Implement a skeleton version of Expect CT reports

net/http/transport_security_state.h

 // Copyright (c) 2012 The Chromium Authors. All rights reserved.
 // Use of this source code is governed by a BSD-style license that can be
 // found in the LICENSE file.
 
 #ifndef NET_HTTP_TRANSPORT_SECURITY_STATE_H_
 #define NET_HTTP_TRANSPORT_SECURITY_STATE_H_
 
 #include <stdint.h>
 
 #include <map>
@@ skipping 188 matching lines @@
   // An interface for asynchronously sending HPKP violation reports.
   class NET_EXPORT ReportSender {
    public:
     // Sends the given serialized |report| to |report_uri|.
     virtual void Send(const GURL& report_uri, const std::string& report) = 0;
 
    protected:
     virtual ~ReportSender() {}
   };
 
+  // An interface for building and asynchronously sending reports when a
+  // site expects valid Certificate Transparency information but it
+  // wasn't supplied.
+  class NET_EXPORT ExpectCTReporter {
+   public:
+    // Called when the host in |host_port_pair| has opted in to have
+    // reports about Expect CT policy violations sent to |report_uri|,
+    // and such a violation has occurred.
+    virtual void OnExpectCTFailed(const net::HostPortPair& host_port_pair,
+                                  const GURL& report_uri,
+                                  const net::SSLInfo& ssl_info) = 0;
+
+   protected:
+    virtual ~ExpectCTReporter() {}
+  };
+
   // Indicates whether or not a public key pin check should send a
   // report if a violation is detected.
   enum PublicKeyPinReportStatus { ENABLE_PIN_REPORTS, DISABLE_PIN_REPORTS };
 
   TransportSecurityState();
   ~TransportSecurityState();
 
   // These functions search for static and dynamic STS and PKP states, and
   // invoke the functions of the same name on them. These functions are the
   // primary public interface; direct access to STS and PKP states is best
@@ skipping 11 matching lines @@
 
   // Assign a |Delegate| for persisting the transport security state. If
   // |NULL|, state will not be persisted. The caller retains
   // ownership of |delegate|.
   // Note: This is only used for serializing/deserializing the
   // TransportSecurityState.
   void SetDelegate(Delegate* delegate);
 
   void SetReportSender(ReportSender* report_sender);
 
+  void SetExpectCTReporter(ExpectCTReporter* expect_ct_reporter);
+
   // Clears all dynamic data (e.g. HSTS and HPKP data).
   //
   // Does NOT persist changes using the Delegate, as this function is only
   // used to clear any dynamic data prior to re-loading it from a file.
   // Note: This is only used for serializing/deserializing the
   // TransportSecurityState.
   void ClearDynamicData();
 
   // Inserts |state| into |enabled_sts_hosts_| under the key |hashed_host|.
   // |hashed_host| is already in the internal representation.
@@ skipping 31 matching lines @@
   bool GetStaticDomainState(const std::string& host,
                             STSState* sts_result,
                             PKPState* pkp_result) const;
 
   // Returns true iff there is static (built-in) state for |host| that
   // references the Google pins.
   // TODO(rch): Remove this temporary gross layering violation once QUIC 32 is
   // deployed.
   bool IsGooglePinnedHost(const std::string& host) const;
 
-  // Returns true and updates |*expect_ct_result| iff there is a static
-  // (built-in) state for |host| with expect_ct=true.
-  bool GetStaticExpectCTState(const std::string& host,
-                              ExpectCTState* expect_ct_result) const;
-
   // Returns true and updates |*result| iff |host| has HSTS (respectively, HPKP)
   // state. If multiple HSTS (respectively, HPKP) entries match |host|,  the
   // most specific match determines the HSTS (respectively, HPKP) return value.
   //
   // Note that these methods are not const because they opportunistically remove
   // entries that have expired.
   bool GetDynamicSTSState(const std::string& host, STSState* result);
   bool GetDynamicPKPState(const std::string& host, PKPState* result);
 
   // Processes an HSTS header value from the host, adding entries to
@@ skipping 23 matching lines @@
                const GURL& report_uri);
 
   // Parses |value| as a Public-Key-Pins-Report-Only header value and
   // sends a HPKP report for |host_port_pair| if |ssl_info| violates the
   // pin. Returns true if |value| parses and includes a valid
   // report-uri, and false otherwise.
   bool ProcessHPKPReportOnlyHeader(const std::string& value,
                                    const HostPortPair& host_port_pair,
                                    const SSLInfo& ssl_info);
 
+  // Parses |value| as a Expect CT header value and sends an Expect CT
+  // report for |host_port_pair| if the following conditions are true:
+  // 1. The header value is "preload", indicating that the site wants to
+  // be opted in to Expect CT.
+  // 2. The given host is present on the Expect CT preload list with a
+  // valid report-uri, and the build is timely (i.e. preload list is fresh).
+  // 3. |ssl_info| indicates that the connection violated the Expect CT policy.
+  // 4. An Expect CT reporter has been provided with SetExpectCTReporter().
+  void ProcessExpectCTHeader(const std::string& value,
+                             const HostPortPair& host_port_pair,
+                             const SSLInfo& ssl_info);
+
   // The maximum number of seconds for which we'll cache an HSTS request.
   static const long int kMaxHSTSAgeSecs;
 
  private:
   friend class TransportSecurityStateTest;
   FRIEND_TEST_ALL_PREFIXES(HttpSecurityHeadersTest, UpdateDynamicPKPOnly);
   FRIEND_TEST_ALL_PREFIXES(HttpSecurityHeadersTest, UpdateDynamicPKPMaxAge0);
   FRIEND_TEST_ALL_PREFIXES(HttpSecurityHeadersTest, NoClobberPins);
+  FRIEND_TEST_ALL_PREFIXES(URLRequestTestHTTP, ExpectCTHeader);
 
   typedef std::map<std::string, STSState> STSStateMap;
   typedef std::map<std::string, PKPState> PKPStateMap;
 
   // Send an UMA report on pin validation failure, if the host is in a
   // statically-defined list of domains.
   //
   // TODO(palmer): This doesn't really belong here, and should be moved into
   // the exactly one call site. This requires unifying |struct HSTSPreload|
   // (an implementation detail of this class) with a more generic
@@ skipping 49 matching lines @@
   // |validated_certificate_chain|.
   bool CheckPinsAndMaybeSendReport(
       const HostPortPair& host_port_pair,
       const TransportSecurityState::PKPState& pkp_state,
       const HashValueVector& hashes,
       const X509Certificate* served_certificate_chain,
       const X509Certificate* validated_certificate_chain,
       const TransportSecurityState::PublicKeyPinReportStatus report_status,
       std::string* failure_log);
 
+  // Returns true and updates |*expect_ct_result| iff there is a static
+  // (built-in) state for |host| with expect_ct=true.
+  bool GetStaticExpectCTState(const std::string& host,
+                              ExpectCTState* expect_ct_result) const;
+
   // The sets of hosts that have enabled TransportSecurity. |domain| will always
   // be empty for a STSState or PKPState in these maps; the domain
   // comes from the map keys instead. In addition, |upgrade_mode| in the
   // STSState is never MODE_DEFAULT and |HasPublicKeyPins| in the PKPState
   // always returns true.
   STSStateMap enabled_sts_hosts_;
   PKPStateMap enabled_pkp_hosts_;
 
   Delegate* delegate_;
 
   ReportSender* report_sender_;
 
   // True if static pins should be used.
   bool enable_static_pins_;
 
   // True if static expect-CT state should be used.
   bool enable_static_expect_ct_;
 
+  ExpectCTReporter* expect_ct_reporter_;
+
   // Keeps track of reports that have been sent recently for
   // rate-limiting.
   ExpiringCache<std::string, bool, base::TimeTicks, std::less<base::TimeTicks>>
       sent_reports_cache_;
 
   DISALLOW_COPY_AND_ASSIGN(TransportSecurityState);
 };
 
 }  // namespace net
 
 #endif  // NET_HTTP_TRANSPORT_SECURITY_STATE_H_