Surface SCT (Signed Certificate Timestamp) counts in the Security panel.

content/child/web_url_loader_impl.cc

 // Copyright 2014 The Chromium Authors. All rights reserved.
 // Use of this source code is governed by a BSD-style license that can be
 // found in the LICENSE file.
 
 #include "content/child/web_url_loader_impl.h"
 
 #include <stdint.h>
 #include <algorithm>
 #include <string>
 #include <utility>
+#include <vector>
 
 #include "base/bind.h"
 #include "base/files/file_path.h"
 #include "base/logging.h"
 #include "base/memory/scoped_ptr.h"
 #include "base/single_thread_task_runner.h"
 #include "base/strings/string_util.h"
 #include "base/time/time.h"
 #include "build/build_config.h"
 #include "components/mime_util/mime_util.h"
 #include "components/scheduler/child/web_task_runner_impl.h"
 #include "content/child/child_thread_impl.h"
 #include "content/child/ftp_directory_listing_response_delegate.h"
 #include "content/child/multipart_response_delegate.h"
 #include "content/child/request_extra_data.h"
 #include "content/child/request_info.h"
 #include "content/child/resource_dispatcher.h"
 #include "content/child/shared_memory_data_consumer_handle.h"
 #include "content/child/sync_load_response.h"
 #include "content/child/web_url_request_util.h"
 #include "content/child/weburlresponse_extradata_impl.h"
 #include "content/common/resource_messages.h"
 #include "content/common/resource_request_body.h"
 #include "content/common/service_worker/service_worker_types.h"
 #include "content/common/ssl_status_serialization.h"
 #include "content/public/child/fixed_received_data.h"
 #include "content/public/child/request_peer.h"
 #include "content/public/common/browser_side_navigation_policy.h"
+#include "content/public/common/signed_certificate_timestamp_id_and_status.h"
+#include "content/public/common/ssl_status.h"
 #include "net/base/data_url.h"
 #include "net/base/filename_util.h"
 #include "net/base/net_errors.h"
+#include "net/cert/cert_status_flags.h"
+#include "net/cert/sct_status_flags.h"
 #include "net/http/http_response_headers.h"
 #include "net/http/http_util.h"
 #include "net/ssl/ssl_cipher_suite_names.h"
 #include "net/ssl/ssl_connection_status_flags.h"
 #include "net/url_request/url_request_data_job.h"
 #include "third_party/WebKit/public/platform/WebHTTPLoadInfo.h"
 #include "third_party/WebKit/public/platform/WebSecurityOrigin.h"
 #include "third_party/WebKit/public/platform/WebTraceLocation.h"
 #include "third_party/WebKit/public/platform/WebURL.h"
 #include "third_party/WebKit/public/platform/WebURLError.h"
@@ skipping 178 matching lines @@
     case SECURITY_STYLE_WARNING:
       securityStyle = WebURLResponse::SecurityStyleWarning;
       break;
     case SECURITY_STYLE_AUTHENTICATED:
       securityStyle = WebURLResponse::SecurityStyleAuthenticated;
       break;
   }
 
   response->setSecurityStyle(securityStyle);
 
+  bool is_valid_ev = ssl_status.cert_status & net::CERT_STATUS_IS_EV;
+
+  SignedCertificateTimestampIDStatusList sct_list =
+      ssl_status.signed_certificate_timestamp_ids;
+
+  // Although the number of SCTs is small (usually <= 5), there is no technical
+  // constraint on the number of deserialized SCTs (apart from RAM size), so we
+  // sanity check that the total count fits into an int before counting the
+  // types of SCTs.
+  DCHECK_LT(sct_list.size(),
+            static_cast<size_t>(std::numeric_limits<int>::max()));

[Ryan Sleevi, 2016/01/19 19:39:00]

SECURITY BUG: This is a security check hidden in a DCHECK, which will do nothing
in real code and overflow.

Please consider using safe_numerics or make this check a proper conditional.

[lgarron, 2016/01/22 22:51:27]

I've opted to what you recommend below and use size_t until the last possible
moment where we need to convert to int for the DevTools protocol.

+
+  int num_unknown_scts = 0;
+  int num_invalid_scts = 0;
+  int num_valid_scts = 0;
+
+  SignedCertificateTimestampIDStatusList::iterator iter;
+  for (iter = sct_list.begin(); iter < sct_list.end(); ++iter) {
+    switch (iter->status) {
+      case net::ct::SCT_STATUS_LOG_UNKNOWN:
+        num_unknown_scts++;
+        break;
+      case net::ct::SCT_STATUS_INVALID:
+        num_invalid_scts++;
+        break;
+      case net::ct::SCT_STATUS_OK:
+        num_valid_scts++;
+        break;
+      case net::ct::SCT_STATUS_NONE:
+      case net::ct::SCT_STATUS_MAX:
+        // These enum values do not represent SCTs that are taken into account
+        // for CT compliance calculations, so we ignore them.
+        break;
+    }
+  }
+
   blink::WebString protocol_string = blink::WebString::fromUTF8(protocol);
   blink::WebString cipher_string = blink::WebString::fromUTF8(cipher);
   blink::WebString key_exchange_string =
       blink::WebString::fromUTF8(key_exchange);
   blink::WebString mac_string = blink::WebString::fromUTF8(mac);
   response->setSecurityDetails(protocol_string, key_exchange_string,
-                               cipher_string, mac_string,
-                               ssl_status.cert_id);
+                               cipher_string, mac_string, ssl_status.cert_id,
+                               is_valid_ev, num_unknown_scts, num_invalid_scts,
+                               num_valid_scts);
 }
 
 }  // namespace
 
 // WebURLLoaderImpl::Context --------------------------------------------------
 
 // This inner class exists since the WebURLLoader may be deleted while inside a
 // call to WebURLLoaderClient.  Refcounting is to keep the context from being
 // deleted if it may have work to do after calling into the client.
 class WebURLLoaderImpl::Context : public base::RefCounted<Context>,
@@ skipping 836 matching lines @@
 }
 
 void WebURLLoaderImpl::setLoadingTaskRunner(
     blink::WebTaskRunner* loading_task_runner) {
   // There's no guarantee on the lifetime of |loading_task_runner| so we take a
   // copy.
   context_->SetWebTaskRunner(make_scoped_ptr(loading_task_runner->clone()));
 }
 
 }  // namespace content