Addition of Certificate Transparency details to Security panel of DevTools

content/child/web_url_loader_impl.cc

Index: content/child/web_url_loader_impl.cc
diff --git a/content/child/web_url_loader_impl.cc b/content/child/web_url_loader_impl.cc
index 56921108fc991a138215062a62483655452304b6..0a1ebd95cb64699f23b60102bcf4d346e0ef8e15 100644
--- a/content/child/web_url_loader_impl.cc
+++ b/content/child/web_url_loader_impl.cc
@@ -17,6 +17,7 @@
 #include "base/logging.h"
 #include "base/memory/ptr_util.h"
 #include "base/single_thread_task_runner.h"
+#include "base/strings/string_number_conversions.h"
 #include "base/strings/string_util.h"
 #include "base/time/time.h"
 #include "build/build_config.h"
@@ -43,7 +44,7 @@
 #include "net/base/filename_util.h"
 #include "net/base/net_errors.h"
 #include "net/cert/cert_status_flags.h"
-#include "net/cert/sct_status_flags.h"
+#include "net/cert/ct_sct_to_string.h"
 #include "net/http/http_response_headers.h"
 #include "net/http/http_util.h"
 #include "net/ssl/ssl_cipher_suite_names.h"
@@ -188,7 +189,7 @@ int GetInfoFromDataURL(const GURL& url,
 }
 
 void SetSecurityStyleAndDetails(const GURL& url,
-                                const std::string& security_info,
+                                const ResourceResponseInfo& info,
                                 WebURLResponse* response,
                                 bool report_security_info) {
   if (!report_security_info) {
@@ -202,6 +203,7 @@ void SetSecurityStyleAndDetails(const GURL& url,
 
   // There are cases where an HTTPS request can come in without security
   // info attached (such as a redirect response).
+  const std::string& security_info = info.security_info;
   if (security_info.empty()) {
     response->setSecurityStyle(WebURLResponse::SecurityStyleUnknown);
     return;
@@ -259,10 +261,35 @@ void SetSecurityStyleAndDetails(const GURL& url,
   size_t num_invalid_scts = ssl_status.num_invalid_scts;
   size_t num_valid_scts = ssl_status.num_valid_scts;
 
+  blink::WebURLResponse::SignedCertificateTimestampList sct_list;
+
+  for (const auto& sct_and_status : info.signed_certificate_timestamps) {

[dgozman, 2016/06/04 00:27:37]

I'm probably missing something, but I don't see where we guard sending this
information by "devtools are attached" check.

[dwaxweiler, 2016/06/04 08:38:02]

Some time ago, I asked the same question, which @estark answered: "That's
probably already the case, as setSecurityDetails() only gets called when
devtools is enabled, I think. So I don't think you need to do anything special."

[estark, 2016/06/08 16:51:55]

|report_security_info| is only true if reportRawHeaders() is set, and if false
we return early at the top of this function.

[dgozman, 2016/06/09 08:34:12]

Thanks for clarifying.

+    // Extract SCT's details.
+    blink::WebURLResponse::SignedCertificateTimestamp sct(
+        WebString::fromUTF8(net::ct::StatusToString(sct_and_status.status)),
+        WebString::fromUTF8(
+            net::ct::OriginToString(sct_and_status.sct->origin)),
+        WebString::fromUTF8(sct_and_status.sct->log_description),
+        WebString::fromUTF8(
+            base::HexEncode(reinterpret_cast<const unsigned char*>(
+                                sct_and_status.sct->log_id.data()),
+                            sct_and_status.sct->log_id.length())),
+        sct_and_status.sct->timestamp.ToJavaTime(),
+        WebString::fromUTF8(net::ct::HashAlgorithmToString(
+            sct_and_status.sct->signature.hash_algorithm)),
+        WebString::fromUTF8(net::ct::SignatureAlgorithmToString(
+            sct_and_status.sct->signature.signature_algorithm)),
+        WebString::fromUTF8(base::HexEncode(
+            reinterpret_cast<const unsigned char*>(
+                sct_and_status.sct->signature.signature_data.data()),
+            sct_and_status.sct->signature.signature_data.length())));
+    sct_list.push_back(sct);
+  }
+
   blink::WebURLResponse::WebSecurityDetails webSecurityDetails(
       WebString::fromUTF8(protocol), WebString::fromUTF8(key_exchange),
-      WebString::fromUTF8(cipher), WebString::fromUTF8(mac),
-      ssl_status.cert_id, num_unknown_scts, num_invalid_scts, num_valid_scts);
+      WebString::fromUTF8(cipher), WebString::fromUTF8(mac), ssl_status.cert_id,
+      num_unknown_scts, num_invalid_scts, num_valid_scts, sct_list);
 
   response->setSecurityDetails(webSecurityDetails);
 }
@@ -963,8 +990,7 @@ void WebURLLoaderImpl::PopulateURLResponse(const GURL& url,
       [](const std::string& h) { return blink::WebString::fromLatin1(h); });
   response->setCorsExposedHeaderNames(cors_exposed_header_names);
 
-  SetSecurityStyleAndDetails(url, info.security_info, response,
-                             report_security_info);
+  SetSecurityStyleAndDetails(url, info, response, report_security_info);
 
   WebURLResponseExtraDataImpl* extra_data =
       new WebURLResponseExtraDataImpl(info.npn_negotiated_protocol);