Index: chrome/browser/ssl/expect_ct_reporter.cc |
diff --git a/chrome/browser/ssl/expect_ct_reporter.cc b/chrome/browser/ssl/expect_ct_reporter.cc |
new file mode 100644 |
index 0000000000000000000000000000000000000000..febfe267888b59f13c7c562b552094a95f43c54d |
--- /dev/null |
+++ b/chrome/browser/ssl/expect_ct_reporter.cc |
@@ -0,0 +1,45 @@ |
+// Copyright 2015 The Chromium Authors. All rights reserved. |
+// Use of this source code is governed by a BSD-style license that can be |
+// found in the LICENSE file. |
+ |
+#include "chrome/browser/ssl/expect_ct_reporter.h" |
+ |
+#include <string> |
+ |
+#include "net/http/http_response_headers.h" |
+#include "net/http/transport_security_state.h" |
+#include "net/url_request/certificate_report_sender.h" |
+#include "net/url_request/url_request.h" |
+#include "net/url_request/url_request_context.h" |
+ |
+ExpectCTReporter::ExpectCTReporter( |
+ net::URLRequestContext* request_context, |
+ net::TransportSecurityState* transport_security_state) |
+ : report_sender_(new net::CertificateReportSender( |
+ request_context, |
+ net::CertificateReportSender::DO_NOT_SEND_COOKIES)), |
+ transport_security_state_(transport_security_state) {} |
+ |
+ExpectCTReporter::~ExpectCTReporter() {} |
+ |
+void ExpectCTReporter::OnCTComplianceFailed(net::URLRequest* request) { |
+ net::TransportSecurityState::ExpectCTState expect_ct_state; |
+ if (!transport_security_state_->GetStaticExpectCTState(request->url().host(), |
+ &expect_ct_state)) { |
+ // The host for this request is not on the Expect CT preload list, |
+ // so do nothing. |
+ return; |
+ } |
+ |
+ net::HttpResponseHeaders* response_headers = request->response_headers(); |
+ std::string value; |
+ if (!response_headers->EnumerateHeader(nullptr, "Expect-CT", &value) || |
+ value != "preload") { |
+ // The preload list alone is not enough to opt a server in to expect |
+ // CT; the server is not sending the Expect-CT header, so it has |
+ // effectively opted out. |
+ return; |
+ } |
+ |
+ // TODO(estark): build and send a report about the policy violation. |
+} |