Treat HSTS and HPKP state independently.
Although we have historically, and in static preloads, treated HSTS and HPKP as
part of the same underlying mechanism, the new headers consider them completely
orthogonal. Our current implementation has bugs where, particular where
includeSubdomains is involved, HPKP and HSTS entries get mixed together. This
CL does the following:
- Include separate domain strings for HPKP and HSTS in the output of
GetDynamicDomainState. This allows net-internals to report on the two
separately.
- Switch tests to query TransportSecurityState's public API rather than
manipulate DomainState directly, to reduce dependency on it.
- Make AddHSTSHeader, AddHSTS, etc., follow the same codepath. Notably the
header variants called GetDynamicDomainState to get the template which means
an includeSubdomains HPKP state on a parent domain would get copied over.
- AddHPKPHeader no longer appends the old pins to the new set.
- Make DeleteAllDynamicDataSince clear STS and PKP state independently.
Notably, the old version would almost never drop DomainState entries because
pkp.last_observed would be uninitialized and never pass the check.
- Make GetDynamicDomainState stitch together the appropriate STS and PKP
results to form its output DomainState. This avoids includeSubdomains and
expiration from one mechanism interacting with that of another.
- Add tests for all this.
We should remove DomainState altogether and leave PKPState and STSState as
separate entities (with some consideration for how they were historically
stored on disk), but this CL leaves that alone for now.
BUG=444511
Review URL: https://codereview.chromium.org/826423009
Cr-Commit-Position: refs/heads/master@{#311734}
8 files changed