Chromium Code Reviews
chromiumcodereview-hr@appspot.gserviceaccount.com (chromiumcodereview-hr) | Please choose your nickname with Settings | Help | Chromium Project | Gerrit Changes | Sign out
(2929)

Unified Diff: chrome/browser/net/certificate_error_reporter.cc

Issue 1117173004: Split cert reporter class into report building/serializing and sending (Closed) Base URL: https://chromium.googlesource.com/chromium/src.git@master
Patch Set: move //c/b/ssl classes into global namespace Created 5 years, 7 months ago
Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.
Jump to:
View side-by-side diff with in-line comments
Download patch
Index: chrome/browser/net/certificate_error_reporter.cc
diff --git a/chrome/browser/net/certificate_error_reporter.cc b/chrome/browser/net/certificate_error_reporter.cc
index bb378842ce8bf4f424f12561fdb245298a3b3c14..c1f15914001244b9ebfb3fb563ea800e3d11f863 100644
--- a/chrome/browser/net/certificate_error_reporter.cc
+++ b/chrome/browser/net/certificate_error_reporter.cc
@@ -7,9 +7,7 @@
#include <set>
#include "base/logging.h"
-#include "base/stl_util.h"
-#include "base/time/time.h"
-#include "chrome/browser/net/cert_logger.pb.h"
+#include "chrome/browser/net/encrypted_cert_logger.pb.h"
#if defined(USE_OPENSSL)
#include "crypto/aead_openssl.h"
@@ -22,14 +20,10 @@
#include "net/base/load_flags.h"
#include "net/base/request_priority.h"
#include "net/base/upload_bytes_element_reader.h"
-#include "net/cert/x509_certificate.h"
-#include "net/ssl/ssl_info.h"
#include "net/url_request/url_request_context.h"
namespace {
-using chrome_browser_net::CertLoggerRequest;
-
// Constants used for crypto
static const uint8 kServerPublicKey[] = {
0x51, 0xcc, 0x52, 0x67, 0x42, 0x47, 0x3b, 0x10, 0xe8, 0x63, 0x18,
@@ -56,7 +50,8 @@ bool EncryptSerializedReport(
crypto::curve25519::ScalarMult(private_key, server_public_key, shared_secret);
crypto::Aead aead(crypto::Aead::AES_128_CTR_HMAC_SHA256);
- crypto::HKDF hkdf(std::string((char*)shared_secret, sizeof(shared_secret)),
+ crypto::HKDF hkdf(std::string(reinterpret_cast<char*>(shared_secret),
+ sizeof(shared_secret)),
std::string(),
base::StringPiece(kHkdfLabel, sizeof(kHkdfLabel)), 0, 0,
aead.KeyLength());
@@ -69,7 +64,7 @@ bool EncryptSerializedReport(
std::string nonce(aead.NonceLength(), 0);
std::string ciphertext;
- if (!aead.Seal(report, nonce, "", &ciphertext)) {
+ if (!aead.Seal(report, nonce, std::string(), &ciphertext)) {
LOG(ERROR) << "Error sealing certificate report.";
return false;
}
@@ -77,7 +72,7 @@ bool EncryptSerializedReport(
encrypted_report->set_encrypted_report(ciphertext);
encrypted_report->set_server_public_key_version(server_public_key_version);
encrypted_report->set_client_public_key(
- std::string((char*)public_key, sizeof(public_key)));
+ std::string(reinterpret_cast<char*>(public_key), sizeof(public_key)));
encrypted_report->set_algorithm(
chrome_browser_net::EncryptedCertLoggerRequest::
AEAD_ECDH_AES_128_CTR_HMAC_SHA256);
@@ -85,41 +80,6 @@ bool EncryptSerializedReport(
}
#endif
-void AddCertStatusToReportErrors(
- net::CertStatus cert_status,
- CertLoggerRequest* report) {
- if (cert_status & net::CERT_STATUS_REVOKED)
- report->add_cert_error(CertLoggerRequest::ERR_CERT_REVOKED);
- if (cert_status & net::CERT_STATUS_INVALID)
- report->add_cert_error(CertLoggerRequest::ERR_CERT_INVALID);
- if (cert_status & net::CERT_STATUS_PINNED_KEY_MISSING)
- report->add_cert_error(
- CertLoggerRequest::ERR_SSL_PINNED_KEY_NOT_IN_CERT_CHAIN);
- if (cert_status & net::CERT_STATUS_AUTHORITY_INVALID)
- report->add_cert_error(CertLoggerRequest::ERR_CERT_AUTHORITY_INVALID);
- if (cert_status & net::CERT_STATUS_COMMON_NAME_INVALID)
- report->add_cert_error(CertLoggerRequest::ERR_CERT_COMMON_NAME_INVALID);
- if (cert_status & net::CERT_STATUS_NON_UNIQUE_NAME)
- report->add_cert_error(CertLoggerRequest::ERR_CERT_NON_UNIQUE_NAME);
- if (cert_status & net::CERT_STATUS_NAME_CONSTRAINT_VIOLATION)
- report->add_cert_error(
- CertLoggerRequest::ERR_CERT_NAME_CONSTRAINT_VIOLATION);
- if (cert_status & net::CERT_STATUS_WEAK_SIGNATURE_ALGORITHM)
- report->add_cert_error(
- CertLoggerRequest::ERR_CERT_WEAK_SIGNATURE_ALGORITHM);
- if (cert_status & net::CERT_STATUS_WEAK_KEY)
- report->add_cert_error(CertLoggerRequest::ERR_CERT_WEAK_KEY);
- if (cert_status & net::CERT_STATUS_DATE_INVALID)
- report->add_cert_error(CertLoggerRequest::ERR_CERT_DATE_INVALID);
- if (cert_status & net::CERT_STATUS_VALIDITY_TOO_LONG)
- report->add_cert_error(CertLoggerRequest::ERR_CERT_VALIDITY_TOO_LONG);
- if (cert_status & net::CERT_STATUS_UNABLE_TO_CHECK_REVOCATION)
- report->add_cert_error(
- CertLoggerRequest::ERR_CERT_UNABLE_TO_CHECK_REVOCATION);
- if (cert_status & net::CERT_STATUS_NO_REVOCATION_MECHANISM)
- report->add_cert_error(CertLoggerRequest::ERR_CERT_NO_REVOCATION_MECHANISM);
-}
-
} // namespace
namespace chrome_browser_net {
@@ -153,25 +113,20 @@ CertificateErrorReporter::~CertificateErrorReporter() {
STLDeleteElements(&inflight_requests_);
}
-void CertificateErrorReporter::SendReport(ReportType type,
- const std::string& hostname,
- const net::SSLInfo& ssl_info) {
- CertLoggerRequest request;
- BuildReport(hostname, ssl_info, &request);
-
+void CertificateErrorReporter::SendReport(
+ ReportType type,
+ const std::string& serialized_report) {
switch (type) {
case REPORT_TYPE_PINNING_VIOLATION:
- SendCertLoggerRequest(request);
+ SendSerializedRequest(serialized_report);
break;
case REPORT_TYPE_EXTENDED_REPORTING:
if (upload_url_.SchemeIsCryptographic()) {
- SendCertLoggerRequest(request);
+ SendSerializedRequest(serialized_report);
} else {
DCHECK(IsHttpUploadUrlSupported());
#if defined(USE_OPENSSL)
EncryptedCertLoggerRequest encrypted_report;
- std::string serialized_report;
- request.SerializeToString(&serialized_report);
if (!EncryptSerializedReport(server_public_key_,
server_public_key_version_,
serialized_report, &encrypted_report)) {
@@ -230,14 +185,16 @@ bool CertificateErrorReporter::IsHttpUploadUrlSupported() {
bool CertificateErrorReporter::DecryptCertificateErrorReport(
const uint8 server_private_key[32],
const EncryptedCertLoggerRequest& encrypted_report,
- CertLoggerRequest* decrypted_report) {
+ std::string* decrypted_serialized_report) {
uint8 shared_secret[crypto::curve25519::kBytes];
crypto::curve25519::ScalarMult(
- server_private_key, (uint8*)encrypted_report.client_public_key().data(),
+ server_private_key, reinterpret_cast<const uint8*>(
+ encrypted_report.client_public_key().data()),
shared_secret);
crypto::Aead aead(crypto::Aead::AES_128_CTR_HMAC_SHA256);
- crypto::HKDF hkdf(std::string((char*)shared_secret, sizeof(shared_secret)),
+ crypto::HKDF hkdf(std::string(reinterpret_cast<char*>(shared_secret),
+ sizeof(shared_secret)),
std::string(),
base::StringPiece(kHkdfLabel, sizeof(kHkdfLabel)), 0, 0,
aead.KeyLength());
@@ -249,23 +206,11 @@ bool CertificateErrorReporter::DecryptCertificateErrorReport(
// Use an all-zero nonce because the key is random per-message.
std::string nonce(aead.NonceLength(), 0);
- std::string plaintext;
- if (!aead.Open(encrypted_report.encrypted_report(), nonce, "", &plaintext)) {
- LOG(ERROR) << "Error opening certificate report";
- return false;
- }
-
- return decrypted_report->ParseFromString(plaintext);
+ return aead.Open(encrypted_report.encrypted_report(), nonce, std::string(),
+ decrypted_serialized_report);
}
#endif
-void CertificateErrorReporter::SendCertLoggerRequest(
- const CertLoggerRequest& request) {
- std::string serialized_request;
- request.SerializeToString(&serialized_request);
- SendSerializedRequest(serialized_request);
-}
-
void CertificateErrorReporter::SendSerializedRequest(
const std::string& serialized_request) {
scoped_ptr<net::URLRequest> url_request = CreateURLRequest(request_context_);
@@ -286,26 +231,6 @@ void CertificateErrorReporter::SendSerializedRequest(
raw_url_request->Start();
}
-void CertificateErrorReporter::BuildReport(const std::string& hostname,
- const net::SSLInfo& ssl_info,
- CertLoggerRequest* out_request) {
- base::Time now = base::Time::Now();
- out_request->set_time_usec(now.ToInternalValue());
- out_request->set_hostname(hostname);
-
- std::vector<std::string> pem_encoded_chain;
- if (!ssl_info.cert->GetPEMEncodedChain(&pem_encoded_chain))
- LOG(ERROR) << "Could not get PEM encoded chain.";
-
- std::string* cert_chain = out_request->mutable_cert_chain();
- for (size_t i = 0; i < pem_encoded_chain.size(); ++i)
- *cert_chain += pem_encoded_chain[i];
-
- out_request->add_pin(ssl_info.pinning_failure_log);
-
- AddCertStatusToReportErrors(ssl_info.cert_status, out_request);
-}
-
void CertificateErrorReporter::RequestComplete(net::URLRequest* request) {
std::set<net::URLRequest*>::iterator i = inflight_requests_.find(request);
DCHECK(i != inflight_requests_.end());

Powered by Google App Engine
This is Rietveld 408576698