Addition of Certificate Transparency details to Security panel of DevTools

content/child/web_url_loader_impl.cc

Index: content/child/web_url_loader_impl.cc
diff --git a/content/child/web_url_loader_impl.cc b/content/child/web_url_loader_impl.cc
index 2b9d783dc2f095bfb18439cbf41a802a624a32c9..9bf5ce53dcc5356550a7104129067d7bc1666756 100644
--- a/content/child/web_url_loader_impl.cc
+++ b/content/child/web_url_loader_impl.cc
@@ -1,4 +1,4 @@
-// Copyright 2014 The Chromium Authors. All rights reserved.
+// Copyright 2014 The Chromium Authors. All rights reserved.
 // Use of this source code is governed by a BSD-style license that can be
 // found in the LICENSE file.
 
@@ -15,6 +15,7 @@
 #include "base/logging.h"
 #include "base/memory/scoped_ptr.h"
 #include "base/single_thread_task_runner.h"
+#include "base/strings/string_number_conversions.h"
 #include "base/strings/string_util.h"
 #include "base/time/time.h"
 #include "build/build_config.h"
@@ -36,12 +37,12 @@
 #include "content/public/child/fixed_received_data.h"
 #include "content/public/child/request_peer.h"
 #include "content/public/common/browser_side_navigation_policy.h"
-#include "content/public/common/signed_certificate_timestamp_id_and_status.h"
 #include "content/public/common/ssl_status.h"
 #include "net/base/data_url.h"
 #include "net/base/filename_util.h"
 #include "net/base/net_errors.h"
 #include "net/cert/cert_status_flags.h"
+#include "net/cert/ct_sct_to_string.h"
 #include "net/cert/sct_status_flags.h"
 #include "net/http/http_response_headers.h"
 #include "net/http/http_util.h"
@@ -185,7 +186,7 @@ int GetInfoFromDataURL(const GURL& url,
 }
 
 void SetSecurityStyleAndDetails(const GURL& url,
-                                const std::string& security_info,
+                                const ResourceResponseInfo& info,
                                 WebURLResponse* response,
                                 bool report_security_info) {
   if (!report_security_info) {
@@ -199,6 +200,7 @@ void SetSecurityStyleAndDetails(const GURL& url,
 
   // There are cases where an HTTPS request can come in without security
   // info attached (such as a redirect response).
+  const std::string& security_info = info.security_info;
   if (security_info.empty()) {
     response->setSecurityStyle(WebURLResponse::SecurityStyleUnknown);
     return;
@@ -252,37 +254,46 @@ void SetSecurityStyleAndDetails(const GURL& url,
 
   response->setSecurityStyle(securityStyle);
 
-  SignedCertificateTimestampIDStatusList sct_list =
-      ssl_status.signed_certificate_timestamp_ids;
-
-  size_t num_unknown_scts = 0;
-  size_t num_invalid_scts = 0;
-  size_t num_valid_scts = 0;
-
-  SignedCertificateTimestampIDStatusList::iterator iter;
-  for (iter = sct_list.begin(); iter < sct_list.end(); ++iter) {
-    switch (iter->status) {
-      case net::ct::SCT_STATUS_LOG_UNKNOWN:
-        num_unknown_scts++;
-        break;
-      case net::ct::SCT_STATUS_INVALID:
-        num_invalid_scts++;
-        break;
-      case net::ct::SCT_STATUS_OK:
-        num_valid_scts++;
-        break;
-      case net::ct::SCT_STATUS_NONE:
-      case net::ct::SCT_STATUS_MAX:
-        // These enum values do not represent SCTs that are taken into account
-        // for CT compliance calculations, so we ignore them.
-        break;
-    }
+  size_t num_unknown_scts = ssl_status.num_unknown_scts;
+  size_t num_invalid_scts = ssl_status.num_invalid_scts;
+  size_t num_valid_scts = ssl_status.num_valid_scts;
+
+  blink::WebURLResponse::SignedCertificateTimestampList sctList;
+
+  // TODO: info.signed_certificate_timestamps is empty

[dwaxweiler, 2016/03/21 23:03:44]

info.signed_certificate_timestamps is empty although I set it in
resource_loader.cc. What could be the problem?

+  for (const auto& sct_and_status : info.signed_certificate_timestamps) {
+    // Extract SCT's details.
+    blink::WebURLResponse::SignedCertificateTimestamp sct(
+      WebString::fromUTF8(net::ct::StatusToString(sct_and_status.status)),
+      WebString::fromUTF8(net::ct::OriginToString(sct_and_status.sct->origin)),
+      WebString::fromUTF8(
+        net::ct::VersionToString(sct_and_status.sct->version)),
+      WebString::fromUTF8(sct_and_status.sct->log_description),
+      WebString::fromUTF8(
+        base::HexEncode(
+          reinterpret_cast<const unsigned char*>(
+            sct_and_status.sct->log_id.data()),
+          sct_and_status.sct->log_id.length())),
+      sct_and_status.sct->timestamp.ToJavaTime(),
+      WebString::fromUTF8(
+        net::ct::HashAlgorithmToString(
+          sct_and_status.sct->signature.hash_algorithm)),
+      WebString::fromUTF8(
+        net::ct::SignatureAlgorithmToString(
+          sct_and_status.sct->signature.signature_algorithm)),
+      WebString::fromUTF8(
+        base::HexEncode(
+          reinterpret_cast<const unsigned char*>(
+            sct_and_status.sct->signature.signature_data.data()),
+        sct_and_status.sct->signature.signature_data.length())));
+    sctList.push_back(sct);
   }
 
   blink::WebURLResponse::WebSecurityDetails webSecurityDetails(
       WebString::fromUTF8(protocol), WebString::fromUTF8(key_exchange),
       WebString::fromUTF8(cipher), WebString::fromUTF8(mac),
-      ssl_status.cert_id, num_unknown_scts, num_invalid_scts, num_valid_scts);
+      ssl_status.cert_id, num_unknown_scts, num_invalid_scts, num_valid_scts,
+      sctList);
 
   response->setSecurityDetails(webSecurityDetails);
 }
@@ -943,8 +954,7 @@ void WebURLLoaderImpl::PopulateURLResponse(const GURL& url,
   response->setOriginalURLViaServiceWorker(
       info.original_url_via_service_worker);
 
-  SetSecurityStyleAndDetails(url, info.security_info, response,
-                             report_security_info);
+  SetSecurityStyleAndDetails(url, info, response, report_security_info);
 
   WebURLResponseExtraDataImpl* extra_data =
       new WebURLResponseExtraDataImpl(info.npn_negotiated_protocol);