Build and send HPKP violation reports

net/http/transport_security_state.h

Index: net/http/transport_security_state.h
diff --git a/net/http/transport_security_state.h b/net/http/transport_security_state.h
index 2f97d9d34e5a6a20be27b1bcb1b96bbbad56c187..441e576c5b65d2a0bbf703fc5b924066452a0b87 100644
--- a/net/http/transport_security_state.h
+++ b/net/http/transport_security_state.h
@@ -5,12 +5,13 @@
 #ifndef NET_HTTP_TRANSPORT_SECURITY_STATE_H_
 #define NET_HTTP_TRANSPORT_SECURITY_STATE_H_
 
+#include <stdint.h>
+
 #include <map>
 #include <string>
 #include <utility>
 #include <vector>
 
-#include "base/basictypes.h"
 #include "base/gtest_prod_util.h"
 #include "base/threading/non_thread_safe.h"
 #include "base/time/time.h"
@@ -19,6 +20,8 @@
 #include "net/cert/x509_certificate.h"
 #include "url/gurl.h"
 
+class GURL;
+
 namespace net {
 
 class SSLInfo;
@@ -46,9 +49,6 @@ class NET_EXPORT TransportSecurityState
     virtual ~Delegate() {}
   };
 
-  TransportSecurityState();
-  ~TransportSecurityState();
-
   // A STSState describes the strict transport security state (required
   // upgrade to HTTPS).
   class NET_EXPORT STSState {
@@ -179,10 +179,47 @@ class NET_EXPORT TransportSecurityState
     std::map<std::string, PKPState>::const_iterator end_;
   };
 
+  class NET_EXPORT Reporter {
+   public:
+    // Determines if a HPKP violation report should be sent for the
+    // given |hostname|, which was found to violate the pins in
+    // |pkp_state|. Returns true if the report should be sent, with the
+    // report URI in |report_uri| and the serialized report in
+    // |serialized_report|, and false otherwise. Allows embedders to
+    // override the report uri and/or format for some pins.
+    //
+    // Additional information to be included in the report (beyond
+    // fields in |pkp_state|):
+    //
+    // - The |port| of the request that violated the pin.
+    // - |served_certificate_chain| and |validated_certificate_chain|,
+    //   the certificate chains as received by the client and as built
+    //   during certificate verification.
+    virtual bool GetHPKPReport(
+        const std::string& hostname,
+        const PKPState& pkp_state,
+        bool is_static_pin,
+        uint16_t port,

[davidben, 2015/07/22 21:36:43]

hostname and port can be folded together to a HostPortPair. Which, conveniently,
is the structure that SSLClientSocket uses internally.

[estark, 2015/07/23 00:03:57]

Done.

+        const X509Certificate* served_certificate_chain,
+        const X509Certificate* validated_certificate_chain,
+        GURL* report_uri,
+        std::string* serialized_report) = 0;
+
+    // Sends the given serialized |report| to |report_uri|.
+    virtual void SendHPKPReport(const GURL& report_uri,
+                                const std::string& report) = 0;
+
+   protected:
+    virtual ~Reporter() {}
+  };
+
+  TransportSecurityState();
+  ~TransportSecurityState();
+
   // These functions search for static and dynamic STS and PKP states, and
-  // invoke the
-  // functions of the same name on them. These functions are the primary public
-  // interface; direct access to STS and PKP states is best left to tests.
+  // invoke the functions of the same name on them. These functions are the
+  // primary public interface; direct access to STS and PKP states is best
+  // left to tests.
   bool ShouldSSLErrorsBeFatal(const std::string& host);
   bool ShouldUpgradeToSSL(const std::string& host);
   bool CheckPublicKeyPins(const std::string& host,
@@ -198,6 +235,8 @@ class NET_EXPORT TransportSecurityState
   // TransportSecurityState.
   void SetDelegate(Delegate* delegate);
 
+  void SetReporter(Reporter* reporter);
+
   // Clears all dynamic data (e.g. HSTS and HPKP data).
   //
   // Does NOT persist changes using the Delegate, as this function is only
@@ -351,6 +390,8 @@ class NET_EXPORT TransportSecurityState
 
   Delegate* delegate_;
 
+  Reporter* reporter_;
+
   // True if static pins should be used.
   bool enable_static_pins_;