servo · bors-servo · Jul 22, 2015 · Jun 19, 2015 · Jun 22, 2015 · Jun 22, 2015
diff --git a/components/net/hsts.rs b/components/net/hsts.rs
@@ -0,0 +1,137 @@
+/* This Source Code Form is subject to the terms of the Mozilla Public
+ * License, v. 2.0. If a copy of the MPL was not distributed with this
+ * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
+
+use rustc_serialize::json::{decode};
+use time;
+use url::Url;
+use net_traits::IncludeSubdomains;
+use resource_task::{IPV4_REGEX, IPV6_REGEX};
+
+use std::str::{from_utf8};
+
+use util::resource_files::read_resource_file;
+
+#[derive(RustcDecodable, RustcEncodable, Clone)]
+pub struct HSTSEntry {
+    pub host: String,
+    pub include_subdomains: bool,
+    pub max_age: Option<u64>,
+    pub timestamp: Option<u64>
+}
+
+impl HSTSEntry {
+    pub fn new(host: String, subdomains: IncludeSubdomains, max_age: Option<u64>) -> Option<HSTSEntry> {
+        if IPV4_REGEX.is_match(&host) || IPV6_REGEX.is_match(&host) {
+            None
+        } else {
+            Some(HSTSEntry {
+                host: host,
+                include_subdomains: (subdomains == IncludeSubdomains::Included),
+                max_age: max_age,
+                timestamp: Some(time::get_time().sec as u64)
+            })
+        }
+    }
+
+    pub fn is_expired(&self) -> bool {
+        match (self.max_age, self.timestamp) {
+            (Some(max_age), Some(timestamp)) => {
+                (time::get_time().sec as u64) - timestamp >= max_age
+            },
+
+            _ => false
+        }
+    }
+
+    fn matches_domain(&self, host: &str) -> bool {
+        !self.is_expired() && self.host == host
+    }
+
+    fn matches_subdomain(&self, host: &str) -> bool {
+        !self.is_expired() && host.ends_with(&format!(".{}", self.host))
+    }
+}
+
+#[derive(RustcDecodable, RustcEncodable, Clone)]
+pub struct HSTSList {
+    pub entries: Vec<HSTSEntry>
+}
+
+impl HSTSList {
+    pub fn new() -> HSTSList {
+        HSTSList {
+            entries: vec![]
+        }
+    }
+
+    pub fn new_from_preload(preload_content: &str) -> Option<HSTSList> {
+        decode(preload_content).ok()
+    }
+
+    pub fn is_host_secure(&self, host: &str) -> bool {
+        // TODO - Should this be faster than O(n)? The HSTS list is only a few
+        // hundred or maybe thousand entries...
+        //
+        // Could optimise by searching for exact matches first (via a map or
+        // something), then checking for subdomains.
+        self.entries.iter().any(|e| {
+            if e.include_subdomains {
+                e.matches_subdomain(host) || e.matches_domain(host)
+            } else {
+                e.matches_domain(host)
+            }
+        })
+    }
+
+    fn has_domain(&self, host: &str) -> bool {
+        self.entries.iter().any(|e| {
+            e.matches_domain(&host)
+        })
+    }
+
+    fn has_subdomain(&self, host: &str) -> bool {
+        self.entries.iter().any(|e| {
+            e.matches_subdomain(host)
+        })
+    }
+
+    pub fn push(&mut self, entry: HSTSEntry) {
+        let have_domain = self.has_domain(&entry.host);
+        let have_subdomain = self.has_subdomain(&entry.host);
+
+        if !have_domain && !have_subdomain {
+            self.entries.push(entry);
+        } else if !have_subdomain {
+            for e in &mut self.entries {
+                if e.matches_domain(&entry.host) {
+                    e.include_subdomains = entry.include_subdomains;
+                    e.max_age = entry.max_age;
+                }
+            }
+        }
+    }
+}
+
+pub fn preload_hsts_domains() -> Option<HSTSList> {
+    read_resource_file(&["hsts_preload.json"]).ok().and_then(|bytes| {
+        from_utf8(&bytes).ok().and_then(|hsts_preload_content| {
+            HSTSList::new_from_preload(hsts_preload_content)
+        })
+    })
+}
+
+pub fn secure_url(url: &Url) -> Url {
+    if &*url.scheme == "http" {
+        let mut secure_url = url.clone();
+        secure_url.scheme = "https".to_string();
+        secure_url.relative_scheme_data_mut()
+            .map(|scheme_data| {
+                scheme_data.default_port = Some(443);
+            });
+        secure_url
+    } else {
+        url.clone()
+    }
+}
+
diff --git a/components/net/http_loader.rs b/components/net/http_loader.rs
@@ -7,6 +7,7 @@ use net_traits::ProgressMsg::{Payload, Done};
 use devtools_traits::{DevtoolsControlMsg, NetworkEvent};
 use mime_classifier::MIMEClassifier;
 use resource_task::{start_sending_opt, start_sending_sniffed_opt};
+use hsts::{HSTSList, secure_url};
 
 use log;
 use std::collections::HashSet;
@@ -23,6 +24,7 @@ use std::error::Error;
 use openssl::ssl::{SslContext, SslMethod, SSL_VERIFY_PEER};
 use std::io::{self, Read, Write};
 use std::sync::Arc;
+use std::sync::Mutex;
 use std::sync::mpsc::{Sender, channel};
 use util::task::spawn_named;
 use util::resource_files::resources_dir_path;
@@ -33,11 +35,13 @@ use uuid;
 use std::borrow::ToOwned;
 use std::boxed::FnBox;
 
-pub fn factory(cookies_chan: Sender<ControlMsg>, devtools_chan: Option<Sender<DevtoolsControlMsg>>)
+pub fn factory(cookies_chan: Sender<ControlMsg>,
+               devtools_chan: Option<Sender<DevtoolsControlMsg>>,
+               hsts_list: Arc<Mutex<HSTSList>>)
                -> Box<FnBox(LoadData, LoadConsumer, Arc<MIMEClassifier>) + Send> {
     box move |load_data, senders, classifier| {
         spawn_named("http_loader".to_owned(),
-                    move || load(load_data, senders, classifier, cookies_chan, devtools_chan))
+                    move || load(load_data, senders, classifier, cookies_chan, devtools_chan, hsts_list))
     }
 }
 
@@ -69,8 +73,21 @@ fn read_block<R: Read>(reader: &mut R) -> Result<ReadResult, ()> {
     }
 }
 
-fn load(mut load_data: LoadData, start_chan: LoadConsumer, classifier: Arc<MIMEClassifier>,
-        cookies_chan: Sender<ControlMsg>, devtools_chan: Option<Sender<DevtoolsControlMsg>>) {
+fn request_must_be_secured(hsts_list: &HSTSList, url: &Url) -> bool {
+    match url.domain() {
+        Some(ref h) => {
+            hsts_list.is_host_secure(h)
+        },
+        _ => false
+    }
+}
+
+fn load(mut load_data: LoadData,
+        start_chan: LoadConsumer,
+        classifier: Arc<MIMEClassifier>,
+        cookies_chan: Sender<ControlMsg>,
+        devtools_chan: Option<Sender<DevtoolsControlMsg>>,
+        hsts_list: Arc<Mutex<HSTSList>>) {
     // FIXME: At the time of writing this FIXME, servo didn't have any central
     //        location for configuration. If you're reading this and such a
     //        repository DOES exist, please update this constant to use it.
@@ -101,6 +118,11 @@ fn load(mut load_data: LoadData, start_chan: LoadConsumer, classifier: Arc<MIMEC
     loop {
         iters = iters + 1;
 
+        if &*url.scheme != "https" && request_must_be_secured(&hsts_list.lock().unwrap(), &url) {
+            info!("{} is in the strict transport security list, requesting secure host", url);
+            url = secure_url(&url);
+        }
+
         if iters > max_redirects {
             send_error(url, "too many redirects".to_string(), start_chan);
             return;

diff --git a/components/net/lib.rs b/components/net/lib.rs
@@ -40,6 +40,7 @@ pub mod image_cache_task;
 pub mod net_error_list;
 pub mod pub_domains;
 pub mod resource_task;
+pub mod hsts;
 pub mod storage_task;
 pub mod mime_classifier;