Index: extensions/browser/api/web_request/web_request_api_helpers.cc |
diff --git a/extensions/browser/api/web_request/web_request_api_helpers.cc b/extensions/browser/api/web_request/web_request_api_helpers.cc |
index bdd91f1dfe04310d620abafce152939a6acd4dcb..c6ab7e5af97a0e0b01bfb90129983b84457a515e 100644 |
--- a/extensions/browser/api/web_request/web_request_api_helpers.cc |
+++ b/extensions/browser/api/web_request/web_request_api_helpers.cc |
@@ -28,6 +28,7 @@ |
#include "extensions/browser/runtime_data.h" |
#include "extensions/browser/warning_set.h" |
#include "extensions/common/extension_messages.h" |
+#include "net/cert/x509_certificate.h" |
#include "net/cookies/cookie_util.h" |
#include "net/cookies/parsed_cookie.h" |
#include "net/http/http_util.h" |
@@ -36,6 +37,7 @@ |
#include "net/log/net_log_event_type.h" |
#include "net/log/net_log_parameters_callback.h" |
#include "net/log/net_log_with_source.h" |
+#include "net/ssl/ssl_info.h" |
#include "net/url_request/url_request.h" |
#include "url/url_constants.h" |
@@ -1279,4 +1281,91 @@ bool ParseResourceType(const std::string& type_str, |
return found; |
} |
+static base::DictionaryValue* ExtractDN(const net::CertPrincipal& dn) { |
palmer
2017/01/31 05:42:31
Are |ExtractDN| and |ExtractCertificateInfo| part
Ryan Sleevi
2017/01/31 21:37:56
I'm not supportive of exposing this information at
|
+ auto* dn_dict = new base::DictionaryValue(); |
+ if (!dn.common_name.empty()) { |
+ dn_dict->SetString(keys::kCommonNameKey, dn.common_name); |
+ } |
+ if (!dn.locality_name.empty()) { |
+ dn_dict->SetString(keys::kLocalityNameKey, dn.locality_name); |
+ } |
+ if (!dn.state_or_province_name.empty()) { |
+ dn_dict->SetString(keys::kStateOrProvinceNameKey, |
+ dn.state_or_province_name); |
+ } |
+ if (!dn.country_name.empty()) { |
+ dn_dict->SetString(keys::kCountryNameKey, dn.country_name); |
+ } |
+ if (dn.street_addresses.size() > 0) { |
+ base::ListValue* addrs = new base::ListValue(); |
palmer
2017/01/31 05:42:31
I'd say it's best to be consistent about using/not
|
+ addrs->AppendStrings(dn.street_addresses); |
+ dn_dict->Set(keys::kStreetAddressesKey, addrs); |
+ } |
+ if (dn.organization_names.size() > 0) { |
+ base::ListValue* names = new base::ListValue(); |
+ names->AppendStrings(dn.organization_names); |
+ dn_dict->Set(keys::kOrganizationNamesKey, names); |
+ } |
+ if (dn.organization_unit_names.size() > 0) { |
+ base::ListValue* names = new base::ListValue(); |
+ names->AppendStrings(dn.organization_unit_names); |
+ dn_dict->Set(keys::kOrganizationUnitNamesKey, names); |
+ } |
+ return dn_dict; |
+} |
+ |
+std::unique_ptr<base::DictionaryValue> ExtractCertificateInfo( |
palmer
2017/01/31 05:42:31
I'm not sure if it's correct to use smart pointers
|
+ scoped_refptr<net::X509Certificate> cert) { |
+ std::unique_ptr<base::DictionaryValue> info(new base::DictionaryValue); |
+ info->SetString(keys::kSerialNumberKey, |
+ base::HexEncode(cert->serial_number().data(), |
+ cert->serial_number().size())); |
+ info->Set(keys::kSubjectKey, ExtractDN(cert->subject())); |
+ info->Set(keys::kIssuerKey, ExtractDN(cert->issuer())); |
+ |
+ std::vector<std::string> dns_names; |
+ std::vector<std::string> ip_addrs; |
+ cert->GetSubjectAltName(&dns_names, &ip_addrs); |
+ if (dns_names.size() > 0) { |
+ base::ListValue* names = new base::ListValue(); |
palmer
2017/01/31 05:42:31
Could use auto here, too, and elsewhere.
|
+ names->AppendStrings(dns_names); |
+ info->Set(keys::kDNSNamesKey, names); |
+ } |
+ if (ip_addrs.size() > 0) { |
+ base::ListValue* addrs = new base::ListValue(); |
+ addrs->AppendStrings(ip_addrs); |
+ info->Set(keys::kIPAddressesKey, addrs); |
+ } |
+ |
+ info->SetBoolean(keys::kExpiredKey, cert->HasExpired()); |
+ info->SetDouble(keys::kNotBeforeKey, cert->valid_start().ToJsTime()); |
+ info->SetDouble(keys::kNotAfterKey, cert->valid_expiry().ToJsTime()); |
+ |
+ std::string der_holder; |
+ if (!cert->GetDEREncoded(cert->os_cert_handle(), &der_holder)) |
+ return info; |
+ info->Set(keys::kRawKey, base::BinaryValue::CreateWithCopiedBuffer( |
+ der_holder.c_str(), der_holder.size())); |
palmer
2017/01/31 05:42:31
Is this formatting the result of `git cl format`?
Ryan Sleevi
2017/01/31 21:37:56
The only field I'm supportive of exposing is the r
|
+ |
+ return info; |
+} |
+ |
+base::ListValue* ExtractCertificateChain( |
+ scoped_refptr<net::X509Certificate> cert) { |
+ auto* chain = new base::ListValue(); |
+ if (cert) { |
+ chain->Append(ExtractCertificateInfo(cert)); |
+ const net::X509Certificate::OSCertHandles cert_handles = |
+ cert->GetIntermediateCertificates(); |
+ const net::X509Certificate::OSCertHandles empty_handle; |
+ for (size_t i = 0; i < cert_handles.size(); i++) { |
+ scoped_refptr<net::X509Certificate> interCert; |
+ interCert = |
+ net::X509Certificate::CreateFromHandle(cert_handles[i], empty_handle); |
+ chain->Append(ExtractCertificateInfo(interCert)); |
Ryan Sleevi
2017/01/31 21:37:56
This is a pattern that we've explicitly tried to d
|
+ } |
+ } |
+ return chain; |
+} |
+ |
} // namespace extension_web_request_api_helpers |