| OLD | NEW |
|---|
| (Empty) | |
| 1 // Copyright 2015 The Chromium Authors. All rights reserved. |
| 2 // Use of this source code is governed by a BSD-style license that can be |
| 3 // found in the LICENSE file. |
| 4 |
| 5 #include "chrome/browser/ssl/certificate_error_report.h" |
| 6 |
| 7 #include <vector> |
| 8 |
| 9 #include "base/stl_util.h" |
| 10 #include "base/time/time.h" |
| 11 #include "chrome/browser/ssl/cert_logger.pb.h" |
| 12 #include "net/cert/cert_status_flags.h" |
| 13 #include "net/cert/x509_certificate.h" |
| 14 #include "net/ssl/ssl_info.h" |
| 15 |
| 16 namespace { |
| 17 |
| 18 using chrome_browser_ssl::CertLoggerRequest; |
| 19 |
| 20 void AddCertStatusToReportErrors(net::CertStatus cert_status, |
| 21 CertLoggerRequest* report) { |
| 22 if (cert_status & net::CERT_STATUS_REVOKED) |
| 23 report->add_cert_error(CertLoggerRequest::ERR_CERT_REVOKED); |
| 24 if (cert_status & net::CERT_STATUS_INVALID) |
| 25 report->add_cert_error(CertLoggerRequest::ERR_CERT_INVALID); |
| 26 if (cert_status & net::CERT_STATUS_PINNED_KEY_MISSING) |
| 27 report->add_cert_error( |
| 28 CertLoggerRequest::ERR_SSL_PINNED_KEY_NOT_IN_CERT_CHAIN); |
| 29 if (cert_status & net::CERT_STATUS_AUTHORITY_INVALID) |
| 30 report->add_cert_error(CertLoggerRequest::ERR_CERT_AUTHORITY_INVALID); |
| 31 if (cert_status & net::CERT_STATUS_COMMON_NAME_INVALID) |
| 32 report->add_cert_error(CertLoggerRequest::ERR_CERT_COMMON_NAME_INVALID); |
| 33 if (cert_status & net::CERT_STATUS_NON_UNIQUE_NAME) |
| 34 report->add_cert_error(CertLoggerRequest::ERR_CERT_NON_UNIQUE_NAME); |
| 35 if (cert_status & net::CERT_STATUS_NAME_CONSTRAINT_VIOLATION) |
| 36 report->add_cert_error( |
| 37 CertLoggerRequest::ERR_CERT_NAME_CONSTRAINT_VIOLATION); |
| 38 if (cert_status & net::CERT_STATUS_WEAK_SIGNATURE_ALGORITHM) |
| 39 report->add_cert_error( |
| 40 CertLoggerRequest::ERR_CERT_WEAK_SIGNATURE_ALGORITHM); |
| 41 if (cert_status & net::CERT_STATUS_WEAK_KEY) |
| 42 report->add_cert_error(CertLoggerRequest::ERR_CERT_WEAK_KEY); |
| 43 if (cert_status & net::CERT_STATUS_DATE_INVALID) |
| 44 report->add_cert_error(CertLoggerRequest::ERR_CERT_DATE_INVALID); |
| 45 if (cert_status & net::CERT_STATUS_VALIDITY_TOO_LONG) |
| 46 report->add_cert_error(CertLoggerRequest::ERR_CERT_VALIDITY_TOO_LONG); |
| 47 if (cert_status & net::CERT_STATUS_UNABLE_TO_CHECK_REVOCATION) |
| 48 report->add_cert_error( |
| 49 CertLoggerRequest::ERR_CERT_UNABLE_TO_CHECK_REVOCATION); |
| 50 if (cert_status & net::CERT_STATUS_NO_REVOCATION_MECHANISM) |
| 51 report->add_cert_error(CertLoggerRequest::ERR_CERT_NO_REVOCATION_MECHANISM); |
| 52 } |
| 53 } // namespace |
| 54 |
| 55 namespace chrome_browser_ssl { |
| 56 |
| 57 CertificateErrorReport::CertificateErrorReport() |
| 58 : cert_report_(new CertLoggerRequest()) { |
| 59 } |
| 60 |
| 61 CertificateErrorReport::CertificateErrorReport(const std::string& hostname, |
| 62 const net::SSLInfo& ssl_info) |
| 63 : cert_report_(new CertLoggerRequest()) { |
| 64 base::Time now = base::Time::Now(); |
| 65 cert_report_->set_time_usec(now.ToInternalValue()); |
| 66 cert_report_->set_hostname(hostname); |
| 67 |
| 68 std::vector<std::string> pem_encoded_chain; |
| 69 if (!ssl_info.cert->GetPEMEncodedChain(&pem_encoded_chain)) { |
| 70 LOG(ERROR) << "Could not get PEM encoded chain."; |
| 71 } |
| 72 |
| 73 std::string* cert_chain = cert_report_->mutable_cert_chain(); |
| 74 for (size_t i = 0; i < pem_encoded_chain.size(); ++i) |
| 75 cert_chain->append(pem_encoded_chain[i]); |
| 76 |
| 77 cert_report_->add_pin(ssl_info.pinning_failure_log); |
| 78 |
| 79 AddCertStatusToReportErrors(ssl_info.cert_status, cert_report_.get()); |
| 80 } |
| 81 |
| 82 CertificateErrorReport::~CertificateErrorReport() { |
| 83 } |
| 84 |
| 85 bool CertificateErrorReport::InitializeFromString( |
| 86 const std::string& serialized_report) { |
| 87 return cert_report_->ParseFromString(serialized_report); |
| 88 } |
| 89 |
| 90 bool CertificateErrorReport::Serialize(std::string* output) const { |
| 91 return cert_report_->SerializeToString(output); |
| 92 } |
| 93 |
| 94 const std::string& CertificateErrorReport::hostname() const { |
| 95 return cert_report_->hostname(); |
| 96 } |
| 97 |
| 98 } // namespace chrome_browser_ssl |
| OLD | NEW |
|---|
Chromium Code Reviews
Issue 1117173004:
Split cert reporter class into report building/serializing and sending (Closed)
Base URL: https://chromium.googlesource.com/chromium/src.git@master