| OLD | NEW |
|---|
| 1 // Copyright (c) 2011 The Chromium Authors. All rights reserved. | 1 // Copyright 2015 The Chromium Authors. All rights reserved. |
| 2 // Use of this source code is governed by a BSD-style license that can be | 2 // Use of this source code is governed by a BSD-style license that can be |
| 3 // found in the LICENSE file. | 3 // found in the LICENSE file. |
| 4 // | 4 // |
| 5 // This protobuffer is intended to store reports from Chrome users of | 5 // This protobuffer is intended to store reports from Chrome users of |
| 6 // certificate errors. A report will be sent from Chrome when it gets | 6 // certificate errors. A report will be sent from Chrome when it gets |
| 7 // e.g. a certificate for google.com that chains up to a root CA not expected by | 7 // e.g. a certificate for google.com that chains up to a root CA not expected by |
| 8 // Chrome for that origin, such as DigiNotar (compromised in July 2011), or | 8 // Chrome for that origin, such as DigiNotar (compromised in July 2011), or |
| 9 // other pinning errors such as a blacklisted cert in the chain, or | 9 // other pinning errors such as a blacklisted cert in the chain, or |
| 10 // (when opted in) other certificate validation errors like an expired | 10 // (when opted in) other certificate validation errors like an expired |
| 11 // cert. The report from the user will include the hostname being accessed, | 11 // cert. The report from the user will include the hostname being accessed, |
| 12 // the full certificate chain (in PEM format), and the | 12 // the full certificate chain (in PEM format), and the |
| 13 // timestamp of when the client tried to access the site. A response is | 13 // timestamp of when the client tried to access the site. A response is |
| 14 // generated by the frontend and logged, including validation and error checking | 14 // generated by the frontend and logged, including validation and error checking |
| 15 // done on the client's input data. | 15 // done on the client's input data. |
| 16 | 16 |
| 17 | |
| 18 syntax = "proto2"; | 17 syntax = "proto2"; |
| 19 | 18 |
| 20 package chrome_browser_net; | 19 package chrome_browser_ssl; |
| 21 | 20 |
| 22 // Chrome requires this. | 21 // Chrome requires this. |
| 23 option optimize_for = LITE_RUNTIME; | 22 option optimize_for = LITE_RUNTIME; |
| 24 | 23 |
| 25 // Protocol types | 24 // Protocol types |
| 26 message CertLoggerRequest { | 25 message CertLoggerRequest { |
| 27 // The hostname being accessed (required as the cert could be valid for | 26 // The hostname being accessed (required as the cert could be valid for |
| 28 // multiple hosts, e.g. a wildcard or a SubjectAltName. | 27 // multiple hosts, e.g. a wildcard or a SubjectAltName. |
| 29 required string hostname = 1; | 28 required string hostname = 1; |
| 30 // The certificate chain as a series of PEM-encoded certificates, including | 29 // The certificate chain as a series of PEM-encoded certificates, including |
| 31 // intermediates but not necessarily the root. | 30 // intermediates but not necessarily the root. |
| 32 required string cert_chain = 2; | 31 required string cert_chain = 2; |
| 33 // The time (in usec since the epoch) when the client attempted to access the | 32 // The time (in usec since the epoch) when the client attempted to access the |
| 34 // site generating the pinning error. | 33 // site generating the pinning error. |
| 35 required int64 time_usec = 3; | 34 required int64 time_usec = 3; |
| 36 // public_key_hash contains the string forms of the hashes calculated for | 35 // public_key_hash contains the string forms of the hashes calculated for |
| 37 // the chain. (I.e. "sha1/<base64 data>".) | 36 // the chain. (I.e. "sha1/<base64 data>".) |
| 38 repeated string public_key_hash = 4; | 37 repeated string public_key_hash = 4; |
| 39 // pin contains the string forms of the pins that were matched against for | 38 // pin contains the string forms of the pins that were matched against for |
| 40 // this host. | 39 // this host. |
| 41 repeated string pin = 5; | 40 repeated string pin = 5; |
| 42 }; | 41 }; |
| 43 | |
| 44 // A wrapper proto containing an encrypted CertLoggerRequest | |
| 45 message EncryptedCertLoggerRequest { | |
| 46 // An encrypted, serialized CertLoggerRequest | |
| 47 required bytes encrypted_report = 1; | |
| 48 // The server public key version that was used to derive the shared secret. | |
| 49 required uint32 server_public_key_version = 2; | |
| 50 // The client public key that corresponds to the private key that was used | |
| 51 // to derive the shared secret. | |
| 52 required bytes client_public_key = 3; | |
| 53 // The encryption algorithm used to encrypt the report. | |
| 54 enum Algorithm { | |
| 55 UNKNOWN_ALGORITHM = 0; | |
| 56 AEAD_ECDH_AES_128_CTR_HMAC_SHA256 = 1; | |
| 57 } | |
| 58 optional Algorithm algorithm = 4 | |
| 59 [default = AEAD_ECDH_AES_128_CTR_HMAC_SHA256]; | |
| 60 }; | |
| 61 | |
| 62 // The response sent back to the user. | |
| 63 message CertLoggerResponse { | |
| 64 enum ResponseCode { | |
| 65 OK = 1; | |
| 66 MALFORMED_CERT_DATA = 2; | |
| 67 HOST_CERT_DONT_MATCH = 3; | |
| 68 ROOT_NOT_RECOGNIZED = 4; | |
| 69 ROOT_NOT_UNEXPECTED = 5; | |
| 70 OTHER_ERROR = 6; | |
| 71 }; | |
| 72 required ResponseCode response = 1; | |
| 73 }; | |
| OLD | NEW |
|---|
Chromium Code Reviews
Issue 1117173004:
Split cert reporter class into report building/serializing and sending (Closed)
Base URL: https://chromium.googlesource.com/chromium/src.git@master