Implement Expect-Staple

chrome/browser/ssl/chrome_expect_staple_reporter.cc

Index: chrome/browser/ssl/chrome_expect_staple_reporter.cc
diff --git a/chrome/browser/ssl/chrome_expect_staple_reporter.cc b/chrome/browser/ssl/chrome_expect_staple_reporter.cc
new file mode 100644
index 0000000000000000000000000000000000000000..a7b6b832b370cd906c5b6d6b1a5e8387fe6762d7
--- /dev/null
+++ b/chrome/browser/ssl/chrome_expect_staple_reporter.cc
@@ -0,0 +1,49 @@
+// Copyright 2016 The Chromium Authors. All rights reserved.
+// Use of this source code is governed by a BSD-style license that can be
+// found in the LICENSE file.
+
+#include "chrome/browser/ssl/chrome_expect_staple_reporter.h"
+
+#include "base/json/json_writer.h"
+#include "base/strings/stringprintf.h"
+#include "base/values.h"
+#include "net/url_request/certificate_report_sender.h"
+
+namespace {
+  std::string TimeToISO8601(const base::Time& t) {
+    base::Time::Exploded exploded;
+    t.UTCExplode(&exploded);
+    return base::StringPrintf(
+        "%04d-%02d-%02dT%02d:%02d:%02d.%03dZ", exploded.year, exploded.month,
+        exploded.day_of_month, exploded.hour, exploded.minute, exploded.second,
+        exploded.millisecond);
+  }
+}
+
+ChromeExpectStapleReporter::ChromeExpectStapleReporter(
+    net::URLRequestContext* request_context)
+    : report_sender_(new net::CertificateReportSender(
+          request_context,
+          net::CertificateReportSender::DO_NOT_SEND_COOKIES)) {}
+
+void ChromeExpectStapleReporter::OnExpectStapleFailed(
+    const net::HostPortPair& host_port_pair,
+    const GURL& report_uri,
+    const net::SSLInfo& ssl_info) {
+  DCHECK(report_sender_);

[dadrian, 2016/06/03 19:05:18]

So, a lot of this function is similar to ChromeExpectCTReport::OnExpectCTFailed.
In fact, it would use pretty much every helper function defined in the anonymous
namespace inside of chrome_expect_ct_reporter.cc. This raises the question of
how to share those implementation details. Do we:

1. Merge the ExpectStapleReporter and ExpectCTReporter interfaces?
2. Have ChromeExpectCTReporter implement both interfaces?
3. Share a base class that implements both interfaces? (ew)
4. Pull out all the helper functions into some utility file?
5. Decide everything is wrong, and I go home and hold my head in shame?

[estark, 2016/06/04 00:39:16]

Hmmm. If we do things this way, my vote would be for #4. Though, I was imagining
that we would do all the Expect-Staple reporting in //net, probably right in
TransportSecurityState itself, similar to how HPKP reporting works in
TransportSecurityState::CheckPinsAndMaybeSendReport().

The reason that the Expect-CT implementation is in //chrome is that Expect-CT is
pretty Googley. This was my reasoning: "I did it this way
(ChromeExpectCTReporter instead of all the logic in //net) because, initially,
Expect CT is going to be a pretty Googley feature while it's in a sort of
prototype phase. We're not yet specifying or standardizing it any remotely
formal way, and initially, we're only going to allow reports to be sent to
Google servers (so that we can, for example, tweak the policies and reporting
logic without worrying about DoSing other site owners). I was thinking that
other embedders would probably not want this feature in its current immature
state, and the more report-building and -sending logic we include in //net, the
more wasteful this feature will be for them."

So, while Expect-Staple is pretty experimental, it's not as tied to Google in
that site owners will be sending reports to their own endpoints, not to Google
servers.

(Btw, "other embedders" in this context means other users of Chrome's net stack
-- Opera, for example.)

[estark, 2016/06/04 00:40:43]

Oh, I suppose my alternative vision of the universe, in which we do all the
reporting in TSS, doesn't answer your original question about duplicating code.
IIRC most of the utility functions you'd need are already duplicates themselves
of code in transport_security_state.cc and used for HPKP reporting, so you could
use those if you do Expect-Staple in transport_security_state.cc. I might be
misremembering though.

+  base::DictionaryValue report;
+  // TODO: Get this to be  the actual verification time
+  report.SetString("date-time", TimeToISO8601(base::Time::Now()));
+  report.SetString("hostname", host_port_pair.host());
+  report.SetInteger("port", host_port_pair.port());
+
+  // TODO: Get actual OCSP responses
+  // TODO: Get certificate chain
+  std::string serialized_report;
+  if (!base::JSONWriter::Write(report, &serialized_report)) {
+    LOG(ERROR) << "Failed to serialize Expect-Staple report";
+    return;
+  }
+
+  report_sender_->Send(report_uri, serialized_report);
+}