Chromium Code Reviews Chromium Code Reviews
Issue 1212973002:
Add net::CertificateReportSender for handling cert report sending (Closed)
Base URL: https://chromium.googlesource.com/chromium/src.git@master| OLD | NEW |
|---|---|
| 1 // Copyright 2015 The Chromium Authors. All rights reserved. | 1 // Copyright 2015 The Chromium Authors. All rights reserved. |
| 2 // Use of this source code is governed by a BSD-style license that can be | 2 // Use of this source code is governed by a BSD-style license that can be |
| 3 // found in the LICENSE file. | 3 // found in the LICENSE file. |
| 4 | 4 |
| 5 #include "chrome/browser/net/certificate_error_reporter.h" | 5 #include "chrome/browser/net/certificate_error_reporter.h" |
| 6 | 6 |
| 7 #include <set> | 7 #include <set> |
| 8 | 8 |
| 9 #include "base/logging.h" | 9 #include "base/logging.h" |
| 10 #include "chrome/browser/net/encrypted_cert_logger.pb.h" | 10 #include "chrome/browser/net/encrypted_cert_logger.pb.h" |
| 11 | 11 |
| 12 #if defined(USE_OPENSSL) | 12 #if defined(USE_OPENSSL) |
| 13 #include "crypto/aead_openssl.h" | 13 #include "crypto/aead_openssl.h" |
| 14 #endif | 14 #endif |
| 15 | 15 |
| 16 #include "crypto/curve25519.h" | 16 #include "crypto/curve25519.h" |
| 17 #include "crypto/hkdf.h" | 17 #include "crypto/hkdf.h" |
| 18 #include "crypto/random.h" | 18 #include "crypto/random.h" |
| 19 #include "net/base/elements_upload_data_stream.h" | 19 #include "net/url_request/certificate_report_sender.h" |
| 20 #include "net/base/load_flags.h" | |
| 21 #include "net/base/request_priority.h" | |
| 22 #include "net/base/upload_bytes_element_reader.h" | |
| 23 #include "net/url_request/url_request_context.h" | 20 #include "net/url_request/url_request_context.h" |
|
mattm
2015/07/28 00:15:54
The forward declaration should be sufficient.
estark
2015/07/28 00:28:57
Done.
| |
| 24 | 21 |
| 25 namespace { | 22 namespace { |
| 26 | 23 |
| 27 // Constants used for crypto | 24 // Constants used for crypto |
| 28 static const uint8 kServerPublicKey[] = { | 25 static const uint8 kServerPublicKey[] = { |
| 29 0x51, 0xcc, 0x52, 0x67, 0x42, 0x47, 0x3b, 0x10, 0xe8, 0x63, 0x18, | 26 0x51, 0xcc, 0x52, 0x67, 0x42, 0x47, 0x3b, 0x10, 0xe8, 0x63, 0x18, |
| 30 0x3c, 0x61, 0xa7, 0x96, 0x76, 0x86, 0x91, 0x40, 0x71, 0x39, 0x5f, | 27 0x3c, 0x61, 0xa7, 0x96, 0x76, 0x86, 0x91, 0x40, 0x71, 0x39, 0x5f, |
| 31 0x31, 0x1a, 0x39, 0x5b, 0x76, 0xb1, 0x6b, 0x3d, 0x6a, 0x2b}; | 28 0x31, 0x1a, 0x39, 0x5b, 0x76, 0xb1, 0x6b, 0x3d, 0x6a, 0x2b}; |
| 32 static const uint32 kServerPublicKeyVersion = 1; | 29 static const uint32 kServerPublicKeyVersion = 1; |
| 33 | 30 |
| (...skipping 46 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... | |
| 80 } | 77 } |
| 81 #endif | 78 #endif |
| 82 | 79 |
| 83 } // namespace | 80 } // namespace |
| 84 | 81 |
| 85 namespace chrome_browser_net { | 82 namespace chrome_browser_net { |
| 86 | 83 |
| 87 CertificateErrorReporter::CertificateErrorReporter( | 84 CertificateErrorReporter::CertificateErrorReporter( |
| 88 net::URLRequestContext* request_context, | 85 net::URLRequestContext* request_context, |
| 89 const GURL& upload_url, | 86 const GURL& upload_url, |
| 90 CookiesPreference cookies_preference) | 87 net::CertificateReportSender::CookiesPreference cookies_preference) |
| 91 : CertificateErrorReporter(request_context, | 88 : CertificateErrorReporter(upload_url, |
| 92 upload_url, | |
| 93 cookies_preference, | |
| 94 kServerPublicKey, | 89 kServerPublicKey, |
| 95 kServerPublicKeyVersion) { | 90 kServerPublicKeyVersion, |
| 96 } | 91 make_scoped_ptr(new net::CertificateReportSender( |
| 92 request_context, | |
| 93 cookies_preference))) {} | |
| 97 | 94 |
| 98 CertificateErrorReporter::CertificateErrorReporter( | 95 CertificateErrorReporter::CertificateErrorReporter( |
| 99 net::URLRequestContext* request_context, | |
| 100 const GURL& upload_url, | 96 const GURL& upload_url, |
| 101 CookiesPreference cookies_preference, | |
| 102 const uint8 server_public_key[32], | 97 const uint8 server_public_key[32], |
| 103 const uint32 server_public_key_version) | 98 const uint32 server_public_key_version, |
| 104 : request_context_(request_context), | 99 scoped_ptr<net::CertificateReportSender> certificate_report_sender) |
| 100 : certificate_report_sender_(certificate_report_sender.Pass()), | |
| 105 upload_url_(upload_url), | 101 upload_url_(upload_url), |
| 106 cookies_preference_(cookies_preference), | |
| 107 server_public_key_(server_public_key), | 102 server_public_key_(server_public_key), |
| 108 server_public_key_version_(server_public_key_version) { | 103 server_public_key_version_(server_public_key_version) { |
| 104 DCHECK(certificate_report_sender_); | |
| 109 DCHECK(!upload_url.is_empty()); | 105 DCHECK(!upload_url.is_empty()); |
| 110 } | 106 } |
| 111 | 107 |
| 112 CertificateErrorReporter::~CertificateErrorReporter() { | 108 CertificateErrorReporter::~CertificateErrorReporter() { |
| 113 STLDeleteElements(&inflight_requests_); | |
| 114 } | 109 } |
| 115 | 110 |
| 116 void CertificateErrorReporter::SendReport( | 111 void CertificateErrorReporter::SendReport( |
| 117 ReportType type, | 112 ReportType type, |
| 118 const std::string& serialized_report) { | 113 const std::string& serialized_report) { |
| 119 switch (type) { | 114 switch (type) { |
| 120 case REPORT_TYPE_PINNING_VIOLATION: | 115 case REPORT_TYPE_PINNING_VIOLATION: |
| 121 SendSerializedRequest(serialized_report); | 116 certificate_report_sender_->Send(upload_url_, serialized_report); |
| 122 break; | 117 break; |
| 123 case REPORT_TYPE_EXTENDED_REPORTING: | 118 case REPORT_TYPE_EXTENDED_REPORTING: |
| 124 if (upload_url_.SchemeIsCryptographic()) { | 119 if (upload_url_.SchemeIsCryptographic()) { |
| 125 SendSerializedRequest(serialized_report); | 120 certificate_report_sender_->Send(upload_url_, serialized_report); |
| 126 } else { | 121 } else { |
| 127 DCHECK(IsHttpUploadUrlSupported()); | 122 DCHECK(IsHttpUploadUrlSupported()); |
| 128 #if defined(USE_OPENSSL) | 123 #if defined(USE_OPENSSL) |
| 129 EncryptedCertLoggerRequest encrypted_report; | 124 EncryptedCertLoggerRequest encrypted_report; |
| 130 if (!EncryptSerializedReport(server_public_key_, | 125 if (!EncryptSerializedReport(server_public_key_, |
| 131 server_public_key_version_, | 126 server_public_key_version_, |
| 132 serialized_report, &encrypted_report)) { | 127 serialized_report, &encrypted_report)) { |
| 133 LOG(ERROR) << "Failed to encrypt serialized report."; | 128 LOG(ERROR) << "Failed to encrypt serialized report."; |
| 134 return; | 129 return; |
| 135 } | 130 } |
| 136 std::string serialized_encrypted_report; | 131 std::string serialized_encrypted_report; |
| 137 encrypted_report.SerializeToString(&serialized_encrypted_report); | 132 encrypted_report.SerializeToString(&serialized_encrypted_report); |
| 138 SendSerializedRequest(serialized_encrypted_report); | 133 certificate_report_sender_->Send(upload_url_, |
| 134 serialized_encrypted_report); | |
| 139 #endif | 135 #endif |
| 140 } | 136 } |
| 141 break; | 137 break; |
| 142 default: | 138 default: |
| 143 NOTREACHED(); | 139 NOTREACHED(); |
| 144 } | 140 } |
| 145 } | 141 } |
| 146 | 142 |
| 147 void CertificateErrorReporter::OnResponseStarted(net::URLRequest* request) { | |
| 148 const net::URLRequestStatus& status(request->status()); | |
| 149 if (!status.is_success()) { | |
| 150 LOG(WARNING) << "Certificate upload failed" | |
| 151 << " status:" << status.status() | |
| 152 << " error:" << status.error(); | |
| 153 } else if (request->GetResponseCode() != 200) { | |
| 154 LOG(WARNING) << "Certificate upload HTTP status: " | |
| 155 << request->GetResponseCode(); | |
| 156 } | |
| 157 RequestComplete(request); | |
| 158 } | |
| 159 | |
| 160 void CertificateErrorReporter::OnReadCompleted(net::URLRequest* request, | |
| 161 int bytes_read) { | |
| 162 } | |
| 163 | |
| 164 scoped_ptr<net::URLRequest> CertificateErrorReporter::CreateURLRequest( | |
| 165 net::URLRequestContext* context) { | |
| 166 scoped_ptr<net::URLRequest> request = | |
| 167 context->CreateRequest(upload_url_, net::DEFAULT_PRIORITY, this); | |
| 168 if (cookies_preference_ != SEND_COOKIES) { | |
| 169 request->SetLoadFlags(net::LOAD_DO_NOT_SEND_COOKIES | | |
| 170 net::LOAD_DO_NOT_SAVE_COOKIES); | |
| 171 } | |
| 172 return request.Pass(); | |
| 173 } | |
| 174 | |
| 175 bool CertificateErrorReporter::IsHttpUploadUrlSupported() { | 143 bool CertificateErrorReporter::IsHttpUploadUrlSupported() { |
| 176 #if defined(USE_OPENSSL) | 144 #if defined(USE_OPENSSL) |
| 177 return true; | 145 return true; |
| 178 #else | 146 #else |
| 179 return false; | 147 return false; |
| 180 #endif | 148 #endif |
| 181 } | 149 } |
| 182 | 150 |
| 183 // Used only by tests. | 151 // Used only by tests. |
| 184 #if defined(USE_OPENSSL) | 152 #if defined(USE_OPENSSL) |
| (...skipping 19 matching lines...) Expand all Loading... | |
| 204 aead.Init(&key); | 172 aead.Init(&key); |
| 205 | 173 |
| 206 // Use an all-zero nonce because the key is random per-message. | 174 // Use an all-zero nonce because the key is random per-message. |
| 207 std::string nonce(aead.NonceLength(), 0); | 175 std::string nonce(aead.NonceLength(), 0); |
| 208 | 176 |
| 209 return aead.Open(encrypted_report.encrypted_report(), nonce, std::string(), | 177 return aead.Open(encrypted_report.encrypted_report(), nonce, std::string(), |
| 210 decrypted_serialized_report); | 178 decrypted_serialized_report); |
| 211 } | 179 } |
| 212 #endif | 180 #endif |
| 213 | 181 |
| 214 void CertificateErrorReporter::SendSerializedRequest( | |
| 215 const std::string& serialized_request) { | |
| 216 scoped_ptr<net::URLRequest> url_request = CreateURLRequest(request_context_); | |
| 217 url_request->set_method("POST"); | |
| 218 | |
| 219 scoped_ptr<net::UploadElementReader> reader( | |
| 220 net::UploadOwnedBytesElementReader::CreateWithString(serialized_request)); | |
| 221 url_request->set_upload( | |
| 222 net::ElementsUploadDataStream::CreateWithReader(reader.Pass(), 0)); | |
| 223 | |
| 224 net::HttpRequestHeaders headers; | |
| 225 headers.SetHeader(net::HttpRequestHeaders::kContentType, | |
| 226 "x-application/chrome-fraudulent-cert-report"); | |
| 227 url_request->SetExtraRequestHeaders(headers); | |
| 228 | |
| 229 net::URLRequest* raw_url_request = url_request.get(); | |
| 230 inflight_requests_.insert(url_request.release()); | |
| 231 raw_url_request->Start(); | |
| 232 } | |
| 233 | |
| 234 void CertificateErrorReporter::RequestComplete(net::URLRequest* request) { | |
| 235 std::set<net::URLRequest*>::iterator i = inflight_requests_.find(request); | |
| 236 DCHECK(i != inflight_requests_.end()); | |
| 237 scoped_ptr<net::URLRequest> url_request(*i); | |
| 238 inflight_requests_.erase(i); | |
| 239 } | |
| 240 | |
| 241 } // namespace chrome_browser_net | 182 } // namespace chrome_browser_net |
| OLD | NEW |
