content/common/ssl_status_serialization.cc - Issue 2206093004: Change SSLStatus to carry a vector of SCT statuses instead of counters

Side by Side Diff: content/common/ssl_status_serialization.cc

Issue 2206093004: Change SSLStatus to carry a vector of SCT statuses instead of counters (Closed) Base URL: https://chromium.googlesource.com/chromium/src.git@master

Patch Set: Created 4 years, 4 months ago

Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.

Jump to:

View unified diff | Download patch

« chrome/browser/ssl/chrome_security_state_model_client_browser_tests.cc ('K') | « content/browser/frame_host/navigation_controller_impl_unittest.cc ('k') | content/common/ssl_status_serialization_unittest.cc » ('j') | no next file with comments »
Toggle Intra-line Diffs ('i') | Expand Comments ('e') | Collapse Comments ('c') | Hide Comments ('s')

OLD	NEW
1 // Copyright (c) 2012 The Chromium Authors. All rights reserved.	1 // Copyright (c) 2012 The Chromium Authors. All rights reserved.

2 // Use of this source code is governed by a BSD-style license that can be	2 // Use of this source code is governed by a BSD-style license that can be

3 // found in the LICENSE file.	3 // found in the LICENSE file.

4	4

5 #include "content/common/ssl_status_serialization.h"	5 #include "content/common/ssl_status_serialization.h"

6	6

7 #include <stdint.h>	7 #include <stdint.h>

8	8

9 #include "base/logging.h"	9 #include "base/logging.h"

10 #include "base/numerics/safe_conversions.h"	10 #include "base/numerics/safe_conversions.h"

11 #include "base/pickle.h"	11 #include "base/pickle.h"

12	12

13 namespace {	13 namespace {

14	14

15 // Checks that an integer \|security_style\| is a valid SecurityStyle enum	15 // Checks that an integer \|security_style\| is a valid SecurityStyle enum

16 // value. Returns true if valid, false otherwise.	16 // value. Returns true if valid, false otherwise.

17 bool CheckSecurityStyle(int security_style) {	17 bool CheckSecurityStyle(int security_style) {

18 switch (security_style) {	18 switch (security_style) {

19 case content::SECURITY_STYLE_UNKNOWN:	19 case content::SECURITY_STYLE_UNKNOWN:

20 case content::SECURITY_STYLE_UNAUTHENTICATED:	20 case content::SECURITY_STYLE_UNAUTHENTICATED:

21 case content::SECURITY_STYLE_AUTHENTICATION_BROKEN:	21 case content::SECURITY_STYLE_AUTHENTICATION_BROKEN:

22 case content::SECURITY_STYLE_WARNING:	22 case content::SECURITY_STYLE_WARNING:

23 case content::SECURITY_STYLE_AUTHENTICATED:	23 case content::SECURITY_STYLE_AUTHENTICATED:

24 return true;	24 return true;

25 }	25 }

26 return false;	26 return false;

27 }	27 }

28	28

	29 // Checks that an integer \|sct_status\| is a valid net::ct::SCTVerifyStatus enum

	30 // value. Returns true if valid, false otherwise.

	31 bool CheckSCTStatus(uint32_t sct_status) {

	32 switch (sct_status) {

	33 case net::ct::SCT_STATUS_LOG_UNKNOWN:

	34 case net::ct::SCT_STATUS_INVALID:

	35 case net::ct::SCT_STATUS_OK:

	36 case net::ct::SCT_STATUS_MAX:

	37 return true;

	38 case net::ct::SCT_STATUS_NONE:

	39 // SCT_STATUS_NONE should never happen, so it isn't valid to

	40 // receive a status of NONE in a serialized SSLStatus.

	41 return false;

	42 }

	43 return false;

	44 }

	45

29 } // namespace	46 } // namespace

30	47

31 namespace content {	48 namespace content {

32	49

33 std::string SerializeSecurityInfo(const SSLStatus& ssl_status) {	50 std::string SerializeSecurityInfo(const SSLStatus& ssl_status) {

34 base::Pickle pickle;	51 base::Pickle pickle;

35 pickle.WriteInt(ssl_status.security_style);	52 pickle.WriteInt(ssl_status.security_style);

36 pickle.WriteInt(ssl_status.cert_id);	53 pickle.WriteInt(ssl_status.cert_id);

37 pickle.WriteUInt32(ssl_status.cert_status);	54 pickle.WriteUInt32(ssl_status.cert_status);

38 pickle.WriteInt(ssl_status.security_bits);	55 pickle.WriteInt(ssl_status.security_bits);

39 pickle.WriteInt(ssl_status.key_exchange_info);	56 pickle.WriteInt(ssl_status.key_exchange_info);

40 pickle.WriteInt(ssl_status.connection_status);	57 pickle.WriteInt(ssl_status.connection_status);

41 pickle.WriteUInt32(ssl_status.num_unknown_scts);	58 pickle.WriteUInt32(ssl_status.sct_statuses.size());

42 pickle.WriteUInt32(ssl_status.num_invalid_scts);	59 for (const auto& sct_status : ssl_status.sct_statuses) {

43 pickle.WriteUInt32(ssl_status.num_valid_scts);	60 pickle.WriteUInt32(sct_status);

	61 }

44 pickle.WriteBool(ssl_status.pkp_bypassed);	62 pickle.WriteBool(ssl_status.pkp_bypassed);

45 return std::string(static_cast<const char*>(pickle.data()), pickle.size());	63 return std::string(static_cast<const char*>(pickle.data()), pickle.size());

46 }	64 }

47	65

48 bool DeserializeSecurityInfo(const std::string& state, SSLStatus* ssl_status) {	66 bool DeserializeSecurityInfo(const std::string& state, SSLStatus* ssl_status) {

49 *ssl_status = SSLStatus();	67 *ssl_status = SSLStatus();

50	68

51 if (state.empty()) {	69 if (state.empty()) {

52 // No SSL used.	70 // No SSL used.

53 return true;	71 return true;

54 }	72 }

55	73

56 base::Pickle pickle(state.data(), base::checked_cast<int>(state.size()));	74 base::Pickle pickle(state.data(), base::checked_cast<int>(state.size()));

57 base::PickleIterator iter(pickle);	75 base::PickleIterator iter(pickle);

58 int security_style;	76 int security_style;

59 if (!iter.ReadInt(&security_style) \|\| !iter.ReadInt(&ssl_status->cert_id) \|\|	77 if (!iter.ReadInt(&security_style) \|\| !iter.ReadInt(&ssl_status->cert_id) \|\|

60 !iter.ReadUInt32(&ssl_status->cert_status) \|\|	78 !iter.ReadUInt32(&ssl_status->cert_status) \|\|

61 !iter.ReadInt(&ssl_status->security_bits) \|\|	79 !iter.ReadInt(&ssl_status->security_bits) \|\|

62 !iter.ReadInt(&ssl_status->key_exchange_info) \|\|	80 !iter.ReadInt(&ssl_status->key_exchange_info) \|\|

63 !iter.ReadInt(&ssl_status->connection_status) \|\|	81 !iter.ReadInt(&ssl_status->connection_status)) {

64 !iter.ReadUInt32(&ssl_status->num_unknown_scts) \|\|

65 !iter.ReadUInt32(&ssl_status->num_invalid_scts) \|\|

66 !iter.ReadUInt32(&ssl_status->num_valid_scts) \|\|

67 !iter.ReadBool(&ssl_status->pkp_bypassed)) {

68 *ssl_status = SSLStatus();	82 *ssl_status = SSLStatus();

69 return false;	83 return false;

70 }	84 }

	85

	86 uint32_t num_sct_statuses;

	87 if (!iter.ReadUInt32(&num_sct_statuses)) {

	88 return false;

	89 }

	90

	91 for (uint32_t i = 0; i < num_sct_statuses; i++) {

	92 uint32_t sct_status;

	93 if (!iter.ReadUInt32(&sct_status) \|\| !CheckSCTStatus(sct_status)) {

	94 *ssl_status = SSLStatus();

	95 return false;

	96 }

	97 ssl_status->sct_statuses.push_back(

	98 static_cast<net::ct::SCTVerifyStatus>(sct_status));

	99 }

	100

	101 if (!iter.ReadBool(&ssl_status->pkp_bypassed)) {

	102 *ssl_status = SSLStatus();

	103 return false;

	104 }

71	105

72 if (!CheckSecurityStyle(security_style)) {	106 if (!CheckSecurityStyle(security_style)) {

73 *ssl_status = SSLStatus();	107 *ssl_status = SSLStatus();

74 return false;	108 return false;

75 }	109 }

76	110

77 ssl_status->security_style = static_cast<SecurityStyle>(security_style);	111 ssl_status->security_style = static_cast<SecurityStyle>(security_style);

78	112

79 // Sanity check \|security_bits\|: the only allowed negative value is -1.	113 // Sanity check \|security_bits\|: the only allowed negative value is -1.

80 if (ssl_status->security_bits < -1) {	114 if (ssl_status->security_bits < -1) {

81 *ssl_status = SSLStatus();	115 *ssl_status = SSLStatus();

82 return false;	116 return false;

83 }	117 }

84	118

85 // Sanity check \|key_exchange_info\|: 0 or greater.	119 // Sanity check \|key_exchange_info\|: 0 or greater.

86 if (ssl_status->key_exchange_info < 0) {	120 if (ssl_status->key_exchange_info < 0) {

87 *ssl_status = SSLStatus();	121 *ssl_status = SSLStatus();

88 return false;	122 return false;

89 }	123 }

90	124

91 return true;	125 return true;

92 }	126 }

93	127

94 } // namespace content	128 } // namespace content

OLD	NEW