Chromium Code Reviews Chromium Code Reviews
Issue 8364023:
Report second-level domains for UMA on pin failure. (Closed)
Base URL: svn://svn.chromium.org/chrome/trunk/src/| OLD | NEW |
|---|---|
| 1 // Copyright (c) 2011 The Chromium Authors. All rights reserved. | 1 // Copyright (c) 2011 The Chromium Authors. All rights reserved. |
| 2 // Use of this source code is governed by a BSD-style license that can be | 2 // Use of this source code is governed by a BSD-style license that can be |
| 3 // found in the LICENSE file. | 3 // found in the LICENSE file. |
| 4 | 4 |
| 5 #include "net/url_request/url_request_http_job.h" | 5 #include "net/url_request/url_request_http_job.h" |
| 6 | 6 |
| 7 #include "base/bind.h" | 7 #include "base/bind.h" |
| 8 #include "base/base_switches.h" | 8 #include "base/base_switches.h" |
| 9 #include "base/command_line.h" | 9 #include "base/command_line.h" |
| 10 #include "base/compiler_specific.h" | 10 #include "base/compiler_specific.h" |
| (...skipping 658 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... | |
| 669 // | 669 // |
| 670 // TODO(agl): we might have an issue here where a request for foo.example.com | 670 // TODO(agl): we might have an issue here where a request for foo.example.com |
| 671 // merges into a SPDY connection to www.example.com, and gets a different | 671 // merges into a SPDY connection to www.example.com, and gets a different |
| 672 // certificate. | 672 // certificate. |
| 673 const SSLInfo& ssl_info = transaction_->GetResponseInfo()->ssl_info; | 673 const SSLInfo& ssl_info = transaction_->GetResponseInfo()->ssl_info; |
| 674 if (result == OK && | 674 if (result == OK && |
| 675 ssl_info.is_valid() && | 675 ssl_info.is_valid() && |
| 676 ssl_info.is_issued_by_known_root && | 676 ssl_info.is_issued_by_known_root && |
| 677 context_->transport_security_state()) { | 677 context_->transport_security_state()) { |
| 678 TransportSecurityState::DomainState domain_state; | 678 TransportSecurityState::DomainState domain_state; |
| 679 bool sni = SSLConfigService::IsSNIAvailable(context_->ssl_config_service()); | 679 bool sni_available = SSLConfigService::IsSNIAvailable( |
| 680 context_->ssl_config_service()); | |
| 681 std::string host = request_->url().host(); | |
| 682 | |
| 680 if (context_->transport_security_state()->HasPinsForHost( | 683 if (context_->transport_security_state()->HasPinsForHost( |
| 681 &domain_state, | 684 &domain_state, host, sni_available)) { |
| 682 request_->url().host(), sni)) { | |
| 683 if (!domain_state.IsChainOfPublicKeysPermitted( | 685 if (!domain_state.IsChainOfPublicKeysPermitted( |
| 684 ssl_info.public_key_hashes)) { | 686 ssl_info.public_key_hashes)) { |
| 685 result = ERR_SSL_PINNED_KEY_NOT_IN_CERT_CHAIN; | 687 result = ERR_SSL_PINNED_KEY_NOT_IN_CERT_CHAIN; |
| 686 UMA_HISTOGRAM_BOOLEAN("Net.CertificatePinSuccess", false); | 688 UMA_HISTOGRAM_BOOLEAN("Net.CertificatePinSuccess", false); |
| 689 TransportSecurityState::ReportUMAOnPinFailure(host, sni_available); | |
|
Chris Evans
2011/10/26 22:49:46
I don't think we need to pass sni_available; I thi
palmer
2011/10/27 01:15:45
Done.
| |
| 687 FraudulentCertificateReporter* reporter = | 690 FraudulentCertificateReporter* reporter = |
| 688 context_->fraudulent_certificate_reporter(); | 691 context_->fraudulent_certificate_reporter(); |
| 689 if (reporter != NULL) | 692 if (reporter != NULL) |
| 690 reporter->SendReport(request_->url().host(), ssl_info, sni); | 693 reporter->SendReport(host, ssl_info, sni_available); |
| 691 } else { | 694 } else { |
| 692 UMA_HISTOGRAM_BOOLEAN("Net.CertificatePinSuccess", true); | 695 UMA_HISTOGRAM_BOOLEAN("Net.CertificatePinSuccess", true); |
| 693 } | 696 } |
| 694 } | 697 } |
| 695 } | 698 } |
| 696 #endif | 699 #endif |
| 697 if (result == OK) { | 700 if (result == OK) { |
| 698 scoped_refptr<HttpResponseHeaders> headers = GetResponseHeaders(); | 701 scoped_refptr<HttpResponseHeaders> headers = GetResponseHeaders(); |
| 699 if (request_->context() && request_->context()->network_delegate()) { | 702 if (request_->context() && request_->context()->network_delegate()) { |
| 700 // Note that |this| may not be deleted until | 703 // Note that |this| may not be deleted until |
| (...skipping 405 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... | |
| 1106 if (postfilter_bytes_read() == expected_length) { | 1109 if (postfilter_bytes_read() == expected_length) { |
| 1107 // Clear the error. | 1110 // Clear the error. |
| 1108 return true; | 1111 return true; |
| 1109 } | 1112 } |
| 1110 } | 1113 } |
| 1111 } | 1114 } |
| 1112 return false; | 1115 return false; |
| 1113 } | 1116 } |
| 1114 | 1117 |
| 1115 bool URLRequestHttpJob::ReadRawData(IOBuffer* buf, int buf_size, | 1118 bool URLRequestHttpJob::ReadRawData(IOBuffer* buf, int buf_size, |
| 1116 int *bytes_read) { | 1119 int* bytes_read) { |
| 1117 DCHECK_NE(buf_size, 0); | 1120 DCHECK_NE(buf_size, 0); |
| 1118 DCHECK(bytes_read); | 1121 DCHECK(bytes_read); |
| 1119 DCHECK(!read_in_progress_); | 1122 DCHECK(!read_in_progress_); |
| 1120 | 1123 |
| 1121 int rv = transaction_->Read(buf, buf_size, &read_callback_); | 1124 int rv = transaction_->Read(buf, buf_size, &read_callback_); |
| 1122 | 1125 |
| 1123 if (ShouldFixMismatchedContentLength(rv)) | 1126 if (ShouldFixMismatchedContentLength(rv)) |
| 1124 rv = 0; | 1127 rv = 0; |
| 1125 | 1128 |
| 1126 if (rv >= 0) { | 1129 if (rv >= 0) { |
| (...skipping 151 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... | |
| 1278 NOTREACHED(); | 1281 NOTREACHED(); |
| 1279 return; | 1282 return; |
| 1280 } | 1283 } |
| 1281 } | 1284 } |
| 1282 | 1285 |
| 1283 // The common type of histogram we use for all compression-tracking histograms. | 1286 // The common type of histogram we use for all compression-tracking histograms. |
| 1284 #define COMPRESSION_HISTOGRAM(name, sample) \ | 1287 #define COMPRESSION_HISTOGRAM(name, sample) \ |
| 1285 do { \ | 1288 do { \ |
| 1286 UMA_HISTOGRAM_CUSTOM_COUNTS("Net.Compress." name, sample, \ | 1289 UMA_HISTOGRAM_CUSTOM_COUNTS("Net.Compress." name, sample, \ |
| 1287 500, 1000000, 100); \ | 1290 500, 1000000, 100); \ |
| 1288 } while(0) | 1291 } while (0) |
| 1289 | 1292 |
| 1290 void URLRequestHttpJob::RecordCompressionHistograms() { | 1293 void URLRequestHttpJob::RecordCompressionHistograms() { |
| 1291 DCHECK(request_); | 1294 DCHECK(request_); |
| 1292 if (!request_) | 1295 if (!request_) |
| 1293 return; | 1296 return; |
| 1294 | 1297 |
| 1295 if (is_cached_content_ || // Don't record cached content | 1298 if (is_cached_content_ || // Don't record cached content |
| 1296 !GetStatus().is_success() || // Don't record failed content | 1299 !GetStatus().is_success() || // Don't record failed content |
| 1297 !IsCompressibleContent() || // Only record compressible content | 1300 !IsCompressibleContent() || // Only record compressible content |
| 1298 !prefilter_bytes_read()) // Zero-byte responses aren't useful. | 1301 !prefilter_bytes_read()) // Zero-byte responses aren't useful. |
| (...skipping 128 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... | |
| 1427 return override_response_headers_.get() ? | 1430 return override_response_headers_.get() ? |
| 1428 override_response_headers_ : | 1431 override_response_headers_ : |
| 1429 transaction_->GetResponseInfo()->headers; | 1432 transaction_->GetResponseInfo()->headers; |
| 1430 } | 1433 } |
| 1431 | 1434 |
| 1432 void URLRequestHttpJob::NotifyURLRequestDestroyed() { | 1435 void URLRequestHttpJob::NotifyURLRequestDestroyed() { |
| 1433 awaiting_callback_ = false; | 1436 awaiting_callback_ = false; |
| 1434 } | 1437 } |
| 1435 | 1438 |
| 1436 } // namespace net | 1439 } // namespace net |
| OLD | NEW |
