diff options
author | abarth@chromium.org <abarth@chromium.org@0039d316-1c4b-4281-b951-d872f2087c98> | 2009-09-05 14:21:09 +0000 |
---|---|---|
committer | abarth@chromium.org <abarth@chromium.org@0039d316-1c4b-4281-b951-d872f2087c98> | 2009-09-05 14:21:09 +0000 |
commit | 77f6fb43d125edea5fe8b76d663de95098baf1de (patch) | |
tree | 3d0edff4af0ca2e5aea5b4520cf31526b249036e | |
parent | 78d4c52c925f79756e5c1cc8ae1095cdf61f3745 (diff) | |
download | chromium_src-77f6fb43d125edea5fe8b76d663de95098baf1de.zip chromium_src-77f6fb43d125edea5fe8b76d663de95098baf1de.tar.gz chromium_src-77f6fb43d125edea5fe8b76d663de95098baf1de.tar.bz2 |
Rename X-Force-TLS to Strict-Transport-Security.
Also, remove StrictTransportSecurity code from SSLPolicy because that code
doesn't work.
R=agl
Review URL: http://codereview.chromium.org/198035
git-svn-id: svn://svn.chromium.org/chrome/trunk/src@25577 0039d316-1c4b-4281-b951-d872f2087c98
20 files changed, 238 insertions, 232 deletions
diff --git a/chrome/browser/automation/automation_profile_impl.cc b/chrome/browser/automation/automation_profile_impl.cc index 7ea154c..8d6118b 100644 --- a/chrome/browser/automation/automation_profile_impl.cc +++ b/chrome/browser/automation/automation_profile_impl.cc @@ -29,7 +29,7 @@ class AutomationURLRequestContext : public ChromeURLRequestContext { http_transaction_factory_ = NULL; ftp_transaction_factory_ = NULL; cookie_store_ = NULL; - force_tls_state_ = NULL; + strict_transport_security_state_ = NULL; // Clear ChromeURLRequestContext members. prefs_ = NULL; diff --git a/chrome/browser/automation/automation_profile_impl.h b/chrome/browser/automation/automation_profile_impl.h index c9aedbe..22a41c8 100644 --- a/chrome/browser/automation/automation_profile_impl.h +++ b/chrome/browser/automation/automation_profile_impl.h @@ -69,8 +69,8 @@ class AutomationProfileImpl : public Profile { virtual SSLHostState* GetSSLHostState() { return original_profile_->GetSSLHostState(); } - virtual net::ForceTLSState* GetForceTLSState() { - return original_profile_->GetForceTLSState(); + virtual net::StrictTransportSecurityState* GetStrictTransportSecurityState() { + return original_profile_->GetStrictTransportSecurityState(); } virtual FaviconService* GetFaviconService(ServiceAccessType access) { return original_profile_->GetFaviconService(access); diff --git a/chrome/browser/force_tls_persister.h b/chrome/browser/force_tls_persister.h deleted file mode 100644 index f7b1d2d..0000000 --- a/chrome/browser/force_tls_persister.h +++ /dev/null @@ -1,69 +0,0 @@ -// Copyright (c) 2006-2008 The Chromium Authors. All rights reserved. -// Use of this source code is governed by a BSD-style license that can be -// found in the LICENSE file. - -// ForceTLSState maintains an in memory database containing the list of hosts -// that currently have ForceTLS enabled. This singleton object deals with -// writing that data out to disk as needed and loading it at startup. - -// At startup we need to load the ForceTLS state from the disk. For the moment, -// we don't want to delay startup for this load, so we let the ForceTLSState -// run for a while without being loaded. This means that it's possible for -// pages opened very quickly not to get the correct ForceTLS information. -// -// To load the state, we schedule a Task on the file thread which loads, -// deserialises and configures the ForceTLSState. -// -// The ForceTLSState object supports running a callback function when it -// changes. This object registers the callback, pointing at itself. -// -// ForceTLSState calls... -// ForceTLSPersister::StateIsDirty -// since the callback isn't allowed to block or reenter, we schedule a Task -// on |file_thread_| after some small amount of time -// -// ... -// -// ForceTLSPersister::SerialiseState -// copies the current state of the ForceTLSState, serialises and writes to -// disk. - -#include "base/file_path.h" -#include "base/lock.h" -#include "base/ref_counted.h" -#include "net/base/force_tls_state.h" - -namespace base { -class Thread; -} - -class ForceTLSPersister : public base::RefCountedThreadSafe<ForceTLSPersister>, - public net::ForceTLSState::Delegate { - public: - ForceTLSPersister(net::ForceTLSState* state, base::Thread* file_thread, - const FilePath& profile_path); - - // Called by the ForceTLSState when it changes its state. - virtual void StateIsDirty(net::ForceTLSState*); - - private: - // a Task callback for when the state needs to be written out. - void SerialiseState(); - - // a Task callback for when the state needs to be loaded from disk at startup. - void LoadState(); - - Lock lock_; // protects all the members - - // true when the state object has signaled that we're dirty and we haven't - // serialised the state yet. - bool state_is_dirty_; - - scoped_refptr<net::ForceTLSState> force_tls_state_; - - // This is a thread which can perform file access. - base::Thread* const file_thread_; - - // The path to the file in which we store the serialised state. - const FilePath state_file_; -}; diff --git a/chrome/browser/net/chrome_url_request_context.cc b/chrome/browser/net/chrome_url_request_context.cc index ed69b03..4683e61 100644 --- a/chrome/browser/net/chrome_url_request_context.cc +++ b/chrome/browser/net/chrome_url_request_context.cc @@ -331,7 +331,7 @@ ChromeURLRequestContext::ChromeURLRequestContext(Profile* profile) blacklist_ = profile->GetBlacklist(); - force_tls_state_ = profile->GetForceTLSState(); + strict_transport_security_state_ = profile->GetStrictTransportSecurityState(); if (profile->GetExtensionsService()) { const ExtensionList* extensions = @@ -371,7 +371,7 @@ ChromeURLRequestContext::ChromeURLRequestContext( ftp_transaction_factory_ = other->ftp_transaction_factory_; cookie_store_ = other->cookie_store_; cookie_policy_.set_type(other->cookie_policy_.type()); - force_tls_state_ = other->force_tls_state_; + strict_transport_security_state_ = other->strict_transport_security_state_; accept_language_ = other->accept_language_; accept_charset_ = other->accept_charset_; referrer_charset_ = other->referrer_charset_; diff --git a/chrome/browser/profile.cc b/chrome/browser/profile.cc index 88d02e8..f4fb817 100644 --- a/chrome/browser/profile.cc +++ b/chrome/browser/profile.cc @@ -20,7 +20,7 @@ #include "chrome/browser/extensions/extensions_service.h" #include "chrome/browser/extensions/user_script_master.h" #include "chrome/browser/favicon_service.h" -#include "chrome/browser/force_tls_persister.h" +#include "chrome/browser/strict_transport_security_persister.h" #include "chrome/browser/history/history.h" #include "chrome/browser/in_process_webkit/webkit_context.h" #include "chrome/browser/net/chrome_url_request_context.h" @@ -50,7 +50,7 @@ #include "chrome/common/pref_names.h" #include "chrome/common/render_messages.h" #include "grit/locale_settings.h" -#include "net/base/force_tls_state.h" +#include "net/base/strict_transport_security_state.h" #if defined(OS_LINUX) #include "net/ocsp/nss_ocsp.h" @@ -263,11 +263,13 @@ class OffTheRecordProfileImpl : public Profile, return ssl_host_state_.get(); } - virtual net::ForceTLSState* GetForceTLSState() { - if (!force_tls_state_.get()) - force_tls_state_ = new net::ForceTLSState(); + virtual net::StrictTransportSecurityState* GetStrictTransportSecurityState() { + if (!strict_transport_security_state_.get()) { + strict_transport_security_state_ = + new net::StrictTransportSecurityState(); + } - return force_tls_state_.get(); + return strict_transport_security_state_.get(); } virtual HistoryService* GetHistoryService(ServiceAccessType sat) { @@ -521,8 +523,9 @@ class OffTheRecordProfileImpl : public Profile, // the user visited while OTR. scoped_ptr<SSLHostState> ssl_host_state_; - // The ForceTLSState that only stores enabled sites in memory. - scoped_refptr<net::ForceTLSState> force_tls_state_; + // The StrictTransportSecurityState that only stores enabled sites in memory. + scoped_refptr<net::StrictTransportSecurityState> + strict_transport_security_state_; // Time we were started. Time start_time_; @@ -823,14 +826,16 @@ SSLHostState* ProfileImpl::GetSSLHostState() { return ssl_host_state_.get(); } -net::ForceTLSState* ProfileImpl::GetForceTLSState() { - if (!force_tls_state_.get()) { - force_tls_state_ = new net::ForceTLSState(); - force_tls_persister_ = new ForceTLSPersister( - force_tls_state_.get(), g_browser_process->file_thread(), path_); +net::StrictTransportSecurityState* + ProfileImpl::GetStrictTransportSecurityState() { + if (!strict_transport_security_state_.get()) { + strict_transport_security_state_ = new net::StrictTransportSecurityState(); + strict_transport_security_persister_ = new StrictTransportSecurityPersister( + strict_transport_security_state_.get(), + g_browser_process->file_thread(), path_); } - return force_tls_state_.get(); + return strict_transport_security_state_.get(); } PrefService* ProfileImpl::GetPrefs() { diff --git a/chrome/browser/profile.h b/chrome/browser/profile.h index 97e747b..1769ec8 100644 --- a/chrome/browser/profile.h +++ b/chrome/browser/profile.h @@ -19,7 +19,7 @@ #include "chrome/common/notification_registrar.h" namespace net { -class ForceTLSState; +class StrictTransportSecurityState; class SSLConfigService; } class Blacklist; @@ -34,7 +34,6 @@ class ExtensionProcessManager; class ExtensionMessageService; class ExtensionsService; class FaviconService; -class ForceTLSPersister; class HistoryService; class NavigationController; class PasswordStore; @@ -44,6 +43,7 @@ class SessionService; class SpellChecker; class SSLConfigServiceManager; class SSLHostState; +class StrictTransportSecurityPersister; class SQLitePersistentCookieStore; class TabRestoreService; class TemplateURLFetcher; @@ -155,10 +155,11 @@ class Profile { // called. virtual SSLHostState* GetSSLHostState() = 0; - // Retrieves a pointer to the ForceTLSState associated with this profile. - // The ForceTLSState is lazily created the first time that this method is - // called. - virtual net::ForceTLSState* GetForceTLSState() = 0; + // Retrieves a pointer to the StrictTransportSecurityState associated with + // this profile. The StrictTransportSecurityState is lazily created the + // first time that this method is called. + virtual net::StrictTransportSecurityState* + GetStrictTransportSecurityState() = 0; // Retrieves a pointer to the FaviconService associated with this // profile. The FaviconService is lazily created the first time @@ -370,7 +371,7 @@ class ProfileImpl : public Profile, virtual VisitedLinkMaster* GetVisitedLinkMaster(); virtual UserScriptMaster* GetUserScriptMaster(); virtual SSLHostState* GetSSLHostState(); - virtual net::ForceTLSState* GetForceTLSState(); + virtual net::StrictTransportSecurityState* GetStrictTransportSecurityState(); virtual ExtensionsService* GetExtensionsService(); virtual ExtensionDevToolsManager* GetExtensionDevToolsManager(); virtual ExtensionProcessManager* GetExtensionProcessManager(); @@ -461,8 +462,10 @@ class ProfileImpl : public Profile, scoped_ptr<ExtensionProcessManager> extension_process_manager_; scoped_refptr<ExtensionMessageService> extension_message_service_; scoped_ptr<SSLHostState> ssl_host_state_; - scoped_refptr<net::ForceTLSState> force_tls_state_; - scoped_refptr<ForceTLSPersister> force_tls_persister_; + scoped_refptr<net::StrictTransportSecurityState> + strict_transport_security_state_; + scoped_refptr<StrictTransportSecurityPersister> + strict_transport_security_persister_; scoped_ptr<PrefService> prefs_; scoped_refptr<ThumbnailStore> thumbnail_store_; scoped_ptr<TemplateURLFetcher> template_url_fetcher_; diff --git a/chrome/browser/ssl/ssl_policy.cc b/chrome/browser/ssl/ssl_policy.cc index dd536ef..a5ecfdc 100644 --- a/chrome/browser/ssl/ssl_policy.cc +++ b/chrome/browser/ssl/ssl_policy.cc @@ -118,11 +118,7 @@ void SSLPolicy::OnMixedContent(SSLMixedContentHandler* handler) { // If the user has added an exception, doctor the |filter_policy|. std::string host = GURL(handler->main_frame_origin()).host(); - if (CommandLine::ForCurrentProcess()->HasSwitch(switches::kForceHTTPS) && - backend_->IsForceTLSEnabledForHost(host)) { - // We're supposed to block all mixed content for this host. - filter_policy = FilterPolicy::FILTER_ALL; - } else if (backend_->DidAllowMixedContentForHost(host) || + if (backend_->DidAllowMixedContentForHost(host) || backend_->DidMarkHostAsBroken(host, handler->pid())) { // Let the mixed content through. filter_policy = FilterPolicy::DONT_FILTER; diff --git a/chrome/browser/ssl/ssl_policy_backend.cc b/chrome/browser/ssl/ssl_policy_backend.cc index 592ccc0..310f3ba 100644 --- a/chrome/browser/ssl/ssl_policy_backend.cc +++ b/chrome/browser/ssl/ssl_policy_backend.cc @@ -14,7 +14,6 @@ #include "chrome/common/notification_service.h" #include "grit/generated_resources.h" #include "grit/theme_resources.h" -#include "net/base/force_tls_state.h" using WebKit::WebConsoleMessage; @@ -69,8 +68,7 @@ class SSLInfoBarDelegate : public ConfirmInfoBarDelegate { SSLPolicyBackend::SSLPolicyBackend(NavigationController* controller) : controller_(controller), - ssl_host_state_(controller->profile()->GetSSLHostState()), - force_tls_state_(controller->profile()->GetForceTLSState()) { + ssl_host_state_(controller->profile()->GetSSLHostState()) { DCHECK(controller_); } @@ -162,10 +160,6 @@ bool SSLPolicyBackend::DidAllowMixedContentForHost( return ssl_host_state_->DidAllowMixedContentForHost(host); } -bool SSLPolicyBackend::IsForceTLSEnabledForHost(const std::string& host) const { - return force_tls_state_->IsEnabledForHost(host); -} - void SSLPolicyBackend::Reload() { controller_->Reload(true); } diff --git a/chrome/browser/ssl/ssl_policy_backend.h b/chrome/browser/ssl/ssl_policy_backend.h index 2d84232..f8a829c 100644 --- a/chrome/browser/ssl/ssl_policy_backend.h +++ b/chrome/browser/ssl/ssl_policy_backend.h @@ -13,9 +13,6 @@ #include "net/base/x509_certificate.h" #include "webkit/api/public/WebConsoleMessage.h" -namespace net { -class ForceTLSState; -} class NavigationController; class SSLHostState; class Task; @@ -71,9 +68,6 @@ class SSLPolicyBackend { // Returns whether the specified host is allowed to show mixed content. bool DidAllowMixedContentForHost(const std::string& host) const; - // Returns whether ForceTLS is enabled for |host|. - bool IsForceTLSEnabledForHost(const std::string& host) const; - // Reloads the tab. void Reload(); @@ -118,10 +112,6 @@ class SSLPolicyBackend { // SSL state specific for each host. SSLHostState* ssl_host_state_; - // ForceTLS state. - // TODO(abarth): Consider combining with SSLHostState? - net::ForceTLSState* force_tls_state_; - // The list of messages that should be displayed (in info bars) when the page // currently loading had loaded. std::vector<SSLMessageInfo> pending_messages_; diff --git a/chrome/browser/force_tls_persister.cc b/chrome/browser/strict_transport_security_persister.cc index 4bcec6f..c9120ad 100644 --- a/chrome/browser/force_tls_persister.cc +++ b/chrome/browser/strict_transport_security_persister.cc @@ -2,7 +2,7 @@ // Use of this source code is governed by a BSD-style license that can be // found in the LICENSE file. -#include "chrome/browser/force_tls_persister.h" +#include "chrome/browser/strict_transport_security_persister.h" #include "base/file_path.h" #include "base/file_util.h" @@ -10,23 +10,26 @@ #include "base/path_service.h" #include "base/thread.h" #include "chrome/common/chrome_paths.h" -#include "net/base/force_tls_state.h" +#include "net/base/strict_transport_security_state.h" -ForceTLSPersister::ForceTLSPersister(net::ForceTLSState* state, - base::Thread* file_thread, - const FilePath& profile_path) +StrictTransportSecurityPersister::StrictTransportSecurityPersister( + net::StrictTransportSecurityState* state, + base::Thread* file_thread, + const FilePath& profile_path) : state_is_dirty_(false), - force_tls_state_(state), + strict_transport_security_state_(state), file_thread_(file_thread), - state_file_(profile_path.Append(FILE_PATH_LITERAL("ForceTLS"))) { + state_file_(profile_path.Append( + FILE_PATH_LITERAL("StrictTransportSecurity"))) { state->SetDelegate(this); - Task* task = NewRunnableMethod(this, &ForceTLSPersister::LoadState); + Task* task = NewRunnableMethod(this, + &StrictTransportSecurityPersister::LoadState); file_thread->message_loop()->PostDelayedTask(FROM_HERE, task, 1000 /* 1 second */); } -void ForceTLSPersister::LoadState() { +void StrictTransportSecurityPersister::LoadState() { // Runs on |file_thread_| AutoLock locked_(lock_); DCHECK(file_thread_->message_loop() == MessageLoop::current()); @@ -35,24 +38,27 @@ void ForceTLSPersister::LoadState() { if (!file_util::ReadFileToString(state_file_, &state)) return; - force_tls_state_->Deserialise(state); + strict_transport_security_state_->Deserialise(state); } -void ForceTLSPersister::StateIsDirty(net::ForceTLSState* state) { - // Runs on arbitary thread, may not block nor reenter |force_tls_state_| +void StrictTransportSecurityPersister::StateIsDirty( + net::StrictTransportSecurityState* state) { + // Runs on arbitary thread, may not block nor reenter + // |strict_transport_security_state_|. AutoLock locked_(lock_); - DCHECK(state == force_tls_state_); + DCHECK(state == strict_transport_security_state_); if (state_is_dirty_) return; // we already have a serialisation scheduled - Task* task = NewRunnableMethod(this, &ForceTLSPersister::SerialiseState); + Task* task = NewRunnableMethod(this, + &StrictTransportSecurityPersister::SerialiseState); file_thread_->message_loop()->PostDelayedTask(FROM_HERE, task, 1000 /* 1 second */); state_is_dirty_ = true; } -void ForceTLSPersister::SerialiseState() { +void StrictTransportSecurityPersister::SerialiseState() { // Runs on |file_thread_| AutoLock locked_(lock_); DCHECK(file_thread_->message_loop() == MessageLoop::current()); @@ -61,7 +67,7 @@ void ForceTLSPersister::SerialiseState() { state_is_dirty_ = false; std::string state; - if (!force_tls_state_->Serialise(&state)) + if (!strict_transport_security_state_->Serialise(&state)) return; file_util::WriteFile(state_file_, state.data(), state.size()); diff --git a/chrome/browser/strict_transport_security_persister.h b/chrome/browser/strict_transport_security_persister.h new file mode 100644 index 0000000..f7457304 --- /dev/null +++ b/chrome/browser/strict_transport_security_persister.h @@ -0,0 +1,74 @@ +// Copyright (c) 2006-2008 The Chromium Authors. All rights reserved. +// Use of this source code is governed by a BSD-style license that can be +// found in the LICENSE file. + +// StrictTransportSecurityState maintains an in memory database containing the +// list of hosts that currently have strict transport security enabled. This +// singleton object deals with writing that data out to disk as needed and +// loading it at startup. + +// At startup we need to load the strict transport security state from the +// disk. For the moment, we don't want to delay startup for this load, so we +// let the StrictTransportSecurityState run for a while without being loaded. +// This means that it's possible for pages opened very quickly not to get the +// correct strict transport security information. +// +// To load the state, we schedule a Task on the file thread which loads, +// deserialises and configures the StrictTransportSecurityState. +// +// The StrictTransportSecurityState object supports running a callback function +// when it changes. This object registers the callback, pointing at itself. +// +// StrictTransportSecurityState calls... +// StrictTransportSecurityPersister::StateIsDirty +// since the callback isn't allowed to block or reenter, we schedule a Task +// on |file_thread_| after some small amount of time +// +// ... +// +// StrictTransportSecurityPersister::SerialiseState +// copies the current state of the StrictTransportSecurityState, serialises +// and writes to disk. + +#include "base/file_path.h" +#include "base/lock.h" +#include "base/ref_counted.h" +#include "net/base/strict_transport_security_state.h" + +namespace base { +class Thread; +} + +class StrictTransportSecurityPersister : + public base::RefCountedThreadSafe<StrictTransportSecurityPersister>, + public net::StrictTransportSecurityState::Delegate { + public: + StrictTransportSecurityPersister(net::StrictTransportSecurityState* state, + base::Thread* file_thread, + const FilePath& profile_path); + + // Called by the StrictTransportSecurityState when it changes its state. + virtual void StateIsDirty(net::StrictTransportSecurityState*); + + private: + // a Task callback for when the state needs to be written out. + void SerialiseState(); + + // a Task callback for when the state needs to be loaded from disk at startup. + void LoadState(); + + Lock lock_; // protects all the members + + // true when the state object has signaled that we're dirty and we haven't + // serialised the state yet. + bool state_is_dirty_; + + scoped_refptr<net::StrictTransportSecurityState> + strict_transport_security_state_; + + // This is a thread which can perform file access. + base::Thread* const file_thread_; + + // The path to the file in which we store the serialised state. + const FilePath state_file_; +}; diff --git a/chrome/chrome.gyp b/chrome/chrome.gyp index aa95491..2167098 100644 --- a/chrome/chrome.gyp +++ b/chrome/chrome.gyp @@ -1185,8 +1185,6 @@ 'browser/external_protocol_handler.h', 'browser/external_tab_container.cc', 'browser/external_tab_container.h', - 'browser/force_tls_persister.cc', - 'browser/force_tls_persister.h', 'browser/global_keyboard_shortcuts_mac.h', 'browser/global_keyboard_shortcuts_mac.mm', 'browser/fav_icon_helper.cc', @@ -1805,6 +1803,8 @@ 'browser/ssl/ssl_policy_backend.h', 'browser/ssl/ssl_request_info.h', 'browser/status_bubble.h', + 'browser/strict_transport_security_persister.cc', + 'browser/strict_transport_security_persister.h', 'browser/sync/engine/syncapi.h', 'browser/sync/glue/bookmark_model_worker.cc', 'browser/sync/glue/bookmark_model_worker.h', diff --git a/chrome/test/testing_profile.h b/chrome/test/testing_profile.h index bc06a3d..b61e88d 100644 --- a/chrome/test/testing_profile.h +++ b/chrome/test/testing_profile.h @@ -100,7 +100,7 @@ class TestingProfile : public Profile { virtual SSLHostState* GetSSLHostState() { return NULL; } - virtual net::ForceTLSState* GetForceTLSState() { + virtual net::StrictTransportSecurityState* GetStrictTransportSecurityState() { return NULL; } virtual FaviconService* GetFaviconService(ServiceAccessType access) { diff --git a/net/base/force_tls_state.cc b/net/base/strict_transport_security_state.cc index eca45a7..58f9f25 100644 --- a/net/base/force_tls_state.cc +++ b/net/base/strict_transport_security_state.cc @@ -2,7 +2,7 @@ // Use of this source code is governed by a BSD-style license that can be // found in the LICENSE file. -#include "net/base/force_tls_state.h" +#include "net/base/strict_transport_security_state.h" #include "base/json_reader.h" #include "base/json_writer.h" @@ -16,12 +16,12 @@ namespace net { -ForceTLSState::ForceTLSState() +StrictTransportSecurityState::StrictTransportSecurityState() : delegate_(NULL) { } -void ForceTLSState::DidReceiveHeader(const GURL& url, - const std::string& value) { +void StrictTransportSecurityState::DidReceiveHeader(const GURL& url, + const std::string& value) { int max_age; bool include_subdomains; @@ -35,8 +35,9 @@ void ForceTLSState::DidReceiveHeader(const GURL& url, EnableHost(url.host(), expiry, include_subdomains); } -void ForceTLSState::EnableHost(const std::string& host, base::Time expiry, - bool include_subdomains) { +void StrictTransportSecurityState::EnableHost(const std::string& host, + base::Time expiry, + bool include_subdomains) { // TODO(abarth): Canonicalize host. AutoLock lock(lock_); @@ -45,7 +46,7 @@ void ForceTLSState::EnableHost(const std::string& host, base::Time expiry, DirtyNotify(); } -bool ForceTLSState::IsEnabledForHost(const std::string& host) { +bool StrictTransportSecurityState::IsEnabledForHost(const std::string& host) { // TODO(abarth): Canonicalize host. // TODO: check for subdomains too. @@ -66,9 +67,9 @@ bool ForceTLSState::IsEnabledForHost(const std::string& host) { // "X-Force-TLS" ":" "max-age" "=" delta-seconds *1INCLUDESUBDOMAINS // INCLUDESUBDOMAINS = [ " includeSubDomains" ] -bool ForceTLSState::ParseHeader(const std::string& value, - int* max_age, - bool* include_subdomains) { +bool StrictTransportSecurityState::ParseHeader(const std::string& value, + int* max_age, + bool* include_subdomains) { DCHECK(max_age); DCHECK(include_subdomains); @@ -161,13 +162,14 @@ bool ForceTLSState::ParseHeader(const std::string& value, } } -void ForceTLSState::SetDelegate(ForceTLSState::Delegate* delegate) { +void StrictTransportSecurityState::SetDelegate( + StrictTransportSecurityState::Delegate* delegate) { AutoLock lock(lock_); delegate_ = delegate; } -bool ForceTLSState::Serialise(std::string* output) { +bool StrictTransportSecurityState::Serialise(std::string* output) { AutoLock lock(lock_); DictionaryValue toplevel; @@ -184,7 +186,7 @@ bool ForceTLSState::Serialise(std::string* output) { return true; } -bool ForceTLSState::Deserialise(const std::string& input) { +bool StrictTransportSecurityState::Deserialise(const std::string& input) { AutoLock lock(lock_); enabled_hosts_.clear(); @@ -223,7 +225,7 @@ bool ForceTLSState::Deserialise(const std::string& input) { return enabled_hosts_.size() > 0; } -void ForceTLSState::DirtyNotify() { +void StrictTransportSecurityState::DirtyNotify() { if (delegate_) delegate_->StateIsDirty(this); } diff --git a/net/base/force_tls_state.h b/net/base/strict_transport_security_state.h index 068d73c..b41be1e 100644 --- a/net/base/force_tls_state.h +++ b/net/base/strict_transport_security_state.h @@ -2,8 +2,8 @@ // Use of this source code is governed by a BSD-style license that can be // found in the LICENSE file. -#ifndef NET_BASE_FORCE_TLS_STATE_H_ -#define NET_BASE_FORCE_TLS_STATE_H_ +#ifndef NET_BASE_STRICT_TRANSPORT_SECURITY_STATE_H_ +#define NET_BASE_STRICT_TRANSPORT_SECURITY_STATE_H_ #include <map> #include <string> @@ -17,25 +17,27 @@ class GURL; namespace net { -// ForceTLSState +// StrictTransportSecurityState // -// Tracks which hosts have enabled ForceTLS. After a host enables ForceTLS, -// then we refuse to talk to the host over HTTP, treat all certificate errors as -// fatal, and refuse to load any mixed content. +// Tracks which hosts have enabled StrictTransportSecurityState. After a host +// enables StrictTransportSecurityState, then we refuse to talk to the host +// over HTTP, treat all certificate errors as fatal, and refuse to load any +// mixed content. // -class ForceTLSState : public base::RefCountedThreadSafe<ForceTLSState> { +class StrictTransportSecurityState : + public base::RefCountedThreadSafe<StrictTransportSecurityState> { public: - ForceTLSState(); + StrictTransportSecurityState(); // Called when we see an X-Force-TLS header that we should process. Modifies // our state as instructed by the header. void DidReceiveHeader(const GURL& url, const std::string& value); - // Enable ForceTLS for |host|. + // Enable StrictTransportSecurity for |host|. void EnableHost(const std::string& host, base::Time expiry, bool include_subdomains); - // Returns whether |host| has had ForceTLS enabled. + // Returns whether |host| has had StrictTransportSecurity enabled. bool IsEnabledForHost(const std::string& host); // Returns |true| if |value| parses as a valid X-Force-TLS header value. @@ -54,8 +56,8 @@ class ForceTLSState : public base::RefCountedThreadSafe<ForceTLSState> { class Delegate { public: // This function may not block and may be called with internal locks held. - // Thus it must not reenter the ForceTLSState object. - virtual void StateIsDirty(ForceTLSState* state) = 0; + // Thus it must not reenter the StrictTransportSecurityState object. + virtual void StateIsDirty(StrictTransportSecurityState* state) = 0; }; void SetDelegate(Delegate*); @@ -68,7 +70,7 @@ class ForceTLSState : public base::RefCountedThreadSafe<ForceTLSState> { // our state is dirty. void DirtyNotify(); - // The set of hosts that have enabled ForceTLS. + // The set of hosts that have enabled StrictTransportSecurity. std::map<std::string, State> enabled_hosts_; // Protect access to our data members with this lock. @@ -77,9 +79,9 @@ class ForceTLSState : public base::RefCountedThreadSafe<ForceTLSState> { // Our delegate who gets notified when we are dirtied, or NULL. Delegate* delegate_; - DISALLOW_COPY_AND_ASSIGN(ForceTLSState); + DISALLOW_COPY_AND_ASSIGN(StrictTransportSecurityState); }; } // namespace net -#endif // NET_BASE_FORCE_TLS_STATE_H_ +#endif // NET_BASE_STRICT_TRANSPORT_SECURITY_STATE_H_ diff --git a/net/base/force_tls_state_unittest.cc b/net/base/strict_transport_security_state_unittest.cc index c1f12c1..34ef7ae 100644 --- a/net/base/force_tls_state_unittest.cc +++ b/net/base/strict_transport_security_state_unittest.cc @@ -2,117 +2,117 @@ // Use of this source code is governed by a BSD-style license that can be // found in the LICENSE file. -#include "net/base/force_tls_state.h" +#include "net/base/strict_transport_security_state.h" #include "testing/gtest/include/gtest/gtest.h" namespace { -class ForceTLSStateTest : public testing::Test { +class StrictTransportSecurityStateTest : public testing::Test { }; -TEST_F(ForceTLSStateTest, BogusHeaders) { +TEST_F(StrictTransportSecurityStateTest, BogusHeaders) { int max_age = 42; bool include_subdomains = false; - EXPECT_FALSE(net::ForceTLSState::ParseHeader( + EXPECT_FALSE(net::StrictTransportSecurityState::ParseHeader( "", &max_age, &include_subdomains)); - EXPECT_FALSE(net::ForceTLSState::ParseHeader( + EXPECT_FALSE(net::StrictTransportSecurityState::ParseHeader( " ", &max_age, &include_subdomains)); - EXPECT_FALSE(net::ForceTLSState::ParseHeader( + EXPECT_FALSE(net::StrictTransportSecurityState::ParseHeader( "abc", &max_age, &include_subdomains)); - EXPECT_FALSE(net::ForceTLSState::ParseHeader( + EXPECT_FALSE(net::StrictTransportSecurityState::ParseHeader( " abc", &max_age, &include_subdomains)); - EXPECT_FALSE(net::ForceTLSState::ParseHeader( + EXPECT_FALSE(net::StrictTransportSecurityState::ParseHeader( " abc ", &max_age, &include_subdomains)); - EXPECT_FALSE(net::ForceTLSState::ParseHeader( + EXPECT_FALSE(net::StrictTransportSecurityState::ParseHeader( "max-age", &max_age, &include_subdomains)); - EXPECT_FALSE(net::ForceTLSState::ParseHeader( + EXPECT_FALSE(net::StrictTransportSecurityState::ParseHeader( " max-age", &max_age, &include_subdomains)); - EXPECT_FALSE(net::ForceTLSState::ParseHeader( + EXPECT_FALSE(net::StrictTransportSecurityState::ParseHeader( " max-age ", &max_age, &include_subdomains)); - EXPECT_FALSE(net::ForceTLSState::ParseHeader( + EXPECT_FALSE(net::StrictTransportSecurityState::ParseHeader( "max-age=", &max_age, &include_subdomains)); - EXPECT_FALSE(net::ForceTLSState::ParseHeader( + EXPECT_FALSE(net::StrictTransportSecurityState::ParseHeader( " max-age=", &max_age, &include_subdomains)); - EXPECT_FALSE(net::ForceTLSState::ParseHeader( + EXPECT_FALSE(net::StrictTransportSecurityState::ParseHeader( " max-age =", &max_age, &include_subdomains)); - EXPECT_FALSE(net::ForceTLSState::ParseHeader( + EXPECT_FALSE(net::StrictTransportSecurityState::ParseHeader( " max-age= ", &max_age, &include_subdomains)); - EXPECT_FALSE(net::ForceTLSState::ParseHeader( + EXPECT_FALSE(net::StrictTransportSecurityState::ParseHeader( " max-age = ", &max_age, &include_subdomains)); - EXPECT_FALSE(net::ForceTLSState::ParseHeader( + EXPECT_FALSE(net::StrictTransportSecurityState::ParseHeader( " max-age = xy", &max_age, &include_subdomains)); - EXPECT_FALSE(net::ForceTLSState::ParseHeader( + EXPECT_FALSE(net::StrictTransportSecurityState::ParseHeader( " max-age = 3488a923", &max_age, &include_subdomains)); - EXPECT_FALSE(net::ForceTLSState::ParseHeader( + EXPECT_FALSE(net::StrictTransportSecurityState::ParseHeader( "max-age=3488a923 ", &max_age, &include_subdomains)); - EXPECT_FALSE(net::ForceTLSState::ParseHeader( + EXPECT_FALSE(net::StrictTransportSecurityState::ParseHeader( "max-ag=3488923", &max_age, &include_subdomains)); - EXPECT_FALSE(net::ForceTLSState::ParseHeader( + EXPECT_FALSE(net::StrictTransportSecurityState::ParseHeader( "max-aged=3488923", &max_age, &include_subdomains)); - EXPECT_FALSE(net::ForceTLSState::ParseHeader( + EXPECT_FALSE(net::StrictTransportSecurityState::ParseHeader( "max-age==3488923", &max_age, &include_subdomains)); - EXPECT_FALSE(net::ForceTLSState::ParseHeader( + EXPECT_FALSE(net::StrictTransportSecurityState::ParseHeader( "amax-age=3488923", &max_age, &include_subdomains)); - EXPECT_FALSE(net::ForceTLSState::ParseHeader( + EXPECT_FALSE(net::StrictTransportSecurityState::ParseHeader( "max-age=-3488923", &max_age, &include_subdomains)); - EXPECT_FALSE(net::ForceTLSState::ParseHeader( + EXPECT_FALSE(net::StrictTransportSecurityState::ParseHeader( "max-age=3488923;", &max_age, &include_subdomains)); - EXPECT_FALSE(net::ForceTLSState::ParseHeader( + EXPECT_FALSE(net::StrictTransportSecurityState::ParseHeader( "max-age=3488923 e", &max_age, &include_subdomains)); - EXPECT_FALSE(net::ForceTLSState::ParseHeader( + EXPECT_FALSE(net::StrictTransportSecurityState::ParseHeader( "max-age=3488923 includesubdomain", &max_age, &include_subdomains)); - EXPECT_FALSE(net::ForceTLSState::ParseHeader( + EXPECT_FALSE(net::StrictTransportSecurityState::ParseHeader( "max-age=3488923includesubdomains", &max_age, &include_subdomains)); - EXPECT_FALSE(net::ForceTLSState::ParseHeader( + EXPECT_FALSE(net::StrictTransportSecurityState::ParseHeader( "max-age=3488923=includesubdomains", &max_age, &include_subdomains)); - EXPECT_FALSE(net::ForceTLSState::ParseHeader( + EXPECT_FALSE(net::StrictTransportSecurityState::ParseHeader( "max-age=3488923 includesubdomainx", &max_age, &include_subdomains)); - EXPECT_FALSE(net::ForceTLSState::ParseHeader( + EXPECT_FALSE(net::StrictTransportSecurityState::ParseHeader( "max-age=3488923 includesubdomain=", &max_age, &include_subdomains)); - EXPECT_FALSE(net::ForceTLSState::ParseHeader( + EXPECT_FALSE(net::StrictTransportSecurityState::ParseHeader( "max-age=3488923 includesubdomain=true", &max_age, &include_subdomains)); - EXPECT_FALSE(net::ForceTLSState::ParseHeader( + EXPECT_FALSE(net::StrictTransportSecurityState::ParseHeader( "max-age=3488923 includesubdomainsx", &max_age, &include_subdomains)); - EXPECT_FALSE(net::ForceTLSState::ParseHeader( + EXPECT_FALSE(net::StrictTransportSecurityState::ParseHeader( "max-age=3488923 includesubdomains x", &max_age, &include_subdomains)); - EXPECT_FALSE(net::ForceTLSState::ParseHeader( + EXPECT_FALSE(net::StrictTransportSecurityState::ParseHeader( "max-age=34889.23 includesubdomains", &max_age, &include_subdomains)); EXPECT_EQ(max_age, 42); EXPECT_FALSE(include_subdomains); } -TEST_F(ForceTLSStateTest, ValidHeaders) { +TEST_F(StrictTransportSecurityStateTest, ValidHeaders) { int max_age = 42; bool include_subdomains = true; - EXPECT_TRUE(net::ForceTLSState::ParseHeader( + EXPECT_TRUE(net::StrictTransportSecurityState::ParseHeader( "max-age=243", &max_age, &include_subdomains)); EXPECT_EQ(max_age, 243); EXPECT_FALSE(include_subdomains); - EXPECT_TRUE(net::ForceTLSState::ParseHeader( + EXPECT_TRUE(net::StrictTransportSecurityState::ParseHeader( " Max-agE = 567", &max_age, &include_subdomains)); EXPECT_EQ(max_age, 567); EXPECT_FALSE(include_subdomains); - EXPECT_TRUE(net::ForceTLSState::ParseHeader( + EXPECT_TRUE(net::StrictTransportSecurityState::ParseHeader( " mAx-aGe = 890 ", &max_age, &include_subdomains)); EXPECT_EQ(max_age, 890); EXPECT_FALSE(include_subdomains); - EXPECT_TRUE(net::ForceTLSState::ParseHeader( + EXPECT_TRUE(net::StrictTransportSecurityState::ParseHeader( "max-age=123 incLudesUbdOmains", &max_age, &include_subdomains)); EXPECT_EQ(max_age, 123); EXPECT_TRUE(include_subdomains); - EXPECT_TRUE(net::ForceTLSState::ParseHeader( + EXPECT_TRUE(net::StrictTransportSecurityState::ParseHeader( "max-age=394082038 incLudesUbdOmains", &max_age, &include_subdomains)); EXPECT_EQ(max_age, 394082038); EXPECT_TRUE(include_subdomains); - EXPECT_TRUE(net::ForceTLSState::ParseHeader( + EXPECT_TRUE(net::StrictTransportSecurityState::ParseHeader( " max-age=0 incLudesUbdOmains ", &max_age, &include_subdomains)); EXPECT_EQ(max_age, 0); EXPECT_TRUE(include_subdomains); diff --git a/net/net.gyp b/net/net.gyp index e8c3a063..fb48e11 100644 --- a/net/net.gyp +++ b/net/net.gyp @@ -63,8 +63,6 @@ 'base/file_stream_win.cc', 'base/filter.cc', 'base/filter.h', - 'base/force_tls_state.cc', - 'base/force_tls_state.h', 'base/gzip_filter.cc', 'base/gzip_filter.h', 'base/gzip_header.cc', @@ -127,6 +125,8 @@ 'base/ssl_config_service_win.cc', 'base/ssl_config_service_win.h', 'base/ssl_info.h', + 'base/strict_transport_security_state.cc', + 'base/strict_transport_security_state.h', 'base/telnet_server.cc', 'base/telnet_server.h', 'base/test_completion_callback.h', @@ -454,7 +454,6 @@ 'base/file_stream_unittest.cc', 'base/filter_unittest.cc', 'base/filter_unittest.h', - 'base/force_tls_state_unittest.cc', 'base/gzip_filter_unittest.cc', 'base/host_cache_unittest.cc', 'base/host_resolver_impl_unittest.cc', @@ -471,6 +470,7 @@ 'base/sdch_filter_unittest.cc', 'base/ssl_client_auth_cache_unittest.cc', 'base/ssl_config_service_win_unittest.cc', + 'base/strict_transport_security_state_unittest.cc', 'base/telnet_server_unittest.cc', 'base/test_completion_callback_unittest.cc', 'base/wininet_util_unittest.cc', diff --git a/net/url_request/url_request_context.h b/net/url_request/url_request_context.h index 1c9d1c8..5f852e7 100644 --- a/net/url_request/url_request_context.h +++ b/net/url_request/url_request_context.h @@ -20,7 +20,7 @@ #include "net/proxy/proxy_service.h" namespace net { -class ForceTLSState; +class StrictTransportSecurityState; class FtpTransactionFactory; class HttpTransactionFactory; } @@ -34,7 +34,7 @@ class URLRequestContext : : http_transaction_factory_(NULL), ftp_transaction_factory_(NULL), cookie_store_(NULL), - force_tls_state_(NULL) { + strict_transport_security_state_(NULL) { } net::HostResolver* host_resolver() const { @@ -67,7 +67,8 @@ class URLRequestContext : // Gets the cookie policy for this context. net::CookiePolicy* cookie_policy() { return &cookie_policy_; } - net::ForceTLSState* force_tls_state() { return force_tls_state_; } + net::StrictTransportSecurityState* strict_transport_security_state() { + return strict_transport_security_state_; } // Gets the FTP authentication cache for this context. net::FtpAuthCache* ftp_auth_cache() { return &ftp_auth_cache_; } @@ -119,7 +120,7 @@ class URLRequestContext : net::FtpTransactionFactory* ftp_transaction_factory_; scoped_refptr<net::CookieStore> cookie_store_; net::CookiePolicy cookie_policy_; - net::ForceTLSState* force_tls_state_;; + net::StrictTransportSecurityState* strict_transport_security_state_; net::FtpAuthCache ftp_auth_cache_; std::string accept_language_; std::string accept_charset_; diff --git a/net/url_request/url_request_http_job.cc b/net/url_request/url_request_http_job.cc index bd33720..71eee28 100644 --- a/net/url_request/url_request_http_job.cc +++ b/net/url_request/url_request_http_job.cc @@ -14,7 +14,7 @@ #include "base/string_util.h" #include "net/base/cert_status_flags.h" #include "net/base/filter.h" -#include "net/base/force_tls_state.h" +#include "net/base/strict_transport_security_state.h" #include "net/base/load_flags.h" #include "net/base/net_errors.h" #include "net/base/net_util.h" @@ -55,8 +55,8 @@ URLRequestJob* URLRequestHttpJob::Factory(URLRequest* request, static const bool kForceHTTPS = CommandLine::ForCurrentProcess()->HasSwitch(switches::kForceHTTPS); if (kForceHTTPS && scheme == "http" && - request->context()->force_tls_state() && - request->context()->force_tls_state()->IsEnabledForHost( + request->context()->strict_transport_security_state() && + request->context()->strict_transport_security_state()->IsEnabledForHost( request->url().host())) { DCHECK_EQ(request->url().scheme(), "http"); url_canon::Replacements<char> replacements; @@ -536,11 +536,11 @@ bool URLRequestHttpJob::ShouldTreatAsCertificateError(int result) { if (!CommandLine::ForCurrentProcess()->HasSwitch(switches::kForceHTTPS)) return true; - // Check whether our context is using ForceTLS. - if (!context_->force_tls_state()) + // Check whether our context is using Strict-Transport-Security. + if (!context_->strict_transport_security_state()) return true; - return !context_->force_tls_state()->IsEnabledForHost( + return !context_->strict_transport_security_state()->IsEnabledForHost( request_info_.url.host()); } @@ -568,7 +568,7 @@ void URLRequestHttpJob::NotifyHeadersComplete() { } } - ProcessForceTLSHeader(); + ProcessStrictTransportSecurityHeader(); if (SdchManager::Global() && SdchManager::Global()->IsInSupportedDomain(request_->url())) { @@ -741,29 +741,31 @@ void URLRequestHttpJob::FetchResponseCookies() { } -void URLRequestHttpJob::ProcessForceTLSHeader() { +void URLRequestHttpJob::ProcessStrictTransportSecurityHeader() { DCHECK(response_info_); // Hide processing behind a command line flag. if (!CommandLine::ForCurrentProcess()->HasSwitch(switches::kForceHTTPS)) return; - // Only process X-Force-TLS from HTTPS responses. + // Only process Strict-Transport-Security from HTTPS responses. if (request_info_.url.scheme() != "https") return; - // Only process X-Force-TLS from responses with valid certificates. + // Only process Strict-Transport-Security from responses with valid certificates. if (response_info_->ssl_info.cert_status & net::CERT_STATUS_ALL_ERRORS) return; URLRequestContext* ctx = request_->context(); - if (!ctx || !ctx->force_tls_state()) + if (!ctx || !ctx->strict_transport_security_state()) return; - std::string name = "X-Force-TLS"; + std::string name = "Strict-Transport-Security"; std::string value; void* iter = NULL; - while (response_info_->headers->EnumerateHeader(&iter, name, &value)) - ctx->force_tls_state()->DidReceiveHeader(request_info_.url, value); + while (response_info_->headers->EnumerateHeader(&iter, name, &value)) { + ctx->strict_transport_security_state()->DidReceiveHeader( + request_info_.url, value); + } } diff --git a/net/url_request/url_request_http_job.h b/net/url_request/url_request_http_job.h index 48c155d..a74d398 100644 --- a/net/url_request/url_request_http_job.h +++ b/net/url_request/url_request_http_job.h @@ -74,8 +74,8 @@ class URLRequestHttpJob : public URLRequestJob { std::string AssembleRequestCookies(); void FetchResponseCookies(); - // Process the X-Force-TLS header, if one exists. - void ProcessForceTLSHeader(); + // Process the Strict-Transport-Security header, if one exists. + void ProcessStrictTransportSecurityHeader(); void OnStartCompleted(int result); void OnReadCompleted(int result); |