1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. 2 // Use of this source code is governed by a BSD-style license that can be 3 // found in the LICENSE file. 4 5 #include "net/http/transport_security_persister.h" 6 7 #include "base/base64.h" 8 #include "base/bind.h" 9 #include "base/file_util.h" 10 #include "base/files/file_path.h" 11 #include "base/json/json_reader.h" 12 #include "base/json/json_writer.h" 13 #include "base/message_loop/message_loop.h" 14 #include "base/message_loop/message_loop_proxy.h" 15 #include "base/sequenced_task_runner.h" 16 #include "base/task_runner_util.h" 17 #include "base/values.h" 18 #include "crypto/sha2.h" 19 #include "net/cert/x509_certificate.h" 20 #include "net/http/transport_security_state.h" 21 22 using net::HashValue; 23 using net::HashValueTag; 24 using net::HashValueVector; 25 using net::TransportSecurityState; 26 27 namespace { 28 29 base::ListValue* SPKIHashesToListValue(const HashValueVector& hashes) { 30 base::ListValue* pins = new base::ListValue; 31 for (size_t i = 0; i != hashes.size(); i++) 32 pins->Append(new base::StringValue(hashes[i].ToString())); 33 return pins; 34 } 35 36 void SPKIHashesFromListValue(const base::ListValue& pins, 37 HashValueVector* hashes) { 38 size_t num_pins = pins.GetSize(); 39 for (size_t i = 0; i < num_pins; ++i) { 40 std::string type_and_base64; 41 HashValue fingerprint; 42 if (pins.GetString(i, &type_and_base64) && 43 fingerprint.FromString(type_and_base64)) { 44 hashes->push_back(fingerprint); 45 } 46 } 47 } 48 49 // This function converts the binary hashes to a base64 string which we can 50 // include in a JSON file. 51 std::string HashedDomainToExternalString(const std::string& hashed) { 52 std::string out; 53 base::Base64Encode(hashed, &out); 54 return out; 55 } 56 57 // This inverts |HashedDomainToExternalString|, above. It turns an external 58 // string (from a JSON file) into an internal (binary) string. 59 std::string ExternalStringToHashedDomain(const std::string& external) { 60 std::string out; 61 if (!base::Base64Decode(external, &out) || 62 out.size() != crypto::kSHA256Length) { 63 return std::string(); 64 } 65 66 return out; 67 } 68 69 const char kIncludeSubdomains[] = "include_subdomains"; 70 const char kStsIncludeSubdomains[] = "sts_include_subdomains"; 71 const char kPkpIncludeSubdomains[] = "pkp_include_subdomains"; 72 const char kMode[] = "mode"; 73 const char kExpiry[] = "expiry"; 74 const char kDynamicSPKIHashesExpiry[] = "dynamic_spki_hashes_expiry"; 75 const char kDynamicSPKIHashes[] = "dynamic_spki_hashes"; 76 const char kForceHTTPS[] = "force-https"; 77 const char kStrict[] = "strict"; 78 const char kDefault[] = "default"; 79 const char kPinningOnly[] = "pinning-only"; 80 const char kCreated[] = "created"; 81 const char kStsObserved[] = "sts_observed"; 82 const char kPkpObserved[] = "pkp_observed"; 83 84 std::string LoadState(const base::FilePath& path) { 85 std::string result; 86 if (!base::ReadFileToString(path, &result)) { 87 return ""; 88 } 89 return result; 90 } 91 92 } // namespace 93 94 95 namespace net { 96 97 TransportSecurityPersister::TransportSecurityPersister( 98 TransportSecurityState* state, 99 const base::FilePath& profile_path, 100 base::SequencedTaskRunner* background_runner, 101 bool readonly) 102 : transport_security_state_(state), 103 writer_(profile_path.AppendASCII("TransportSecurity"), background_runner), 104 foreground_runner_(base::MessageLoop::current()->message_loop_proxy()), 105 background_runner_(background_runner), 106 readonly_(readonly), 107 weak_ptr_factory_(this) { 108 transport_security_state_->SetDelegate(this); 109 110 base::PostTaskAndReplyWithResult( 111 background_runner_, 112 FROM_HERE, 113 base::Bind(&::LoadState, writer_.path()), 114 base::Bind(&TransportSecurityPersister::CompleteLoad, 115 weak_ptr_factory_.GetWeakPtr())); 116 } 117 118 TransportSecurityPersister::~TransportSecurityPersister() { 119 DCHECK(foreground_runner_->RunsTasksOnCurrentThread()); 120 121 if (writer_.HasPendingWrite()) 122 writer_.DoScheduledWrite(); 123 124 transport_security_state_->SetDelegate(NULL); 125 } 126 127 void TransportSecurityPersister::StateIsDirty( 128 TransportSecurityState* state) { 129 DCHECK(foreground_runner_->RunsTasksOnCurrentThread()); 130 DCHECK_EQ(transport_security_state_, state); 131 132 if (!readonly_) 133 writer_.ScheduleWrite(this); 134 } 135 136 bool TransportSecurityPersister::SerializeData(std::string* output) { 137 DCHECK(foreground_runner_->RunsTasksOnCurrentThread()); 138 139 base::DictionaryValue toplevel; 140 base::Time now = base::Time::Now(); 141 TransportSecurityState::Iterator state(*transport_security_state_); 142 for (; state.HasNext(); state.Advance()) { 143 const std::string& hostname = state.hostname(); 144 const TransportSecurityState::DomainState& domain_state = 145 state.domain_state(); 146 147 base::DictionaryValue* serialized = new base::DictionaryValue; 148 serialized->SetBoolean(kStsIncludeSubdomains, 149 domain_state.sts.include_subdomains); 150 serialized->SetBoolean(kPkpIncludeSubdomains, 151 domain_state.pkp.include_subdomains); 152 serialized->SetDouble(kStsObserved, 153 domain_state.sts.last_observed.ToDoubleT()); 154 serialized->SetDouble(kPkpObserved, 155 domain_state.pkp.last_observed.ToDoubleT()); 156 serialized->SetDouble(kExpiry, domain_state.sts.expiry.ToDoubleT()); 157 serialized->SetDouble(kDynamicSPKIHashesExpiry, 158 domain_state.pkp.expiry.ToDoubleT()); 159 160 switch (domain_state.sts.upgrade_mode) { 161 case TransportSecurityState::DomainState::MODE_FORCE_HTTPS: 162 serialized->SetString(kMode, kForceHTTPS); 163 break; 164 case TransportSecurityState::DomainState::MODE_DEFAULT: 165 serialized->SetString(kMode, kDefault); 166 break; 167 default: 168 NOTREACHED() << "DomainState with unknown mode"; 169 delete serialized; 170 continue; 171 } 172 173 if (now < domain_state.pkp.expiry) { 174 serialized->Set(kDynamicSPKIHashes, 175 SPKIHashesToListValue(domain_state.pkp.spki_hashes)); 176 } 177 178 toplevel.Set(HashedDomainToExternalString(hostname), serialized); 179 } 180 181 base::JSONWriter::WriteWithOptions(&toplevel, 182 base::JSONWriter::OPTIONS_PRETTY_PRINT, 183 output); 184 return true; 185 } 186 187 bool TransportSecurityPersister::LoadEntries(const std::string& serialized, 188 bool* dirty) { 189 DCHECK(foreground_runner_->RunsTasksOnCurrentThread()); 190 191 transport_security_state_->ClearDynamicData(); 192 return Deserialize(serialized, dirty, transport_security_state_); 193 } 194 195 // static 196 bool TransportSecurityPersister::Deserialize(const std::string& serialized, 197 bool* dirty, 198 TransportSecurityState* state) { 199 scoped_ptr<base::Value> value(base::JSONReader::Read(serialized)); 200 base::DictionaryValue* dict_value = NULL; 201 if (!value.get() || !value->GetAsDictionary(&dict_value)) 202 return false; 203 204 const base::Time current_time(base::Time::Now()); 205 bool dirtied = false; 206 207 for (base::DictionaryValue::Iterator i(*dict_value); 208 !i.IsAtEnd(); i.Advance()) { 209 const base::DictionaryValue* parsed = NULL; 210 if (!i.value().GetAsDictionary(&parsed)) { 211 LOG(WARNING) << "Could not parse entry " << i.key() << "; skipping entry"; 212 continue; 213 } 214 215 std::string mode_string; 216 double expiry; 217 double dynamic_spki_hashes_expiry = 0.0; 218 TransportSecurityState::DomainState domain_state; 219 220 // kIncludeSubdomains is a legacy synonym for kStsIncludeSubdomains and 221 // kPkpIncludeSubdomains. Parse at least one of these properties, 222 // preferably the new ones. 223 bool include_subdomains = false; 224 bool parsed_include_subdomains = parsed->GetBoolean(kIncludeSubdomains, 225 &include_subdomains); 226 domain_state.sts.include_subdomains = include_subdomains; 227 domain_state.pkp.include_subdomains = include_subdomains; 228 if (parsed->GetBoolean(kStsIncludeSubdomains, &include_subdomains)) { 229 domain_state.sts.include_subdomains = include_subdomains; 230 parsed_include_subdomains = true; 231 } 232 if (parsed->GetBoolean(kPkpIncludeSubdomains, &include_subdomains)) { 233 domain_state.pkp.include_subdomains = include_subdomains; 234 parsed_include_subdomains = true; 235 } 236 237 if (!parsed_include_subdomains || 238 !parsed->GetString(kMode, &mode_string) || 239 !parsed->GetDouble(kExpiry, &expiry)) { 240 LOG(WARNING) << "Could not parse some elements of entry " << i.key() 241 << "; skipping entry"; 242 continue; 243 } 244 245 // Don't fail if this key is not present. 246 parsed->GetDouble(kDynamicSPKIHashesExpiry, 247 &dynamic_spki_hashes_expiry); 248 249 const base::ListValue* pins_list = NULL; 250 if (parsed->GetList(kDynamicSPKIHashes, &pins_list)) { 251 SPKIHashesFromListValue(*pins_list, &domain_state.pkp.spki_hashes); 252 } 253 254 if (mode_string == kForceHTTPS || mode_string == kStrict) { 255 domain_state.sts.upgrade_mode = 256 TransportSecurityState::DomainState::MODE_FORCE_HTTPS; 257 } else if (mode_string == kDefault || mode_string == kPinningOnly) { 258 domain_state.sts.upgrade_mode = 259 TransportSecurityState::DomainState::MODE_DEFAULT; 260 } else { 261 LOG(WARNING) << "Unknown TransportSecurityState mode string " 262 << mode_string << " found for entry " << i.key() 263 << "; skipping entry"; 264 continue; 265 } 266 267 domain_state.sts.expiry = base::Time::FromDoubleT(expiry); 268 domain_state.pkp.expiry = 269 base::Time::FromDoubleT(dynamic_spki_hashes_expiry); 270 271 double sts_observed; 272 double pkp_observed; 273 if (parsed->GetDouble(kStsObserved, &sts_observed)) { 274 domain_state.sts.last_observed = base::Time::FromDoubleT(sts_observed); 275 } else if (parsed->GetDouble(kCreated, &sts_observed)) { 276 // kCreated is a legacy synonym for both kStsObserved and kPkpObserved. 277 domain_state.sts.last_observed = base::Time::FromDoubleT(sts_observed); 278 } else { 279 // We're migrating an old entry with no observation date. Make sure we 280 // write the new date back in a reasonable time frame. 281 dirtied = true; 282 domain_state.sts.last_observed = base::Time::Now(); 283 } 284 if (parsed->GetDouble(kPkpObserved, &pkp_observed)) { 285 domain_state.pkp.last_observed = base::Time::FromDoubleT(pkp_observed); 286 } else if (parsed->GetDouble(kCreated, &pkp_observed)) { 287 domain_state.pkp.last_observed = base::Time::FromDoubleT(pkp_observed); 288 } else { 289 dirtied = true; 290 domain_state.pkp.last_observed = base::Time::Now(); 291 } 292 293 if (domain_state.sts.expiry <= current_time && 294 domain_state.pkp.expiry <= current_time) { 295 // Make sure we dirty the state if we drop an entry. 296 dirtied = true; 297 continue; 298 } 299 300 std::string hashed = ExternalStringToHashedDomain(i.key()); 301 if (hashed.empty()) { 302 dirtied = true; 303 continue; 304 } 305 306 state->AddOrUpdateEnabledHosts(hashed, domain_state); 307 } 308 309 *dirty = dirtied; 310 return true; 311 } 312 313 void TransportSecurityPersister::CompleteLoad(const std::string& state) { 314 DCHECK(foreground_runner_->RunsTasksOnCurrentThread()); 315 316 if (state.empty()) 317 return; 318 319 bool dirty = false; 320 if (!LoadEntries(state, &dirty)) { 321 LOG(ERROR) << "Failed to deserialize state: " << state; 322 return; 323 } 324 if (dirty) 325 StateIsDirty(transport_security_state_); 326 } 327 328 } // namespace net 329