Plumb the net::SSLInfo to the browser process when it's using the network service.

content/common/resource_messages.cc

 // Copyright (c) 2012 The Chromium Authors. All rights reserved.
 // Use of this source code is governed by a BSD-style license that can be
 // found in the LICENSE file.
 
 #include "content/common/resource_messages.h"
 
 #include "net/base/load_timing_info.h"
 #include "net/http/http_response_headers.h"
 
 namespace IPC {
@@ skipping 28 matching lines @@
   if (has_object)
     *r = new net::HttpResponseHeaders(iter);
   return true;
 }
 
 void ParamTraits<scoped_refptr<net::HttpResponseHeaders> >::Log(
     const param_type& p, std::string* l) {
   l->append("<HttpResponseHeaders>");
 }
 
+namespace {
+void GetCertSize(base::PickleSizer* s, net::X509Certificate* cert) {
+  GetParamSize(s, !!cert);
+  if (cert) {
+    base::Pickle temp;
+    cert->Persist(&temp);

[Ryan Sleevi, 2017/04/14 01:47:38]

I'll see about updating the documentation. The Pickle implementation is intended
to be an internal detail of //net (related to how the disk cache is implemented)
moreso than a stable interface.

We can and have in the past changed the pickle format in conjunction with
changing the disk cache. Does that create issues? If so, we should be more
explicit here with serialization.

However, if this code doesn't have version skew issues (I thought Mojo tried to
allow version skew), then that's probably less of an issue.

[jam, 2017/04/14 02:34:14]

If the entire comment is only about version skew, then that's not an issue. We
have no plans in the next year or two of supporting different versions of these
APIs. If that changes, then at that point we would have to audit every data type
sent over APIs we want to freeze.

[Ryan Sleevi, 2017/04/14 14:53:25]

It is not.

+    s->AddBytes(temp.payload_size());
+  }
+}
+
+void WriteCert(base::Pickle* m, net::X509Certificate* cert) {
+  WriteParam(m, !!cert);
+  if (cert)
+    cert->Persist(m);
+}
+
+bool ReadCert(base::PickleIterator* iter,
+              scoped_refptr<net::X509Certificate>* cert) {
+  bool has_cert = false;
+  if (!iter->ReadBool(&has_cert))
+    return false;
+  if (!has_cert)
+    return true;
+
+  *cert = net::X509Certificate::CreateFromPickle(
+      iter, net::X509Certificate::PICKLETYPE_CERTIFICATE_CHAIN_V3);
+  return !!cert->get();
+}
+
+}  // namespace
+
+void ParamTraits<net::SSLInfo>::GetSize(base::PickleSizer* s,

[Ryan Sleevi, 2017/04/14 01:47:38]

This makes me nervous, because we can and do add new fields to net::SSLInfo
here, and it would seem that these would be uninitialized by consumers if this
code wasn't updated.

What steps can we take to defend against the lower API changing, which would
result in a loss of information?

[jam, 2017/04/14 02:34:14]

Well, the default constructor runs first, so at worst they should have whatever
that sets as default.

In general, the issue of having to match serialization code with structs is
something that has existed since the beginning of ipc but hasn't turned out to
be a problem in practice. i.e. this happens to a lot of structs defined in
cc/gpu/net/skia etc... that have traits in content/

+                                        const param_type& p) {
+  GetParamSize(s, p.is_valid());
+  if (!p.is_valid())
+    return;
+  GetCertSize(s, p.cert.get());
+  GetCertSize(s, p.unverified_cert.get());
+  GetParamSize(s, p.cert_status);
+  GetParamSize(s, p.security_bits);
+  GetParamSize(s, p.key_exchange_group);
+  GetParamSize(s, p.connection_status);
+  GetParamSize(s, p.is_issued_by_known_root);
+  GetParamSize(s, p.pkp_bypassed);
+  GetParamSize(s, p.client_cert_sent);
+  GetParamSize(s, p.channel_id_sent);
+  GetParamSize(s, p.token_binding_negotiated);
+  GetParamSize(s, p.token_binding_key_param);
+  GetParamSize(s, p.handshake_type);
+  GetParamSize(s, p.public_key_hashes);
+  GetParamSize(s, p.pinning_failure_log);
+  GetParamSize(s, p.signed_certificate_timestamps);
+  GetParamSize(s, p.ct_compliance_details_available);
+  GetParamSize(s, p.ct_ev_policy_compliance);
+  GetParamSize(s, p.ct_cert_policy_compliance);
+  GetParamSize(s, p.ocsp_result.response_status);
+  GetParamSize(s, p.ocsp_result.revocation_status);
+}
+
+void ParamTraits<net::SSLInfo>::Write(base::Pickle* m, const param_type& p) {
+  WriteParam(m, p.is_valid());
+  if (!p.is_valid())
+    return;
+  WriteCert(m, p.cert.get());
+  WriteCert(m, p.unverified_cert.get());
+  WriteParam(m, p.cert_status);
+  WriteParam(m, p.security_bits);
+  WriteParam(m, p.key_exchange_group);
+  WriteParam(m, p.connection_status);
+  WriteParam(m, p.is_issued_by_known_root);
+  WriteParam(m, p.pkp_bypassed);
+  WriteParam(m, p.client_cert_sent);
+  WriteParam(m, p.channel_id_sent);
+  WriteParam(m, p.token_binding_negotiated);
+  WriteParam(m, p.token_binding_key_param);
+  WriteParam(m, p.handshake_type);
+  WriteParam(m, p.public_key_hashes);
+  WriteParam(m, p.pinning_failure_log);
+  WriteParam(m, p.signed_certificate_timestamps);
+  WriteParam(m, p.ct_compliance_details_available);
+  WriteParam(m, p.ct_ev_policy_compliance);
+  WriteParam(m, p.ct_cert_policy_compliance);
+  WriteParam(m, p.ocsp_result.response_status);
+  WriteParam(m, p.ocsp_result.revocation_status);
+}
+
+bool ParamTraits<net::SSLInfo>::Read(const base::Pickle* m,
+                                     base::PickleIterator* iter,
+                                     param_type* r) {
+  bool is_valid = false;
+  if (!ReadParam(m, iter, &is_valid))
+    return false;
+  if (!is_valid)
+    return true;
+  return ReadCert(iter, &r->cert) &&
+         ReadCert(iter, &r->unverified_cert) &&
+         ReadParam(m, iter, &r->cert_status) &&
+         ReadParam(m, iter, &r->security_bits) &&
+         ReadParam(m, iter, &r->key_exchange_group) &&
+         ReadParam(m, iter, &r->connection_status) &&
+         ReadParam(m, iter, &r->is_issued_by_known_root) &&
+         ReadParam(m, iter, &r->pkp_bypassed) &&
+         ReadParam(m, iter, &r->client_cert_sent) &&
+         ReadParam(m, iter, &r->channel_id_sent) &&
+         ReadParam(m, iter, &r->token_binding_negotiated) &&
+         ReadParam(m, iter, &r->token_binding_key_param) &&
+         ReadParam(m, iter, &r->handshake_type) &&
+         ReadParam(m, iter, &r->public_key_hashes) &&
+         ReadParam(m, iter, &r->signed_certificate_timestamps) &&
+         ReadParam(m, iter, &r->ct_compliance_details_available) &&
+         ReadParam(m, iter, &r->ct_ev_policy_compliance) &&
+         ReadParam(m, iter, &r->ct_cert_policy_compliance) &&
+         ReadParam(m, iter, &r->ocsp_result.response_status) &&
+         ReadParam(m, iter, &r->ocsp_result.revocation_status);
+}
+
+void ParamTraits<net::SSLInfo>::Log(const param_type& p, std::string* l) {
+  l->append("<SSLInfo>");
+}
+
+void ParamTraits<net::HashValue>::GetSize(base::PickleSizer* s,
+                                          const param_type& p) {
+  GetParamSize(s, p.ToString());
+}
+
+void ParamTraits<net::HashValue>::Write(base::Pickle* m, const param_type& p) {
+  WriteParam(m, p.ToString());
+}
+
+bool ParamTraits<net::HashValue>::Read(const base::Pickle* m,
+                                       base::PickleIterator* iter,
+                                       param_type* r) {
+  std::string str;
+  return ReadParam(m, iter, &str) && r->FromString(str);
+}
+
+void ParamTraits<net::HashValue>::Log(const param_type& p, std::string* l) {
+  l->append("<HashValue>");
+}
+
 void ParamTraits<storage::DataElement>::GetSize(base::PickleSizer* s,
                                                 const param_type& p) {
   GetParamSize(s, static_cast<int>(p.type()));
   switch (p.type()) {
     case storage::DataElement::TYPE_BYTES: {
       s->AddData(static_cast<int>(p.length()));
       break;
     }
     case storage::DataElement::TYPE_BYTES_DESCRIPTION: {
       GetParamSize(s, p.length());
@@ skipping 421 matching lines @@
   return true;
 }
 
 void ParamTraits<scoped_refptr<net::ct::SignedCertificateTimestamp>>::Log(
     const param_type& p,
     std::string* l) {
   l->append("<SignedCertificateTimestamp>");
 }
 
 }  // namespace IPC