search:
summary | log | graphiclog1 | graphiclog2 | commit | commitdiff | tree | refs | edit | fork
blame | history | raw | HEAD
Make USB permissions work in the new permission message system
[chromium-blink-merge.git] / net / http / transport_security_persister.cc
blob9dd5455a4535957498fc20d3ed230f1a4286d5a2
1 // Copyright (c) 2012 The Chromium Authors. All rights reserved.
2 // Use of this source code is governed by a BSD-style license that can be
3 // found in the LICENSE file.
4
5 #include "net/http/transport_security_persister.h"
6
7 #include "base/base64.h"
8 #include "base/bind.h"
9 #include "base/files/file_path.h"
10 #include "base/files/file_util.h"
11 #include "base/json/json_reader.h"
12 #include "base/json/json_writer.h"
13 #include "base/location.h"
14 #include "base/sequenced_task_runner.h"
15 #include "base/task_runner_util.h"
16 #include "base/thread_task_runner_handle.h"
17 #include "base/values.h"
18 #include "crypto/sha2.h"
19 #include "net/cert/x509_certificate.h"
20 #include "net/http/transport_security_state.h"
21
22 namespace net {
23
24 namespace {
25
26 base::ListValue* SPKIHashesToListValue(const HashValueVector& hashes) {
27 base::ListValue* pins = new base::ListValue;
28 for (size_t i = 0; i != hashes.size(); i++)
29 pins->Append(new base::StringValue(hashes[i].ToString()));
30 return pins;
31 }
32
33 void SPKIHashesFromListValue(const base::ListValue& pins,
34 HashValueVector* hashes) {
35 size_t num_pins = pins.GetSize();
36 for (size_t i = 0; i < num_pins; ++i) {
37 std::string type_and_base64;
38 HashValue fingerprint;
39 if (pins.GetString(i, &type_and_base64) &&
40 fingerprint.FromString(type_and_base64)) {
41 hashes->push_back(fingerprint);
42 }
43 }
44 }
45
46 // This function converts the binary hashes to a base64 string which we can
47 // include in a JSON file.
48 std::string HashedDomainToExternalString(const std::string& hashed) {
49 std::string out;
50 base::Base64Encode(hashed, &out);
51 return out;
52 }
53
54 // This inverts |HashedDomainToExternalString|, above. It turns an external
55 // string (from a JSON file) into an internal (binary) string.
56 std::string ExternalStringToHashedDomain(const std::string& external) {
57 std::string out;
58 if (!base::Base64Decode(external, &out) ||
59 out.size() != crypto::kSHA256Length) {
60 return std::string();
61 }
62
63 return out;
64 }
65
66 const char kIncludeSubdomains[] = "include_subdomains";
67 const char kStsIncludeSubdomains[] = "sts_include_subdomains";
68 const char kPkpIncludeSubdomains[] = "pkp_include_subdomains";
69 const char kMode[] = "mode";
70 const char kExpiry[] = "expiry";
71 const char kDynamicSPKIHashesExpiry[] = "dynamic_spki_hashes_expiry";
72 const char kDynamicSPKIHashes[] = "dynamic_spki_hashes";
73 const char kForceHTTPS[] = "force-https";
74 const char kStrict[] = "strict";
75 const char kDefault[] = "default";
76 const char kPinningOnly[] = "pinning-only";
77 const char kCreated[] = "created";
78 const char kStsObserved[] = "sts_observed";
79 const char kPkpObserved[] = "pkp_observed";
80 const char kReportUri[] = "report-uri";
81
82 std::string LoadState(const base::FilePath& path) {
83 std::string result;
84 if (!base::ReadFileToString(path, &result)) {
85 return "";
86 }
87 return result;
88 }
89
90 } // namespace
91
92 TransportSecurityPersister::TransportSecurityPersister(
93 TransportSecurityState* state,
94 const base::FilePath& profile_path,
95 const scoped_refptr<base::SequencedTaskRunner>& background_runner,
96 bool readonly)
97 : transport_security_state_(state),
98 writer_(profile_path.AppendASCII("TransportSecurity"), background_runner),
99 foreground_runner_(base::ThreadTaskRunnerHandle::Get()),
100 background_runner_(background_runner),
101 readonly_(readonly),
102 weak_ptr_factory_(this) {
103 transport_security_state_->SetDelegate(this);
104
105 base::PostTaskAndReplyWithResult(
106 background_runner_.get(), FROM_HERE,
107 base::Bind(&LoadState, writer_.path()),
108 base::Bind(&TransportSecurityPersister::CompleteLoad,
109 weak_ptr_factory_.GetWeakPtr()));
110 }
111
112 TransportSecurityPersister::~TransportSecurityPersister() {
113 DCHECK(foreground_runner_->RunsTasksOnCurrentThread());
114
115 if (writer_.HasPendingWrite())
116 writer_.DoScheduledWrite();
117
118 transport_security_state_->SetDelegate(NULL);
119 }
120
121 void TransportSecurityPersister::StateIsDirty(
122 TransportSecurityState* state) {
123 DCHECK(foreground_runner_->RunsTasksOnCurrentThread());
124 DCHECK_EQ(transport_security_state_, state);
125
126 if (!readonly_)
127 writer_.ScheduleWrite(this);
128 }
129
130 bool TransportSecurityPersister::SerializeData(std::string* output) {
131 DCHECK(foreground_runner_->RunsTasksOnCurrentThread());
132
133 base::DictionaryValue toplevel;
134 base::Time now = base::Time::Now();
135
136 // TODO(davidben): Fix the serialization format by splitting the on-disk
137 // representation of the STS and PKP states. https://crbug.com/470295.
138 TransportSecurityState::STSStateIterator sts_iterator(
139 *transport_security_state_);
140 for (; sts_iterator.HasNext(); sts_iterator.Advance()) {
141 const std::string& hostname = sts_iterator.hostname();
142 const TransportSecurityState::STSState& sts_state =
143 sts_iterator.domain_state();
144
145 const std::string key = HashedDomainToExternalString(hostname);
146 scoped_ptr<base::DictionaryValue> serialized(new base::DictionaryValue);
147 PopulateEntryWithDefaults(serialized.get());
148
149 serialized->SetBoolean(kStsIncludeSubdomains, sts_state.include_subdomains);
150 serialized->SetDouble(kStsObserved, sts_state.last_observed.ToDoubleT());
151 serialized->SetDouble(kExpiry, sts_state.expiry.ToDoubleT());
152
153 switch (sts_state.upgrade_mode) {
154 case TransportSecurityState::STSState::MODE_FORCE_HTTPS:
155 serialized->SetString(kMode, kForceHTTPS);
156 break;
157 case TransportSecurityState::STSState::MODE_DEFAULT:
158 serialized->SetString(kMode, kDefault);
159 break;
160 default:
161 NOTREACHED() << "STSState with unknown mode";
162 continue;
163 }
164
165 toplevel.Set(key, serialized.Pass());
166 }
167
168 TransportSecurityState::PKPStateIterator pkp_iterator(
169 *transport_security_state_);
170 for (; pkp_iterator.HasNext(); pkp_iterator.Advance()) {
171 const std::string& hostname = pkp_iterator.hostname();
172 const TransportSecurityState::PKPState& pkp_state =
173 pkp_iterator.domain_state();
174
175 // See if the current |hostname| already has STS state and, if so, update
176 // that entry.
177 const std::string key = HashedDomainToExternalString(hostname);
178 base::DictionaryValue* serialized = nullptr;
179 if (!toplevel.GetDictionary(key, &serialized)) {
180 scoped_ptr<base::DictionaryValue> serialized_scoped(
181 new base::DictionaryValue);
182 serialized = serialized_scoped.get();
183 PopulateEntryWithDefaults(serialized);
184 toplevel.Set(key, serialized_scoped.Pass());
185 }
186
187 serialized->SetBoolean(kPkpIncludeSubdomains, pkp_state.include_subdomains);
188 serialized->SetDouble(kPkpObserved, pkp_state.last_observed.ToDoubleT());
189 serialized->SetDouble(kDynamicSPKIHashesExpiry,
190 pkp_state.expiry.ToDoubleT());
191
192 if (now < pkp_state.expiry) {
193 serialized->Set(kDynamicSPKIHashes,
194 SPKIHashesToListValue(pkp_state.spki_hashes));
195 }
196
197 serialized->SetString(kReportUri, pkp_state.report_uri.spec());
198 }
199
200 base::JSONWriter::WriteWithOptions(
201 toplevel, base::JSONWriter::OPTIONS_PRETTY_PRINT, output);
202 return true;
203 }
204
205 bool TransportSecurityPersister::LoadEntries(const std::string& serialized,
206 bool* dirty) {
207 DCHECK(foreground_runner_->RunsTasksOnCurrentThread());
208
209 transport_security_state_->ClearDynamicData();
210 return Deserialize(serialized, dirty, transport_security_state_);
211 }
212
213 // static
214 bool TransportSecurityPersister::Deserialize(const std::string& serialized,
215 bool* dirty,
216 TransportSecurityState* state) {
217 scoped_ptr<base::Value> value = base::JSONReader::Read(serialized);
218 base::DictionaryValue* dict_value = NULL;
219 if (!value.get() || !value->GetAsDictionary(&dict_value))
220 return false;
221
222 const base::Time current_time(base::Time::Now());
223 bool dirtied = false;
224
225 for (base::DictionaryValue::Iterator i(*dict_value);
226 !i.IsAtEnd(); i.Advance()) {
227 const base::DictionaryValue* parsed = NULL;
228 if (!i.value().GetAsDictionary(&parsed)) {
229 LOG(WARNING) << "Could not parse entry " << i.key() << "; skipping entry";
230 continue;
231 }
232
233 TransportSecurityState::STSState sts_state;
234 TransportSecurityState::PKPState pkp_state;
235
236 // kIncludeSubdomains is a legacy synonym for kStsIncludeSubdomains and
237 // kPkpIncludeSubdomains. Parse at least one of these properties,
238 // preferably the new ones.
239 bool include_subdomains = false;
240 bool parsed_include_subdomains = parsed->GetBoolean(kIncludeSubdomains,
241 &include_subdomains);
242 sts_state.include_subdomains = include_subdomains;
243 pkp_state.include_subdomains = include_subdomains;
244 if (parsed->GetBoolean(kStsIncludeSubdomains, &include_subdomains)) {
245 sts_state.include_subdomains = include_subdomains;
246 parsed_include_subdomains = true;
247 }
248 if (parsed->GetBoolean(kPkpIncludeSubdomains, &include_subdomains)) {
249 pkp_state.include_subdomains = include_subdomains;
250 parsed_include_subdomains = true;
251 }
252
253 std::string mode_string;
254 double expiry = 0;
255 if (!parsed_include_subdomains ||
256 !parsed->GetString(kMode, &mode_string) ||
257 !parsed->GetDouble(kExpiry, &expiry)) {
258 LOG(WARNING) << "Could not parse some elements of entry " << i.key()
259 << "; skipping entry";
260 continue;
261 }
262
263 // Don't fail if this key is not present.
264 double dynamic_spki_hashes_expiry = 0;
265 parsed->GetDouble(kDynamicSPKIHashesExpiry,
266 &dynamic_spki_hashes_expiry);
267
268 const base::ListValue* pins_list = NULL;
269 if (parsed->GetList(kDynamicSPKIHashes, &pins_list)) {
270 SPKIHashesFromListValue(*pins_list, &pkp_state.spki_hashes);
271 }
272
273 if (mode_string == kForceHTTPS || mode_string == kStrict) {
274 sts_state.upgrade_mode =
275 TransportSecurityState::STSState::MODE_FORCE_HTTPS;
276 } else if (mode_string == kDefault || mode_string == kPinningOnly) {
277 sts_state.upgrade_mode = TransportSecurityState::STSState::MODE_DEFAULT;
278 } else {
279 LOG(WARNING) << "Unknown TransportSecurityState mode string "
280 << mode_string << " found for entry " << i.key()
281 << "; skipping entry";
282 continue;
283 }
284
285 sts_state.expiry = base::Time::FromDoubleT(expiry);
286 pkp_state.expiry = base::Time::FromDoubleT(dynamic_spki_hashes_expiry);
287
288 // Don't fail if this key is not present.
289 std::string report_uri_str;
290 parsed->GetString(kReportUri, &report_uri_str);
291 GURL report_uri(report_uri_str);
292 if (report_uri.is_valid())
293 pkp_state.report_uri = report_uri;
294
295 double sts_observed;
296 double pkp_observed;
297 if (parsed->GetDouble(kStsObserved, &sts_observed)) {
298 sts_state.last_observed = base::Time::FromDoubleT(sts_observed);
299 } else if (parsed->GetDouble(kCreated, &sts_observed)) {
300 // kCreated is a legacy synonym for both kStsObserved and kPkpObserved.
301 sts_state.last_observed = base::Time::FromDoubleT(sts_observed);
302 } else {
303 // We're migrating an old entry with no observation date. Make sure we
304 // write the new date back in a reasonable time frame.
305 dirtied = true;
306 sts_state.last_observed = base::Time::Now();
307 }
308 if (parsed->GetDouble(kPkpObserved, &pkp_observed)) {
309 pkp_state.last_observed = base::Time::FromDoubleT(pkp_observed);
310 } else if (parsed->GetDouble(kCreated, &pkp_observed)) {
311 pkp_state.last_observed = base::Time::FromDoubleT(pkp_observed);
312 } else {
313 dirtied = true;
314 pkp_state.last_observed = base::Time::Now();
315 }
316
317 bool has_sts =
318 sts_state.expiry > current_time && sts_state.ShouldUpgradeToSSL();
319 bool has_pkp =
320 pkp_state.expiry > current_time && pkp_state.HasPublicKeyPins();
321 if (!has_sts && !has_pkp) {
322 // Make sure we dirty the state if we drop an entry. The entries can only
323 // be dropped when both the STS and PKP states are expired or invalid.
324 dirtied = true;
325 continue;
326 }
327
328 std::string hashed = ExternalStringToHashedDomain(i.key());
329 if (hashed.empty()) {
330 dirtied = true;
331 continue;
332 }
333
334 // Until the on-disk storage is split, there will always be 'null' entries.
335 // We only register entries that have actual state.
336 if (has_sts)
337 state->AddOrUpdateEnabledSTSHosts(hashed, sts_state);
338 if (has_pkp)
339 state->AddOrUpdateEnabledPKPHosts(hashed, pkp_state);
340 }
341
342 *dirty = dirtied;
343 return true;
344 }
345
346 void TransportSecurityPersister::PopulateEntryWithDefaults(
347 base::DictionaryValue* host) {
348 host->Clear();
349
350 // STS default values.
351 host->SetBoolean(kStsIncludeSubdomains, false);
352 host->SetDouble(kStsObserved, 0.0);
353 host->SetDouble(kExpiry, 0.0);
354 host->SetString(kMode, kDefault);
355
356 // PKP default values.
357 host->SetBoolean(kPkpIncludeSubdomains, false);
358 host->SetDouble(kPkpObserved, 0.0);
359 host->SetDouble(kDynamicSPKIHashesExpiry, 0.0);
360 }
361
362 void TransportSecurityPersister::CompleteLoad(const std::string& state) {
363 DCHECK(foreground_runner_->RunsTasksOnCurrentThread());
364
365 if (state.empty())
366 return;
367
368 bool dirty = false;
369 if (!LoadEntries(state, &dirty)) {
370 LOG(ERROR) << "Failed to deserialize state: " << state;
371 return;
372 }
373 if (dirty)
374 StateIsDirty(transport_security_state_);
375 }
376
377 } // namespace net