Chromium Code Reviews Chromium Code Reviews
Issue 10826257:
Implement SHA-256 fingerprint support (Closed)
Base URL: svn://svn.chromium.org/chrome/trunk/src/| OLD | NEW |
|---|---|
| 1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. | 1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. |
| 2 // Use of this source code is governed by a BSD-style license that can be | 2 // Use of this source code is governed by a BSD-style license that can be |
| 3 // found in the LICENSE file. | 3 // found in the LICENSE file. |
| 4 | 4 |
| 5 #include "chrome/browser/net/transport_security_persister.h" | 5 #include "chrome/browser/net/transport_security_persister.h" |
| 6 | 6 |
| 7 #include "base/base64.h" | 7 #include "base/base64.h" |
| 8 #include "base/bind.h" | 8 #include "base/bind.h" |
| 9 #include "base/file_path.h" | 9 #include "base/file_path.h" |
| 10 #include "base/file_util.h" | 10 #include "base/file_util.h" |
| 11 #include "base/json/json_reader.h" | 11 #include "base/json/json_reader.h" |
| 12 #include "base/json/json_writer.h" | 12 #include "base/json/json_writer.h" |
| 13 #include "base/message_loop.h" | 13 #include "base/message_loop.h" |
| 14 #include "base/path_service.h" | 14 #include "base/path_service.h" |
| 15 #include "base/values.h" | 15 #include "base/values.h" |
| 16 #include "chrome/common/chrome_paths.h" | 16 #include "chrome/common/chrome_paths.h" |
| 17 #include "content/public/browser/browser_thread.h" | 17 #include "content/public/browser/browser_thread.h" |
| 18 #include "crypto/sha2.h" | 18 #include "crypto/sha2.h" |
| 19 #include "net/base/transport_security_state.h" | 19 #include "net/base/transport_security_state.h" |
| 20 #include "net/base/x509_certificate.h" | 20 #include "net/base/x509_certificate.h" |
| 21 | 21 |
| 22 using content::BrowserThread; | 22 using content::BrowserThread; |
| 23 using net::Fingerprint; | 23 using net::HashValue; |
| 24 using net::FingerprintVector; | 24 using net::HashValueTag; |
| 25 using net::HashValueVector; | |
| 25 using net::TransportSecurityState; | 26 using net::TransportSecurityState; |
| 26 | 27 |
| 27 namespace { | 28 namespace { |
| 28 | 29 |
| 29 ListValue* SPKIHashesToListValue(const FingerprintVector& hashes) { | 30 ListValue* SPKIHashesToListValue(const HashValueVector& hashes) { |
| 30 ListValue* pins = new ListValue; | 31 ListValue* pins = new ListValue; |
| 31 | 32 |
| 32 for (FingerprintVector::const_iterator i = hashes.begin(); | 33 for (HashValueVector::const_iterator i = hashes.begin(); |
| 33 i != hashes.end(); ++i) { | 34 i != hashes.end(); ++i) { |
| 34 std::string hash_str(reinterpret_cast<const char*>(i->data), | 35 std::string label; |
|
Ryan Sleevi
2012/08/11 01:39:55
nit: declare label outside the loop?
palmer
2012/08/14 19:40:42
This is resolved with the new HashValue.label meth
| |
| 35 sizeof(i->data)); | 36 switch (i->tag) { |
| 37 case net::HASH_VALUE_SHA1: | |
| 38 label = "sha1/"; | |
| 39 break; | |
| 40 case net::HASH_VALUE_SHA256: | |
| 41 label = "sha256/"; | |
| 42 break; | |
| 43 default: | |
| 44 LOG(WARNING) << "Skipping invalid fingerprint with unknown type " | |
| 45 << i->tag; | |
| 46 continue; | |
| 47 } | |
| 48 | |
| 49 std::string hash_str(reinterpret_cast<const char*>(i->data()), i->size()); | |
| 36 std::string b64; | 50 std::string b64; |
| 37 base::Base64Encode(hash_str, &b64); | 51 base::Base64Encode(hash_str, &b64); |
| 38 pins->Append(new StringValue("sha1/" + b64)); | 52 pins->Append(new StringValue(label + b64)); |
| 39 } | 53 } |
| 40 | 54 |
| 41 return pins; | 55 return pins; |
| 42 } | 56 } |
| 43 | 57 |
| 44 void SPKIHashesFromListValue(const ListValue& pins, FingerprintVector* hashes) { | 58 void SPKIHashesFromListValue(const ListValue& pins, HashValueVector* hashes) { |
| 45 size_t num_pins = pins.GetSize(); | 59 size_t num_pins = pins.GetSize(); |
| 46 for (size_t i = 0; i < num_pins; ++i) { | 60 for (size_t i = 0; i < num_pins; ++i) { |
| 47 std::string type_and_base64; | 61 std::string type_and_base64; |
| 48 Fingerprint fingerprint; | 62 HashValue fingerprint; |
| 49 if (pins.GetString(i, &type_and_base64) && | 63 if (pins.GetString(i, &type_and_base64) && |
| 50 TransportSecurityState::ParsePin(type_and_base64, &fingerprint)) { | 64 TransportSecurityState::ParsePin(type_and_base64, &fingerprint)) { |
| 51 hashes->push_back(fingerprint); | 65 hashes->push_back(fingerprint); |
| 52 } | 66 } |
| 53 } | 67 } |
| 54 } | 68 } |
| 55 | 69 |
| 56 // This function converts the binary hashes to a base64 string which we can | 70 // This function converts the binary hashes to a base64 string which we can |
| 57 // include in a JSON file. | 71 // include in a JSON file. |
| 58 std::string HashedDomainToExternalString(const std::string& hashed) { | 72 std::string HashedDomainToExternalString(const std::string& hashed) { |
| (...skipping 270 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... | |
| 329 DCHECK(BrowserThread::CurrentlyOn(BrowserThread::IO)); | 343 DCHECK(BrowserThread::CurrentlyOn(BrowserThread::IO)); |
| 330 | 344 |
| 331 bool dirty = false; | 345 bool dirty = false; |
| 332 if (!LoadEntries(state, &dirty)) { | 346 if (!LoadEntries(state, &dirty)) { |
| 333 LOG(ERROR) << "Failed to deserialize state: " << state; | 347 LOG(ERROR) << "Failed to deserialize state: " << state; |
| 334 return; | 348 return; |
| 335 } | 349 } |
| 336 if (dirty) | 350 if (dirty) |
| 337 StateIsDirty(transport_security_state_); | 351 StateIsDirty(transport_security_state_); |
| 338 } | 352 } |
| OLD | NEW |
