content/common/ssl_status_serialization.cc

   1 // Copyright (c) 2012 The Chromium Authors. All rights reserved.
   2 // Use of this source code is governed by a BSD-style license that can be
   3 // found in the LICENSE file.
   4
   5 #include "content/common/ssl_status_serialization.h"
   6
   7 #include "base/logging.h"
   8 #include "base/pickle.h"
   9
  10 namespace {
  11
  12 // Checks that an integer |security_style| is a valid SecurityStyle enum
  13 // value. Returns true if valid, false otherwise.
  14 bool CheckSecurityStyle(int security_style) {
  15   switch (security_style) {
  16     case content::SECURITY_STYLE_UNKNOWN:
  17     case content::SECURITY_STYLE_UNAUTHENTICATED:
  18     case content::SECURITY_STYLE_AUTHENTICATION_BROKEN:
  19     case content::SECURITY_STYLE_WARNING:
  20     case content::SECURITY_STYLE_AUTHENTICATED:
  21       return true;
  22   }
  23   return false;
  24 }
  25
  26 }  // namespace
  27
  28 namespace content {
  29
  30 std::string SerializeSecurityInfo(const SSLStatus& ssl_status) {
  31   base::Pickle pickle;
  32   pickle.WriteInt(ssl_status.security_style);
  33   pickle.WriteInt(ssl_status.cert_id);
  34   pickle.WriteUInt32(ssl_status.cert_status);
  35   pickle.WriteInt(ssl_status.security_bits);
  36   pickle.WriteInt(ssl_status.key_exchange_info);
  37   pickle.WriteInt(ssl_status.connection_status);
  38   pickle.WriteInt(ssl_status.signed_certificate_timestamp_ids.size());
  39   for (SignedCertificateTimestampIDStatusList::const_iterator iter =
  40            ssl_status.signed_certificate_timestamp_ids.begin();
  41        iter != ssl_status.signed_certificate_timestamp_ids.end(); ++iter) {
  42     pickle.WriteInt(iter->id);
  43     pickle.WriteUInt16(iter->status);
  44   }
  45   return std::string(static_cast<const char*>(pickle.data()), pickle.size());
  46 }
  47
  48 bool DeserializeSecurityInfo(const std::string& state, SSLStatus* ssl_status) {
  49   *ssl_status = SSLStatus();
  50
  51   if (state.empty()) {
  52     // No SSL used.
  53     return true;
  54   }
  55
  56   base::Pickle pickle(state.data(), static_cast<int>(state.size()));
  57   base::PickleIterator iter(pickle);
  58   int security_style;
  59   int num_scts_to_read;
  60   if (!iter.ReadInt(&security_style) || !iter.ReadInt(&ssl_status->cert_id) ||
  61       !iter.ReadUInt32(&ssl_status->cert_status) ||
  62       !iter.ReadInt(&ssl_status->security_bits) ||
  63       !iter.ReadInt(&ssl_status->key_exchange_info) ||
  64       !iter.ReadInt(&ssl_status->connection_status) ||
  65       !iter.ReadInt(&num_scts_to_read)) {
  66     *ssl_status = SSLStatus();
  67     return false;
  68   }
  69
  70   if (!CheckSecurityStyle(security_style)) {
  71     *ssl_status = SSLStatus();
  72     return false;
  73   }
  74
  75   ssl_status->security_style = static_cast<SecurityStyle>(security_style);
  76
  77   // Sanity check |security_bits|: the only allowed negative value is -1.
  78   if (ssl_status->security_bits < -1) {
  79     *ssl_status = SSLStatus();
  80     return false;
  81   }
  82
  83   // Sanity check |key_exchange_info|: 0 or greater.
  84   if (ssl_status->key_exchange_info < 0) {
  85     *ssl_status = SSLStatus();
  86     return false;
  87   }
  88
  89   for (; num_scts_to_read > 0; --num_scts_to_read) {
  90     int id;
  91     uint16 status;
  92     if (!iter.ReadInt(&id) || !iter.ReadUInt16(&status)) {
  93       *ssl_status = SSLStatus();
  94       return false;
  95     }
  96
  97     ssl_status->signed_certificate_timestamp_ids.push_back(
  98         SignedCertificateTimestampIDAndStatus(
  99             id, static_cast<net::ct::SCTVerifyStatus>(status)));
 100   }
 101
 102   return true;
 103 }
 104
 105 }  // namespace content