OLD | NEW |
1 // Copyright 2016 The Chromium Authors. All rights reserved. | 1 // Copyright 2016 The Chromium Authors. All rights reserved. |
2 // Use of this source code is governed by a BSD-style license that can be | 2 // Use of this source code is governed by a BSD-style license that can be |
3 // found in the LICENSE file. | 3 // found in the LICENSE file. |
4 | 4 |
5 #include "chrome/browser/ssl/chrome_expect_ct_reporter.h" | 5 #include "chrome/browser/ssl/chrome_expect_ct_reporter.h" |
6 | 6 |
7 #include <string> | 7 #include <string> |
8 | 8 |
9 #include "base/base64.h" | 9 #include "base/base64.h" |
10 #include "base/command_line.h" | 10 #include "base/command_line.h" |
(...skipping 107 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
118 net::URLRequestContext* request_context) | 118 net::URLRequestContext* request_context) |
119 : report_sender_( | 119 : report_sender_( |
120 new net::ReportSender(request_context, | 120 new net::ReportSender(request_context, |
121 net::ReportSender::DO_NOT_SEND_COOKIES)) {} | 121 net::ReportSender::DO_NOT_SEND_COOKIES)) {} |
122 | 122 |
123 ChromeExpectCTReporter::~ChromeExpectCTReporter() {} | 123 ChromeExpectCTReporter::~ChromeExpectCTReporter() {} |
124 | 124 |
125 void ChromeExpectCTReporter::OnExpectCTFailed( | 125 void ChromeExpectCTReporter::OnExpectCTFailed( |
126 const net::HostPortPair& host_port_pair, | 126 const net::HostPortPair& host_port_pair, |
127 const GURL& report_uri, | 127 const GURL& report_uri, |
128 const net::SSLInfo& ssl_info) { | 128 const net::X509Certificate* validated_certificate_chain, |
| 129 const net::X509Certificate* served_certificate_chain, |
| 130 const net::SignedCertificateTimestampAndStatusList& |
| 131 signed_certificate_timestamps) { |
129 if (report_uri.is_empty()) | 132 if (report_uri.is_empty()) |
130 return; | 133 return; |
131 | 134 |
132 if (!base::FeatureList::IsEnabled(features::kExpectCTReporting)) | 135 if (!base::FeatureList::IsEnabled(features::kExpectCTReporting)) |
133 return; | 136 return; |
134 | 137 |
135 // TODO(estark): De-duplicate reports so that the same report isn't | 138 // TODO(estark): De-duplicate reports so that the same report isn't |
136 // sent too often in some period of time. | 139 // sent too often in some period of time. |
137 | 140 |
138 base::DictionaryValue report; | 141 base::DictionaryValue report; |
139 report.SetString("hostname", host_port_pair.host()); | 142 report.SetString("hostname", host_port_pair.host()); |
140 report.SetInteger("port", host_port_pair.port()); | 143 report.SetInteger("port", host_port_pair.port()); |
141 report.SetString("date-time", TimeToISO8601(base::Time::Now())); | 144 report.SetString("date-time", TimeToISO8601(base::Time::Now())); |
142 report.Set("served-certificate-chain", | 145 report.Set("served-certificate-chain", |
143 GetPEMEncodedChainAsList(ssl_info.unverified_cert.get())); | 146 GetPEMEncodedChainAsList(served_certificate_chain)); |
144 report.Set("validated-certificate-chain", | 147 report.Set("validated-certificate-chain", |
145 GetPEMEncodedChainAsList(ssl_info.cert.get())); | 148 GetPEMEncodedChainAsList(validated_certificate_chain)); |
146 | 149 |
147 std::unique_ptr<base::ListValue> unknown_scts(new base::ListValue()); | 150 std::unique_ptr<base::ListValue> unknown_scts(new base::ListValue()); |
148 std::unique_ptr<base::ListValue> invalid_scts(new base::ListValue()); | 151 std::unique_ptr<base::ListValue> invalid_scts(new base::ListValue()); |
149 std::unique_ptr<base::ListValue> valid_scts(new base::ListValue()); | 152 std::unique_ptr<base::ListValue> valid_scts(new base::ListValue()); |
150 | 153 |
151 for (const auto& sct_and_status : ssl_info.signed_certificate_timestamps) { | 154 for (const auto& sct_and_status : signed_certificate_timestamps) { |
152 switch (sct_and_status.status) { | 155 switch (sct_and_status.status) { |
153 case net::ct::SCT_STATUS_LOG_UNKNOWN: | 156 case net::ct::SCT_STATUS_LOG_UNKNOWN: |
154 AddUnknownSCT(sct_and_status, unknown_scts.get()); | 157 AddUnknownSCT(sct_and_status, unknown_scts.get()); |
155 break; | 158 break; |
156 case net::ct::SCT_STATUS_INVALID_SIGNATURE: | 159 case net::ct::SCT_STATUS_INVALID_SIGNATURE: |
157 case net::ct::SCT_STATUS_INVALID_TIMESTAMP: | 160 case net::ct::SCT_STATUS_INVALID_TIMESTAMP: |
158 AddInvalidSCT(sct_and_status, invalid_scts.get()); | 161 AddInvalidSCT(sct_and_status, invalid_scts.get()); |
159 break; | 162 break; |
160 case net::ct::SCT_STATUS_OK: | 163 case net::ct::SCT_STATUS_OK: |
161 AddValidSCT(sct_and_status, valid_scts.get()); | 164 AddValidSCT(sct_and_status, valid_scts.get()); |
(...skipping 12 matching lines...) Expand all Loading... |
174 LOG(ERROR) << "Failed to serialize Expect CT report"; | 177 LOG(ERROR) << "Failed to serialize Expect CT report"; |
175 return; | 178 return; |
176 } | 179 } |
177 | 180 |
178 UMA_HISTOGRAM_BOOLEAN("SSL.ExpectCTReportSendingAttempt", true); | 181 UMA_HISTOGRAM_BOOLEAN("SSL.ExpectCTReportSendingAttempt", true); |
179 | 182 |
180 report_sender_->Send(report_uri, "application/json; charset=utf-8", | 183 report_sender_->Send(report_uri, "application/json; charset=utf-8", |
181 serialized_report, base::Callback<void()>(), | 184 serialized_report, base::Callback<void()>(), |
182 base::Bind(RecordUMAOnFailure)); | 185 base::Bind(RecordUMAOnFailure)); |
183 } | 186 } |
OLD | NEW |