Chromium Code Reviews Chromium Code Reviews
Issue 1772603002:
Addition of Certificate Transparency details to Security panel of DevTools (Closed)
Base URL: https://chromium.googlesource.com/chromium/src.git@master| OLD | NEW |
|---|---|
| 1 // Copyright 2014 The Chromium Authors. All rights reserved. | 1 // Copyright 2014 The Chromium Authors. All rights reserved. |
| 2 // Use of this source code is governed by a BSD-style license that can be | 2 // Use of this source code is governed by a BSD-style license that can be |
| 3 // found in the LICENSE file. | 3 // found in the LICENSE file. |
| 4 | 4 |
| 5 #include "content/child/web_url_loader_impl.h" | 5 #include "content/child/web_url_loader_impl.h" |
| 6 | 6 |
| 7 #include <stdint.h> | 7 #include <stdint.h> |
| 8 | 8 |
| 9 #include <algorithm> | 9 #include <algorithm> |
| 10 #include <memory> | 10 #include <memory> |
| 11 #include <string> | 11 #include <string> |
| 12 #include <utility> | 12 #include <utility> |
| 13 #include <vector> | 13 #include <vector> |
| 14 | 14 |
| 15 #include "base/bind.h" | 15 #include "base/bind.h" |
| 16 #include "base/files/file_path.h" | 16 #include "base/files/file_path.h" |
| 17 #include "base/logging.h" | 17 #include "base/logging.h" |
| 18 #include "base/memory/ptr_util.h" | 18 #include "base/memory/ptr_util.h" |
| 19 #include "base/single_thread_task_runner.h" | 19 #include "base/single_thread_task_runner.h" |
| 20 #include "base/strings/string_number_conversions.h" | |
| 20 #include "base/strings/string_util.h" | 21 #include "base/strings/string_util.h" |
| 21 #include "base/time/time.h" | 22 #include "base/time/time.h" |
| 22 #include "build/build_config.h" | 23 #include "build/build_config.h" |
| 23 #include "components/mime_util/mime_util.h" | 24 #include "components/mime_util/mime_util.h" |
| 24 #include "components/scheduler/child/web_task_runner_impl.h" | 25 #include "components/scheduler/child/web_task_runner_impl.h" |
| 25 #include "content/child/child_thread_impl.h" | 26 #include "content/child/child_thread_impl.h" |
| 26 #include "content/child/ftp_directory_listing_response_delegate.h" | 27 #include "content/child/ftp_directory_listing_response_delegate.h" |
| 27 #include "content/child/request_extra_data.h" | 28 #include "content/child/request_extra_data.h" |
| 28 #include "content/child/request_info.h" | 29 #include "content/child/request_info.h" |
| 29 #include "content/child/resource_dispatcher.h" | 30 #include "content/child/resource_dispatcher.h" |
| 30 #include "content/child/shared_memory_data_consumer_handle.h" | 31 #include "content/child/shared_memory_data_consumer_handle.h" |
| 31 #include "content/child/sync_load_response.h" | 32 #include "content/child/sync_load_response.h" |
| 32 #include "content/child/web_url_request_util.h" | 33 #include "content/child/web_url_request_util.h" |
| 33 #include "content/child/weburlresponse_extradata_impl.h" | 34 #include "content/child/weburlresponse_extradata_impl.h" |
| 34 #include "content/common/resource_messages.h" | 35 #include "content/common/resource_messages.h" |
| 35 #include "content/common/resource_request_body.h" | 36 #include "content/common/resource_request_body.h" |
| 36 #include "content/common/service_worker/service_worker_types.h" | 37 #include "content/common/service_worker/service_worker_types.h" |
| 37 #include "content/common/ssl_status_serialization.h" | 38 #include "content/common/ssl_status_serialization.h" |
| 38 #include "content/public/child/fixed_received_data.h" | 39 #include "content/public/child/fixed_received_data.h" |
| 39 #include "content/public/child/request_peer.h" | 40 #include "content/public/child/request_peer.h" |
| 40 #include "content/public/common/browser_side_navigation_policy.h" | 41 #include "content/public/common/browser_side_navigation_policy.h" |
| 41 #include "content/public/common/ssl_status.h" | 42 #include "content/public/common/ssl_status.h" |
| 42 #include "net/base/data_url.h" | 43 #include "net/base/data_url.h" |
| 43 #include "net/base/filename_util.h" | 44 #include "net/base/filename_util.h" |
| 44 #include "net/base/net_errors.h" | 45 #include "net/base/net_errors.h" |
| 45 #include "net/cert/cert_status_flags.h" | 46 #include "net/cert/cert_status_flags.h" |
| 46 #include "net/cert/sct_status_flags.h" | 47 #include "net/cert/ct_sct_to_string.h" |
| 47 #include "net/http/http_response_headers.h" | 48 #include "net/http/http_response_headers.h" |
| 48 #include "net/http/http_util.h" | 49 #include "net/http/http_util.h" |
| 49 #include "net/ssl/ssl_cipher_suite_names.h" | 50 #include "net/ssl/ssl_cipher_suite_names.h" |
| 50 #include "net/ssl/ssl_connection_status_flags.h" | 51 #include "net/ssl/ssl_connection_status_flags.h" |
| 51 #include "net/url_request/url_request_data_job.h" | 52 #include "net/url_request/url_request_data_job.h" |
| 52 #include "third_party/WebKit/public/platform/WebHTTPLoadInfo.h" | 53 #include "third_party/WebKit/public/platform/WebHTTPLoadInfo.h" |
| 53 #include "third_party/WebKit/public/platform/WebSecurityOrigin.h" | 54 #include "third_party/WebKit/public/platform/WebSecurityOrigin.h" |
| 54 #include "third_party/WebKit/public/platform/WebTraceLocation.h" | 55 #include "third_party/WebKit/public/platform/WebTraceLocation.h" |
| 55 #include "third_party/WebKit/public/platform/WebURL.h" | 56 #include "third_party/WebKit/public/platform/WebURL.h" |
| 56 #include "third_party/WebKit/public/platform/WebURLError.h" | 57 #include "third_party/WebKit/public/platform/WebURLError.h" |
| (...skipping 124 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... | |
| 181 info->mime_type.swap(mime_type); | 182 info->mime_type.swap(mime_type); |
| 182 info->charset.swap(charset); | 183 info->charset.swap(charset); |
| 183 info->security_info.clear(); | 184 info->security_info.clear(); |
| 184 info->content_length = data->length(); | 185 info->content_length = data->length(); |
| 185 info->encoded_data_length = 0; | 186 info->encoded_data_length = 0; |
| 186 | 187 |
| 187 return net::OK; | 188 return net::OK; |
| 188 } | 189 } |
| 189 | 190 |
| 190 void SetSecurityStyleAndDetails(const GURL& url, | 191 void SetSecurityStyleAndDetails(const GURL& url, |
| 191 const std::string& security_info, | 192 const ResourceResponseInfo& info, |
| 192 WebURLResponse* response, | 193 WebURLResponse* response, |
| 193 bool report_security_info) { | 194 bool report_security_info) { |
| 194 if (!report_security_info) { | 195 if (!report_security_info) { |
| 195 response->setSecurityStyle(WebURLResponse::SecurityStyleUnknown); | 196 response->setSecurityStyle(WebURLResponse::SecurityStyleUnknown); |
| 196 return; | 197 return; |
| 197 } | 198 } |
| 198 if (!url.SchemeIsCryptographic()) { | 199 if (!url.SchemeIsCryptographic()) { |
| 199 response->setSecurityStyle(WebURLResponse::SecurityStyleUnauthenticated); | 200 response->setSecurityStyle(WebURLResponse::SecurityStyleUnauthenticated); |
| 200 return; | 201 return; |
| 201 } | 202 } |
| 202 | 203 |
| 203 // There are cases where an HTTPS request can come in without security | 204 // There are cases where an HTTPS request can come in without security |
| 204 // info attached (such as a redirect response). | 205 // info attached (such as a redirect response). |
| 206 const std::string& security_info = info.security_info; | |
| 205 if (security_info.empty()) { | 207 if (security_info.empty()) { |
| 206 response->setSecurityStyle(WebURLResponse::SecurityStyleUnknown); | 208 response->setSecurityStyle(WebURLResponse::SecurityStyleUnknown); |
| 207 return; | 209 return; |
| 208 } | 210 } |
| 209 | 211 |
| 210 SSLStatus ssl_status; | 212 SSLStatus ssl_status; |
| 211 if (!DeserializeSecurityInfo(security_info, &ssl_status)) { | 213 if (!DeserializeSecurityInfo(security_info, &ssl_status)) { |
| 212 response->setSecurityStyle(WebURLResponse::SecurityStyleUnknown); | 214 response->setSecurityStyle(WebURLResponse::SecurityStyleUnknown); |
| 213 DLOG(ERROR) | 215 DLOG(ERROR) |
| 214 << "DeserializeSecurityInfo() failed for an authenticated request."; | 216 << "DeserializeSecurityInfo() failed for an authenticated request."; |
| (...skipping 37 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... | |
| 252 securityStyle = WebURLResponse::SecurityStyleAuthenticated; | 254 securityStyle = WebURLResponse::SecurityStyleAuthenticated; |
| 253 break; | 255 break; |
| 254 } | 256 } |
| 255 | 257 |
| 256 response->setSecurityStyle(securityStyle); | 258 response->setSecurityStyle(securityStyle); |
| 257 | 259 |
| 258 size_t num_unknown_scts = ssl_status.num_unknown_scts; | 260 size_t num_unknown_scts = ssl_status.num_unknown_scts; |
| 259 size_t num_invalid_scts = ssl_status.num_invalid_scts; | 261 size_t num_invalid_scts = ssl_status.num_invalid_scts; |
| 260 size_t num_valid_scts = ssl_status.num_valid_scts; | 262 size_t num_valid_scts = ssl_status.num_valid_scts; |
| 261 | 263 |
| 264 blink::WebURLResponse::SignedCertificateTimestampList sct_list; | |
| 265 | |
| 266 for (const auto& sct_and_status : info.signed_certificate_timestamps) { | |
|
dgozman
2016/06/04 00:27:37
I'm probably missing something, but I don't see wh
dwaxweiler
2016/06/04 08:38:02
Some time ago, I asked the same question, which @e
estark
2016/06/08 16:51:55
|report_security_info| is only true if reportRawHe
dgozman
2016/06/09 08:34:12
Thanks for clarifying.
| |
| 267 // Extract SCT's details. | |
| 268 blink::WebURLResponse::SignedCertificateTimestamp sct( | |
| 269 WebString::fromUTF8(net::ct::StatusToString(sct_and_status.status)), | |
| 270 WebString::fromUTF8( | |
| 271 net::ct::OriginToString(sct_and_status.sct->origin)), | |
| 272 WebString::fromUTF8(sct_and_status.sct->log_description), | |
| 273 WebString::fromUTF8( | |
| 274 base::HexEncode(reinterpret_cast<const unsigned char*>( | |
| 275 sct_and_status.sct->log_id.data()), | |
| 276 sct_and_status.sct->log_id.length())), | |
| 277 sct_and_status.sct->timestamp.ToJavaTime(), | |
| 278 WebString::fromUTF8(net::ct::HashAlgorithmToString( | |
| 279 sct_and_status.sct->signature.hash_algorithm)), | |
| 280 WebString::fromUTF8(net::ct::SignatureAlgorithmToString( | |
| 281 sct_and_status.sct->signature.signature_algorithm)), | |
| 282 WebString::fromUTF8(base::HexEncode( | |
| 283 reinterpret_cast<const unsigned char*>( | |
| 284 sct_and_status.sct->signature.signature_data.data()), | |
| 285 sct_and_status.sct->signature.signature_data.length()))); | |
| 286 sct_list.push_back(sct); | |
| 287 } | |
| 288 | |
| 262 blink::WebURLResponse::WebSecurityDetails webSecurityDetails( | 289 blink::WebURLResponse::WebSecurityDetails webSecurityDetails( |
| 263 WebString::fromUTF8(protocol), WebString::fromUTF8(key_exchange), | 290 WebString::fromUTF8(protocol), WebString::fromUTF8(key_exchange), |
| 264 WebString::fromUTF8(cipher), WebString::fromUTF8(mac), | 291 WebString::fromUTF8(cipher), WebString::fromUTF8(mac), ssl_status.cert_id, |
| 265 ssl_status.cert_id, num_unknown_scts, num_invalid_scts, num_valid_scts); | 292 num_unknown_scts, num_invalid_scts, num_valid_scts, sct_list); |
| 266 | 293 |
| 267 response->setSecurityDetails(webSecurityDetails); | 294 response->setSecurityDetails(webSecurityDetails); |
| 268 } | 295 } |
| 269 | 296 |
| 270 } // namespace | 297 } // namespace |
| 271 | 298 |
| 272 // This inner class exists since the WebURLLoader may be deleted while inside a | 299 // This inner class exists since the WebURLLoader may be deleted while inside a |
| 273 // call to WebURLLoaderClient. Refcounting is to keep the context from being | 300 // call to WebURLLoaderClient. Refcounting is to keep the context from being |
| 274 // deleted if it may have work to do after calling into the client. | 301 // deleted if it may have work to do after calling into the client. |
| 275 class WebURLLoaderImpl::Context : public base::RefCounted<Context> { | 302 class WebURLLoaderImpl::Context : public base::RefCounted<Context> { |
| (...skipping 680 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... | |
| 956 ? blink::WebString::fromUTF8(info.cache_storage_cache_name) | 983 ? blink::WebString::fromUTF8(info.cache_storage_cache_name) |
| 957 : blink::WebString()); | 984 : blink::WebString()); |
| 958 blink::WebVector<blink::WebString> cors_exposed_header_names( | 985 blink::WebVector<blink::WebString> cors_exposed_header_names( |
| 959 info.cors_exposed_header_names.size()); | 986 info.cors_exposed_header_names.size()); |
| 960 std::transform( | 987 std::transform( |
| 961 info.cors_exposed_header_names.begin(), | 988 info.cors_exposed_header_names.begin(), |
| 962 info.cors_exposed_header_names.end(), cors_exposed_header_names.begin(), | 989 info.cors_exposed_header_names.end(), cors_exposed_header_names.begin(), |
| 963 [](const std::string& h) { return blink::WebString::fromLatin1(h); }); | 990 [](const std::string& h) { return blink::WebString::fromLatin1(h); }); |
| 964 response->setCorsExposedHeaderNames(cors_exposed_header_names); | 991 response->setCorsExposedHeaderNames(cors_exposed_header_names); |
| 965 | 992 |
| 966 SetSecurityStyleAndDetails(url, info.security_info, response, | 993 SetSecurityStyleAndDetails(url, info, response, report_security_info); |
| 967 report_security_info); | |
| 968 | 994 |
| 969 WebURLResponseExtraDataImpl* extra_data = | 995 WebURLResponseExtraDataImpl* extra_data = |
| 970 new WebURLResponseExtraDataImpl(info.npn_negotiated_protocol); | 996 new WebURLResponseExtraDataImpl(info.npn_negotiated_protocol); |
| 971 response->setExtraData(extra_data); | 997 response->setExtraData(extra_data); |
| 972 extra_data->set_was_fetched_via_spdy(info.was_fetched_via_spdy); | 998 extra_data->set_was_fetched_via_spdy(info.was_fetched_via_spdy); |
| 973 extra_data->set_was_npn_negotiated(info.was_npn_negotiated); | 999 extra_data->set_was_npn_negotiated(info.was_npn_negotiated); |
| 974 extra_data->set_was_alternate_protocol_available( | 1000 extra_data->set_was_alternate_protocol_available( |
| 975 info.was_alternate_protocol_available); | 1001 info.was_alternate_protocol_available); |
| 976 extra_data->set_connection_info(info.connection_info); | 1002 extra_data->set_connection_info(info.connection_info); |
| 977 extra_data->set_was_fetched_via_proxy(info.was_fetched_via_proxy); | 1003 extra_data->set_was_fetched_via_proxy(info.was_fetched_via_proxy); |
| (...skipping 218 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... | |
| 1196 response->clearHTTPHeaderField(webStringName); | 1222 response->clearHTTPHeaderField(webStringName); |
| 1197 while (response_headers->EnumerateHeader(&iterator, name, &value)) { | 1223 while (response_headers->EnumerateHeader(&iterator, name, &value)) { |
| 1198 response->addHTTPHeaderField(webStringName, | 1224 response->addHTTPHeaderField(webStringName, |
| 1199 WebString::fromLatin1(value)); | 1225 WebString::fromLatin1(value)); |
| 1200 } | 1226 } |
| 1201 } | 1227 } |
| 1202 return true; | 1228 return true; |
| 1203 } | 1229 } |
| 1204 | 1230 |
| 1205 } // namespace content | 1231 } // namespace content |
| OLD | NEW |
