Encrypt certificate reports before uploading to HTTP URLs

chrome/browser/net/certificate_error_reporter.h

Index: chrome/browser/net/certificate_error_reporter.h
diff --git a/chrome/browser/net/certificate_error_reporter.h b/chrome/browser/net/certificate_error_reporter.h
index 3c20ec1c607abe8bd12edc60e4caa39973808ab6..9c8dce5427e85ccac15082f48aab9620759cd5b6 100644
--- a/chrome/browser/net/certificate_error_reporter.h
+++ b/chrome/browser/net/certificate_error_reporter.h
@@ -21,6 +21,13 @@ class SSLInfo;
 namespace chrome_browser_net {
 
 class CertLoggerRequest;
+class EncryptedCertLoggerRequest;
+
+// Used by tests.
+bool DecryptCertificateErrorReport(

[agl, 2015/04/21 20:28:25]

Could this be a static method on CertificateErrorReporter? It's a tad odd to
have it at the top-level of a namespace.

[estark, 2015/04/22 03:55:30]

Done. (Sorry, missed that in your first review.)

+    const uint8 server_private_key[32],
+    const EncryptedCertLoggerRequest& encrypted_report,
+    CertLoggerRequest* decrypted_report);
 
 // Provides functionality for sending reports about invalid SSL
 // certificate chains to a report collection server.
@@ -48,6 +55,13 @@ class CertificateErrorReporter : public net::URLRequest::Delegate {
                            const GURL& upload_url,
                            CookiesPreference cookies_preference);
 
+  // Allows tests to use a server public key with known private key.
+  CertificateErrorReporter(net::URLRequestContext* request_context,
+                           const GURL& upload_url,
+                           CookiesPreference cookies_preference,
+                           const uint8 server_public_key[32],
+                           const uint32 server_public_key_version);
+
   ~CertificateErrorReporter() override;
 
   // Construct, serialize, and send a certificate report to the report
@@ -66,6 +80,12 @@ class CertificateErrorReporter : public net::URLRequest::Delegate {
   void OnResponseStarted(net::URLRequest* request) override;
   void OnReadCompleted(net::URLRequest* request, int bytes_read) override;
 
+  // On some platforms (but not all), CertificateErrorReporter can use
+  // an HTTP endpoint to send encrypted extended reporting reports. On
+  // unsupported platforms, callers must send extended reporting reports
+  // over SSL.
+  static bool IsHttpUploadUrlSupported();

[estark, 2015/04/18 05:24:42]

This seems weird to me but I'm not sure what else to do. I want to let users of
this class send reports over HTTPS when sending them encrypted over HTTP isn't
supported.

The name is weird because it only applies to extended reporting, not to Google
pinning violation reports, so maybe I should rename it to
IsHttpUploadUrlSupportedForExtendedReporting?

Open to other suggestions too... maybe users of this class shouldn't specify the
upload URL, and CertificateErrorReporter should just decide itself which URL to
use for a given report based on the report type and BoringSSL support.

+
  private:
   // Create a URLRequest with which to send a certificate report to the
   // server.
@@ -76,6 +96,8 @@ class CertificateErrorReporter : public net::URLRequest::Delegate {
   // collection server.
   void SendCertLoggerRequest(const CertLoggerRequest& request);
 
+  void SendSerializedRequest(const std::string& serialized_request);
+
   // Populate the CertLoggerRequest for a report.
   static void BuildReport(const std::string& hostname,
                           const net::SSLInfo& ssl_info,
@@ -92,6 +114,9 @@ class CertificateErrorReporter : public net::URLRequest::Delegate {
 
   CookiesPreference cookies_preference_;
 
+  const uint8* server_public_key_;
+  const uint32 server_public_key_version_;
+
   DISALLOW_COPY_AND_ASSIGN(CertificateErrorReporter);
 };