Chromium Code Reviews
chromiumcodereview-hr@appspot.gserviceaccount.com (chromiumcodereview-hr) | Please choose your nickname with Settings | Help | Chromium Project | Gerrit Changes | Sign out
(515)

Issues Search
    My Issues | Starred     Open | Closed | All

Side by Side Diff: net/http/transport_security_reporter.cc

Issue 1211933005: Initial (partial) implementation of HPKP violation reporting (Closed) Base URL: https://chromium.googlesource.com/chromium/src.git@master
Patch Set: style fixes, comments Created 5 years, 5 months ago
Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.
Jump to:
View unified diff | Download patch
« no previous file with comments | « net/http/transport_security_reporter.h ('k') | net/http/transport_security_state.h » ('j') | no next file with comments »
Toggle Intra-line Diffs ('i') | Expand Comments ('e') | Collapse Comments ('c') | Show Comments Hide Comments ('s')
OLDNEW
(Empty)
1 // Copyright 2015 The Chromium Authors. All rights reserved.
2 // Use of this source code is governed by a BSD-style license that can be
3 // found in the LICENSE file.
4
5 #include "net/http/transport_security_reporter.h"
6
7 #include "base/base64.h"
8 #include "base/json/json_writer.h"
9 #include "base/strings/string_number_conversions.h"
10 #include "base/strings/string_util.h"
11 #include "base/time/time.h"
12 #include "base/values.h"
13 #include "net/ssl/ssl_info.h"
14 #include "net/url_request/url_request_context.h"
15 #include "url/gurl.h"
16
17 namespace {
18
19 scoped_ptr<base::ListValue> GetPEMEncodedChainAsList(
20 scoped_refptr<net::X509Certificate> cert_chain) {
21 if (!cert_chain)
22 return scoped_ptr<base::ListValue>(new base::ListValue());
23
24 scoped_ptr<base::ListValue> result(new base::ListValue());
25 std::vector<std::string> pem_encoded_chain;
26 cert_chain->GetPEMEncodedChain(&pem_encoded_chain);
27 for (std::string cert : pem_encoded_chain)
28 result->Append(scoped_ptr<base::Value>(new base::StringValue(cert)));
29
30 return result.Pass();
31 }
32
33 } // namespace
34
35 namespace net {
36
37 TransportSecurityReporter::TransportSecurityReporter(
38 TransportSecurityState* state,
39 scoped_ptr<CertificateReportSender> report_sender)
40 : transport_security_state_(state), report_sender_(report_sender.Pass()) {
41 transport_security_state_->SetReporter(this);
42 }
43
44 TransportSecurityReporter::~TransportSecurityReporter() {
45 transport_security_state_->SetReporter(nullptr);
46 }
47
48 bool TransportSecurityReporter::GetHPKPReportUri(
49 const TransportSecurityState::DomainState::PKPState& pkp_state,
50 GURL* report_uri) {
51 *report_uri = GURL(pkp_state.report_uri);
52 // TODO(estark): keep track of reports already sent and rate-limit,
53 // break loops
54 return !report_uri->is_empty();
55 }
56
57 bool TransportSecurityReporter::BuildHPKPReport(
58 const std::string& hostname,
59 uint16_t port,
60 const base::Time& expiry,
61 bool include_subdomains,
62 const std::string& effective_hostname,
63 const scoped_refptr<X509Certificate>& served_certificate_chain,
64 const scoped_refptr<X509Certificate>& validated_certificate_chain,
65 const HashValueVector& spki_hashes,
66 std::string* serialized_report) {
67 base::DictionaryValue report;
68 base::Time now = base::Time::Now();
69 // TODO(estark): write times in RFC3339 format.
70 report.SetString("date-time", base::Int64ToString(now.ToInternalValue()));
71 report.SetString("hostname", hostname);
72 report.SetInteger("port", port);
73 report.SetString("effective-expiration-date",
74 base::Int64ToString(expiry.ToInternalValue()));
75 report.SetBoolean("include-subdomains", include_subdomains);
76 report.SetString("noted-hostname", effective_hostname);
77
78 scoped_ptr<base::ListValue> served_certificate_chain_list =
79 GetPEMEncodedChainAsList(served_certificate_chain);
80 scoped_ptr<base::ListValue> validated_certificate_chain_list =
81 GetPEMEncodedChainAsList(validated_certificate_chain);
82 report.Set("served-certificate-chain", served_certificate_chain_list.Pass());
83 report.Set("validated-certificate-chain",
84 validated_certificate_chain_list.Pass());
85
86 scoped_ptr<base::ListValue> knownPinList(new base::ListValue());
87 for (const auto& hash_value : spki_hashes) {
88 std::string known_pin;
89
90 switch (hash_value.tag) {
91 case HASH_VALUE_SHA1:
92 known_pin += "pin-sha1=";
93 break;
94 case HASH_VALUE_SHA256:
95 known_pin += "pin-sha256=";
96 break;
97 default:
98 NOTREACHED();
99 }
100
101 std::string base64_value;
102 base::Base64Encode(
103 base::StringPiece(reinterpret_cast<const char*>(hash_value.data()),
104 hash_value.size()),
105 &base64_value);
106 known_pin += "\"" + base64_value + "\"";
107
108 knownPinList->Append(
109 scoped_ptr<base::Value>(new base::StringValue(known_pin)));
110 }
111
112 report.Set("known-pins", knownPinList.Pass());
113
114 return base::JSONWriter::Write(report, serialized_report);
115 }
116
117 void TransportSecurityReporter::SendHPKPReport(const GURL& report_uri,
118 const std::string& report) {
119 report_sender_->Send(report_uri, report);
120 }
121 } // namespace net
OLDNEW
« no previous file with comments | « net/http/transport_security_reporter.h ('k') | net/http/transport_security_state.h » ('j') | no next file with comments »

Powered by Google App Engine
This is Rietveld 408576698