Split cert reporter class into report building/serializing and sending

chrome/browser/net/certificate_error_reporter.cc

 // Copyright 2015 The Chromium Authors. All rights reserved.
 // Use of this source code is governed by a BSD-style license that can be
 // found in the LICENSE file.
 
 #include "chrome/browser/net/certificate_error_reporter.h"
 
 #include <set>
 
 #include "base/logging.h"
-#include "base/stl_util.h"
-#include "base/time/time.h"
-#include "chrome/browser/net/cert_logger.pb.h"
+#include "chrome/browser/net/encrypted_cert_logger.pb.h"
 
 #if defined(USE_OPENSSL)
 #include "crypto/aead_openssl.h"
 #endif
 
 #include "crypto/curve25519.h"
 #include "crypto/hkdf.h"
 #include "crypto/random.h"
 #include "net/base/elements_upload_data_stream.h"
 #include "net/base/load_flags.h"
 #include "net/base/request_priority.h"
 #include "net/base/upload_bytes_element_reader.h"
-#include "net/cert/x509_certificate.h"
-#include "net/ssl/ssl_info.h"
 #include "net/url_request/url_request_context.h"
 
 namespace {
 
 // Constants used for crypto
 static const uint8 kServerPublicKey[] = {
     0x51, 0xcc, 0x52, 0x67, 0x42, 0x47, 0x3b, 0x10, 0xe8, 0x63, 0x18,
     0x3c, 0x61, 0xa7, 0x96, 0x76, 0x86, 0x91, 0x40, 0x71, 0x39, 0x5f,
     0x31, 0x1a, 0x39, 0x5b, 0x76, 0xb1, 0x6b, 0x3d, 0x6a, 0x2b};
 static const uint32 kServerPublicKeyVersion = 1;
@@ skipping 70 matching lines @@
       cookies_preference_(cookies_preference),
       server_public_key_(server_public_key),
       server_public_key_version_(server_public_key_version) {
   DCHECK(!upload_url.is_empty());
 }
 
 CertificateErrorReporter::~CertificateErrorReporter() {
   STLDeleteElements(&inflight_requests_);
 }
 
-void CertificateErrorReporter::SendReport(ReportType type,
-                                          const std::string& hostname,
-                                          const net::SSLInfo& ssl_info) {
-  CertLoggerRequest request;
-  BuildReport(hostname, ssl_info, &request);
-
+void CertificateErrorReporter::SendReport(
+    ReportType type,
+    const std::string& serialized_report) {
   switch (type) {
     case REPORT_TYPE_PINNING_VIOLATION:
-      SendCertLoggerRequest(request);
+      SendSerializedRequest(serialized_report);
       break;
     case REPORT_TYPE_EXTENDED_REPORTING:
       if (upload_url_.SchemeIsCryptographic()) {

[eroman, 2015/05/12 00:27:51]

Is this uploading reports to Google? under what circumstances would the
upload_url_ not be https? (Not directly related to your refactor, but still
curious)

[estark, 2015/05/12 20:42:15]

Eventually, all uploads will be over HTTP, not HTTPS. Our goal is to collect
information about SSL warnings that users are seeing, and we very much want to
include data from users who might not be able to make any valid HTTPS
connections at all. At the moment we'll be sending reports (encrypted) over HTTP
on platforms where we have BoringSSL crypto, and we're sending them over HTTPS
on platforms where we don't yet have BoringSSL crypto.

(And yes, all the reports are being sent to Google servers.)

-        SendCertLoggerRequest(request);
+        SendSerializedRequest(serialized_report);
       } else {
         DCHECK(IsHttpUploadUrlSupported());
 #if defined(USE_OPENSSL)
         EncryptedCertLoggerRequest encrypted_report;
-        std::string serialized_report;
-        request.SerializeToString(&serialized_report);
         if (!EncryptSerializedReport(server_public_key_,
                                      server_public_key_version_,
                                      serialized_report, &encrypted_report)) {
           LOG(ERROR) << "Failed to encrypt serialized report.";
           return;
         }
         std::string serialized_encrypted_report;
         encrypted_report.SerializeToString(&serialized_encrypted_report);
         SendSerializedRequest(serialized_encrypted_report);
 #endif
@@ skipping 38 matching lines @@
 #else
   return false;
 #endif
 }
 
 // Used only by tests.
 #if defined(USE_OPENSSL)
 bool CertificateErrorReporter::DecryptCertificateErrorReport(
     const uint8 server_private_key[32],
     const EncryptedCertLoggerRequest& encrypted_report,
-    CertLoggerRequest* decrypted_report) {
+    std::string* decrypted_serialized_report) {
   uint8 shared_secret[crypto::curve25519::kBytes];
   crypto::curve25519::ScalarMult(
       server_private_key, (uint8*)encrypted_report.client_public_key().data(),
       shared_secret);
 
   crypto::Aead aead(crypto::Aead::AES_128_CTR_HMAC_SHA256);
   crypto::HKDF hkdf(std::string((char*)shared_secret, sizeof(shared_secret)),
                     kHkdfLabel, std::string(), 0, 0, aead.KeyLength());
 
   const std::string key(hkdf.subkey_secret().data(),
                         hkdf.subkey_secret().size());
   aead.Init(&key);
 
   // Use an all-zero nonce because the key is random per-message.
   std::string nonce(aead.NonceLength(), 0);
 
-  std::string plaintext;
-  if (!aead.Open(encrypted_report.encrypted_report(), nonce, "", &plaintext)) {
-    LOG(ERROR) << "Error opening certificate report";
-    return false;
-  }
-
-  return decrypted_report->ParseFromString(plaintext);
+  return aead.Open(encrypted_report.encrypted_report(), nonce, "",
+                   decrypted_serialized_report);
 }
 #endif
 
-void CertificateErrorReporter::SendCertLoggerRequest(
-    const CertLoggerRequest& request) {
-  std::string serialized_request;
-  request.SerializeToString(&serialized_request);
-  SendSerializedRequest(serialized_request);
-}
-
 void CertificateErrorReporter::SendSerializedRequest(
     const std::string& serialized_request) {
   scoped_ptr<net::URLRequest> url_request = CreateURLRequest(request_context_);
   url_request->set_method("POST");
 
   scoped_ptr<net::UploadElementReader> reader(
       net::UploadOwnedBytesElementReader::CreateWithString(serialized_request));
   url_request->set_upload(
       net::ElementsUploadDataStream::CreateWithReader(reader.Pass(), 0));
 
   net::HttpRequestHeaders headers;
   headers.SetHeader(net::HttpRequestHeaders::kContentType,
                     "x-application/chrome-fraudulent-cert-report");
   url_request->SetExtraRequestHeaders(headers);
 
   net::URLRequest* raw_url_request = url_request.get();
   inflight_requests_.insert(url_request.release());
   raw_url_request->Start();
 }
 
-void CertificateErrorReporter::BuildReport(const std::string& hostname,
-                                           const net::SSLInfo& ssl_info,
-                                           CertLoggerRequest* out_request) {
-  base::Time now = base::Time::Now();
-  out_request->set_time_usec(now.ToInternalValue());
-  out_request->set_hostname(hostname);
-
-  std::vector<std::string> pem_encoded_chain;
-  if (!ssl_info.cert->GetPEMEncodedChain(&pem_encoded_chain))
-    LOG(ERROR) << "Could not get PEM encoded chain.";
-
-  std::string* cert_chain = out_request->mutable_cert_chain();
-  for (size_t i = 0; i < pem_encoded_chain.size(); ++i)
-    *cert_chain += pem_encoded_chain[i];
-
-  out_request->add_pin(ssl_info.pinning_failure_log);
-}
-
 void CertificateErrorReporter::RequestComplete(net::URLRequest* request) {
   std::set<net::URLRequest*>::iterator i = inflight_requests_.find(request);
   DCHECK(i != inflight_requests_.end());
   scoped_ptr<net::URLRequest> url_request(*i);
   inflight_requests_.erase(i);
 }
 
 }  // namespace chrome_browser_net