1 // Copyright (c) 2009 The Chromium Authors. All rights reserved. 2 // Use of this source code is governed by a BSD-style license that can be 3 // found in the LICENSE file. 4 5 #ifndef NET_BASE_TRANSPORT_SECURITY_STATE_H_ 6 #define NET_BASE_TRANSPORT_SECURITY_STATE_H_ 7 8 #include <map> 9 #include <string> 10 11 #include "base/basictypes.h" 12 #include "base/lock.h" 13 #include "base/ref_counted.h" 14 #include "base/time.h" 15 16 class GURL; 17 18 namespace net { 19 20 // TransportSecurityState 21 // 22 // Tracks which hosts have enabled *-Transport-Security. This object manages 23 // the in-memory store. A separate object must register itself with this object 24 // in order to persist the state to disk. 25 class TransportSecurityState : 26 public base::RefCountedThreadSafe<TransportSecurityState> { 27 public: 28 TransportSecurityState(); 29 30 // A DomainState is the information that we persist about a given domain. 31 struct DomainState { 32 enum Mode { 33 // Strict mode implies: 34 // * We generate internal redirects from HTTP -> HTTPS. 35 // * Certificate issues are fatal. 36 MODE_STRICT = 0, 37 // Opportunistic mode implies: 38 // * We'll request HTTP URLs over HTTPS 39 // * Certificate issues are ignored. 40 MODE_OPPORTUNISTIC = 1, 41 // SPDY_ONLY (aka X-Bodge-Transport-Security) is a hopefully temporary 42 // measure. It implies: 43 // * We'll request HTTP URLs over HTTPS iff we have SPDY support. 44 // * Certificate issues are fatal. 45 MODE_SPDY_ONLY = 2, 46 }; 47 Mode mode; 48 49 DomainState() 50 : mode(MODE_STRICT), 51 include_subdomains(false) { } 52 53 base::Time expiry; // the absolute time (UTC) when this record expires 54 bool include_subdomains; // subdomains included? 55 }; 56 57 // Enable TransportSecurity for |host|. 58 void EnableHost(const std::string& host, const DomainState& state); 59 60 // Returns true if |host| has TransportSecurity enabled. If that case, 61 // *result is filled out. 62 bool IsEnabledForHost(DomainState* result, const std::string& host); 63 64 // Returns |true| if |value| parses as a valid *-Transport-Security 65 // header value. The values of max-age and and includeSubDomains are 66 // returned in |max_age| and |include_subdomains|, respectively. The out 67 // parameters are not modified if the function returns |false|. 68 static bool ParseHeader(const std::string& value, 69 int* max_age, 70 bool* include_subdomains); 71 72 class Delegate { 73 public: 74 // This function may not block and may be called with internal locks held. 75 // Thus it must not reenter the TransportSecurityState object. 76 virtual void StateIsDirty(TransportSecurityState* state) = 0; 77 }; 78 79 void SetDelegate(Delegate*); 80 81 bool Serialise(std::string* output); 82 bool Deserialise(const std::string& state); 83 84 private: 85 friend class base::RefCountedThreadSafe<TransportSecurityState>; 86 87 ~TransportSecurityState() {} 88 89 // If we have a callback configured, call it to let our serialiser know that 90 // our state is dirty. 91 void DirtyNotify(); 92 93 // The set of hosts that have enabled TransportSecurity. The keys here 94 // are SHA256(DNSForm(domain)) where DNSForm converts from dotted form 95 // ('www.google.com') to the form used in DNS: "\x03www\x06google\x03com" 96 std::map<std::string, DomainState> enabled_hosts_; 97 98 // Protect access to our data members with this lock. 99 Lock lock_; 100 101 // Our delegate who gets notified when we are dirtied, or NULL. 102 Delegate* delegate_; 103 104 static std::string CanonicaliseHost(const std::string& host); 105 106 DISALLOW_COPY_AND_ASSIGN(TransportSecurityState); 107 }; 108 109 } // namespace net 110 111 #endif // NET_BASE_TRANSPORT_SECURITY_STATE_H_ 112
