Addition of Certificate Transparency details to Security panel of DevTools

content/child/web_url_loader_impl.cc

Index: content/child/web_url_loader_impl.cc
diff --git a/content/child/web_url_loader_impl.cc b/content/child/web_url_loader_impl.cc
index cf47c4fedca531c858a37319a37e9ef28da01743..4e1e520deb6c3846b414d15b53072f421c57018f 100644
--- a/content/child/web_url_loader_impl.cc
+++ b/content/child/web_url_loader_impl.cc
@@ -17,6 +17,7 @@
 #include "base/logging.h"
 #include "base/memory/ptr_util.h"
 #include "base/single_thread_task_runner.h"
+#include "base/strings/string_number_conversions.h"
 #include "base/strings/string_util.h"
 #include "base/time/time.h"
 #include "build/build_config.h"
@@ -43,7 +44,7 @@
 #include "net/base/filename_util.h"
 #include "net/base/net_errors.h"
 #include "net/cert/cert_status_flags.h"
-#include "net/cert/sct_status_flags.h"
+#include "net/cert/ct_sct_to_string.h"
 #include "net/http/http_response_headers.h"
 #include "net/http/http_util.h"
 #include "net/ssl/ssl_cipher_suite_names.h"
@@ -188,7 +189,7 @@ int GetInfoFromDataURL(const GURL& url,
 }
 
 void SetSecurityStyleAndDetails(const GURL& url,
-                                const std::string& security_info,
+                                const ResourceResponseInfo& info,
                                 WebURLResponse* response,
                                 bool report_security_info) {
   if (!report_security_info) {
@@ -202,6 +203,7 @@ void SetSecurityStyleAndDetails(const GURL& url,
 
   // There are cases where an HTTPS request can come in without security
   // info attached (such as a redirect response).
+  const std::string& security_info = info.security_info;
   if (security_info.empty()) {
     response->setSecurityStyle(WebURLResponse::SecurityStyleUnknown);
     return;
@@ -259,10 +261,37 @@ void SetSecurityStyleAndDetails(const GURL& url,
   size_t num_invalid_scts = ssl_status.num_invalid_scts;
   size_t num_valid_scts = ssl_status.num_valid_scts;
 
+  blink::WebURLResponse::SignedCertificateTimestampList sct_list;
+
+  for (const auto& sct_and_status : info.signed_certificate_timestamps) {
+    // Extract SCT's details.
+    blink::WebURLResponse::SignedCertificateTimestamp sct(
+        WebString::fromUTF8(net::ct::StatusToString(sct_and_status.status)),
+        WebString::fromUTF8(
+            net::ct::OriginToString(sct_and_status.sct->origin)),
+        WebString::fromUTF8(
+            net::ct::VersionToString(sct_and_status.sct->version)),

[Eran Messeri, 2016/05/25 10:47:04]

Nit: The version can be omitted because there's only V1 now so there won't be a
different value here other than V1 until we finalize and implement RFC6962-bis,
which will take a while.

[dwaxweiler, 2016/05/27 23:13:00]

Acknowledged.

+        WebString::fromUTF8(sct_and_status.sct->log_description),
+        WebString::fromUTF8(
+            base::HexEncode(reinterpret_cast<const unsigned char*>(
+                                sct_and_status.sct->log_id.data()),
+                            sct_and_status.sct->log_id.length())),
+        sct_and_status.sct->timestamp.ToJavaTime(),
+        WebString::fromUTF8(net::ct::HashAlgorithmToString(
+            sct_and_status.sct->signature.hash_algorithm)),
+        WebString::fromUTF8(net::ct::SignatureAlgorithmToString(
+            sct_and_status.sct->signature.signature_algorithm)),
+        WebString::fromUTF8(base::HexEncode(
+            reinterpret_cast<const unsigned char*>(
+                sct_and_status.sct->signature.signature_data.data()),
+            sct_and_status.sct->signature.signature_data.length())));
+    sct_list.push_back(sct);
+  }
+
   blink::WebURLResponse::WebSecurityDetails webSecurityDetails(
       WebString::fromUTF8(protocol), WebString::fromUTF8(key_exchange),
-      WebString::fromUTF8(cipher), WebString::fromUTF8(mac),
-      ssl_status.cert_id, num_unknown_scts, num_invalid_scts, num_valid_scts);
+      WebString::fromUTF8(cipher), WebString::fromUTF8(mac), ssl_status.cert_id,
+      num_unknown_scts, num_invalid_scts, num_valid_scts, sct_list);
 
   response->setSecurityDetails(webSecurityDetails);
 }
@@ -956,8 +985,7 @@ void WebURLLoaderImpl::PopulateURLResponse(const GURL& url,
           ? blink::WebString::fromUTF8(info.cache_storage_cache_name)
           : blink::WebString());
 
-  SetSecurityStyleAndDetails(url, info.security_info, response,
-                             report_security_info);
+  SetSecurityStyleAndDetails(url, info, response, report_security_info);
 
   WebURLResponseExtraDataImpl* extra_data =
       new WebURLResponseExtraDataImpl(info.npn_negotiated_protocol);