Split cert reporter class into report building/serializing and sending

chrome/browser/net/cert_logger.proto

-// Copyright (c) 2011 The Chromium Authors. All rights reserved.
-// Use of this source code is governed by a BSD-style license that can be
-// found in the LICENSE file.
-//
-// This protobuffer is intended to store reports from Chrome users of
-// certificate errors. A report will be sent from Chrome when it gets
-// e.g. a certificate for google.com that chains up to a root CA not expected by
-// Chrome for that origin, such as DigiNotar (compromised in July 2011), or
-// other pinning errors such as a blacklisted cert in the chain, or
-// (when opted in) other certificate validation errors like an expired
-// cert. The report from the user will include the hostname being accessed,
-// the full certificate chain (in PEM format), and the
-// timestamp of when the client tried to access the site. A response is
-// generated by the frontend and logged, including validation and error checking
-// done on the client's input data.
-
-
-syntax = "proto2";
-
-package chrome_browser_net;
-
-// Chrome requires this.
-option optimize_for = LITE_RUNTIME;
-
-// Protocol types
-message CertLoggerRequest {
-  // The hostname being accessed (required as the cert could be valid for
-  // multiple hosts, e.g. a wildcard or a SubjectAltName.
-  required string hostname = 1;
-  // The certificate chain as a series of PEM-encoded certificates, including
-  // intermediates but not necessarily the root.
-  required string cert_chain = 2;
-  // The time (in usec since the epoch) when the client attempted to access the
-  // site generating the pinning error.
-  required int64 time_usec = 3;
-  // public_key_hash contains the string forms of the hashes calculated for
-  // the chain. (I.e. "sha1/<base64 data>".)
-  repeated string public_key_hash = 4;
-  // pin contains the string forms of the pins that were matched against for
-  // this host.
-  repeated string pin = 5;
-
-  enum CertError {
-    ERR_CERT_REVOKED = 1;
-    ERR_CERT_INVALID = 2;
-    ERR_SSL_PINNED_KEY_NOT_IN_CERT_CHAIN = 3;
-    ERR_CERT_AUTHORITY_INVALID = 4;
-    ERR_CERT_COMMON_NAME_INVALID = 5;
-    ERR_CERT_NAME_CONSTRAINT_VIOLATION = 6;
-    ERR_CERT_WEAK_SIGNATURE_ALGORITHM = 7;
-    ERR_CERT_WEAK_KEY = 8;
-    ERR_CERT_DATE_INVALID = 9;
-    ERR_CERT_VALIDITY_TOO_LONG = 10;
-    ERR_CERT_UNABLE_TO_CHECK_REVOCATION = 11;
-    ERR_CERT_NO_REVOCATION_MECHANISM = 12;
-    ERR_CERT_NON_UNIQUE_NAME = 13;
-  };
-
-  // Certificate errors encountered (if any) when validating this
-  // certificate chain.
-  repeated CertError cert_error = 6;
-};
-
-// A wrapper proto containing an encrypted CertLoggerRequest
-message EncryptedCertLoggerRequest {
-  // An encrypted, serialized CertLoggerRequest
-  required bytes encrypted_report = 1;
-  // The server public key version that was used to derive the shared secret.
-  required uint32 server_public_key_version = 2;
-  // The client public key that corresponds to the private key that was used
-  // to derive the shared secret.
-  required bytes client_public_key = 3;
-  // The encryption algorithm used to encrypt the report.
-  enum Algorithm {
-    UNKNOWN_ALGORITHM = 0;
-    AEAD_ECDH_AES_128_CTR_HMAC_SHA256 = 1;
-  }
-  optional Algorithm algorithm = 4
-      [default = AEAD_ECDH_AES_128_CTR_HMAC_SHA256];
-};
-
-// The response sent back to the user.
-message CertLoggerResponse {
-  enum ResponseCode {
-    OK = 1;
-    MALFORMED_CERT_DATA = 2;
-    HOST_CERT_DONT_MATCH = 3;
-    ROOT_NOT_RECOGNIZED = 4;
-    ROOT_NOT_UNEXPECTED = 5;
-    OTHER_ERROR = 6;
-  };
-  required ResponseCode response = 1;
-};