Surface SCT (Signed Certificate Timestamp) counts in the Security panel.

third_party/WebKit/Source/devtools/protocol.json

Index: third_party/WebKit/Source/devtools/protocol.json
diff --git a/third_party/WebKit/Source/devtools/protocol.json b/third_party/WebKit/Source/devtools/protocol.json
index bb97598aa6fdd216a6dd6de4c57a55c0794a6d3c..54a003be943974c63b7c0b005ce35c0a80ab359c 100644
--- a/third_party/WebKit/Source/devtools/protocol.json
+++ b/third_party/WebKit/Source/devtools/protocol.json
@@ -1234,6 +1234,17 @@
                 ]
             },
             {
+                "id": "CertificateValidationDetails",
+                "type": "object",
+                "description": "Details about the validation status of a request's certificate.",
+                "properties": [
+                    { "name": "isValidEv", "type": "boolean", "description": "Whether the certificate is valid as an Extended Validation (EV) certificate." },
+                    { "name": "numUnknownScts", "type": "integer", "description": "The number of SCTs from unknown logs." },
+                    { "name": "numInvalidScts", "type": "integer", "description": "The number of invalid SCTs." },
+                    { "name": "numValidScts", "type": "integer", "description": "The number of valid SCTs." }
+                ]
+            },
+            {
                 "id": "SecurityDetails",
                 "type": "object",
                 "description": "Security details about a request.",
@@ -1242,7 +1253,8 @@
                     { "name": "keyExchange", "type": "string", "description": "Key Exchange used by the connection." },
                     { "name": "cipher", "type": "string", "description": "Cipher name." },
                     { "name": "mac", "type": "string", "optional": true, "description": "TLS MAC. Note that AEAD ciphers do not have separate MACs." },
-                    { "name": "certificateId", "$ref": "CertificateId", "description": "Certificate ID value." }
+                    { "name": "certificateId", "$ref": "CertificateId", "description": "Certificate ID value." },
+                    { "name": "certificateValidationDetails", "$ref": "CertificateValidationDetails", "optional": true, "description": "Validation details for the request's certficate." }
                 ]
             },
             {
@@ -1514,6 +1526,20 @@
                 "handlers": ["browser"]
             },
             {
+                "name": "getCertificateTransparencySummary",
+                "description": "Returns a phrase summarizing the Certificate Transparency state of a certificate with the given parameters..",

[Ryan Sleevi, 2016/01/23 01:00:50]

This is tied to an individual socket, right? Because the CT status is
per-connection.

[lgarron, 2016/01/23 01:09:03]

Yes, you're right, is a slightly sloppy description. At the DevTools level,
we're aware that this is request-specific, but currently still show results from
the first request to the origin.

How about changing "certificate" to "request"?

+                "parameters": [
+                    { "name": "isValidEV", "type": "boolean", "description": "Whether the certificate is valid as an Extended Validation (EV) certificate." },

[pfeldman, 2016/01/19 17:54:49]

These seem to match the ones returned with the SecurityDetails. Why is the
summary not a part of the details?

[lgarron, 2016/01/22 22:51:28]

The calculation is a Chrome-specific policy that should be done in /chrome
(right now, it's done in
/chrome/browser/ui/website_settings/website_settings.cc).
In order to attach it to the details, we'd either need to calculate and attach
the string to the security info for every resource [1] (regardless of whether
DevTools is active), or do it in /content/child/web_url_loader_impl.cc or below
(which is inappropriate).

This CL contains the best way I currently know how to do it, which is to send
these values to DevTools, and have it send a request up to the browser when it
needs the summary string. Similar to how we handle certificate details (a
conditional query to the browser process) and certificateViewer (which needs to
call up to /chrome/browse).

[1]
https://code.google.com/p/chromium/codesearch#chromium/src/content/browser/lo...

[pfeldman, 2016/01/23 00:57:25]

Is there a primary key that you could use to reference it? certificateId?

+                    { "name": "numUnknownScts", "type": "integer", "description": "The number of SCTs from unknown logs." },
+                    { "name": "numInvalidScts", "type": "integer", "description": "The number of invalid SCTs." },
+                    { "name": "numValidScts", "type": "integer", "description": "The number of valid SCTs." }
+                ],
+                "returns": [
+                    { "name": "summary", "type": "string", "description": "Certificate Transparency summary." }
+                ],
+                "handlers": ["browser"]
+            },
+            {
                 "name": "showCertificateViewer",
                 "description": "Displays native dialog with the certificate details.",
                 "parameters": [