Chromium Code Reviews
chromiumcodereview-hr@appspot.gserviceaccount.com (chromiumcodereview-hr) | Please choose your nickname with Settings | Help | Chromium Project | Gerrit Changes | Sign out
(2589)

Issues Search
    My Issues | Starred     Open | Closed | All

Unified Diff: chrome/browser/net/certificate_error_reporter.cc

Issue 1117173004: Split cert reporter class into report building/serializing and sending (Closed) Base URL: https://chromium.googlesource.com/chromium/src.git@master
Patch Set: document parse/serialize return value Created 5 years, 7 months ago
Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.
Jump to:
View side-by-side diff with in-line comments
Download patch
« no previous file with comments | « chrome/browser/net/certificate_error_reporter.h ('k') | chrome/browser/net/certificate_error_reporter_unittest.cc » ('j') | chrome/browser/net/certificate_error_reporter_unittest.cc » ('J')
Expand Comments ('e') | Collapse Comments ('c') | Show Comments Hide Comments ('s')
Index: chrome/browser/net/certificate_error_reporter.cc
diff --git a/chrome/browser/net/certificate_error_reporter.cc b/chrome/browser/net/certificate_error_reporter.cc
index bb378842ce8bf4f424f12561fdb245298a3b3c14..0e0d1441945b350579bd4a80276f5231a97f5793 100644
--- a/chrome/browser/net/certificate_error_reporter.cc
+++ b/chrome/browser/net/certificate_error_reporter.cc
@@ -7,9 +7,7 @@
#include <set>
#include "base/logging.h"
-#include "base/stl_util.h"
-#include "base/time/time.h"
-#include "chrome/browser/net/cert_logger.pb.h"
+#include "chrome/browser/net/encrypted_cert_logger.pb.h"
#if defined(USE_OPENSSL)
#include "crypto/aead_openssl.h"
@@ -22,14 +20,10 @@
#include "net/base/load_flags.h"
#include "net/base/request_priority.h"
#include "net/base/upload_bytes_element_reader.h"
-#include "net/cert/x509_certificate.h"
-#include "net/ssl/ssl_info.h"
#include "net/url_request/url_request_context.h"
namespace {
-using chrome_browser_net::CertLoggerRequest;
-
// Constants used for crypto
static const uint8 kServerPublicKey[] = {
0x51, 0xcc, 0x52, 0x67, 0x42, 0x47, 0x3b, 0x10, 0xe8, 0x63, 0x18,
@@ -85,41 +79,6 @@ bool EncryptSerializedReport(
}
#endif
-void AddCertStatusToReportErrors(
- net::CertStatus cert_status,
- CertLoggerRequest* report) {
- if (cert_status & net::CERT_STATUS_REVOKED)
- report->add_cert_error(CertLoggerRequest::ERR_CERT_REVOKED);
- if (cert_status & net::CERT_STATUS_INVALID)
- report->add_cert_error(CertLoggerRequest::ERR_CERT_INVALID);
- if (cert_status & net::CERT_STATUS_PINNED_KEY_MISSING)
- report->add_cert_error(
- CertLoggerRequest::ERR_SSL_PINNED_KEY_NOT_IN_CERT_CHAIN);
- if (cert_status & net::CERT_STATUS_AUTHORITY_INVALID)
- report->add_cert_error(CertLoggerRequest::ERR_CERT_AUTHORITY_INVALID);
- if (cert_status & net::CERT_STATUS_COMMON_NAME_INVALID)
- report->add_cert_error(CertLoggerRequest::ERR_CERT_COMMON_NAME_INVALID);
- if (cert_status & net::CERT_STATUS_NON_UNIQUE_NAME)
- report->add_cert_error(CertLoggerRequest::ERR_CERT_NON_UNIQUE_NAME);
- if (cert_status & net::CERT_STATUS_NAME_CONSTRAINT_VIOLATION)
- report->add_cert_error(
- CertLoggerRequest::ERR_CERT_NAME_CONSTRAINT_VIOLATION);
- if (cert_status & net::CERT_STATUS_WEAK_SIGNATURE_ALGORITHM)
- report->add_cert_error(
- CertLoggerRequest::ERR_CERT_WEAK_SIGNATURE_ALGORITHM);
- if (cert_status & net::CERT_STATUS_WEAK_KEY)
- report->add_cert_error(CertLoggerRequest::ERR_CERT_WEAK_KEY);
- if (cert_status & net::CERT_STATUS_DATE_INVALID)
- report->add_cert_error(CertLoggerRequest::ERR_CERT_DATE_INVALID);
- if (cert_status & net::CERT_STATUS_VALIDITY_TOO_LONG)
- report->add_cert_error(CertLoggerRequest::ERR_CERT_VALIDITY_TOO_LONG);
- if (cert_status & net::CERT_STATUS_UNABLE_TO_CHECK_REVOCATION)
- report->add_cert_error(
- CertLoggerRequest::ERR_CERT_UNABLE_TO_CHECK_REVOCATION);
- if (cert_status & net::CERT_STATUS_NO_REVOCATION_MECHANISM)
- report->add_cert_error(CertLoggerRequest::ERR_CERT_NO_REVOCATION_MECHANISM);
-}
-
} // namespace
namespace chrome_browser_net {
@@ -153,25 +112,20 @@ CertificateErrorReporter::~CertificateErrorReporter() {
STLDeleteElements(&inflight_requests_);
}
-void CertificateErrorReporter::SendReport(ReportType type,
- const std::string& hostname,
- const net::SSLInfo& ssl_info) {
- CertLoggerRequest request;
- BuildReport(hostname, ssl_info, &request);
-
+void CertificateErrorReporter::SendReport(
+ ReportType type,
+ const std::string& serialized_report) {
switch (type) {
case REPORT_TYPE_PINNING_VIOLATION:
- SendCertLoggerRequest(request);
+ SendSerializedRequest(serialized_report);
break;
case REPORT_TYPE_EXTENDED_REPORTING:
if (upload_url_.SchemeIsCryptographic()) {
- SendCertLoggerRequest(request);
+ SendSerializedRequest(serialized_report);
} else {
DCHECK(IsHttpUploadUrlSupported());
#if defined(USE_OPENSSL)
EncryptedCertLoggerRequest encrypted_report;
- std::string serialized_report;
- request.SerializeToString(&serialized_report);
if (!EncryptSerializedReport(server_public_key_,
server_public_key_version_,
serialized_report, &encrypted_report)) {
@@ -230,7 +184,7 @@ bool CertificateErrorReporter::IsHttpUploadUrlSupported() {
bool CertificateErrorReporter::DecryptCertificateErrorReport(
const uint8 server_private_key[32],
const EncryptedCertLoggerRequest& encrypted_report,
- CertLoggerRequest* decrypted_report) {
+ std::string* decrypted_serialized_report) {
uint8 shared_secret[crypto::curve25519::kBytes];
crypto::curve25519::ScalarMult(
server_private_key, (uint8*)encrypted_report.client_public_key().data(),
Ryan Sleevi 2015/05/13 01:02:12 casts
estark 2015/05/13 01:44:49 Done.
@@ -249,23 +203,11 @@ bool CertificateErrorReporter::DecryptCertificateErrorReport(
// Use an all-zero nonce because the key is random per-message.
std::string nonce(aead.NonceLength(), 0);
- std::string plaintext;
- if (!aead.Open(encrypted_report.encrypted_report(), nonce, "", &plaintext)) {
- LOG(ERROR) << "Error opening certificate report";
- return false;
- }
-
- return decrypted_report->ParseFromString(plaintext);
+ return aead.Open(encrypted_report.encrypted_report(), nonce, "",
Ryan Sleevi 2015/05/13 01:02:12 s/""/std::string()/
estark 2015/05/13 01:44:49 Done.
+ decrypted_serialized_report);
}
#endif
-void CertificateErrorReporter::SendCertLoggerRequest(
- const CertLoggerRequest& request) {
- std::string serialized_request;
- request.SerializeToString(&serialized_request);
- SendSerializedRequest(serialized_request);
-}
-
void CertificateErrorReporter::SendSerializedRequest(
const std::string& serialized_request) {
scoped_ptr<net::URLRequest> url_request = CreateURLRequest(request_context_);
@@ -286,26 +228,6 @@ void CertificateErrorReporter::SendSerializedRequest(
raw_url_request->Start();
}
-void CertificateErrorReporter::BuildReport(const std::string& hostname,
- const net::SSLInfo& ssl_info,
- CertLoggerRequest* out_request) {
- base::Time now = base::Time::Now();
- out_request->set_time_usec(now.ToInternalValue());
- out_request->set_hostname(hostname);
-
- std::vector<std::string> pem_encoded_chain;
- if (!ssl_info.cert->GetPEMEncodedChain(&pem_encoded_chain))
- LOG(ERROR) << "Could not get PEM encoded chain.";
-
- std::string* cert_chain = out_request->mutable_cert_chain();
- for (size_t i = 0; i < pem_encoded_chain.size(); ++i)
- *cert_chain += pem_encoded_chain[i];
-
- out_request->add_pin(ssl_info.pinning_failure_log);
-
- AddCertStatusToReportErrors(ssl_info.cert_status, out_request);
-}
-
void CertificateErrorReporter::RequestComplete(net::URLRequest* request) {
std::set<net::URLRequest*>::iterator i = inflight_requests_.find(request);
DCHECK(i != inflight_requests_.end());
« no previous file with comments | « chrome/browser/net/certificate_error_reporter.h ('k') | chrome/browser/net/certificate_error_reporter_unittest.cc » ('j') | chrome/browser/net/certificate_error_reporter_unittest.cc » ('J')

Powered by Google App Engine
This is Rietveld 408576698