Chromium Code Reviews
chromiumcodereview-hr@appspot.gserviceaccount.com (chromiumcodereview-hr) | Please choose your nickname with Settings | Help | Chromium Project | Gerrit Changes | Sign out
(119)

Issues Search
    My Issues | Starred     Open | Closed | All

Side by Side Diff: chrome/browser/safe_browsing/ping_manager.cc

Issue 1083493003: Encrypt certificate reports before uploading to HTTP URLs (Closed) Base URL: https://chromium.googlesource.com/chromium/src.git@master
Patch Set: fix unused variable compile error on non-openssl Created 5 years, 8 months ago
Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.
Jump to:
View unified diff | Download patch
« no previous file with comments | « chrome/browser/net/certificate_error_reporter_unittest.cc ('k') | crypto/aead_openssl.h » ('j') | crypto/aead_openssl.cc » ('J')
Toggle Intra-line Diffs ('i') | Expand Comments ('e') | Collapse Comments ('c') | Show Comments Hide Comments ('s')
OLDNEW
1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. 1 // Copyright (c) 2012 The Chromium Authors. All rights reserved.
2 // Use of this source code is governed by a BSD-style license that can be 2 // Use of this source code is governed by a BSD-style license that can be
3 // found in the LICENSE file. 3 // found in the LICENSE file.
4 4
5 #include "chrome/browser/safe_browsing/ping_manager.h" 5 #include "chrome/browser/safe_browsing/ping_manager.h"
6 6
7 #include "base/logging.h" 7 #include "base/logging.h"
8 #include "base/stl_util.h" 8 #include "base/stl_util.h"
9 #include "base/strings/string_util.h" 9 #include "base/strings/string_util.h"
10 #include "base/strings/stringprintf.h" 10 #include "base/strings/stringprintf.h"
11 #include "chrome/browser/net/certificate_error_reporter.h" 11 #include "chrome/browser/net/certificate_error_reporter.h"
12 #include "chrome/common/env_vars.h" 12 #include "chrome/common/env_vars.h"
13 #include "content/public/browser/browser_thread.h" 13 #include "content/public/browser/browser_thread.h"
14 #include "google_apis/google_api_keys.h" 14 #include "google_apis/google_api_keys.h"
15 #include "net/base/escape.h" 15 #include "net/base/escape.h"
16 #include "net/base/load_flags.h" 16 #include "net/base/load_flags.h"
17 #include "net/ssl/ssl_info.h" 17 #include "net/ssl/ssl_info.h"
18 #include "net/url_request/url_fetcher.h" 18 #include "net/url_request/url_fetcher.h"
19 #include "net/url_request/url_request_context_getter.h" 19 #include "net/url_request/url_request_context_getter.h"
20 #include "net/url_request/url_request_status.h" 20 #include "net/url_request/url_request_status.h"
21 #include "url/gurl.h" 21 #include "url/gurl.h"
22 22
23 using chrome_browser_net::CertificateErrorReporter; 23 using chrome_browser_net::CertificateErrorReporter;
24 using content::BrowserThread; 24 using content::BrowserThread;
25 25
26 namespace { 26 namespace {
27 // URL to upload invalid certificate chain reports 27 // URLs to upload invalid certificate chain reports. The HTTP URL is
28 const char kExtendedReportingUploadUrl[] = 28 // preferred since a client seeing an invalid cert might not be able to
29 // make an HTTPS connection to report it.
30 // TODO(estark): insert the production HTTP URL when it's ready
31 const char kExtendedReportingUploadUrlInsecure[] = "";
32 const char kExtendedReportingUploadUrlSecure[] =
29 "https://sb-ssl.google.com/safebrowsing/clientreport/chrome-certs"; 33 "https://sb-ssl.google.com/safebrowsing/clientreport/chrome-certs";
30 } // namespace 34 } // namespace
31 35
32 // SafeBrowsingPingManager implementation ---------------------------------- 36 // SafeBrowsingPingManager implementation ----------------------------------
33 37
34 // static 38 // static
35 SafeBrowsingPingManager* SafeBrowsingPingManager::Create( 39 SafeBrowsingPingManager* SafeBrowsingPingManager::Create(
36 net::URLRequestContextGetter* request_context_getter, 40 net::URLRequestContextGetter* request_context_getter,
37 const SafeBrowsingProtocolConfig& config) { 41 const SafeBrowsingProtocolConfig& config) {
38 DCHECK(BrowserThread::CurrentlyOn(BrowserThread::IO)); 42 DCHECK(BrowserThread::CurrentlyOn(BrowserThread::IO));
39 return new SafeBrowsingPingManager(request_context_getter, config); 43 return new SafeBrowsingPingManager(request_context_getter, config);
40 } 44 }
41 45
42 SafeBrowsingPingManager::SafeBrowsingPingManager( 46 SafeBrowsingPingManager::SafeBrowsingPingManager(
43 net::URLRequestContextGetter* request_context_getter, 47 net::URLRequestContextGetter* request_context_getter,
44 const SafeBrowsingProtocolConfig& config) 48 const SafeBrowsingProtocolConfig& config)
45 : client_name_(config.client_name), 49 : client_name_(config.client_name),
46 request_context_getter_(request_context_getter), 50 request_context_getter_(request_context_getter),
47 url_prefix_(config.url_prefix), 51 url_prefix_(config.url_prefix) {
48 certificate_error_reporter_(
49 request_context_getter
50 ? new CertificateErrorReporter(
51 request_context_getter->GetURLRequestContext(),
52 GURL(kExtendedReportingUploadUrl),
53 CertificateErrorReporter::SEND_COOKIES)
54 : nullptr) {
55 DCHECK(!url_prefix_.empty()); 52 DCHECK(!url_prefix_.empty());
56 53
54 if (request_context_getter) {
55 certificate_error_reporter_.reset(new CertificateErrorReporter(
56 request_context_getter->GetURLRequestContext(),
57 (CertificateErrorReporter::IsHttpUploadUrlSupported() &&
58 strlen(kExtendedReportingUploadUrlInsecure) > 0)
59 ? GURL(kExtendedReportingUploadUrlInsecure)
60 : GURL(kExtendedReportingUploadUrlSecure),
mattm 2015/04/23 22:59:14 This condition feels a little large/unwieldy to do
estark 2015/04/23 23:53:47 Done.
61 CertificateErrorReporter::SEND_COOKIES));
62 } else {
63 certificate_error_reporter_ = nullptr;
mattm 2015/04/23 22:59:14 unnecessary
estark 2015/04/23 23:53:47 Done.
64 }
65
57 version_ = SafeBrowsingProtocolManagerHelper::Version(); 66 version_ = SafeBrowsingProtocolManagerHelper::Version();
58 } 67 }
59 68
60 SafeBrowsingPingManager::~SafeBrowsingPingManager() { 69 SafeBrowsingPingManager::~SafeBrowsingPingManager() {
61 // Delete in-progress safebrowsing reports (hits and details). 70 // Delete in-progress safebrowsing reports (hits and details).
62 STLDeleteContainerPointers(safebrowsing_reports_.begin(), 71 STLDeleteContainerPointers(safebrowsing_reports_.begin(),
63 safebrowsing_reports_.end()); 72 safebrowsing_reports_.end());
64 } 73 }
65 74
66 // net::URLFetcherDelegate implementation ---------------------------------- 75 // net::URLFetcherDelegate implementation ----------------------------------
(...skipping 108 matching lines...) Expand 10 before | Expand all | Expand 10 after
175 url_prefix_.c_str(), 184 url_prefix_.c_str(),
176 client_name_.c_str(), 185 client_name_.c_str(),
177 version_.c_str()); 186 version_.c_str());
178 std::string api_key = google_apis::GetAPIKey(); 187 std::string api_key = google_apis::GetAPIKey();
179 if (!api_key.empty()) { 188 if (!api_key.empty()) {
180 base::StringAppendF(&url, "&key=%s", 189 base::StringAppendF(&url, "&key=%s",
181 net::EscapeQueryParamValue(api_key, true).c_str()); 190 net::EscapeQueryParamValue(api_key, true).c_str());
182 } 191 }
183 return GURL(url); 192 return GURL(url);
184 } 193 }
OLDNEW
« no previous file with comments | « chrome/browser/net/certificate_error_reporter_unittest.cc ('k') | crypto/aead_openssl.h » ('j') | crypto/aead_openssl.cc » ('J')

Powered by Google App Engine
This is Rietveld 408576698