| Index: content/child/web_url_loader_impl.cc
|
| diff --git a/content/child/web_url_loader_impl.cc b/content/child/web_url_loader_impl.cc
|
| index 17da0e103519d484dec9df5c4376e17e589aa2f0..ef0ce4ebe6bc4df0b98de505467e65a577cb5f9f 100644
|
| --- a/content/child/web_url_loader_impl.cc
|
| +++ b/content/child/web_url_loader_impl.cc
|
| @@ -33,6 +33,7 @@
|
| #include "content/child/weburlresponse_extradata_impl.h"
|
| #include "content/common/resource_messages.h"
|
| #include "content/common/resource_request_body_impl.h"
|
| +#include "content/common/security_style_util.h"
|
| #include "content/common/service_worker/service_worker_types.h"
|
| #include "content/common/ssl_status_serialization.h"
|
| #include "content/common/url_loader.mojom.h"
|
| @@ -45,6 +46,7 @@
|
| #include "net/base/net_errors.h"
|
| #include "net/cert/cert_status_flags.h"
|
| #include "net/cert/ct_sct_to_string.h"
|
| +#include "net/cert/x509_certificate.h"
|
| #include "net/http/http_response_headers.h"
|
| #include "net/http/http_util.h"
|
| #include "net/ssl/ssl_cipher_suite_names.h"
|
| @@ -239,7 +241,7 @@ void SetSecurityStyleAndDetails(const GURL& url,
|
| }
|
|
|
| int ssl_version =
|
| - net::SSLConnectionStatusToVersion(ssl_status.connection_status);
|
| + net::SSLConnectionStatusToVersion(info.ssl_connection_status);
|
| const char* protocol;
|
| net::SSLVersionToString(&protocol, ssl_version);
|
|
|
| @@ -248,7 +250,7 @@ void SetSecurityStyleAndDetails(const GURL& url,
|
| const char* mac;
|
| bool is_aead;
|
| uint16_t cipher_suite =
|
| - net::SSLConnectionStatusToCipherSuite(ssl_status.connection_status);
|
| + net::SSLConnectionStatusToCipherSuite(info.ssl_connection_status);
|
| net::SSLCipherSuiteToStrings(&key_exchange, &cipher, &mac, &is_aead,
|
| cipher_suite);
|
| if (mac == NULL) {
|
| @@ -256,27 +258,38 @@ void SetSecurityStyleAndDetails(const GURL& url,
|
| mac = "";
|
| }
|
|
|
| - blink::WebURLResponse::SecurityStyle securityStyle =
|
| + SecurityStyle security_style = GetSecurityStyleForResource(
|
| + url, !info.certificate.empty(), info.cert_status);
|
| +
|
| + blink::WebURLResponse::SecurityStyle security_style_blink =
|
| WebURLResponse::SecurityStyleUnknown;
|
| - switch (ssl_status.security_style) {
|
| + switch (security_style) {
|
| case SECURITY_STYLE_UNKNOWN:
|
| - securityStyle = WebURLResponse::SecurityStyleUnknown;
|
| + security_style_blink = WebURLResponse::SecurityStyleUnknown;
|
| break;
|
| case SECURITY_STYLE_UNAUTHENTICATED:
|
| - securityStyle = WebURLResponse::SecurityStyleUnauthenticated;
|
| + security_style_blink = WebURLResponse::SecurityStyleUnauthenticated;
|
| break;
|
| case SECURITY_STYLE_AUTHENTICATION_BROKEN:
|
| - securityStyle = WebURLResponse::SecurityStyleAuthenticationBroken;
|
| + security_style_blink = WebURLResponse::SecurityStyleAuthenticationBroken;
|
| break;
|
| case SECURITY_STYLE_WARNING:
|
| - securityStyle = WebURLResponse::SecurityStyleWarning;
|
| + security_style_blink = WebURLResponse::SecurityStyleWarning;
|
| break;
|
| case SECURITY_STYLE_AUTHENTICATED:
|
| - securityStyle = WebURLResponse::SecurityStyleAuthenticated;
|
| + security_style_blink = WebURLResponse::SecurityStyleAuthenticated;
|
| break;
|
| }
|
|
|
| - response->setSecurityStyle(securityStyle);
|
| + response->setSecurityStyle(security_style_blink);
|
| +
|
| + base::Pickle pickle(info.certificate.data(), info.certificate.size());
|
| + base::PickleIterator iterator(pickle);
|
| + scoped_refptr<net::X509Certificate> certificate =
|
| + net::X509Certificate::CreateFromPickle(
|
| + &iterator,
|
| + net::X509Certificate::PICKLETYPE_CERTIFICATE_CHAIN_V3);
|
| + DCHECK(certificate);
|
|
|
| blink::WebURLResponse::SignedCertificateTimestampList sct_list(
|
| info.signed_certificate_timestamps.size());
|
| @@ -284,9 +297,31 @@ void SetSecurityStyleAndDetails(const GURL& url,
|
| for (size_t i = 0; i < sct_list.size(); ++i)
|
| sct_list[i] = NetSCTToBlinkSCT(info.signed_certificate_timestamps[i]);
|
|
|
| + std::vector<std::string> san, ip_addrs;
|
| + certificate->GetSubjectAltName(&san, &ip_addrs);
|
| +
|
| + // IP addresses are in raw network bytes and must be converted to string form
|
| + for (const std::string& ip : ip_addrs) {
|
| + net::IPAddress ip_addr(reinterpret_cast<const uint8_t*>(ip.c_str()),
|
| + ip.length());
|
| + san.push_back(ip_addr.ToString());
|
| + }
|
| +
|
| + blink::WebVector<blink::WebString> web_san(san.size());
|
| + std::transform(
|
| + san.begin(),
|
| + san.end(), web_san.begin(),
|
| + [](const std::string& h) { return blink::WebString::fromLatin1(h); });
|
| +
|
| blink::WebURLResponse::WebSecurityDetails webSecurityDetails(
|
| WebString::fromUTF8(protocol), WebString::fromUTF8(key_exchange),
|
| - WebString::fromUTF8(cipher), WebString::fromUTF8(mac), ssl_status.cert_id,
|
| + WebString::fromUTF8(cipher), WebString::fromUTF8(mac),
|
| + WebString::fromUTF8(certificate->subject().GetDisplayName()),
|
| + web_san,
|
| + WebString::fromUTF8(certificate->issuer().GetDisplayName()),
|
| + certificate->valid_start().ToDoubleT(),
|
| + certificate->valid_expiry().ToDoubleT(),
|
| + WebString::fromLatin1(info.certificate),
|
| sct_list);
|
|
|
| response->setSecurityDetails(webSecurityDetails);
|
|
|
Chromium Code Reviews
Issue 2296953004:
Send certificates to devtools when it's open instead of using certId (Closed)
