OLD | NEW |
1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. | 1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. |
2 // Use of this source code is governed by a BSD-style license that can be | 2 // Use of this source code is governed by a BSD-style license that can be |
3 // found in the LICENSE file. | 3 // found in the LICENSE file. |
4 | 4 |
5 #include "extensions/browser/api/web_request/web_request_api_helpers.h" | 5 #include "extensions/browser/api/web_request/web_request_api_helpers.h" |
6 | 6 |
7 #include <stddef.h> | 7 #include <stddef.h> |
8 #include <stdint.h> | 8 #include <stdint.h> |
9 | 9 |
10 #include <algorithm> | 10 #include <algorithm> |
(...skipping 10 matching lines...) Expand all Loading... |
21 #include "components/web_cache/browser/web_cache_manager.h" | 21 #include "components/web_cache/browser/web_cache_manager.h" |
22 #include "content/public/browser/browser_thread.h" | 22 #include "content/public/browser/browser_thread.h" |
23 #include "content/public/browser/render_process_host.h" | 23 #include "content/public/browser/render_process_host.h" |
24 #include "extensions/browser/api/web_request/web_request_api_constants.h" | 24 #include "extensions/browser/api/web_request/web_request_api_constants.h" |
25 #include "extensions/browser/extension_registry.h" | 25 #include "extensions/browser/extension_registry.h" |
26 #include "extensions/browser/extension_system.h" | 26 #include "extensions/browser/extension_system.h" |
27 #include "extensions/browser/extensions_browser_client.h" | 27 #include "extensions/browser/extensions_browser_client.h" |
28 #include "extensions/browser/runtime_data.h" | 28 #include "extensions/browser/runtime_data.h" |
29 #include "extensions/browser/warning_set.h" | 29 #include "extensions/browser/warning_set.h" |
30 #include "extensions/common/extension_messages.h" | 30 #include "extensions/common/extension_messages.h" |
| 31 #include "net/cert/x509_certificate.h" |
31 #include "net/cookies/cookie_util.h" | 32 #include "net/cookies/cookie_util.h" |
32 #include "net/cookies/parsed_cookie.h" | 33 #include "net/cookies/parsed_cookie.h" |
33 #include "net/http/http_util.h" | 34 #include "net/http/http_util.h" |
34 #include "net/log/net_log.h" | 35 #include "net/log/net_log.h" |
| 36 #include "net/ssl/ssl_cipher_suite_names.h" |
| 37 #include "net/ssl/ssl_connection_status_flags.h" |
| 38 #include "net/ssl/ssl_info.h" |
35 #include "net/url_request/url_request.h" | 39 #include "net/url_request/url_request.h" |
36 #include "url/url_constants.h" | 40 #include "url/url_constants.h" |
37 | 41 |
38 // TODO(battre): move all static functions into an anonymous namespace at the | 42 // TODO(battre): move all static functions into an anonymous namespace at the |
39 // top of this file. | 43 // top of this file. |
40 | 44 |
41 using base::Time; | 45 using base::Time; |
42 using content::ResourceType; | 46 using content::ResourceType; |
43 using net::cookie_util::ParsedRequestCookie; | 47 using net::cookie_util::ParsedRequestCookie; |
44 using net::cookie_util::ParsedRequestCookies; | 48 using net::cookie_util::ParsedRequestCookies; |
(...skipping 1270 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
1315 bool found = false; | 1319 bool found = false; |
1316 for (size_t i = 0; i < kResourceTypeStringsLength; ++i) { | 1320 for (size_t i = 0; i < kResourceTypeStringsLength; ++i) { |
1317 if (type_str == kResourceTypeStrings[i]) { | 1321 if (type_str == kResourceTypeStrings[i]) { |
1318 found = true; | 1322 found = true; |
1319 types->push_back(kResourceTypeValues[i]); | 1323 types->push_back(kResourceTypeValues[i]); |
1320 } | 1324 } |
1321 } | 1325 } |
1322 return found; | 1326 return found; |
1323 } | 1327 } |
1324 | 1328 |
| 1329 static base::DictionaryValue* ExtractDN(const net::CertPrincipal& dn) { |
| 1330 base::DictionaryValue* dn_dict = new base::DictionaryValue(); |
| 1331 if (!dn.common_name.empty()) { |
| 1332 dn_dict->SetString(keys::kCommonNameKey, dn.common_name); |
| 1333 } |
| 1334 if (!dn.locality_name.empty()) { |
| 1335 dn_dict->SetString(keys::kLocalityNameKey, dn.locality_name); |
| 1336 } |
| 1337 if (!dn.state_or_province_name.empty()) { |
| 1338 dn_dict->SetString(keys::kStateOrProvinceNameKey, |
| 1339 dn.state_or_province_name); |
| 1340 } |
| 1341 if (!dn.country_name.empty()) { |
| 1342 dn_dict->SetString(keys::kCountryNameKey, dn.country_name); |
| 1343 } |
| 1344 if (dn.street_addresses.size() > 0) { |
| 1345 base::ListValue* addrs = new base::ListValue(); |
| 1346 addrs->AppendStrings(dn.street_addresses); |
| 1347 dn_dict->Set(keys::kStreetAddressesKey, addrs); |
| 1348 } |
| 1349 if (dn.organization_names.size() > 0) { |
| 1350 base::ListValue* names = new base::ListValue(); |
| 1351 names->AppendStrings(dn.organization_names); |
| 1352 dn_dict->Set(keys::kOrganizationNamesKey, names); |
| 1353 } |
| 1354 if (dn.organization_unit_names.size() > 0) { |
| 1355 base::ListValue* names = new base::ListValue(); |
| 1356 names->AppendStrings(dn.organization_unit_names); |
| 1357 dn_dict->Set(keys::kOrganizationUnitNamesKey, names); |
| 1358 } |
| 1359 if (dn.domain_components.size() > 0) { |
| 1360 base::ListValue* components = new base::ListValue(); |
| 1361 components->AppendStrings(dn.domain_components); |
| 1362 dn_dict->Set(keys::kDomainComponentsKey, components); |
| 1363 } |
| 1364 return dn_dict; |
| 1365 } |
| 1366 |
| 1367 static base::DictionaryValue* ExtractCertificateInfo( |
| 1368 scoped_refptr<net::X509Certificate> cert) { |
| 1369 base::DictionaryValue* info = new base::DictionaryValue(); |
| 1370 info->SetString(keys::kSerialNumberKey, |
| 1371 base::HexEncode(cert->serial_number().data(), |
| 1372 cert->serial_number().size())); |
| 1373 info->Set("subject", ExtractDN(cert->subject())); |
| 1374 info->Set("issuer", ExtractDN(cert->issuer())); |
| 1375 |
| 1376 std::vector<std::string>* dns_names = new std::vector<std::string>; |
| 1377 std::vector<std::string>* ip_addrs = new std::vector<std::string>; |
| 1378 cert->GetSubjectAltName(dns_names, ip_addrs); |
| 1379 if (dns_names->size() > 0) { |
| 1380 base::ListValue* names = new base::ListValue(); |
| 1381 names->AppendStrings(*dns_names); |
| 1382 info->Set("DNSNames", names); |
| 1383 } |
| 1384 if (ip_addrs->size() > 0) { |
| 1385 base::ListValue* addrs = new base::ListValue(); |
| 1386 addrs->AppendStrings(*ip_addrs); |
| 1387 info->Set("IPAddresses", addrs); |
| 1388 } |
| 1389 |
| 1390 info->SetBoolean("expired", cert->HasExpired()); |
| 1391 info->SetDouble("notBefore", cert->valid_start().ToJsTime()); |
| 1392 info->SetDouble("notAfter", cert->valid_expiry().ToJsTime()); |
| 1393 |
| 1394 std::string der_holder; |
| 1395 if (!cert->GetDEREncoded(cert->os_cert_handle(), &der_holder)) |
| 1396 return info; |
| 1397 info->Set("raw", base::BinaryValue::CreateWithCopiedBuffer( |
| 1398 der_holder.c_str(), der_holder.size())); |
| 1399 |
| 1400 return info; |
| 1401 } |
| 1402 |
| 1403 base::ListValue* ExtractCertificateChain( |
| 1404 scoped_refptr<net::X509Certificate> cert) { |
| 1405 base::ListValue* chain = new base::ListValue(); |
| 1406 if (cert) { |
| 1407 chain->Append(ExtractCertificateInfo(cert)); |
| 1408 const net::X509Certificate::OSCertHandles cert_handles = |
| 1409 cert->GetIntermediateCertificates(); |
| 1410 const net::X509Certificate::OSCertHandles empty_handle; |
| 1411 for (size_t i = 0; i < cert_handles.size(); i++) { |
| 1412 scoped_refptr<net::X509Certificate> interCert; |
| 1413 interCert = |
| 1414 net::X509Certificate::CreateFromHandle(cert_handles[i], empty_handle); |
| 1415 chain->Append(ExtractCertificateInfo(interCert)); |
| 1416 } |
| 1417 } |
| 1418 return chain; |
| 1419 } |
| 1420 |
| 1421 static std::unordered_map<net::CertStatus, int> status_to_error_map = { |
| 1422 {net::CERT_STATUS_REVOKED, net::ERR_CERT_REVOKED}, |
| 1423 {net::CERT_STATUS_INVALID, net::ERR_CERT_INVALID}, |
| 1424 {net::CERT_STATUS_PINNED_KEY_MISSING, |
| 1425 net::ERR_SSL_PINNED_KEY_NOT_IN_CERT_CHAIN}, |
| 1426 {net::CERT_STATUS_AUTHORITY_INVALID, net::ERR_CERT_AUTHORITY_INVALID}, |
| 1427 {net::CERT_STATUS_COMMON_NAME_INVALID, net::ERR_CERT_COMMON_NAME_INVALID}, |
| 1428 {net::CERT_STATUS_NAME_CONSTRAINT_VIOLATION, |
| 1429 net::ERR_CERT_NAME_CONSTRAINT_VIOLATION}, |
| 1430 {net::CERT_STATUS_WEAK_SIGNATURE_ALGORITHM, |
| 1431 net::ERR_CERT_WEAK_SIGNATURE_ALGORITHM}, |
| 1432 {net::CERT_STATUS_WEAK_KEY, net::ERR_CERT_WEAK_KEY}, |
| 1433 {net::CERT_STATUS_DATE_INVALID, net::ERR_CERT_DATE_INVALID}, |
| 1434 {net::CERT_STATUS_VALIDITY_TOO_LONG, net::ERR_CERT_VALIDITY_TOO_LONG}, |
| 1435 {net::CERT_STATUS_UNABLE_TO_CHECK_REVOCATION, |
| 1436 net::ERR_CERT_UNABLE_TO_CHECK_REVOCATION}, |
| 1437 {net::CERT_STATUS_NO_REVOCATION_MECHANISM, |
| 1438 net::ERR_CERT_NO_REVOCATION_MECHANISM}, |
| 1439 {net::CERT_STATUS_CERTIFICATE_TRANSPARENCY_REQUIRED, |
| 1440 net::ERR_CERTIFICATE_TRANSPARENCY_REQUIRED}, |
| 1441 }; |
| 1442 |
| 1443 base::ListValue* ParseCertificateStatusErrors(net::CertStatus status) { |
| 1444 base::ListValue* errors = new base::ListValue(); |
| 1445 for (auto const& error : status_to_error_map) { |
| 1446 if (status & error.first) |
| 1447 errors->AppendString(net::ErrorToShortString(error.second)); |
| 1448 } |
| 1449 return errors; |
| 1450 } |
| 1451 |
| 1452 base::DictionaryValue* ExtractConnectionInfo(net::SSLInfo ssl_info) { |
| 1453 base::DictionaryValue* conn_info = new base::DictionaryValue(); |
| 1454 |
| 1455 conn_info->SetInteger(keys::kCipherStrengthKey, ssl_info.security_bits); |
| 1456 conn_info->SetBoolean(keys::kClientCertSentKey, ssl_info.client_cert_sent); |
| 1457 conn_info->SetBoolean(keys::kChannelIDSentKey, ssl_info.channel_id_sent); |
| 1458 conn_info->SetBoolean(keys::kTokenBindingNegotiatedKey, |
| 1459 ssl_info.token_binding_negotiated); |
| 1460 |
| 1461 const char* ssl_version; |
| 1462 net::SSLVersionToString(&ssl_version, net::SSLConnectionStatusToVersion( |
| 1463 ssl_info.connection_status)); |
| 1464 if (strncmp(ssl_version, "?", 1) == 0) |
| 1465 ssl_version = "UNKNOWN"; |
| 1466 conn_info->SetString(keys::kSSLVersionKey, ssl_version); |
| 1467 |
| 1468 uint16_t cipher_suite = |
| 1469 net::SSLConnectionStatusToCipherSuite(ssl_info.connection_status); |
| 1470 const char *key_exchange, *cipher, *mac; |
| 1471 bool is_aead; |
| 1472 net::SSLCipherSuiteToStrings(&key_exchange, &cipher, &mac, &is_aead, |
| 1473 cipher_suite); |
| 1474 if (strncmp(key_exchange, "?", 1) == 0) |
| 1475 key_exchange = "UNKNOWN"; |
| 1476 if (strncmp(cipher, "?", 1) == 0) |
| 1477 cipher = "UNKNOWN"; |
| 1478 conn_info->SetString(keys::kCipherNameKey, cipher); |
| 1479 conn_info->SetString(keys::kKeyExchangeNameKey, key_exchange); |
| 1480 if (is_aead) |
| 1481 conn_info->SetBoolean(keys::kAEDSuiteKey, true); |
| 1482 else |
| 1483 conn_info->SetString(keys::kMACNameKey, mac); |
| 1484 |
| 1485 int compression_type = |
| 1486 (ssl_info.connection_status >> net::SSL_CONNECTION_COMPRESSION_SHIFT) & |
| 1487 net::SSL_CONNECTION_COMPRESSION_MASK; |
| 1488 if (compression_type == 1) |
| 1489 conn_info->SetBoolean(keys::kDeflateCompressionKey, true); |
| 1490 if ((ssl_info.connection_status & net::SSL_CONNECTION_VERSION_FALLBACK) != 0) |
| 1491 conn_info->SetBoolean(keys::kVersionFallbackKey, true); |
| 1492 if ((ssl_info.connection_status & |
| 1493 net::SSL_CONNECTION_NO_RENEGOTIATION_EXTENSION) != 0) |
| 1494 conn_info->SetBoolean(keys::kNoRenegotiationExtensionKey, true); |
| 1495 |
| 1496 return conn_info; |
| 1497 } |
| 1498 |
1325 } // namespace extension_web_request_api_helpers | 1499 } // namespace extension_web_request_api_helpers |
OLD | NEW |