| OLD | NEW |
|---|
| 1 // Copyright 2015 The Chromium Authors. All rights reserved. | 1 // Copyright 2015 The Chromium Authors. All rights reserved. |
| 2 // Use of this source code is governed by a BSD-style license that can be | 2 // Use of this source code is governed by a BSD-style license that can be |
| 3 // found in the LICENSE file. | 3 // found in the LICENSE file. |
| 4 | 4 |
| 5 #include "chrome/browser/net/certificate_error_reporter.h" | 5 #include "chrome/browser/net/certificate_error_reporter.h" |
| 6 | 6 |
| 7 #include <set> | 7 #include <set> |
| 8 | 8 |
| 9 #include "base/logging.h" | 9 #include "base/logging.h" |
| 10 #include "base/stl_util.h" | 10 #include "base/stl_util.h" |
| (...skipping 10 matching lines...) Expand all Loading... |
| 21 #include "net/base/elements_upload_data_stream.h" | 21 #include "net/base/elements_upload_data_stream.h" |
| 22 #include "net/base/load_flags.h" | 22 #include "net/base/load_flags.h" |
| 23 #include "net/base/request_priority.h" | 23 #include "net/base/request_priority.h" |
| 24 #include "net/base/upload_bytes_element_reader.h" | 24 #include "net/base/upload_bytes_element_reader.h" |
| 25 #include "net/cert/x509_certificate.h" | 25 #include "net/cert/x509_certificate.h" |
| 26 #include "net/ssl/ssl_info.h" | 26 #include "net/ssl/ssl_info.h" |
| 27 #include "net/url_request/url_request_context.h" | 27 #include "net/url_request/url_request_context.h" |
| 28 | 28 |
| 29 namespace { | 29 namespace { |
| 30 | 30 |
| 31 using chrome_browser_net::CertLoggerRequest; |
| 32 |
| 31 // Constants used for crypto | 33 // Constants used for crypto |
| 32 static const uint8 kServerPublicKey[] = { | 34 static const uint8 kServerPublicKey[] = { |
| 33 0x51, 0xcc, 0x52, 0x67, 0x42, 0x47, 0x3b, 0x10, 0xe8, 0x63, 0x18, | 35 0x51, 0xcc, 0x52, 0x67, 0x42, 0x47, 0x3b, 0x10, 0xe8, 0x63, 0x18, |
| 34 0x3c, 0x61, 0xa7, 0x96, 0x76, 0x86, 0x91, 0x40, 0x71, 0x39, 0x5f, | 36 0x3c, 0x61, 0xa7, 0x96, 0x76, 0x86, 0x91, 0x40, 0x71, 0x39, 0x5f, |
| 35 0x31, 0x1a, 0x39, 0x5b, 0x76, 0xb1, 0x6b, 0x3d, 0x6a, 0x2b}; | 37 0x31, 0x1a, 0x39, 0x5b, 0x76, 0xb1, 0x6b, 0x3d, 0x6a, 0x2b}; |
| 36 static const uint32 kServerPublicKeyVersion = 1; | 38 static const uint32 kServerPublicKeyVersion = 1; |
| 37 | 39 |
| 38 #if defined(USE_OPENSSL) | 40 #if defined(USE_OPENSSL) |
| 39 | 41 |
| 40 static const char kHkdfLabel[] = "certificate report"; | 42 static const char kHkdfLabel[] = "certificate report"; |
| (...skipping 33 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 74 encrypted_report->set_server_public_key_version(server_public_key_version); | 76 encrypted_report->set_server_public_key_version(server_public_key_version); |
| 75 encrypted_report->set_client_public_key( | 77 encrypted_report->set_client_public_key( |
| 76 std::string((char*)public_key, sizeof(public_key))); | 78 std::string((char*)public_key, sizeof(public_key))); |
| 77 encrypted_report->set_algorithm( | 79 encrypted_report->set_algorithm( |
| 78 chrome_browser_net::EncryptedCertLoggerRequest:: | 80 chrome_browser_net::EncryptedCertLoggerRequest:: |
| 79 AEAD_ECDH_AES_128_CTR_HMAC_SHA256); | 81 AEAD_ECDH_AES_128_CTR_HMAC_SHA256); |
| 80 return true; | 82 return true; |
| 81 } | 83 } |
| 82 #endif | 84 #endif |
| 83 | 85 |
| 86 void AddCertStatusToReportErrors( |
| 87 net::CertStatus cert_status, |
| 88 CertLoggerRequest* report) { |
| 89 if (cert_status & net::CERT_STATUS_REVOKED) |
| 90 report->add_cert_error(CertLoggerRequest::ERR_CERT_REVOKED); |
| 91 if (cert_status & net::CERT_STATUS_INVALID) |
| 92 report->add_cert_error(CertLoggerRequest::ERR_CERT_INVALID); |
| 93 if (cert_status & net::CERT_STATUS_PINNED_KEY_MISSING) |
| 94 report->add_cert_error( |
| 95 CertLoggerRequest::ERR_SSL_PINNED_KEY_NOT_IN_CERT_CHAIN); |
| 96 if (cert_status & net::CERT_STATUS_AUTHORITY_INVALID) |
| 97 report->add_cert_error(CertLoggerRequest::ERR_CERT_AUTHORITY_INVALID); |
| 98 if (cert_status & net::CERT_STATUS_COMMON_NAME_INVALID) |
| 99 report->add_cert_error(CertLoggerRequest::ERR_CERT_COMMON_NAME_INVALID); |
| 100 if (cert_status & net::CERT_STATUS_NON_UNIQUE_NAME) |
| 101 report->add_cert_error(CertLoggerRequest::ERR_CERT_NON_UNIQUE_NAME); |
| 102 if (cert_status & net::CERT_STATUS_NAME_CONSTRAINT_VIOLATION) |
| 103 report->add_cert_error( |
| 104 CertLoggerRequest::ERR_CERT_NAME_CONSTRAINT_VIOLATION); |
| 105 if (cert_status & net::CERT_STATUS_WEAK_SIGNATURE_ALGORITHM) |
| 106 report->add_cert_error( |
| 107 CertLoggerRequest::ERR_CERT_WEAK_SIGNATURE_ALGORITHM); |
| 108 if (cert_status & net::CERT_STATUS_WEAK_KEY) |
| 109 report->add_cert_error(CertLoggerRequest::ERR_CERT_WEAK_KEY); |
| 110 if (cert_status & net::CERT_STATUS_DATE_INVALID) |
| 111 report->add_cert_error(CertLoggerRequest::ERR_CERT_DATE_INVALID); |
| 112 if (cert_status & net::CERT_STATUS_VALIDITY_TOO_LONG) |
| 113 report->add_cert_error(CertLoggerRequest::ERR_CERT_VALIDITY_TOO_LONG); |
| 114 if (cert_status & net::CERT_STATUS_UNABLE_TO_CHECK_REVOCATION) |
| 115 report->add_cert_error( |
| 116 CertLoggerRequest::ERR_CERT_UNABLE_TO_CHECK_REVOCATION); |
| 117 if (cert_status & net::CERT_STATUS_NO_REVOCATION_MECHANISM) |
| 118 report->add_cert_error(CertLoggerRequest::ERR_CERT_NO_REVOCATION_MECHANISM); |
| 119 } |
| 120 |
| 84 } // namespace | 121 } // namespace |
| 85 | 122 |
| 86 namespace chrome_browser_net { | 123 namespace chrome_browser_net { |
| 87 | 124 |
| 88 CertificateErrorReporter::CertificateErrorReporter( | 125 CertificateErrorReporter::CertificateErrorReporter( |
| 89 net::URLRequestContext* request_context, | 126 net::URLRequestContext* request_context, |
| 90 const GURL& upload_url, | 127 const GURL& upload_url, |
| 91 CookiesPreference cookies_preference) | 128 CookiesPreference cookies_preference) |
| 92 : CertificateErrorReporter(request_context, | 129 : CertificateErrorReporter(request_context, |
| 93 upload_url, | 130 upload_url, |
| (...skipping 160 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 254 | 291 |
| 255 std::vector<std::string> pem_encoded_chain; | 292 std::vector<std::string> pem_encoded_chain; |
| 256 if (!ssl_info.cert->GetPEMEncodedChain(&pem_encoded_chain)) | 293 if (!ssl_info.cert->GetPEMEncodedChain(&pem_encoded_chain)) |
| 257 LOG(ERROR) << "Could not get PEM encoded chain."; | 294 LOG(ERROR) << "Could not get PEM encoded chain."; |
| 258 | 295 |
| 259 std::string* cert_chain = out_request->mutable_cert_chain(); | 296 std::string* cert_chain = out_request->mutable_cert_chain(); |
| 260 for (size_t i = 0; i < pem_encoded_chain.size(); ++i) | 297 for (size_t i = 0; i < pem_encoded_chain.size(); ++i) |
| 261 *cert_chain += pem_encoded_chain[i]; | 298 *cert_chain += pem_encoded_chain[i]; |
| 262 | 299 |
| 263 out_request->add_pin(ssl_info.pinning_failure_log); | 300 out_request->add_pin(ssl_info.pinning_failure_log); |
| 301 |
| 302 AddCertStatusToReportErrors(ssl_info.cert_status, out_request); |
| 264 } | 303 } |
| 265 | 304 |
| 266 void CertificateErrorReporter::RequestComplete(net::URLRequest* request) { | 305 void CertificateErrorReporter::RequestComplete(net::URLRequest* request) { |
| 267 std::set<net::URLRequest*>::iterator i = inflight_requests_.find(request); | 306 std::set<net::URLRequest*>::iterator i = inflight_requests_.find(request); |
| 268 DCHECK(i != inflight_requests_.end()); | 307 DCHECK(i != inflight_requests_.end()); |
| 269 scoped_ptr<net::URLRequest> url_request(*i); | 308 scoped_ptr<net::URLRequest> url_request(*i); |
| 270 inflight_requests_.erase(i); | 309 inflight_requests_.erase(i); |
| 271 } | 310 } |
| 272 | 311 |
| 273 } // namespace chrome_browser_net | 312 } // namespace chrome_browser_net |
| OLD | NEW |
|---|
Chromium Code Reviews
Issue 1117173005:
Include cert status in invalid certificate reports (Closed)
Base URL: https://chromium.googlesource.com/chromium/src.git@master