Addition of Certificate Transparency details to Security panel of DevTools

content/common/ssl_status_serialization.cc

 // Copyright (c) 2012 The Chromium Authors. All rights reserved.
 // Use of this source code is governed by a BSD-style license that can be
 // found in the LICENSE file.
 
 #include "content/common/ssl_status_serialization.h"
 
 #include <stdint.h>
+#include <string>
 
 #include "base/logging.h"
 #include "base/pickle.h"
 
 namespace {
 
 // Checks that an integer |security_style| is a valid SecurityStyle enum
 // value. Returns true if valid, false otherwise.
 bool CheckSecurityStyle(int security_style) {
   switch (security_style) {
@@ skipping 18 matching lines @@
   pickle.WriteUInt32(ssl_status.cert_status);
   pickle.WriteInt(ssl_status.security_bits);
   pickle.WriteInt(ssl_status.key_exchange_info);
   pickle.WriteInt(ssl_status.connection_status);
   pickle.WriteInt(ssl_status.signed_certificate_timestamp_ids.size());
   for (SignedCertificateTimestampIDStatusList::const_iterator iter =
            ssl_status.signed_certificate_timestamp_ids.begin();
        iter != ssl_status.signed_certificate_timestamp_ids.end(); ++iter) {
     pickle.WriteInt(iter->id);
     pickle.WriteUInt16(iter->status);
+    pickle.WriteUInt16(iter->version);

[Eran Messeri, 2016/03/09 21:04:35]

If that's saved to disk (I think it is, not entirely sure) then you would have
to deal with de-serialization in clients that don't have these fields (but I
don't think you need to because the SCT ID should be all you need).

+    pickle.WriteString(iter->logId);
+    pickle.WriteInt64(iter->timestamp);
+    pickle.WriteUInt16(iter->signature.hash_algorithm);
+    pickle.WriteUInt16(iter->signature.signature_algorithm);
+    pickle.WriteString(iter->signature.signature_data);
+    pickle.WriteUInt16(iter->origin);
+    pickle.WriteString(iter->logDescription);
   }
   return std::string(static_cast<const char*>(pickle.data()), pickle.size());
 }
 
 bool DeserializeSecurityInfo(const std::string& state, SSLStatus* ssl_status) {
   *ssl_status = SSLStatus();
 
   if (state.empty()) {
     // No SSL used.
     return true;
@@ skipping 28 matching lines @@
 
   // Sanity check |key_exchange_info|: 0 or greater.
   if (ssl_status->key_exchange_info < 0) {
     *ssl_status = SSLStatus();
     return false;
   }
 
   for (; num_scts_to_read > 0; --num_scts_to_read) {
     int id;
     uint16_t status;
-    if (!iter.ReadInt(&id) || !iter.ReadUInt16(&status)) {
+    uint16_t version;
+    std::string logId;
+    int64_t timestamp;
+    uint16_t hashAlgorithm;
+    uint16_t signatureAlgorithm;
+    std::string signatureData;
+    uint16_t origin;
+    std::string logDescription;
+    if (!iter.ReadInt(&id)
+      || !iter.ReadUInt16(&status)
+      || !iter.ReadUInt16(&version)
+      || !iter.ReadString(&logId)
+      || !iter.ReadInt64(&timestamp)
+      || !iter.ReadUInt16(&hashAlgorithm)
+      || !iter.ReadUInt16(&signatureAlgorithm)
+      || !iter.ReadString(&signatureData)
+      || !iter.ReadUInt16(&origin)
+      || !iter.ReadString(&logDescription)) {
       *ssl_status = SSLStatus();
       return false;
     }
 
+    net::ct::DigitallySigned signature(
+      static_cast<net::ct::DigitallySigned::HashAlgorithm>(hashAlgorithm),
+      static_cast<net::ct::DigitallySigned::SignatureAlgorithm>(
+        signatureAlgorithm),
+      signatureData);
+
     ssl_status->signed_certificate_timestamp_ids.push_back(
         SignedCertificateTimestampIDAndStatus(
-            id, static_cast<net::ct::SCTVerifyStatus>(status)));
+            id,
+            static_cast<net::ct::SCTVerifyStatus>(status),
+            static_cast<net::ct::SignedCertificateTimestamp::Version>(version),
+            logId,
+            timestamp,
+            signature,
+            static_cast<net::ct::SignedCertificateTimestamp::Origin>(origin),
+            logDescription));
   }
 
   return true;
 }
 
 }  // namespace content