Addition of Certificate Transparency details to Security panel of DevTools

net/cert/ct_signed_certificate_timestamp_log_param.cc

 // Copyright 2013 The Chromium Authors. All rights reserved.
 // Use of this source code is governed by a BSD-style license that can be
 // found in the LICENSE file.
 
 #include "net/cert/ct_signed_certificate_timestamp_log_param.h"
 
 #include <algorithm>
 #include <memory>
 #include <string>
 #include <utility>
 
 #include "base/base64.h"
 #include "base/strings/string_number_conversions.h"
 #include "base/strings/stringprintf.h"
 #include "base/values.h"
+#include "net/cert/ct_sct_to_string.h"
 #include "net/cert/ct_verify_result.h"
 #include "net/cert/signed_certificate_timestamp.h"
 
 namespace net {
 
 namespace {
 
-// Converts a numeric |origin| to text describing the SCT's origin
-const char* OriginToString(ct::SignedCertificateTimestamp::Origin origin) {
-  switch (origin) {
-    case ct::SignedCertificateTimestamp::SCT_EMBEDDED:
-      return "embedded_in_certificate";
-    case ct::SignedCertificateTimestamp::SCT_FROM_TLS_EXTENSION:
-      return "tls_extension";
-    case ct::SignedCertificateTimestamp::SCT_FROM_OCSP_RESPONSE:
-      return "ocsp";
-    case ct::SignedCertificateTimestamp::SCT_ORIGIN_MAX:
-      break;
-  }
-
-  return "unknown";
-}
-
-// Converts a numeric |hash_algorithm| to its textual representation
-const char* HashAlgorithmToString(
-    ct::DigitallySigned::HashAlgorithm hash_algorithm) {
-  switch (hash_algorithm) {
-    case ct::DigitallySigned::HASH_ALGO_NONE:
-      return "NONE";
-    case ct::DigitallySigned::HASH_ALGO_MD5:
-      return "MD5";
-    case ct::DigitallySigned::HASH_ALGO_SHA1:
-      return "SHA1";
-    case ct::DigitallySigned::HASH_ALGO_SHA224:
-      return "SHA224";
-    case ct::DigitallySigned::HASH_ALGO_SHA256:
-      return "SHA256";
-    case ct::DigitallySigned::HASH_ALGO_SHA384:
-      return "SHA384";
-    case ct::DigitallySigned::HASH_ALGO_SHA512:
-      return "SHA512";
-  }
-
-  return "unknown";
-}
-
-// Converts a numeric |signature_algorithm| to its textual representation
-const char* SignatureAlgorithmToString(
-    ct::DigitallySigned::SignatureAlgorithm signature_algorithm) {
-  switch (signature_algorithm) {
-    case ct::DigitallySigned::SIG_ALGO_ANONYMOUS:
-      return "ANONYMOUS";
-    case ct::DigitallySigned::SIG_ALGO_RSA:
-      return "RSA";
-    case ct::DigitallySigned::SIG_ALGO_DSA:
-      return "DSA";
-    case ct::DigitallySigned::SIG_ALGO_ECDSA:
-      return "ECDSA";
-  }
-
-  return "unknown";
-}
-
 // Base64 encode the given |value| string and put it in |dict| with the
 // description |key|.
 void SetBinaryData(
     const char* key,
     const std::string& value,
     base::DictionaryValue* dict) {
   std::string b64_value;
   base::Base64Encode(value, &b64_value);
 
   dict->SetString(key, b64_value);
 }
 
 // Returns a dictionary where each key is a field of the SCT and its value
 // is this field's value in the SCT. This dictionary is meant to be used for
 // outputting a de-serialized SCT to the NetLog.
 std::unique_ptr<base::DictionaryValue> SCTToDictionary(
     const ct::SignedCertificateTimestamp& sct) {
   std::unique_ptr<base::DictionaryValue> out(new base::DictionaryValue());
 
-  out->SetString("origin", OriginToString(sct.origin));
+  // Transform capital letters to lowercase, and replace spaces with underscores
+  // to conform with SIGNED_CERTIFICATE_TIMESTAMPS_CHECKED in
+  // net/log/net_log_event_type_list.h.
+  std::string origin = OriginToString(sct.origin);
+  std::transform(origin.begin(), origin.end(), origin.begin(), ::tolower);
+  std::replace(origin.begin(), origin.end(), ' ', '_');
+  out->SetString("origin", origin);

[davidben, 2016/06/14 15:47:37]

I suppose this is fine, but you also may as well just change the comment in
net_log_event_type_list.h. This seems kind of silly. :-) The log format doesn't
need to stay the same.

[dwaxweiler, 2016/06/14 16:57:02]

At least one check of the tests in net/cert/multi_log_ct_verifier_unittest.cc
would then also need to be adapted. In the concerned method
CheckForEmbeddedSCTInNetLog(), other tokens use the same format, e.g.
"verified_scts".

[davidben, 2016/06/14 18:39:26]

*shrug* I have a minor preference for updating the comment and test expectation
if it's not too much, but it's only a minor preference. (The dictionary keys all
look_like_this, but I think dictionary values tend to be all over the place.
Actually, for the really common ones we don't even put strings in them and use
numbers that get cross-referenced in some constants table. But that's probably
overkill right onw.)

+
   out->SetInteger("version", sct.version);
 
   SetBinaryData("log_id", sct.log_id, out.get());
   base::TimeDelta time_since_unix_epoch =
       sct.timestamp - base::Time::UnixEpoch();
   out->SetString("timestamp",
       base::Int64ToString(time_since_unix_epoch.InMilliseconds()));
   SetBinaryData("extensions", sct.extensions, out.get());
 
   out->SetString("hash_algorithm",
@@ skipping 44 matching lines @@
 
   SetBinaryData("embedded_scts", *embedded_scts, dict.get());
   SetBinaryData("scts_from_ocsp_response", *sct_list_from_ocsp, dict.get());
   SetBinaryData("scts_from_tls_extension", *sct_list_from_tls_extension,
                 dict.get());
 
   return std::move(dict);
 }
 
 }  // namespace net