Update the Strict-Transport-Security grammar to match the spec.

R=agl Review URL: http://codereview.chromium.org/200033 git-svn-id: svn://svn.chromium.org/chrome/trunk/src@25634 0039d316-1c4b-4281-b951-d872f2087c98
author: abarth@chromium.org <abarth@chromium.org@0039d316-1c4b-4281-b951-d872f2087c98> 2009-09-08 17:49:05 +0000
committer: abarth@chromium.org <abarth@chromium.org@0039d316-1c4b-4281-b951-d872f2087c98> 2009-09-08 17:49:05 +0000
commit: 97afa066c572a1f56e0e8cbf1e93e8437a201eb7 (patch)
tree: 6aeaa21bb254f601da3ce0db851aa6b380e03fbd /net/base
parent: 0ea28372bf531547a1db8e474bdcd776272e981f (diff)
download: chromium_src-97afa066c572a1f56e0e8cbf1e93e8437a201eb7.zip
chromium_src-97afa066c572a1f56e0e8cbf1e93e8437a201eb7.tar.gz
chromium_src-97afa066c572a1f56e0e8cbf1e93e8437a201eb7.tar.bz2
2 files changed, 28 insertions, 14 deletions
diff --git a/net/base/strict_transport_security_state.cc b/net/base/strict_transport_security_state.cc
index 58f9f25..ac0b9fe 100644
--- a/net/base/strict_transport_security_state.cc
+++ b/net/base/strict_transport_security_state.cc
@@ -65,8 +65,8 @@ bool StrictTransportSecurityState::IsEnabledForHost(const std::string& host) {
   return true;
 }
 
-// "X-Force-TLS" ":" "max-age" "=" delta-seconds *1INCLUDESUBDOMAINS
-// INCLUDESUBDOMAINS = [ " includeSubDomains" ]
+// "Strict-Transport-Security" ":"
+//     "max-age" "=" delta-seconds [ ";" "includeSubDomains" ]
 bool StrictTransportSecurityState::ParseHeader(const std::string& value,
                                                int* max_age,
                                                bool* include_subdomains) {
@@ -84,14 +84,13 @@ bool StrictTransportSecurityState::ParseHeader(const std::string& value,
     AFTER_INCLUDE_SUBDOMAINS,
   } state = START;
 
-  StringTokenizer tokenizer(value, " =");
+  StringTokenizer tokenizer(value, " \t=;");
   tokenizer.set_options(StringTokenizer::RETURN_DELIMS);
   while (tokenizer.GetNext()) {
     DCHECK(!tokenizer.token_is_delim() || tokenizer.token().length() == 1);
-    DCHECK(tokenizer.token_is_delim() || *tokenizer.token_begin() != ' ');
     switch (state) {
       case START:
-        if (*tokenizer.token_begin() == ' ')
+        if (IsAsciiWhitespace(*tokenizer.token_begin()))
           continue;
         if (!LowerCaseEqualsASCII(tokenizer.token(), "max-age"))
           return false;
@@ -99,7 +98,7 @@ bool StrictTransportSecurityState::ParseHeader(const std::string& value,
         break;
 
       case AFTER_MAX_AGE_LABEL:
-        if (*tokenizer.token_begin() == ' ')
+        if (IsAsciiWhitespace(*tokenizer.token_begin()))
           continue;
         if (*tokenizer.token_begin() != '=')
           return false;
@@ -108,7 +107,7 @@ bool StrictTransportSecurityState::ParseHeader(const std::string& value,
         break;
 
       case AFTER_MAX_AGE_EQUALS:
-        if (*tokenizer.token_begin() == ' ')
+        if (IsAsciiWhitespace(*tokenizer.token_begin()))
           continue;
         if (!StringToInt(tokenizer.token(), &max_age_candidate))
           return false;
@@ -118,13 +117,15 @@ bool StrictTransportSecurityState::ParseHeader(const std::string& value,
         break;
 
       case AFTER_MAX_AGE:
-        if (*tokenizer.token_begin() != ' ')
+        if (IsAsciiWhitespace(*tokenizer.token_begin()))
+          continue;
+        if (*tokenizer.token_begin() != ';')
           return false;
         state = AFTER_MAX_AGE_INCLUDE_SUB_DOMAINS_DELIMITER;
         break;
 
       case AFTER_MAX_AGE_INCLUDE_SUB_DOMAINS_DELIMITER:
-        if (*tokenizer.token_begin() == ' ')
+        if (IsAsciiWhitespace(*tokenizer.token_begin()))
           continue;
         if (!LowerCaseEqualsASCII(tokenizer.token(), "includesubdomains"))
           return false;
@@ -132,7 +133,7 @@ bool StrictTransportSecurityState::ParseHeader(const std::string& value,
         break;
 
       case AFTER_INCLUDE_SUBDOMAINS:
-        if (*tokenizer.token_begin() != ' ')
+        if (!IsAsciiWhitespace(*tokenizer.token_begin()))
           return false;
         break;
 
@@ -148,10 +149,11 @@ bool StrictTransportSecurityState::ParseHeader(const std::string& value,
     case AFTER_MAX_AGE_EQUALS:
       return false;
     case AFTER_MAX_AGE:
-    case AFTER_MAX_AGE_INCLUDE_SUB_DOMAINS_DELIMITER:
       *max_age = max_age_candidate;
       *include_subdomains = false;
       return true;
+    case AFTER_MAX_AGE_INCLUDE_SUB_DOMAINS_DELIMITER:
+      return false;
     case AFTER_INCLUDE_SUBDOMAINS:
       *max_age = max_age_candidate;
       *include_subdomains = true;
diff --git a/net/base/strict_transport_security_state_unittest.cc b/net/base/strict_transport_security_state_unittest.cc
index 34ef7ae..0077a8c 100644
--- a/net/base/strict_transport_security_state_unittest.cc
+++ b/net/base/strict_transport_security_state_unittest.cc
@@ -78,6 +78,8 @@ TEST_F(StrictTransportSecurityStateTest, BogusHeaders) {
       "max-age=3488923 includesubdomains x", &max_age, &include_subdomains));
   EXPECT_FALSE(net::StrictTransportSecurityState::ParseHeader(
       "max-age=34889.23 includesubdomains", &max_age, &include_subdomains));
+  EXPECT_FALSE(net::StrictTransportSecurityState::ParseHeader(
+      "max-age=34889 includesubdomains", &max_age, &include_subdomains));
 
   EXPECT_EQ(max_age, 42);
   EXPECT_FALSE(include_subdomains);
@@ -103,17 +105,27 @@ TEST_F(StrictTransportSecurityStateTest, ValidHeaders) {
   EXPECT_FALSE(include_subdomains);
 
   EXPECT_TRUE(net::StrictTransportSecurityState::ParseHeader(
-      "max-age=123 incLudesUbdOmains", &max_age, &include_subdomains));
+      "max-age=123;incLudesUbdOmains", &max_age, &include_subdomains));
   EXPECT_EQ(max_age, 123);
   EXPECT_TRUE(include_subdomains);
 
   EXPECT_TRUE(net::StrictTransportSecurityState::ParseHeader(
-      "max-age=394082038    incLudesUbdOmains", &max_age, &include_subdomains));
+      "max-age=394082;  incLudesUbdOmains", &max_age, &include_subdomains));
+  EXPECT_EQ(max_age, 394082);
+  EXPECT_TRUE(include_subdomains);
+
+  EXPECT_TRUE(net::StrictTransportSecurityState::ParseHeader(
+      "max-age=39408299  ;incLudesUbdOmains", &max_age, &include_subdomains));
+  EXPECT_EQ(max_age, 39408299);
+  EXPECT_TRUE(include_subdomains);
+
+  EXPECT_TRUE(net::StrictTransportSecurityState::ParseHeader(
+      "max-age=394082038  ;  incLudesUbdOmains", &max_age, &include_subdomains));
   EXPECT_EQ(max_age, 394082038);
   EXPECT_TRUE(include_subdomains);
 
   EXPECT_TRUE(net::StrictTransportSecurityState::ParseHeader(
-      "  max-age=0    incLudesUbdOmains   ", &max_age, &include_subdomains));
+      "  max-age=0  ;  incLudesUbdOmains   ", &max_age, &include_subdomains));
   EXPECT_EQ(max_age, 0);
   EXPECT_TRUE(include_subdomains);
 }
author	abarth@chromium.org <abarth@chromium.org@0039d316-1c4b-4281-b951-d872f2087c98>	2009-09-08 17:49:05 +0000
committer	abarth@chromium.org <abarth@chromium.org@0039d316-1c4b-4281-b951-d872f2087c98>	2009-09-08 17:49:05 +0000
commit	97afa066c572a1f56e0e8cbf1e93e8437a201eb7 (patch)
tree	6aeaa21bb254f601da3ce0db851aa6b380e03fbd /net/base
parent	0ea28372bf531547a1db8e474bdcd776272e981f (diff)
download	chromium_src-97afa066c572a1f56e0e8cbf1e93e8437a201eb7.zip chromium_src-97afa066c572a1f56e0e8cbf1e93e8437a201eb7.tar.gz chromium_src-97afa066c572a1f56e0e8cbf1e93e8437a201eb7.tar.bz2