transport_security_state.h revision 3f50c38dc070f4bb515c1b64450dae14f316474e 
1// Copyright (c) 2010 The Chromium Authors. All rights reserved.
2// Use of this source code is governed by a BSD-style license that can be
3// found in the LICENSE file.
4
5#ifndef NET_BASE_TRANSPORT_SECURITY_STATE_H_
6#define NET_BASE_TRANSPORT_SECURITY_STATE_H_
7#pragma once
8
9#include <map>
10#include <string>
11
12#include "base/basictypes.h"
13#include "base/gtest_prod_util.h"
14#include "base/ref_counted.h"
15#include "base/time.h"
16
17namespace net {
18
19// TransportSecurityState
20//
21// Tracks which hosts have enabled *-Transport-Security. This object manages
22// the in-memory store. A separate object must register itself with this object
23// in order to persist the state to disk.
24class TransportSecurityState :
25    public base::RefCountedThreadSafe<TransportSecurityState> {
26 public:
27  TransportSecurityState();
28
29  // A DomainState is the information that we persist about a given domain.
30  struct DomainState {
31    enum Mode {
32      // Strict mode implies:
33      //   * We generate internal redirects from HTTP -> HTTPS.
34      //   * Certificate issues are fatal.
35      MODE_STRICT = 0,
36      // Opportunistic mode implies:
37      //   * We'll request HTTP URLs over HTTPS
38      //   * Certificate issues are ignored.
39      MODE_OPPORTUNISTIC = 1,
40      // SPDY_ONLY (aka X-Bodge-Transport-Security) is a hopefully temporary
41      // measure. It implies:
42      //   * We'll request HTTP URLs over HTTPS iff we have SPDY support.
43      //   * Certificate issues are fatal.
44      MODE_SPDY_ONLY = 2,
45    };
46
47    DomainState()
48        : mode(MODE_STRICT),
49          created(base::Time::Now()),
50          include_subdomains(false) { }
51
52    Mode mode;
53    base::Time created;  // when this host entry was first created
54    base::Time expiry;  // the absolute time (UTC) when this record expires
55    bool include_subdomains;  // subdomains included?
56  };
57
58  // Enable TransportSecurity for |host|.
59  void EnableHost(const std::string& host, const DomainState& state);
60
61  // Returns true if |host| has TransportSecurity enabled. If that case,
62  // *result is filled out.
63  bool IsEnabledForHost(DomainState* result, const std::string& host);
64
65  // Deletes all records created since a given time.
66  void DeleteSince(const base::Time& time);
67
68  // Returns |true| if |value| parses as a valid *-Transport-Security
69  // header value.  The values of max-age and and includeSubDomains are
70  // returned in |max_age| and |include_subdomains|, respectively.  The out
71  // parameters are not modified if the function returns |false|.
72  static bool ParseHeader(const std::string& value,
73                          int* max_age,
74                          bool* include_subdomains);
75
76  class Delegate {
77   public:
78    // This function may not block and may be called with internal locks held.
79    // Thus it must not reenter the TransportSecurityState object.
80    virtual void StateIsDirty(TransportSecurityState* state) = 0;
81
82   protected:
83    virtual ~Delegate() {}
84  };
85
86  void SetDelegate(Delegate*);
87
88  bool Serialise(std::string* output);
89  bool Deserialise(const std::string& state, bool* dirty);
90
91  // The maximum number of seconds for which we'll cache an HSTS request.
92  static const long int kMaxHSTSAgeSecs;
93
94 private:
95  friend class base::RefCountedThreadSafe<TransportSecurityState>;
96  FRIEND_TEST_ALL_PREFIXES(TransportSecurityStateTest, IsPreloaded);
97
98  ~TransportSecurityState();
99
100  // If we have a callback configured, call it to let our serialiser know that
101  // our state is dirty.
102  void DirtyNotify();
103
104  static std::string CanonicaliseHost(const std::string& host);
105  static bool IsPreloadedSTS(const std::string& canonicalised_host,
106                             bool* out_include_subdomains);
107
108  // The set of hosts that have enabled TransportSecurity. The keys here
109  // are SHA256(DNSForm(domain)) where DNSForm converts from dotted form
110  // ('www.google.com') to the form used in DNS: "\x03www\x06google\x03com"
111  std::map<std::string, DomainState> enabled_hosts_;
112
113  // Our delegate who gets notified when we are dirtied, or NULL.
114  Delegate* delegate_;
115
116  DISALLOW_COPY_AND_ASSIGN(TransportSecurityState);
117};
118
119}  // namespace net
120
121#endif  // NET_BASE_TRANSPORT_SECURITY_STATE_H_
122