chrome/browser/ssl/expect_ct_reporter.cc - Issue 1579063002: Implement a skeleton version of Expect CT reports

Keyboard Shortcuts

	File
u :	up to issue
j / k :	jump to file after / before current file
J / K :	jump to next file with a comment after / before current file
	Side-by-side diff
i :	toggle intra-line diffs
e :	expand all comments
c :	collapse all comments
s :	toggle showing all comments
n / p :	next / previous diff chunk or comment
N / P :	next / previous comment
<Up> / <Down> :	next / previous line

	Issue
u :	up to list of issues
j / k :	jump to patch after / before current patch
o / <Enter> :	open current patch in side-by-side view
i :	open current patch in unified diff view

	Issue List
j / k :	jump to issue after / before current issue
o / <Enter> :	open current issue

Unified Diff: chrome/browser/ssl/expect_ct_reporter.cc

Issue 1579063002: Implement a skeleton version of Expect CT reports (Closed) Base URL: https://chromium.googlesource.com/chromium/src.git@master

Patch Set: rebase Created 4 years, 11 months ago

Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.

Jump to:

View side-by-side diff with in-line comments

Download patch

« chrome/browser/net/chrome_network_delegate.cc ('K') | « chrome/browser/ssl/expect_ct_reporter.h ('k') | chrome/chrome_browser.gypi » ('j') | net/quic/crypto/proof_verifier_chromium.cc » ('J')
Expand Comments ('e') | Collapse Comments ('c') | Hide Comments ('s')

Index: chrome/browser/ssl/expect_ct_reporter.cc

diff --git a/chrome/browser/ssl/expect_ct_reporter.cc b/chrome/browser/ssl/expect_ct_reporter.cc

new file mode 100644

index 0000000000000000000000000000000000000000..febfe267888b59f13c7c562b552094a95f43c54d

--- /dev/null

+++ b/chrome/browser/ssl/expect_ct_reporter.cc

@@ -0,0 +1,45 @@

+// Use of this source code is governed by a BSD-style license that can be

+// found in the LICENSE file.

+#include "chrome/browser/ssl/expect_ct_reporter.h"

+#include <string>

+#include "net/http/http_response_headers.h"

+#include "net/http/transport_security_state.h"

+#include "net/url_request/certificate_report_sender.h"

+#include "net/url_request/url_request.h"

+#include "net/url_request/url_request_context.h"

+ExpectCTReporter::ExpectCTReporter(

+ net::URLRequestContext* request_context,

+ net::TransportSecurityState* transport_security_state)

+ : report_sender_(new net::CertificateReportSender(

+ request_context,

+ net::CertificateReportSender::DO_NOT_SEND_COOKIES)),

+ transport_security_state_(transport_security_state) {}

+ExpectCTReporter::~ExpectCTReporter() {}

+void ExpectCTReporter::OnCTComplianceFailed(net::URLRequest* request) {

+ net::TransportSecurityState::ExpectCTState expect_ct_state;

+ if (!transport_security_state_->GetStaticExpectCTState(request->url().host(),

+ &expect_ct_state)) {

+ // The host for this request is not on the Expect CT preload list,

+ // so do nothing.

+ return;

+ }

+ net::HttpResponseHeaders* response_headers = request->response_headers();

+ std::string value;

+ if (!response_headers->EnumerateHeader(nullptr, "Expect-CT", &value) ||

+ value != "preload") {

+ // The preload list alone is not enough to opt a server in to expect

+ // CT; the server is not sending the Expect-CT header, so it has

+ // effectively opted out.

+ return;

+ }

+ // TODO(estark): build and send a report about the policy violation.

« chrome/browser/net/chrome_network_delegate.cc ('K') | « chrome/browser/ssl/expect_ct_reporter.h ('k') | chrome/chrome_browser.gypi » ('j') | net/quic/crypto/proof_verifier_chromium.cc » ('J')