OLD | NEW |
---|---|
(Empty) | |
1 // Copyright 2015 The Chromium Authors. All rights reserved. | |
2 // Use of this source code is governed by a BSD-style license that can be | |
3 // found in the LICENSE file. | |
4 | |
5 #include "net/http/transport_security_reporter.h" | |
6 | |
7 #include "base/base64.h" | |
8 #include "base/json/json_writer.h" | |
9 #include "base/strings/string_number_conversions.h" | |
10 #include "base/strings/string_util.h" | |
11 #include "base/time/time.h" | |
12 #include "base/values.h" | |
13 #include "net/ssl/ssl_info.h" | |
14 #include "net/url_request/url_request_context.h" | |
15 #include "url/gurl.h" | |
16 | |
17 namespace { | |
18 | |
19 scoped_ptr<base::ListValue> GetPEMEncodedChainAsList( | |
20 const net::X509Certificate* cert_chain) { | |
21 if (!cert_chain) | |
22 return scoped_ptr<base::ListValue>(new base::ListValue()); | |
davidben
2015/07/22 21:36:42
You can also write
return make_scoped_ptr(new ba
estark
2015/07/23 00:03:57
Done.
| |
23 | |
24 scoped_ptr<base::ListValue> result(new base::ListValue()); | |
25 std::vector<std::string> pem_encoded_chain; | |
26 cert_chain->GetPEMEncodedChain(&pem_encoded_chain); | |
27 for (std::string cert : pem_encoded_chain) | |
davidben
2015/07/22 21:36:42
std::string -> const std::string&
estark
2015/07/23 00:03:57
Done.
| |
28 result->Append(scoped_ptr<base::Value>(new base::StringValue(cert))); | |
davidben
2015/07/22 21:36:42
I think make_scoped_ptr will work here too.
estark
2015/07/23 00:03:57
Done.
| |
29 | |
30 return result.Pass(); | |
31 } | |
32 | |
33 } // namespace | |
34 | |
35 namespace net { | |
36 | |
37 TransportSecurityReporter::TransportSecurityReporter( | |
38 TransportSecurityState* state, | |
39 scoped_ptr<CertificateReportSender> report_sender) | |
40 : transport_security_state_(state), report_sender_(report_sender.Pass()) { | |
41 transport_security_state_->SetReporter(this); | |
42 } | |
43 | |
44 TransportSecurityReporter::~TransportSecurityReporter() { | |
45 transport_security_state_->SetReporter(nullptr); | |
46 } | |
47 | |
48 bool TransportSecurityReporter::GetHPKPReport( | |
49 const std::string& hostname, | |
50 const TransportSecurityState::PKPState& pkp_state, | |
51 bool is_static_pin, | |
52 uint16_t port, | |
53 const X509Certificate* served_certificate_chain, | |
54 const X509Certificate* validated_certificate_chain, | |
55 GURL* report_uri, | |
56 std::string* serialized_report) { | |
57 // TODO(estark): keep track of reports already sent and rate-limit, | |
58 // break loops | |
59 if (pkp_state.report_uri.is_empty()) | |
60 return false; | |
61 | |
62 base::DictionaryValue report; | |
63 base::Time now = base::Time::Now(); | |
64 // TODO(estark): write times in RFC3339 format. | |
65 report.SetString("date-time", base::Int64ToString(now.ToInternalValue())); | |
davidben
2015/07/22 21:36:42
Here, you can just nab this code:
https://code.goo
estark
2015/07/23 00:03:57
Done. (I just copied and pasted it -- not sure if
| |
66 report.SetString("hostname", hostname); | |
67 report.SetInteger("port", port); | |
68 report.SetString("effective-expiration-date", | |
69 base::Int64ToString(pkp_state.expiry.ToInternalValue())); | |
70 report.SetBoolean("include-subdomains", pkp_state.include_subdomains); | |
71 report.SetString("noted-hostname", pkp_state.domain); | |
72 | |
73 scoped_ptr<base::ListValue> served_certificate_chain_list = | |
74 GetPEMEncodedChainAsList(served_certificate_chain); | |
75 scoped_ptr<base::ListValue> validated_certificate_chain_list = | |
76 GetPEMEncodedChainAsList(validated_certificate_chain); | |
77 report.Set("served-certificate-chain", served_certificate_chain_list.Pass()); | |
78 report.Set("validated-certificate-chain", | |
79 validated_certificate_chain_list.Pass()); | |
80 | |
81 scoped_ptr<base::ListValue> knownPinList(new base::ListValue()); | |
82 for (const auto& hash_value : pkp_state.spki_hashes) { | |
83 std::string known_pin; | |
84 | |
85 switch (hash_value.tag) { | |
86 case HASH_VALUE_SHA1: | |
87 known_pin += "pin-sha1="; | |
88 break; | |
89 case HASH_VALUE_SHA256: | |
90 known_pin += "pin-sha256="; | |
91 break; | |
92 default: | |
93 NOTREACHED(); | |
davidben
2015/07/22 21:36:43
Probably also want a
return false;
(Or perhaps
estark
2015/07/23 00:03:57
Done (the latter).
| |
94 } | |
95 | |
96 std::string base64_value; | |
97 base::Base64Encode( | |
98 base::StringPiece(reinterpret_cast<const char*>(hash_value.data()), | |
99 hash_value.size()), | |
100 &base64_value); | |
101 known_pin += "\"" + base64_value + "\""; | |
102 | |
103 knownPinList->Append( | |
104 scoped_ptr<base::Value>(new base::StringValue(known_pin))); | |
105 } | |
106 | |
107 report.Set("known-pins", knownPinList.Pass()); | |
108 | |
109 if (!base::JSONWriter::Write(report, serialized_report)) { | |
110 LOG(ERROR) << "Failed to serialize HPKP violation report."; | |
111 return false; | |
112 } | |
113 | |
114 *report_uri = pkp_state.report_uri; | |
115 return true; | |
116 } | |
117 | |
118 void TransportSecurityReporter::SendHPKPReport(const GURL& report_uri, | |
119 const std::string& report) { | |
120 report_sender_->Send(report_uri, report); | |
121 } | |
122 } // namespace net | |
OLD | NEW |