| OLD | NEW |
|---|
| (Empty) |
| 1 // Copyright (c) 2011 The Chromium Authors. All rights reserved. | |
| 2 // Use of this source code is governed by a BSD-style license that can be | |
| 3 // found in the LICENSE file. | |
| 4 // | |
| 5 // This protobuffer is intended to store reports from Chrome users of | |
| 6 // certificate errors. A report will be sent from Chrome when it gets | |
| 7 // e.g. a certificate for google.com that chains up to a root CA not expected by | |
| 8 // Chrome for that origin, such as DigiNotar (compromised in July 2011), or | |
| 9 // other pinning errors such as a blacklisted cert in the chain, or | |
| 10 // (when opted in) other certificate validation errors like an expired | |
| 11 // cert. The report from the user will include the hostname being accessed, | |
| 12 // the full certificate chain (in PEM format), and the | |
| 13 // timestamp of when the client tried to access the site. A response is | |
| 14 // generated by the frontend and logged, including validation and error checking | |
| 15 // done on the client's input data. | |
| 16 | |
| 17 | |
| 18 syntax = "proto2"; | |
| 19 | |
| 20 package chrome_browser_net; | |
| 21 | |
| 22 // Chrome requires this. | |
| 23 option optimize_for = LITE_RUNTIME; | |
| 24 | |
| 25 // Protocol types | |
| 26 message CertLoggerRequest { | |
| 27 // The hostname being accessed (required as the cert could be valid for | |
| 28 // multiple hosts, e.g. a wildcard or a SubjectAltName. | |
| 29 required string hostname = 1; | |
| 30 // The certificate chain as a series of PEM-encoded certificates, including | |
| 31 // intermediates but not necessarily the root. | |
| 32 required string cert_chain = 2; | |
| 33 // The time (in usec since the epoch) when the client attempted to access the | |
| 34 // site generating the pinning error. | |
| 35 required int64 time_usec = 3; | |
| 36 // public_key_hash contains the string forms of the hashes calculated for | |
| 37 // the chain. (I.e. "sha1/<base64 data>".) | |
| 38 repeated string public_key_hash = 4; | |
| 39 // pin contains the string forms of the pins that were matched against for | |
| 40 // this host. | |
| 41 repeated string pin = 5; | |
| 42 }; | |
| 43 | |
| 44 // A wrapper proto containing an encrypted CertLoggerRequest | |
| 45 message EncryptedCertLoggerRequest { | |
| 46 // An encrypted, serialized CertLoggerRequest | |
| 47 required bytes encrypted_report = 1; | |
| 48 // The server public key version that was used to derive the shared secret. | |
| 49 required uint32 server_public_key_version = 2; | |
| 50 // The client public key that corresponds to the private key that was used | |
| 51 // to derive the shared secret. | |
| 52 required bytes client_public_key = 3; | |
| 53 // The encryption algorithm used to encrypt the report. | |
| 54 enum Algorithm { | |
| 55 UNKNOWN_ALGORITHM = 0; | |
| 56 AEAD_ECDH_AES_128_CTR_HMAC_SHA256 = 1; | |
| 57 } | |
| 58 optional Algorithm algorithm = 4 | |
| 59 [default = AEAD_ECDH_AES_128_CTR_HMAC_SHA256]; | |
| 60 }; | |
| 61 | |
| 62 // The response sent back to the user. | |
| 63 message CertLoggerResponse { | |
| 64 enum ResponseCode { | |
| 65 OK = 1; | |
| 66 MALFORMED_CERT_DATA = 2; | |
| 67 HOST_CERT_DONT_MATCH = 3; | |
| 68 ROOT_NOT_RECOGNIZED = 4; | |
| 69 ROOT_NOT_UNEXPECTED = 5; | |
| 70 OTHER_ERROR = 6; | |
| 71 }; | |
| 72 required ResponseCode response = 1; | |
| 73 }; | |
| OLD | NEW |
|---|
Chromium Code Reviews
Issue 1117173004:
Split cert reporter class into report building/serializing and sending (Closed)
Base URL: https://chromium.googlesource.com/chromium/src.git@master