Chromium Code Reviews Chromium Code Reviews
Issue 1180313006:
Include unverified server-sent cert chain in reports (Closed)
Base URL: https://chromium.googlesource.com/chromium/src.git@master| OLD | NEW |
|---|---|
| 1 // Copyright 2015 The Chromium Authors. All rights reserved. | 1 // Copyright 2015 The Chromium Authors. All rights reserved. |
| 2 // Use of this source code is governed by a BSD-style license that can be | 2 // Use of this source code is governed by a BSD-style license that can be |
| 3 // found in the LICENSE file. | 3 // found in the LICENSE file. |
| 4 | 4 |
| 5 #include "chrome/browser/ssl/certificate_error_report.h" | 5 #include "chrome/browser/ssl/certificate_error_report.h" |
| 6 | 6 |
| 7 #include <vector> | 7 #include <vector> |
| 8 | 8 |
| 9 #include "base/stl_util.h" | 9 #include "base/stl_util.h" |
| 10 #include "base/time/time.h" | 10 #include "base/time/time.h" |
| (...skipping 30 matching lines...) Expand all Loading... | |
| 41 if (cert_status & net::CERT_STATUS_DATE_INVALID) | 41 if (cert_status & net::CERT_STATUS_DATE_INVALID) |
| 42 report->add_cert_error(CertLoggerRequest::ERR_CERT_DATE_INVALID); | 42 report->add_cert_error(CertLoggerRequest::ERR_CERT_DATE_INVALID); |
| 43 if (cert_status & net::CERT_STATUS_VALIDITY_TOO_LONG) | 43 if (cert_status & net::CERT_STATUS_VALIDITY_TOO_LONG) |
| 44 report->add_cert_error(CertLoggerRequest::ERR_CERT_VALIDITY_TOO_LONG); | 44 report->add_cert_error(CertLoggerRequest::ERR_CERT_VALIDITY_TOO_LONG); |
| 45 if (cert_status & net::CERT_STATUS_UNABLE_TO_CHECK_REVOCATION) | 45 if (cert_status & net::CERT_STATUS_UNABLE_TO_CHECK_REVOCATION) |
| 46 report->add_cert_error( | 46 report->add_cert_error( |
| 47 CertLoggerRequest::ERR_CERT_UNABLE_TO_CHECK_REVOCATION); | 47 CertLoggerRequest::ERR_CERT_UNABLE_TO_CHECK_REVOCATION); |
| 48 if (cert_status & net::CERT_STATUS_NO_REVOCATION_MECHANISM) | 48 if (cert_status & net::CERT_STATUS_NO_REVOCATION_MECHANISM) |
| 49 report->add_cert_error(CertLoggerRequest::ERR_CERT_NO_REVOCATION_MECHANISM); | 49 report->add_cert_error(CertLoggerRequest::ERR_CERT_NO_REVOCATION_MECHANISM); |
| 50 } | 50 } |
| 51 | |
| 52 bool CertificateChainToString(scoped_refptr<net::X509Certificate> cert, | |
| 53 std::string* result) { | |
| 54 std::vector<std::string> pem_encoded_chain; | |
| 55 if (!cert->GetPEMEncodedChain(&pem_encoded_chain)) | |
| 56 return false; | |
| 57 | |
| 58 for (size_t i = 0; i < pem_encoded_chain.size(); ++i) | |
|
meacer
2015/06/15 19:57:20
You can use C++11 style for loop here:
for (const
estark
2015/06/15 20:47:37
Done. (JoinString)
| |
| 59 result->append(pem_encoded_chain[i]); | |
| 60 | |
| 61 return true; | |
| 62 } | |
| 63 | |
| 51 } // namespace | 64 } // namespace |
| 52 | 65 |
| 53 CertificateErrorReport::CertificateErrorReport() | 66 CertificateErrorReport::CertificateErrorReport() |
| 54 : cert_report_(new CertLoggerRequest()) { | 67 : cert_report_(new CertLoggerRequest()) { |
| 55 } | 68 } |
| 56 | 69 |
| 57 CertificateErrorReport::CertificateErrorReport(const std::string& hostname, | 70 CertificateErrorReport::CertificateErrorReport(const std::string& hostname, |
| 58 const net::SSLInfo& ssl_info) | 71 const net::SSLInfo& ssl_info) |
| 59 : cert_report_(new CertLoggerRequest()) { | 72 : cert_report_(new CertLoggerRequest()) { |
| 60 base::Time now = base::Time::Now(); | 73 base::Time now = base::Time::Now(); |
| 61 cert_report_->set_time_usec(now.ToInternalValue()); | 74 cert_report_->set_time_usec(now.ToInternalValue()); |
| 62 cert_report_->set_hostname(hostname); | 75 cert_report_->set_hostname(hostname); |
| 63 | 76 |
| 64 std::vector<std::string> pem_encoded_chain; | 77 if (!CertificateChainToString(ssl_info.cert, |
| 65 if (!ssl_info.cert->GetPEMEncodedChain(&pem_encoded_chain)) { | 78 cert_report_->mutable_cert_chain())) |
| 66 LOG(ERROR) << "Could not get PEM encoded chain."; | 79 LOG(ERROR) << "Could not get PEM encoded chain."; |
|
meacer
2015/06/15 19:57:20
Wrap this statement with braces since |if| spans t
estark
2015/06/15 20:47:37
Done.
| |
| 80 | |
| 81 if (ssl_info.unverified_cert && | |
| 82 !CertificateChainToString( | |
| 83 ssl_info.unverified_cert, | |
| 84 cert_report_->mutable_unverified_cert_chain())) { | |
| 85 LOG(ERROR) << "Could not get PEM encoded unverified certificate chain."; | |
| 67 } | 86 } |
| 68 | 87 |
| 69 std::string* cert_chain = cert_report_->mutable_cert_chain(); | |
| 70 for (size_t i = 0; i < pem_encoded_chain.size(); ++i) | |
| 71 cert_chain->append(pem_encoded_chain[i]); | |
| 72 | |
| 73 cert_report_->add_pin(ssl_info.pinning_failure_log); | 88 cert_report_->add_pin(ssl_info.pinning_failure_log); |
| 74 | 89 |
| 75 AddCertStatusToReportErrors(ssl_info.cert_status, cert_report_.get()); | 90 AddCertStatusToReportErrors(ssl_info.cert_status, cert_report_.get()); |
| 76 } | 91 } |
| 77 | 92 |
| 78 CertificateErrorReport::~CertificateErrorReport() { | 93 CertificateErrorReport::~CertificateErrorReport() { |
| 79 } | 94 } |
| 80 | 95 |
| 81 bool CertificateErrorReport::InitializeFromString( | 96 bool CertificateErrorReport::InitializeFromString( |
| 82 const std::string& serialized_report) { | 97 const std::string& serialized_report) { |
| (...skipping 26 matching lines...) Expand all Loading... | |
| 109 break; | 124 break; |
| 110 } | 125 } |
| 111 | 126 |
| 112 interstitial_info->set_user_proceeded(proceed_decision == USER_PROCEEDED); | 127 interstitial_info->set_user_proceeded(proceed_decision == USER_PROCEEDED); |
| 113 interstitial_info->set_overridable(overridable == INTERSTITIAL_OVERRIDABLE); | 128 interstitial_info->set_overridable(overridable == INTERSTITIAL_OVERRIDABLE); |
| 114 } | 129 } |
| 115 | 130 |
| 116 const std::string& CertificateErrorReport::hostname() const { | 131 const std::string& CertificateErrorReport::hostname() const { |
| 117 return cert_report_->hostname(); | 132 return cert_report_->hostname(); |
| 118 } | 133 } |
| OLD | NEW |
