Addition of Certificate Transparency details to Security panel of DevTools

content/child/web_url_loader_impl.cc

-// Copyright 2014 The Chromium Authors. All rights reserved.
+// Copyright 2014 The Chromium Authors. All rights reserved.
 // Use of this source code is governed by a BSD-style license that can be
 // found in the LICENSE file.
 
 #include "content/child/web_url_loader_impl.h"
 
 #include <stdint.h>
 #include <algorithm>
 #include <string>
 #include <utility>
 #include <vector>
 
 #include "base/bind.h"
 #include "base/files/file_path.h"
 #include "base/logging.h"
 #include "base/memory/scoped_ptr.h"
 #include "base/single_thread_task_runner.h"
+#include "base/strings/string_number_conversions.h"
 #include "base/strings/string_util.h"
 #include "base/time/time.h"
 #include "build/build_config.h"
 #include "components/mime_util/mime_util.h"
 #include "components/scheduler/child/web_task_runner_impl.h"
 #include "content/child/child_thread_impl.h"
 #include "content/child/ftp_directory_listing_response_delegate.h"
 #include "content/child/request_extra_data.h"
 #include "content/child/request_info.h"
 #include "content/child/resource_dispatcher.h"
 #include "content/child/shared_memory_data_consumer_handle.h"
 #include "content/child/sync_load_response.h"
 #include "content/child/web_url_request_util.h"
 #include "content/child/weburlresponse_extradata_impl.h"
 #include "content/common/resource_messages.h"
 #include "content/common/resource_request_body.h"
 #include "content/common/service_worker/service_worker_types.h"
 #include "content/common/ssl_status_serialization.h"
 #include "content/public/child/fixed_received_data.h"
 #include "content/public/child/request_peer.h"
 #include "content/public/common/browser_side_navigation_policy.h"
-#include "content/public/common/signed_certificate_timestamp_id_and_status.h"
 #include "content/public/common/ssl_status.h"
 #include "net/base/data_url.h"
 #include "net/base/filename_util.h"
 #include "net/base/net_errors.h"
 #include "net/cert/cert_status_flags.h"
+#include "net/cert/ct_sct_to_string.h"
 #include "net/cert/sct_status_flags.h"
 #include "net/http/http_response_headers.h"
 #include "net/http/http_util.h"
 #include "net/ssl/ssl_cipher_suite_names.h"
 #include "net/ssl/ssl_connection_status_flags.h"
 #include "net/url_request/url_request_data_job.h"
 #include "third_party/WebKit/public/platform/WebHTTPLoadInfo.h"
 #include "third_party/WebKit/public/platform/WebSecurityOrigin.h"
 #include "third_party/WebKit/public/platform/WebTraceLocation.h"
 #include "third_party/WebKit/public/platform/WebURL.h"
@@ skipping 123 matching lines @@
   info->mime_type.swap(mime_type);
   info->charset.swap(charset);
   info->security_info.clear();
   info->content_length = data->length();
   info->encoded_data_length = 0;
 
   return net::OK;
 }
 
 void SetSecurityStyleAndDetails(const GURL& url,
-                                const std::string& security_info,
+                                const ResourceResponseInfo& info,
                                 WebURLResponse* response,
                                 bool report_security_info) {
   if (!report_security_info) {
     response->setSecurityStyle(WebURLResponse::SecurityStyleUnknown);
     return;
   }
   if (!url.SchemeIsCryptographic()) {
     response->setSecurityStyle(WebURLResponse::SecurityStyleUnauthenticated);
     return;
   }
 
   // There are cases where an HTTPS request can come in without security
   // info attached (such as a redirect response).
+  const std::string& security_info = info.security_info;
   if (security_info.empty()) {
     response->setSecurityStyle(WebURLResponse::SecurityStyleUnknown);
     return;
   }
 
   SSLStatus ssl_status;
   if (!DeserializeSecurityInfo(security_info, &ssl_status)) {
     response->setSecurityStyle(WebURLResponse::SecurityStyleUnknown);
     DLOG(ERROR)
         << "DeserializeSecurityInfo() failed for an authenticated request.";
@@ skipping 33 matching lines @@
     case SECURITY_STYLE_WARNING:
       securityStyle = WebURLResponse::SecurityStyleWarning;
       break;
     case SECURITY_STYLE_AUTHENTICATED:
       securityStyle = WebURLResponse::SecurityStyleAuthenticated;
       break;
   }
 
   response->setSecurityStyle(securityStyle);
 
-  SignedCertificateTimestampIDStatusList sct_list =
-      ssl_status.signed_certificate_timestamp_ids;
+  size_t num_unknown_scts = ssl_status.num_unknown_scts;
+  size_t num_invalid_scts = ssl_status.num_invalid_scts;
+  size_t num_valid_scts = ssl_status.num_valid_scts;
 
-  size_t num_unknown_scts = 0;
-  size_t num_invalid_scts = 0;
-  size_t num_valid_scts = 0;
+  blink::WebURLResponse::SignedCertificateTimestampList sctList;
 
-  SignedCertificateTimestampIDStatusList::iterator iter;
-  for (iter = sct_list.begin(); iter < sct_list.end(); ++iter) {
-    switch (iter->status) {
-      case net::ct::SCT_STATUS_LOG_UNKNOWN:
-        num_unknown_scts++;
-        break;
-      case net::ct::SCT_STATUS_INVALID:
-        num_invalid_scts++;
-        break;
-      case net::ct::SCT_STATUS_OK:
-        num_valid_scts++;
-        break;
-      case net::ct::SCT_STATUS_NONE:
-      case net::ct::SCT_STATUS_MAX:
-        // These enum values do not represent SCTs that are taken into account
-        // for CT compliance calculations, so we ignore them.
-        break;
-    }
+  // TODO: info.signed_certificate_timestamps is empty

[dwaxweiler, 2016/03/21 23:03:44]

info.signed_certificate_timestamps is empty although I set it in
resource_loader.cc. What could be the problem?

+  for (const auto& sct_and_status : info.signed_certificate_timestamps) {
+    // Extract SCT's details.
+    blink::WebURLResponse::SignedCertificateTimestamp sct(
+      WebString::fromUTF8(net::ct::StatusToString(sct_and_status.status)),
+      WebString::fromUTF8(net::ct::OriginToString(sct_and_status.sct->origin)),
+      WebString::fromUTF8(
+        net::ct::VersionToString(sct_and_status.sct->version)),
+      WebString::fromUTF8(sct_and_status.sct->log_description),
+      WebString::fromUTF8(
+        base::HexEncode(
+          reinterpret_cast<const unsigned char*>(
+            sct_and_status.sct->log_id.data()),
+          sct_and_status.sct->log_id.length())),
+      sct_and_status.sct->timestamp.ToJavaTime(),
+      WebString::fromUTF8(
+        net::ct::HashAlgorithmToString(
+          sct_and_status.sct->signature.hash_algorithm)),
+      WebString::fromUTF8(
+        net::ct::SignatureAlgorithmToString(
+          sct_and_status.sct->signature.signature_algorithm)),
+      WebString::fromUTF8(
+        base::HexEncode(
+          reinterpret_cast<const unsigned char*>(
+            sct_and_status.sct->signature.signature_data.data()),
+        sct_and_status.sct->signature.signature_data.length())));
+    sctList.push_back(sct);
   }
 
   blink::WebURLResponse::WebSecurityDetails webSecurityDetails(
       WebString::fromUTF8(protocol), WebString::fromUTF8(key_exchange),
       WebString::fromUTF8(cipher), WebString::fromUTF8(mac),
-      ssl_status.cert_id, num_unknown_scts, num_invalid_scts, num_valid_scts);
+      ssl_status.cert_id, num_unknown_scts, num_invalid_scts, num_valid_scts,
+      sctList);
 
   response->setSecurityDetails(webSecurityDetails);
 }
 
 }  // namespace
 
 // This inner class exists since the WebURLLoader may be deleted while inside a
 // call to WebURLLoaderClient.  Refcounting is to keep the context from being
 // deleted if it may have work to do after calling into the client.
 class WebURLLoaderImpl::Context : public base::RefCounted<Context> {
@@ skipping 640 matching lines @@
   response->setConnectionReused(info.load_timing.socket_reused);
   response->setDownloadFilePath(info.download_file_path.AsUTF16Unsafe());
   response->setWasFetchedViaSPDY(info.was_fetched_via_spdy);
   response->setWasFetchedViaServiceWorker(info.was_fetched_via_service_worker);
   response->setWasFallbackRequiredByServiceWorker(
       info.was_fallback_required_by_service_worker);
   response->setServiceWorkerResponseType(info.response_type_via_service_worker);
   response->setOriginalURLViaServiceWorker(
       info.original_url_via_service_worker);
 
-  SetSecurityStyleAndDetails(url, info.security_info, response,
-                             report_security_info);
+  SetSecurityStyleAndDetails(url, info, response, report_security_info);
 
   WebURLResponseExtraDataImpl* extra_data =
       new WebURLResponseExtraDataImpl(info.npn_negotiated_protocol);
   response->setExtraData(extra_data);
   extra_data->set_was_fetched_via_spdy(info.was_fetched_via_spdy);
   extra_data->set_was_npn_negotiated(info.was_npn_negotiated);
   extra_data->set_was_alternate_protocol_available(
       info.was_alternate_protocol_available);
   extra_data->set_connection_info(info.connection_info);
   extra_data->set_was_fetched_via_proxy(info.was_fetched_via_proxy);
@@ skipping 214 matching lines @@
     response->clearHTTPHeaderField(webStringName);
     while (response_headers->EnumerateHeader(&iterator, name, &value)) {
       response->addHTTPHeaderField(webStringName,
                                    WebString::fromLatin1(value));
     }
   }
   return true;
 }
 
 }  // namespace content