| OLD | NEW |
|---|
| 1 // Copyright 2016 The Chromium Authors. All rights reserved. | 1 // Copyright 2016 The Chromium Authors. All rights reserved. |
| 2 // Use of this source code is governed by a BSD-style license that can be | 2 // Use of this source code is governed by a BSD-style license that can be |
| 3 // found in the LICENSE file. | 3 // found in the LICENSE file. |
| 4 | 4 |
| 5 #include "chrome/browser/ssl/chrome_expect_ct_reporter.h" | 5 #include "chrome/browser/ssl/chrome_expect_ct_reporter.h" |
| 6 | 6 |
| 7 #include <string> | 7 #include <string> |
| 8 | 8 |
| 9 #include "base/base64.h" | 9 #include "base/base64.h" |
| 10 #include "base/command_line.h" | 10 #include "base/command_line.h" |
| (...skipping 107 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 118 net::URLRequestContext* request_context) | 118 net::URLRequestContext* request_context) |
| 119 : report_sender_( | 119 : report_sender_( |
| 120 new net::ReportSender(request_context, | 120 new net::ReportSender(request_context, |
| 121 net::ReportSender::DO_NOT_SEND_COOKIES)) {} | 121 net::ReportSender::DO_NOT_SEND_COOKIES)) {} |
| 122 | 122 |
| 123 ChromeExpectCTReporter::~ChromeExpectCTReporter() {} | 123 ChromeExpectCTReporter::~ChromeExpectCTReporter() {} |
| 124 | 124 |
| 125 void ChromeExpectCTReporter::OnExpectCTFailed( | 125 void ChromeExpectCTReporter::OnExpectCTFailed( |
| 126 const net::HostPortPair& host_port_pair, | 126 const net::HostPortPair& host_port_pair, |
| 127 const GURL& report_uri, | 127 const GURL& report_uri, |
| 128 const net::SSLInfo& ssl_info) { | 128 const net::X509Certificate* validated_certificate_chain, |
| 129 const net::X509Certificate* served_certificate_chain, |
| 130 const net::SignedCertificateTimestampAndStatusList& |
| 131 signed_certificate_timestamps) { |
| 129 if (report_uri.is_empty()) | 132 if (report_uri.is_empty()) |
| 130 return; | 133 return; |
| 131 | 134 |
| 132 if (!base::FeatureList::IsEnabled(features::kExpectCTReporting)) | 135 if (!base::FeatureList::IsEnabled(features::kExpectCTReporting)) |
| 133 return; | 136 return; |
| 134 | 137 |
| 135 // TODO(estark): De-duplicate reports so that the same report isn't | 138 // TODO(estark): De-duplicate reports so that the same report isn't |
| 136 // sent too often in some period of time. | 139 // sent too often in some period of time. |
| 137 | 140 |
| 138 base::DictionaryValue report; | 141 base::DictionaryValue report; |
| 139 report.SetString("hostname", host_port_pair.host()); | 142 report.SetString("hostname", host_port_pair.host()); |
| 140 report.SetInteger("port", host_port_pair.port()); | 143 report.SetInteger("port", host_port_pair.port()); |
| 141 report.SetString("date-time", TimeToISO8601(base::Time::Now())); | 144 report.SetString("date-time", TimeToISO8601(base::Time::Now())); |
| 142 report.Set("served-certificate-chain", | 145 report.Set("served-certificate-chain", |
| 143 GetPEMEncodedChainAsList(ssl_info.unverified_cert.get())); | 146 GetPEMEncodedChainAsList(served_certificate_chain)); |
| 144 report.Set("validated-certificate-chain", | 147 report.Set("validated-certificate-chain", |
| 145 GetPEMEncodedChainAsList(ssl_info.cert.get())); | 148 GetPEMEncodedChainAsList(validated_certificate_chain)); |
| 146 | 149 |
| 147 std::unique_ptr<base::ListValue> unknown_scts(new base::ListValue()); | 150 std::unique_ptr<base::ListValue> unknown_scts(new base::ListValue()); |
| 148 std::unique_ptr<base::ListValue> invalid_scts(new base::ListValue()); | 151 std::unique_ptr<base::ListValue> invalid_scts(new base::ListValue()); |
| 149 std::unique_ptr<base::ListValue> valid_scts(new base::ListValue()); | 152 std::unique_ptr<base::ListValue> valid_scts(new base::ListValue()); |
| 150 | 153 |
| 151 for (const auto& sct_and_status : ssl_info.signed_certificate_timestamps) { | 154 for (const auto& sct_and_status : signed_certificate_timestamps) { |
| 152 switch (sct_and_status.status) { | 155 switch (sct_and_status.status) { |
| 153 case net::ct::SCT_STATUS_LOG_UNKNOWN: | 156 case net::ct::SCT_STATUS_LOG_UNKNOWN: |
| 154 AddUnknownSCT(sct_and_status, unknown_scts.get()); | 157 AddUnknownSCT(sct_and_status, unknown_scts.get()); |
| 155 break; | 158 break; |
| 156 case net::ct::SCT_STATUS_INVALID_SIGNATURE: | 159 case net::ct::SCT_STATUS_INVALID_SIGNATURE: |
| 157 case net::ct::SCT_STATUS_INVALID_TIMESTAMP: | 160 case net::ct::SCT_STATUS_INVALID_TIMESTAMP: |
| 158 AddInvalidSCT(sct_and_status, invalid_scts.get()); | 161 AddInvalidSCT(sct_and_status, invalid_scts.get()); |
| 159 break; | 162 break; |
| 160 case net::ct::SCT_STATUS_OK: | 163 case net::ct::SCT_STATUS_OK: |
| 161 AddValidSCT(sct_and_status, valid_scts.get()); | 164 AddValidSCT(sct_and_status, valid_scts.get()); |
| (...skipping 12 matching lines...) Expand all Loading... |
| 174 LOG(ERROR) << "Failed to serialize Expect CT report"; | 177 LOG(ERROR) << "Failed to serialize Expect CT report"; |
| 175 return; | 178 return; |
| 176 } | 179 } |
| 177 | 180 |
| 178 UMA_HISTOGRAM_BOOLEAN("SSL.ExpectCTReportSendingAttempt", true); | 181 UMA_HISTOGRAM_BOOLEAN("SSL.ExpectCTReportSendingAttempt", true); |
| 179 | 182 |
| 180 report_sender_->Send(report_uri, "application/json; charset=utf-8", | 183 report_sender_->Send(report_uri, "application/json; charset=utf-8", |
| 181 serialized_report, base::Callback<void()>(), | 184 serialized_report, base::Callback<void()>(), |
| 182 base::Bind(RecordUMAOnFailure)); | 185 base::Bind(RecordUMAOnFailure)); |
| 183 } | 186 } |
| OLD | NEW |
|---|
Chromium Code Reviews
Issue 2850033002:
Check Expect-CT at connection setup (Closed)
