| blob | d95e5878d7c4ce10e2e393d875fb254257d5b6de |
1 // Copyright (c) 2012 The Chromium Authors. All rights reserved.
2 // Use of this source code is governed by a BSD-style license that can be
3 // found in the LICENSE file.
19 // MaxAgeToInt converts a string representation of a "whole number" of
20 // seconds into a uint32. The string may contain an arbitrarily large number,
21 // which will be clipped to kMaxHSTSAgeSecs and which is guaranteed to fit
22 // within a 32-bit unsigned integer. False is returned on any parse error.
29 // Return false on any StringToInt64 parse errors *except* for
30 // int64 overflow. StringToInt64 is used, rather than StringToUint64,
31 // in order to properly handle and reject negative numbers
32 // (StringToUint64 does not return false on negative numbers).
33 // For values too large to be stored in an int64, StringToInt64 will
34 // return false with i set to kint64max, so this case is detected
35 // by the immediately following if-statement and allowed to fall
36 // through so that i gets clipped to kMaxHSTSAgeSecs.
45 }
47 // Returns true iff there is an item in |pins| which is not present in
48 // |from_cert_chain|. Such an SPKI hash is called a "backup pin".
58 }
61 }
63 // Returns true if the intersection of |a| and |b| is not empty. If either
64 // |a| or |b| is empty, returns false.
72 }
74 }
76 // Returns true iff |pins| contains both a live and a backup pin. A live pin
77 // is a pin whose SPKI is present in the certificate chain in |ssl_info|. A
78 // backup pin is a pin intended for disaster recovery, not day-to-day use, and
79 // thus must be absent from the certificate chain. The Public-Key-Pins header
80 // specification requires both.
83 // Fast fail: 1 live + 1 backup = at least 2 pins. (Check for actual
84 // liveness and backupness below.)
93 }
103 }
108 StringPair pair;
116 }
119 HashValueTag tag,
121 // Pins are always quoted.
140 }
144 // Parse the Strict-Transport-Security header, as currently defined in
145 // http://tools.ietf.org/html/draft-ietf-websec-strict-transport-sec-14:
146 //
147 // Strict-Transport-Security = "Strict-Transport-Security" ":"
148 // [ directive ] *( ";" [ directive ] )
149 //
150 // directive = directive-name [ "=" directive-value ]
151 // directive-name = token
152 // directive-value = token | quoted-string
153 //
154 // 1. The order of appearance of directives is not significant.
155 //
156 // 2. All directives MUST appear only once in an STS header field.
157 // Directives are either optional or required, as stipulated in
158 // their definitions.
159 //
160 // 3. Directive names are case-insensitive.
161 //
162 // 4. UAs MUST ignore any STS header fields containing directives, or
163 // other header field value data, that does not conform to the
164 // syntax defined in this specification.
165 //
166 // 5. If an STS header field contains directive(s) not recognized by
167 // the UA, the UA MUST ignore the unrecognized directives and if the
168 // STS header field otherwise satisfies the above requirements (1
169 // through 4), the UA MUST process the recognized directives.
176 // We must see max-age exactly once.
178 // We must see includeSubdomains exactly 0 or 1 times.
182 START,
183 AFTER_MAX_AGE_LABEL,
184 AFTER_MAX_AGE_EQUALS,
185 AFTER_MAX_AGE,
186 AFTER_INCLUDE_SUBDOMAINS,
187 AFTER_UNKNOWN_LABEL,
188 DIRECTIVE_END
204 max_age_observed++;
208 include_subdomains_observed++;
212 }
239 else
244 // Consume and ignore the post-label contents (if any).
249 }
250 }
252 // We've consumed all the input. Let's see what state we ended up in.
256 }
273 }
274 }
276 // "Public-Key-Pins" ":"
277 // "max-age" "=" delta-seconds ";"
278 // "pin-" algo "=" base64 [ ";" ... ]
287 HashValueVector pins;
304 }
315 // Silently ignore unknown directives for forward compatibility.
316 }
319 }
332 }