OLD | NEW |
(Empty) | |
| 1 // Copyright 2015 The Chromium Authors. All rights reserved. |
| 2 // Use of this source code is governed by a BSD-style license that can be |
| 3 // found in the LICENSE file. |
| 4 |
| 5 #include "net/http/transport_security_reporter.h" |
| 6 |
| 7 #include "base/base64.h" |
| 8 #include "base/json/json_writer.h" |
| 9 #include "base/strings/string_number_conversions.h" |
| 10 #include "base/strings/string_util.h" |
| 11 #include "base/time/time.h" |
| 12 #include "base/values.h" |
| 13 #include "net/ssl/ssl_info.h" |
| 14 #include "net/url_request/url_request_context.h" |
| 15 #include "url/gurl.h" |
| 16 |
| 17 namespace { |
| 18 |
| 19 scoped_ptr<base::ListValue> GetPEMEncodedChainAsList( |
| 20 scoped_refptr<net::X509Certificate> cert_chain) { |
| 21 if (!cert_chain) |
| 22 return scoped_ptr<base::ListValue>(new base::ListValue()); |
| 23 |
| 24 scoped_ptr<base::ListValue> result(new base::ListValue()); |
| 25 std::vector<std::string> pem_encoded_chain; |
| 26 cert_chain->GetPEMEncodedChain(&pem_encoded_chain); |
| 27 for (std::string cert : pem_encoded_chain) |
| 28 result->Append(scoped_ptr<base::Value>(new base::StringValue(cert))); |
| 29 |
| 30 return result.Pass(); |
| 31 } |
| 32 |
| 33 } // namespace |
| 34 |
| 35 namespace net { |
| 36 |
| 37 TransportSecurityReporter::TransportSecurityReporter( |
| 38 TransportSecurityState* state, |
| 39 scoped_ptr<CertificateReportSender> report_sender) |
| 40 : transport_security_state_(state), report_sender_(report_sender.Pass()) { |
| 41 transport_security_state_->SetReporter(this); |
| 42 } |
| 43 |
| 44 TransportSecurityReporter::~TransportSecurityReporter() { |
| 45 transport_security_state_->SetReporter(nullptr); |
| 46 } |
| 47 |
| 48 bool TransportSecurityReporter::GetHPKPReportUri( |
| 49 const TransportSecurityState::DomainState::PKPState& pkp_state, |
| 50 GURL* report_uri) { |
| 51 *report_uri = GURL(pkp_state.report_uri); |
| 52 // TODO(estark): keep track of reports already sent and rate-limit, |
| 53 // break loops |
| 54 return !report_uri->is_empty(); |
| 55 } |
| 56 |
| 57 bool TransportSecurityReporter::BuildHPKPReport( |
| 58 const std::string& hostname, |
| 59 uint16_t port, |
| 60 const base::Time& expiry, |
| 61 bool include_subdomains, |
| 62 const std::string& effective_hostname, |
| 63 const scoped_refptr<X509Certificate>& served_certificate_chain, |
| 64 const scoped_refptr<X509Certificate>& validated_certificate_chain, |
| 65 const HashValueVector& spki_hashes, |
| 66 std::string* serialized_report) { |
| 67 base::DictionaryValue report; |
| 68 base::Time now = base::Time::Now(); |
| 69 // TODO(estark): write times in RFC3339 format. |
| 70 report.SetString("date-time", base::Int64ToString(now.ToInternalValue())); |
| 71 report.SetString("hostname", hostname); |
| 72 report.SetInteger("port", port); |
| 73 report.SetString("effective-expiration-date", |
| 74 base::Int64ToString(expiry.ToInternalValue())); |
| 75 report.SetBoolean("include-subdomains", include_subdomains); |
| 76 report.SetString("noted-hostname", effective_hostname); |
| 77 |
| 78 scoped_ptr<base::ListValue> served_certificate_chain_list = |
| 79 GetPEMEncodedChainAsList(served_certificate_chain); |
| 80 scoped_ptr<base::ListValue> validated_certificate_chain_list = |
| 81 GetPEMEncodedChainAsList(validated_certificate_chain); |
| 82 report.Set("served-certificate-chain", served_certificate_chain_list.Pass()); |
| 83 report.Set("validated-certificate-chain", |
| 84 validated_certificate_chain_list.Pass()); |
| 85 |
| 86 scoped_ptr<base::ListValue> knownPinList(new base::ListValue()); |
| 87 for (const auto& hash_value : spki_hashes) { |
| 88 std::string known_pin; |
| 89 |
| 90 switch (hash_value.tag) { |
| 91 case HASH_VALUE_SHA1: |
| 92 known_pin += "pin-sha1="; |
| 93 break; |
| 94 case HASH_VALUE_SHA256: |
| 95 known_pin += "pin-sha256="; |
| 96 break; |
| 97 default: |
| 98 NOTREACHED(); |
| 99 } |
| 100 |
| 101 std::string base64_value; |
| 102 base::Base64Encode( |
| 103 base::StringPiece(reinterpret_cast<const char*>(hash_value.data()), |
| 104 hash_value.size()), |
| 105 &base64_value); |
| 106 known_pin += "\"" + base64_value + "\""; |
| 107 |
| 108 knownPinList->Append( |
| 109 scoped_ptr<base::Value>(new base::StringValue(known_pin))); |
| 110 } |
| 111 |
| 112 report.Set("known-pins", knownPinList.Pass()); |
| 113 |
| 114 return base::JSONWriter::Write(report, serialized_report); |
| 115 } |
| 116 |
| 117 void TransportSecurityReporter::SendHPKPReport(const GURL& report_uri, |
| 118 const std::string& report) { |
| 119 report_sender_->Send(report_uri, report); |
| 120 } |
| 121 } // namespace net |
OLD | NEW |