Addition of Certificate Transparency details to Security panel of DevTools

content/child/web_url_loader_impl.cc

 // Copyright 2014 The Chromium Authors. All rights reserved.
 // Use of this source code is governed by a BSD-style license that can be
 // found in the LICENSE file.
 
 #include "content/child/web_url_loader_impl.h"
 
 #include <stdint.h>
 
 #include <algorithm>
 #include <memory>
 #include <string>
 #include <utility>
 #include <vector>
 
 #include "base/bind.h"
 #include "base/files/file_path.h"
 #include "base/logging.h"
 #include "base/memory/ptr_util.h"
 #include "base/single_thread_task_runner.h"
+#include "base/strings/string_number_conversions.h"
 #include "base/strings/string_util.h"
 #include "base/time/time.h"
 #include "build/build_config.h"
 #include "components/mime_util/mime_util.h"
 #include "components/scheduler/child/web_task_runner_impl.h"
 #include "content/child/child_thread_impl.h"
 #include "content/child/ftp_directory_listing_response_delegate.h"
 #include "content/child/request_extra_data.h"
 #include "content/child/request_info.h"
 #include "content/child/resource_dispatcher.h"
 #include "content/child/shared_memory_data_consumer_handle.h"
 #include "content/child/sync_load_response.h"
 #include "content/child/web_url_request_util.h"
 #include "content/child/weburlresponse_extradata_impl.h"
 #include "content/common/resource_messages.h"
 #include "content/common/resource_request_body_impl.h"
 #include "content/common/service_worker/service_worker_types.h"
 #include "content/common/ssl_status_serialization.h"
 #include "content/public/child/fixed_received_data.h"
 #include "content/public/child/request_peer.h"
 #include "content/public/common/browser_side_navigation_policy.h"
 #include "content/public/common/ssl_status.h"
 #include "net/base/data_url.h"
 #include "net/base/filename_util.h"
 #include "net/base/net_errors.h"
 #include "net/cert/cert_status_flags.h"
-#include "net/cert/sct_status_flags.h"
+#include "net/cert/ct_sct_to_string.h"
 #include "net/http/http_response_headers.h"
 #include "net/http/http_util.h"
 #include "net/ssl/ssl_cipher_suite_names.h"
 #include "net/ssl/ssl_connection_status_flags.h"
 #include "net/url_request/url_request_data_job.h"
 #include "third_party/WebKit/public/platform/WebHTTPLoadInfo.h"
 #include "third_party/WebKit/public/platform/WebSecurityOrigin.h"
 #include "third_party/WebKit/public/platform/WebTraceLocation.h"
 #include "third_party/WebKit/public/platform/WebURL.h"
 #include "third_party/WebKit/public/platform/WebURLError.h"
@@ skipping 123 matching lines @@
   info->headers = headers;
   info->mime_type.swap(mime_type);
   info->charset.swap(charset);
   info->security_info.clear();
   info->content_length = data->length();
   info->encoded_data_length = 0;
 
   return net::OK;
 }
 
+// Convert a net::SignedCertificateTimestampAndStatus object to a
+// blink::WebURLResponse::SignedCertificateTimestamp object.
+blink::WebURLResponse::SignedCertificateTimestamp NetSCTToBlinkSCT(
+    const net::SignedCertificateTimestampAndStatus& sct_and_status) {
+  return blink::WebURLResponse::SignedCertificateTimestamp(
+      WebString::fromUTF8(net::ct::StatusToString(sct_and_status.status)),
+      WebString::fromUTF8(net::ct::OriginToString(sct_and_status.sct->origin)),
+      WebString::fromUTF8(sct_and_status.sct->log_description),
+      WebString::fromUTF8(base::HexEncode(sct_and_status.sct->log_id.c_str(),
+                                          sct_and_status.sct->log_id.length())),
+      sct_and_status.sct->timestamp.ToJavaTime(),
+      WebString::fromUTF8(net::ct::HashAlgorithmToString(
+          sct_and_status.sct->signature.hash_algorithm)),
+      WebString::fromUTF8(net::ct::SignatureAlgorithmToString(
+          sct_and_status.sct->signature.signature_algorithm)),
+      WebString::fromUTF8(
+          base::HexEncode(sct_and_status.sct->signature.signature_data.c_str(),
+          sct_and_status.sct->signature.signature_data.length())));
+}
+
 void SetSecurityStyleAndDetails(const GURL& url,
-                                const std::string& security_info,
+                                const ResourceResponseInfo& info,
                                 WebURLResponse* response,
                                 bool report_security_info) {
   if (!report_security_info) {
     response->setSecurityStyle(WebURLResponse::SecurityStyleUnknown);
     return;
   }
   if (!url.SchemeIsCryptographic()) {
     response->setSecurityStyle(WebURLResponse::SecurityStyleUnauthenticated);
     return;
   }
 
   // There are cases where an HTTPS request can come in without security
   // info attached (such as a redirect response).
+  const std::string& security_info = info.security_info;
   if (security_info.empty()) {
     response->setSecurityStyle(WebURLResponse::SecurityStyleUnknown);
     return;
   }
 
   SSLStatus ssl_status;
   if (!DeserializeSecurityInfo(security_info, &ssl_status)) {
     response->setSecurityStyle(WebURLResponse::SecurityStyleUnknown);
     DLOG(ERROR)
         << "DeserializeSecurityInfo() failed for an authenticated request.";
@@ skipping 37 matching lines @@
       securityStyle = WebURLResponse::SecurityStyleAuthenticated;
       break;
   }
 
   response->setSecurityStyle(securityStyle);
 
   size_t num_unknown_scts = ssl_status.num_unknown_scts;
   size_t num_invalid_scts = ssl_status.num_invalid_scts;
   size_t num_valid_scts = ssl_status.num_valid_scts;
 
+  blink::WebURLResponse::SignedCertificateTimestampList sct_list(
+      info.signed_certificate_timestamps.size());
+
+  for (size_t i = 0; i < sct_list.size(); ++i)
+    sct_list[i] = NetSCTToBlinkSCT(info.signed_certificate_timestamps[i]);
+
   blink::WebURLResponse::WebSecurityDetails webSecurityDetails(
       WebString::fromUTF8(protocol), WebString::fromUTF8(key_exchange),
-      WebString::fromUTF8(cipher), WebString::fromUTF8(mac),
-      ssl_status.cert_id, num_unknown_scts, num_invalid_scts, num_valid_scts);
+      WebString::fromUTF8(cipher), WebString::fromUTF8(mac), ssl_status.cert_id,
+      num_unknown_scts, num_invalid_scts, num_valid_scts, sct_list);
 
   response->setSecurityDetails(webSecurityDetails);
 }
 
 }  // namespace
 
 // This inner class exists since the WebURLLoader may be deleted while inside a
 // call to WebURLLoaderClient.  Refcounting is to keep the context from being
 // deleted if it may have work to do after calling into the client.
 class WebURLLoaderImpl::Context : public base::RefCounted<Context> {
@@ skipping 681 matching lines @@
           ? blink::WebString::fromUTF8(info.cache_storage_cache_name)
           : blink::WebString());
   blink::WebVector<blink::WebString> cors_exposed_header_names(
       info.cors_exposed_header_names.size());
   std::transform(
       info.cors_exposed_header_names.begin(),
       info.cors_exposed_header_names.end(), cors_exposed_header_names.begin(),
       [](const std::string& h) { return blink::WebString::fromLatin1(h); });
   response->setCorsExposedHeaderNames(cors_exposed_header_names);
 
-  SetSecurityStyleAndDetails(url, info.security_info, response,
-                             report_security_info);
+  SetSecurityStyleAndDetails(url, info, response, report_security_info);
 
   WebURLResponseExtraDataImpl* extra_data =
       new WebURLResponseExtraDataImpl(info.npn_negotiated_protocol);
   response->setExtraData(extra_data);
   extra_data->set_was_fetched_via_spdy(info.was_fetched_via_spdy);
   extra_data->set_was_npn_negotiated(info.was_npn_negotiated);
   extra_data->set_was_alternate_protocol_available(
       info.was_alternate_protocol_available);
   extra_data->set_connection_info(info.connection_info);
   extra_data->set_was_fetched_via_proxy(info.was_fetched_via_proxy);
@@ skipping 219 matching lines @@
     response->clearHTTPHeaderField(webStringName);
     while (response_headers->EnumerateHeader(&iterator, name, &value)) {
       response->addHTTPHeaderField(webStringName,
                                    WebString::fromLatin1(value));
     }
   }
   return true;
 }
 
 }  // namespace content