chromium/net/http/transport_security_persister.cc

// Copyright 2012 The Chromium Authors
// Use of this source code is governed by a BSD-style license that can be
// found in the LICENSE file.

#include "net/http/transport_security_persister.h"

#include <algorithm>
#include <cstdint>
#include <memory>
#include <optional>
#include <utility>
#include <vector>

#include "base/base64.h"
#include "base/feature_list.h"
#include "base/files/file_path.h"
#include "base/files/file_util.h"
#include "base/functional/bind.h"
#include "base/functional/callback.h"
#include "base/json/json_reader.h"
#include "base/json/json_writer.h"
#include "base/location.h"
#include "base/metrics/field_trial_params.h"
#include "base/task/sequenced_task_runner.h"
#include "base/task/single_thread_task_runner.h"
#include "base/time/time.h"
#include "base/values.h"
#include "net/base/features.h"
#include "net/base/network_anonymization_key.h"
#include "net/cert/x509_certificate.h"
#include "net/http/transport_security_state.h"

namespace net {

BASE_FEATURE(…);

namespace {

// From kDefaultCommitInterval in base/files/important_file_writer.cc.
// kTransportSecurityFileWriterScheduleCommitInterval won't set the commit
// interval to less than this, for performance.
constexpr base::TimeDelta kMinCommitInterval = …;

// Max safe commit interval for the ImportantFileWriter.
constexpr base::TimeDelta kMaxCommitInterval = …;

// Overrides the default commit interval for the ImportantFileWriter.
const base::FeatureParam<base::TimeDelta> kCommitIntervalParam(
    &kTransportSecurityFileWriterSchedule,
    "commit_interval",
    kMinCommitInterval);

constexpr const char* kHistogramSuffix = …;

// This function converts the binary hashes to a base64 string which we can
// include in a JSON file.
std::string HashedDomainToExternalString(
    const TransportSecurityState::HashedHost& hashed) { … }

// This inverts |HashedDomainToExternalString|, above. It turns an external
// string (from a JSON file) into an internal (binary) array.
std::optional<TransportSecurityState::HashedHost> ExternalStringToHashedDomain(
    const std::string& external) { … }

// Version 2 of the on-disk format consists of a single JSON object. The
// top-level dictionary has "version", "sts", and "expect_ct" entries. The first
// is an integer, the latter two are unordered lists of dictionaries, each
// representing cached data for a single host.

// Stored in serialized dictionary values to distinguish incompatible versions.
// Version 1 is distinguished by the lack of an integer version value.
const char kVersionKey[] = …;
const int kCurrentVersionValue = …;

// Keys in top level serialized dictionary, for lists of STS and Expect-CT
// entries, respectively. The Expect-CT key is legacy and deleted when read.
const char kSTSKey[] = …;
const char kExpectCTKey[] = …;

// Hostname entry, used in serialized STS dictionaries. Value is produced by
// passing hashed hostname strings to HashedDomainToExternalString().
const char kHostname[] = …;

// Key values in serialized STS entries.
const char kStsIncludeSubdomains[] = …;
const char kStsObserved[] = …;
const char kExpiry[] = …;
const char kMode[] = …;

// Values for "mode" used in serialized STS entries.
const char kForceHTTPS[] = …;
const char kDefault[] = …;

std::string LoadState(const base::FilePath& path) { … }

// Serializes STS data from |state| to a Value.
base::Value::List SerializeSTSData(const TransportSecurityState* state) { … }

// Deserializes STS data from a Value created by the above method.
void DeserializeSTSData(const base::Value& sts_list,
                        TransportSecurityState* state) { … }

void OnWriteFinishedTask(scoped_refptr<base::SequencedTaskRunner> task_runner,
                         base::OnceClosure callback,
                         bool result) { … }

}  // namespace

TransportSecurityPersister::TransportSecurityPersister(
    TransportSecurityState* state,
    const scoped_refptr<base::SequencedTaskRunner>& background_runner,
    const base::FilePath& data_path)
    : … { … }

TransportSecurityPersister::~TransportSecurityPersister() { … }

void TransportSecurityPersister::StateIsDirty(TransportSecurityState* state) { … }

void TransportSecurityPersister::WriteNow(TransportSecurityState* state,
                                          base::OnceClosure callback) { … }

void TransportSecurityPersister::OnWriteFinished(base::OnceClosure callback) { … }

std::optional<std::string> TransportSecurityPersister::SerializeData() { … }

void TransportSecurityPersister::LoadEntries(const std::string& serialized) { … }

// static
base::TimeDelta TransportSecurityPersister::GetCommitInterval() { … }

void TransportSecurityPersister::Deserialize(
    const std::string& serialized,
    TransportSecurityState* state,
    bool& contains_legacy_expect_ct_data) { … }

void TransportSecurityPersister::CompleteLoad(const std::string& state) { … }

}  // namespace net