39 for (size_t i = 0; i < num_pins; ++i) {
40 std::string type_and_base64;
41 HashValue fingerprint;
42 if (pins.GetString(i, &type_and_base64) &&
43 fingerprint.FromString(type_and_base64)) {
44 hashes->push_back(fingerprint);
45 }
46 }
47 }
48
49 // This function converts the binary hashes to a base64 string which we can
50 // include in a JSON file.
51 std::string HashedDomainToExternalString(const std::string& hashed) {
52 std::string out;
53 base::Base64Encode(hashed, &out);
54 return out;
55 }
56
57 // This inverts |HashedDomainToExternalString|, above. It turns an external
58 // string (from a JSON file) into an internal (binary) string.
59 std::string ExternalStringToHashedDomain(const std::string& external) {
60 std::string out;
61 if (!base::Base64Decode(external, &out) ||
62 out.size() != crypto::kSHA256Length) {
63 return std::string();
64 }
65
66 return out;
67 }
68
69 const char kIncludeSubdomains[] = "include_subdomains";
70 const char kStsIncludeSubdomains[] = "sts_include_subdomains";
71 const char kPkpIncludeSubdomains[] = "pkp_include_subdomains";
72 const char kMode[] = "mode";
73 const char kExpiry[] = "expiry";
74 const char kDynamicSPKIHashesExpiry[] = "dynamic_spki_hashes_expiry";
75 const char kDynamicSPKIHashes[] = "dynamic_spki_hashes";
76 const char kForceHTTPS[] = "force-https";
77 const char kStrict[] = "strict";
78 const char kDefault[] = "default";
79 const char kPinningOnly[] = "pinning-only";
80 const char kCreated[] = "created";
81 const char kStsObserved[] = "sts_observed";
82 const char kPkpObserved[] = "pkp_observed";
83
84 std::string LoadState(const base::FilePath& path) {
85 std::string result;
86 if (!base::ReadFileToString(path, &result)) {
87 return "";
88 }
89 return result;
90 }
91
92 } // namespace
93
94
95 namespace net {
96
97 TransportSecurityPersister::TransportSecurityPersister(
98 TransportSecurityState* state,
99 const base::FilePath& profile_path,
100 base::SequencedTaskRunner* background_runner,
101 bool readonly)
102 : transport_security_state_(state),
103 writer_(profile_path.AppendASCII("TransportSecurity"), background_runner),
104 foreground_runner_(base::MessageLoop::current()->message_loop_proxy()),
105 background_runner_(background_runner),
106 readonly_(readonly),
107 weak_ptr_factory_(this) {
108 transport_security_state_->SetDelegate(this);
109
110 base::PostTaskAndReplyWithResult(
111 background_runner_,
112 FROM_HERE,
113 base::Bind(&::LoadState, writer_.path()),
114 base::Bind(&TransportSecurityPersister::CompleteLoad,
115 weak_ptr_factory_.GetWeakPtr()));
116 }
117
118 TransportSecurityPersister::~TransportSecurityPersister() {
119 DCHECK(foreground_runner_->RunsTasksOnCurrentThread());
120
121 if (writer_.HasPendingWrite())
122 writer_.DoScheduledWrite();
123
124 transport_security_state_->SetDelegate(NULL);
125 }
126
127 void TransportSecurityPersister::StateIsDirty(
128 TransportSecurityState* state) {
129 DCHECK(foreground_runner_->RunsTasksOnCurrentThread());
130 DCHECK_EQ(transport_security_state_, state);
131
132 if (!readonly_)
133 writer_.ScheduleWrite(this);
134 }
135
136 bool TransportSecurityPersister::SerializeData(std::string* output) {
137 DCHECK(foreground_runner_->RunsTasksOnCurrentThread());
138
139 base::DictionaryValue toplevel;
140 base::Time now = base::Time::Now();
141 TransportSecurityState::Iterator state(*transport_security_state_);
142 for (; state.HasNext(); state.Advance()) {
143 const std::string& hostname = state.hostname();
144 const TransportSecurityState::DomainState& domain_state =
145 state.domain_state();
146
147 base::DictionaryValue* serialized = new base::DictionaryValue;
148 serialized->SetBoolean(kStsIncludeSubdomains,
149 domain_state.sts.include_subdomains);
150 serialized->SetBoolean(kPkpIncludeSubdomains,
151 domain_state.pkp.include_subdomains);
152 serialized->SetDouble(kStsObserved,
153 domain_state.sts.last_observed.ToDoubleT());
154 serialized->SetDouble(kPkpObserved,
155 domain_state.pkp.last_observed.ToDoubleT());
156 serialized->SetDouble(kExpiry, domain_state.sts.expiry.ToDoubleT());
157 serialized->SetDouble(kDynamicSPKIHashesExpiry,
158 domain_state.pkp.expiry.ToDoubleT());
159
160 switch (domain_state.sts.upgrade_mode) {
161 case TransportSecurityState::DomainState::MODE_FORCE_HTTPS:
162 serialized->SetString(kMode, kForceHTTPS);
163 break;
164 case TransportSecurityState::DomainState::MODE_DEFAULT:
165 serialized->SetString(kMode, kDefault);
166 break;
167 default:
168 NOTREACHED() << "DomainState with unknown mode";
169 delete serialized;
170 continue;
171 }
172
173 if (now < domain_state.pkp.expiry) {
174 serialized->Set(kDynamicSPKIHashes,
175 SPKIHashesToListValue(domain_state.pkp.spki_hashes));
176 }
177
178 toplevel.Set(HashedDomainToExternalString(hostname), serialized);
179 }
180
181 base::JSONWriter::WriteWithOptions(&toplevel,
182 base::JSONWriter::OPTIONS_PRETTY_PRINT,
183 output);
184 return true;
185 }
186
187 bool TransportSecurityPersister::LoadEntries(const std::string& serialized,
188 bool* dirty) {
189 DCHECK(foreground_runner_->RunsTasksOnCurrentThread());
190
191 transport_security_state_->ClearDynamicData();
192 return Deserialize(serialized, dirty, transport_security_state_);
193 }
194
195 // static
196 bool TransportSecurityPersister::Deserialize(const std::string& serialized,
197 bool* dirty,
198 TransportSecurityState* state) {
199 scoped_ptr<base::Value> value(base::JSONReader::Read(serialized));
200 base::DictionaryValue* dict_value = NULL;
201 if (!value.get() || !value->GetAsDictionary(&dict_value))
202 return false;
203
204 const base::Time current_time(base::Time::Now());
205 bool dirtied = false;
206
207 for (base::DictionaryValue::Iterator i(*dict_value);
208 !i.IsAtEnd(); i.Advance()) {
209 const base::DictionaryValue* parsed = NULL;
210 if (!i.value().GetAsDictionary(&parsed)) {
211 LOG(WARNING) << "Could not parse entry " << i.key() << "; skipping entry";
212 continue;
213 }
214
215 std::string mode_string;
216 double expiry;
217 double dynamic_spki_hashes_expiry = 0.0;
218 TransportSecurityState::DomainState domain_state;
219
220 // kIncludeSubdomains is a legacy synonym for kStsIncludeSubdomains and
221 // kPkpIncludeSubdomains. Parse at least one of these properties,
222 // preferably the new ones.
223 bool include_subdomains = false;
224 bool parsed_include_subdomains = parsed->GetBoolean(kIncludeSubdomains,
225 &include_subdomains);
226 domain_state.sts.include_subdomains = include_subdomains;
227 domain_state.pkp.include_subdomains = include_subdomains;
228 if (parsed->GetBoolean(kStsIncludeSubdomains, &include_subdomains)) {
229 domain_state.sts.include_subdomains = include_subdomains;
230 parsed_include_subdomains = true;
231 }
232 if (parsed->GetBoolean(kPkpIncludeSubdomains, &include_subdomains)) {
233 domain_state.pkp.include_subdomains = include_subdomains;
234 parsed_include_subdomains = true;
235 }
236
237 if (!parsed_include_subdomains ||
238 !parsed->GetString(kMode, &mode_string) ||
239 !parsed->GetDouble(kExpiry, &expiry)) {
240 LOG(WARNING) << "Could not parse some elements of entry " << i.key()
241 << "; skipping entry";
242 continue;
243 }
244
245 // Don't fail if this key is not present.
246 parsed->GetDouble(kDynamicSPKIHashesExpiry,
247 &dynamic_spki_hashes_expiry);
248
249 const base::ListValue* pins_list = NULL;
250 if (parsed->GetList(kDynamicSPKIHashes, &pins_list)) {
251 SPKIHashesFromListValue(*pins_list, &domain_state.pkp.spki_hashes);
252 }
253
254 if (mode_string == kForceHTTPS || mode_string == kStrict) {
255 domain_state.sts.upgrade_mode =
256 TransportSecurityState::DomainState::MODE_FORCE_HTTPS;
257 } else if (mode_string == kDefault || mode_string == kPinningOnly) {
258 domain_state.sts.upgrade_mode =
259 TransportSecurityState::DomainState::MODE_DEFAULT;
260 } else {
261 LOG(WARNING) << "Unknown TransportSecurityState mode string "
262 << mode_string << " found for entry " << i.key()
263 << "; skipping entry";
264 continue;
265 }
266
267 domain_state.sts.expiry = base::Time::FromDoubleT(expiry);
268 domain_state.pkp.expiry =
269 base::Time::FromDoubleT(dynamic_spki_hashes_expiry);
270
271 double sts_observed;
272 double pkp_observed;
273 if (parsed->GetDouble(kStsObserved, &sts_observed)) {
274 domain_state.sts.last_observed = base::Time::FromDoubleT(sts_observed);
275 } else if (parsed->GetDouble(kCreated, &sts_observed)) {
276 // kCreated is a legacy synonym for both kStsObserved and kPkpObserved.
277 domain_state.sts.last_observed = base::Time::FromDoubleT(sts_observed);
278 } else {
279 // We're migrating an old entry with no observation date. Make sure we
280 // write the new date back in a reasonable time frame.
281 dirtied = true;
282 domain_state.sts.last_observed = base::Time::Now();
283 }
284 if (parsed->GetDouble(kPkpObserved, &pkp_observed)) {
285 domain_state.pkp.last_observed = base::Time::FromDoubleT(pkp_observed);
286 } else if (parsed->GetDouble(kCreated, &pkp_observed)) {
287 domain_state.pkp.last_observed = base::Time::FromDoubleT(pkp_observed);
288 } else {
289 dirtied = true;
290 domain_state.pkp.last_observed = base::Time::Now();
291 }
292
293 if (domain_state.sts.expiry <= current_time &&
294 domain_state.pkp.expiry <= current_time) {
295 // Make sure we dirty the state if we drop an entry.
296 dirtied = true;
297 continue;
298 }
299
300 std::string hashed = ExternalStringToHashedDomain(i.key());
301 if (hashed.empty()) {
302 dirtied = true;
303 continue;
304 }
305
306 state->AddOrUpdateEnabledHosts(hashed, domain_state);
307 }
308
309 *dirty = dirtied;
310 return true;
311 }
312
313 void TransportSecurityPersister::CompleteLoad(const std::string& state) {
314 DCHECK(foreground_runner_->RunsTasksOnCurrentThread());
315
316 if (state.empty())
317 return;
318
319 bool dirty = false;
320 if (!LoadEntries(state, &dirty)) {
321 LOG(ERROR) << "Failed to deserialize state: " << state;
322 return;
323 }
324 if (dirty)
325 StateIsDirty(transport_security_state_);
326 }
327
328 } // namespace net