Include the full certificate chain in the download pingback.

chrome/browser/safe_browsing/download_protection_service.cc

 // Copyright (c) 2011 The Chromium Authors. All rights reserved.
 // Use of this source code is governed by a BSD-style license that can be
 // found in the LICENSE file.
 
 #include "chrome/browser/safe_browsing/download_protection_service.h"
 
 #include "base/bind.h"
 #include "base/memory/scoped_ptr.h"
 #include "base/metrics/histogram.h"
 #include "base/stl_util.h"
@@ skipping 385 matching lines @@
 
  private:
   friend struct BrowserThread::DeleteOnThread<BrowserThread::UI>;
   friend class DeleteTask<CheckClientDownloadRequest>;
 
   virtual ~CheckClientDownloadRequest() {
     DCHECK(BrowserThread::CurrentlyOn(BrowserThread::UI));
   }
 
   void ExtractFileFeatures() {
     DCHECK(BrowserThread::CurrentlyOn(BrowserThread::FILE));

[mattm, 2011/11/12 03:15:36]

Probably want to move to doing this with WorkerPool so we don't block up the
file thread for too long.  Can do that in a separate CL though.

[Ryan Sleevi, 2011/11/12 22:06:17]

drive-by: +1 to this. These calls can take upwards of 20 seconds, depending on
how the system is configured, due to things like AIA chasing (which can still
happen for WinVerifyTrust/Authenticode sigs, IIRC).

     signature_util_->CheckSignature(info_.local_file, &signature_info_);
-    bool is_signed = signature_info_.has_certificate_contents();
+    bool is_signed = (signature_info_.certificate_chain_size() > 0);
     if (is_signed) {
       VLOG(2) << "Downloaded a signed binary: " << info_.local_file.value();
     } else {
       VLOG(2) << "Downloaded an unsigned binary: " << info_.local_file.value();
     }
     UMA_HISTOGRAM_BOOLEAN("SBClientDownload.SignedBinaryDownload", is_signed);
 
     // TODO(noelutz): DownloadInfo should also contain the IP address of every
     // URL in the redirect chain.  We also should check whether the download
     // URL is hosted on the internal network.
@@ skipping 28 matching lines @@
         const GURL& url = info_.download_url_chain[i];
         if (url.is_valid() && sb_service_->MatchDownloadWhitelistUrl(url)) {
           reason = REASON_WHITELISTED_URL;
           break;
         }
       }
       if (info_.referrer_url.is_valid() && reason == REASON_MAX &&
           sb_service_->MatchDownloadWhitelistUrl(info_.referrer_url)) {
         reason = REASON_WHITELISTED_REFERRER;
       }
-      if (reason != REASON_MAX || signature_info_.has_certificate_contents()) {
+      if (reason != REASON_MAX ||
+          signature_info_.certificate_chain_size() > 0) {
         UMA_HISTOGRAM_COUNTS("SBClientDownload.SignedOrWhitelistedDownload", 1);
       }
     }
     if (reason != REASON_MAX) {
       RecordImprovedProtectionStats(reason);
       CheckDigestList();
     } else if (!pingback_enabled_) {
       RecordImprovedProtectionStats(REASON_PING_DISABLED);
       CheckDigestList();
     } else {
@@ skipping 151 matching lines @@
 
 void DownloadProtectionService::RequestFinished(
     CheckClientDownloadRequest* request) {
   DCHECK(BrowserThread::CurrentlyOn(BrowserThread::UI));
   std::set<scoped_refptr<CheckClientDownloadRequest> >::iterator it =
       download_requests_.find(request);
   DCHECK(it != download_requests_.end());
   download_requests_.erase(*it);
 }
 }  // namespace safe_browsing