| blob | 8d0c1465307f8adb5da5eb61907e2a0b8b2d9da6 |
1 // Copyright (c) 2012 The Chromium Authors. All rights reserved.
2 // Use of this source code is governed by a BSD-style license that can be
3 // found in the LICENSE file.
19 // MaxAgeToInt converts a string representation of a "whole number" of
20 // seconds into a uint32. The string may contain an arbitrarily large number,
21 // which will be clipped to kMaxHSTSAgeSecs and which is guaranteed to fit
22 // within a 32-bit unsigned integer. False is returned on any parse error.
29 // Return false on any StringToInt64 parse errors *except* for
30 // int64 overflow. StringToInt64 is used, rather than StringToUint64,
31 // in order to properly handle and reject negative numbers
32 // (StringToUint64 does not return false on negative numbers).
33 // For values too large to be stored in an int64, StringToInt64 will
34 // return false with i set to kint64max, so this case is detected
35 // by the immediately following if-statement and allowed to fall
36 // through so that i gets clipped to kMaxHSTSAgeSecs.
45 }
47 // Returns true iff there is an item in |pins| which is not present in
48 // |from_cert_chain|. Such an SPKI hash is called a "backup pin".
58 }
61 }
63 // Returns true if the intersection of |a| and |b| is not empty. If either
64 // |a| or |b| is empty, returns false.
72 }
74 }
76 // Returns true iff |pins| contains both a live and a backup pin. A live pin
77 // is a pin whose SPKI is present in the certificate chain in |ssl_info|. A
78 // backup pin is a pin intended for disaster recovery, not day-to-day use, and
79 // thus must be absent from the certificate chain. The Public-Key-Pins header
80 // specification requires both.
83 // Fast fail: 1 live + 1 backup = at least 2 pins. (Check for actual
84 // liveness and backupness below.)
93 }
103 }
108 StringPair pair;
116 }
119 HashValueTag tag,
137 }
141 // Parse the Strict-Transport-Security header, as currently defined in
142 // http://tools.ietf.org/html/draft-ietf-websec-strict-transport-sec-14:
143 //
144 // Strict-Transport-Security = "Strict-Transport-Security" ":"
145 // [ directive ] *( ";" [ directive ] )
146 //
147 // directive = directive-name [ "=" directive-value ]
148 // directive-name = token
149 // directive-value = token | quoted-string
150 //
151 // 1. The order of appearance of directives is not significant.
152 //
153 // 2. All directives MUST appear only once in an STS header field.
154 // Directives are either optional or required, as stipulated in
155 // their definitions.
156 //
157 // 3. Directive names are case-insensitive.
158 //
159 // 4. UAs MUST ignore any STS header fields containing directives, or
160 // other header field value data, that does not conform to the
161 // syntax defined in this specification.
162 //
163 // 5. If an STS header field contains directive(s) not recognized by
164 // the UA, the UA MUST ignore the unrecognized directives and if the
165 // STS header field otherwise satisfies the above requirements (1
166 // through 4), the UA MUST process the recognized directives.
173 // We must see max-age exactly once.
175 // We must see includeSubdomains exactly 0 or 1 times.
179 START,
180 AFTER_MAX_AGE_LABEL,
181 AFTER_MAX_AGE_EQUALS,
182 AFTER_MAX_AGE,
183 AFTER_INCLUDE_SUBDOMAINS,
184 AFTER_UNKNOWN_LABEL,
185 DIRECTIVE_END
201 max_age_observed++;
205 include_subdomains_observed++;
209 }
236 else
241 // Consume and ignore the post-label contents (if any).
246 }
247 }
249 // We've consumed all the input. Let's see what state we ended up in.
253 }
270 }
271 }
273 // "Public-Key-Pins" ":"
274 // "max-age" "=" delta-seconds ";"
275 // "pin-" algo "=" base64 [ ";" ... ]
284 HashValueVector pins;
301 }
312 // Silently ignore unknown directives for forward compatibility.
313 }
316 }
335 }
336 }
340 }
343 }