| OLD | NEW |
|---|
| 1 // Copyright 2015 The Chromium Authors. All rights reserved. | 1 // Copyright 2015 The Chromium Authors. All rights reserved. |
| 2 // Use of this source code is governed by a BSD-style license that can be | 2 // Use of this source code is governed by a BSD-style license that can be |
| 3 // found in the LICENSE file. | 3 // found in the LICENSE file. |
| 4 | 4 |
| 5 #include "chrome/browser/ssl/certificate_error_report.h" | 5 #include "chrome/browser/ssl/certificate_error_report.h" |
| 6 | 6 |
| 7 #include <vector> | 7 #include <vector> |
| 8 | 8 |
| 9 #include "base/stl_util.h" | 9 #include "base/stl_util.h" |
| 10 #include "base/strings/string_util.h" |
| 10 #include "base/time/time.h" | 11 #include "base/time/time.h" |
| 11 #include "chrome/browser/ssl/cert_logger.pb.h" | 12 #include "chrome/browser/ssl/cert_logger.pb.h" |
| 12 #include "net/cert/cert_status_flags.h" | 13 #include "net/cert/cert_status_flags.h" |
| 13 #include "net/cert/x509_certificate.h" | 14 #include "net/cert/x509_certificate.h" |
| 14 #include "net/ssl/ssl_info.h" | 15 #include "net/ssl/ssl_info.h" |
| 15 | 16 |
| 16 namespace { | 17 namespace { |
| 17 | 18 |
| 18 void AddCertStatusToReportErrors(net::CertStatus cert_status, | 19 void AddCertStatusToReportErrors(net::CertStatus cert_status, |
| 19 CertLoggerRequest* report) { | 20 CertLoggerRequest* report) { |
| (...skipping 21 matching lines...) Expand all Loading... |
| 41 if (cert_status & net::CERT_STATUS_DATE_INVALID) | 42 if (cert_status & net::CERT_STATUS_DATE_INVALID) |
| 42 report->add_cert_error(CertLoggerRequest::ERR_CERT_DATE_INVALID); | 43 report->add_cert_error(CertLoggerRequest::ERR_CERT_DATE_INVALID); |
| 43 if (cert_status & net::CERT_STATUS_VALIDITY_TOO_LONG) | 44 if (cert_status & net::CERT_STATUS_VALIDITY_TOO_LONG) |
| 44 report->add_cert_error(CertLoggerRequest::ERR_CERT_VALIDITY_TOO_LONG); | 45 report->add_cert_error(CertLoggerRequest::ERR_CERT_VALIDITY_TOO_LONG); |
| 45 if (cert_status & net::CERT_STATUS_UNABLE_TO_CHECK_REVOCATION) | 46 if (cert_status & net::CERT_STATUS_UNABLE_TO_CHECK_REVOCATION) |
| 46 report->add_cert_error( | 47 report->add_cert_error( |
| 47 CertLoggerRequest::ERR_CERT_UNABLE_TO_CHECK_REVOCATION); | 48 CertLoggerRequest::ERR_CERT_UNABLE_TO_CHECK_REVOCATION); |
| 48 if (cert_status & net::CERT_STATUS_NO_REVOCATION_MECHANISM) | 49 if (cert_status & net::CERT_STATUS_NO_REVOCATION_MECHANISM) |
| 49 report->add_cert_error(CertLoggerRequest::ERR_CERT_NO_REVOCATION_MECHANISM); | 50 report->add_cert_error(CertLoggerRequest::ERR_CERT_NO_REVOCATION_MECHANISM); |
| 50 } | 51 } |
| 52 |
| 53 bool CertificateChainToString(scoped_refptr<net::X509Certificate> cert, |
| 54 std::string* result) { |
| 55 std::vector<std::string> pem_encoded_chain; |
| 56 if (!cert->GetPEMEncodedChain(&pem_encoded_chain)) |
| 57 return false; |
| 58 |
| 59 *result = JoinString(pem_encoded_chain, std::string()); |
| 60 return true; |
| 61 } |
| 62 |
| 51 } // namespace | 63 } // namespace |
| 52 | 64 |
| 53 CertificateErrorReport::CertificateErrorReport() | 65 CertificateErrorReport::CertificateErrorReport() |
| 54 : cert_report_(new CertLoggerRequest()) { | 66 : cert_report_(new CertLoggerRequest()) { |
| 55 } | 67 } |
| 56 | 68 |
| 57 CertificateErrorReport::CertificateErrorReport(const std::string& hostname, | 69 CertificateErrorReport::CertificateErrorReport(const std::string& hostname, |
| 58 const net::SSLInfo& ssl_info) | 70 const net::SSLInfo& ssl_info) |
| 59 : cert_report_(new CertLoggerRequest()) { | 71 : cert_report_(new CertLoggerRequest()) { |
| 60 base::Time now = base::Time::Now(); | 72 base::Time now = base::Time::Now(); |
| 61 cert_report_->set_time_usec(now.ToInternalValue()); | 73 cert_report_->set_time_usec(now.ToInternalValue()); |
| 62 cert_report_->set_hostname(hostname); | 74 cert_report_->set_hostname(hostname); |
| 63 | 75 |
| 64 std::vector<std::string> pem_encoded_chain; | 76 if (!CertificateChainToString(ssl_info.cert, |
| 65 if (!ssl_info.cert->GetPEMEncodedChain(&pem_encoded_chain)) { | 77 cert_report_->mutable_cert_chain())) { |
| 66 LOG(ERROR) << "Could not get PEM encoded chain."; | 78 LOG(ERROR) << "Could not get PEM encoded chain."; |
| 67 } | 79 } |
| 68 | 80 |
| 69 std::string* cert_chain = cert_report_->mutable_cert_chain(); | 81 if (ssl_info.unverified_cert && |
| 70 for (size_t i = 0; i < pem_encoded_chain.size(); ++i) | 82 !CertificateChainToString( |
| 71 cert_chain->append(pem_encoded_chain[i]); | 83 ssl_info.unverified_cert, |
| 84 cert_report_->mutable_unverified_cert_chain())) { |
| 85 LOG(ERROR) << "Could not get PEM encoded unverified certificate chain."; |
| 86 } |
| 72 | 87 |
| 73 cert_report_->add_pin(ssl_info.pinning_failure_log); | 88 cert_report_->add_pin(ssl_info.pinning_failure_log); |
| 74 | 89 |
| 75 AddCertStatusToReportErrors(ssl_info.cert_status, cert_report_.get()); | 90 AddCertStatusToReportErrors(ssl_info.cert_status, cert_report_.get()); |
| 76 } | 91 } |
| 77 | 92 |
| 78 CertificateErrorReport::~CertificateErrorReport() { | 93 CertificateErrorReport::~CertificateErrorReport() { |
| 79 } | 94 } |
| 80 | 95 |
| 81 bool CertificateErrorReport::InitializeFromString( | 96 bool CertificateErrorReport::InitializeFromString( |
| (...skipping 27 matching lines...) Expand all Loading... |
| 109 break; | 124 break; |
| 110 } | 125 } |
| 111 | 126 |
| 112 interstitial_info->set_user_proceeded(proceed_decision == USER_PROCEEDED); | 127 interstitial_info->set_user_proceeded(proceed_decision == USER_PROCEEDED); |
| 113 interstitial_info->set_overridable(overridable == INTERSTITIAL_OVERRIDABLE); | 128 interstitial_info->set_overridable(overridable == INTERSTITIAL_OVERRIDABLE); |
| 114 } | 129 } |
| 115 | 130 |
| 116 const std::string& CertificateErrorReport::hostname() const { | 131 const std::string& CertificateErrorReport::hostname() const { |
| 117 return cert_report_->hostname(); | 132 return cert_report_->hostname(); |
| 118 } | 133 } |
| OLD | NEW |
|---|
Chromium Code Reviews
Issue 1180313006:
Include unverified server-sent cert chain in reports (Closed)
Base URL: https://chromium.googlesource.com/chromium/src.git@master