Index: extensions/browser/api/web_request/web_request_event_details.cc |
diff --git a/extensions/browser/api/web_request/web_request_event_details.cc b/extensions/browser/api/web_request/web_request_event_details.cc |
index d7a3e10c82713c857339ceb6b1323cfbc1f87b62..6bcff944df415fb38819169521aa78e2d60a70e7 100644 |
--- a/extensions/browser/api/web_request/web_request_event_details.cc |
+++ b/extensions/browser/api/web_request/web_request_event_details.cc |
@@ -18,7 +18,10 @@ |
#include "net/base/upload_data_stream.h" |
#include "net/http/http_request_headers.h" |
#include "net/http/http_response_headers.h" |
+#include "net/ssl/ssl_cipher_suite_names.h" |
+#include "net/ssl/ssl_connection_status_flags.h" |
#include "net/url_request/url_request.h" |
+#include "third_party/boringssl/src/include/openssl/ssl.h" |
using extension_web_request_api_helpers::ExtraInfoSpec; |
@@ -236,4 +239,49 @@ void WebRequestEventDetails::OnDeterminedFrameData( |
callback.Run(std::move(self)); |
} |
+void WebRequestEventDetails::SetSSLInfo(const net::URLRequest* request) { |
+ const net::SSLInfo ssl_info = request->ssl_info(); |
+ base::DictionaryValue* info_dict = new base::DictionaryValue(); |
+ |
+ const char* ssl_version; |
+ net::SSLVersionToString(&ssl_version, net::SSLConnectionStatusToVersion( |
+ ssl_info.connection_status)); |
+ if (strncmp(ssl_version, "?", 1) == 0) |
+ ssl_version = "UNKNOWN"; |
+ info_dict->SetString(keys::kSSLVersionKey, ssl_version); |
+ |
+ const SSL_CIPHER* cipher = SSL_get_cipher_by_value( |
+ net::SSLConnectionStatusToCipherSuite(ssl_info.connection_status)); |
+ char* cipher_name = SSL_CIPHER_get_rfc_name(cipher); |
+ if (cipher_name) { |
+ std::string rfc_name = std::string(cipher_name); |
+ OPENSSL_free(cipher_name); |
+ info_dict->SetString(keys::kCipherSuiteKey, rfc_name); |
+ } |
+ |
+ base::DictionaryValue* built_dict = new base::DictionaryValue(); |
+ built_dict->SetBoolean(keys::kCertificateIssuedByKnownRootKey, |
+ ssl_info.is_issued_by_known_root); |
Ryan Sleevi
2017/01/31 21:37:56
I'm very concerned about exposing this (or any oth
|
+ built_dict->Set(keys::kChainKey, |
+ helpers::ExtractCertificateChain(ssl_info.cert)); |
+ |
+ built_dict->SetBoolean( |
+ keys::kCertificateValidKey, |
+ ssl_info.is_valid() && !net::IsCertStatusError(ssl_info.cert_status)); |
Ryan Sleevi
2017/01/31 21:37:56
I'm uncomfortable with us surfacing this as if it
|
+ if (net::IsCertStatusError(ssl_info.cert_status)) { |
+ std::string error = net::ErrorToShortString( |
+ net::MapCertStatusToNetError(ssl_info.cert_status)); |
+ built_dict->SetString(keys::kErrorKey, error); |
Ryan Sleevi
2017/01/31 21:37:56
This is an explicit non-goal; we do not want the e
|
+ } |
+ |
+ built_dict->SetBoolean(keys::kEVCertificateKey, |
+ (ssl_info.cert_status & net::CERT_STATUS_IS_EV)); |
Ryan Sleevi
2017/01/31 21:37:56
Can you explain why this is necessary? This repres
|
+ |
+ info_dict->Set(keys::kBuiltChainKey, built_dict); |
+ info_dict->Set(keys::kSentChainKey, |
+ helpers::ExtractCertificateChain(ssl_info.unverified_cert)); |
+ |
+ dict_.Set(keys::kSSLInfoKey, info_dict); |
+} |
+ |
} // namespace extensions |