Chromium Code Reviews
chromiumcodereview-hr@appspot.gserviceaccount.com (chromiumcodereview-hr) | Please choose your nickname with Settings | Help | Chromium Project | Gerrit Changes | Sign out
(2654)

Issues Search
    My Issues | Starred     Open | Closed | All

Unified Diff: chrome/browser/ssl/chrome_expect_ct_reporter.cc

Issue 2960163002: Revert of Update SCT serialization format in Expect-CT reports (Closed)
Patch Set: Created 3 years, 6 months ago
Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.
Jump to:
View side-by-side diff with in-line comments
Download patch
« no previous file with comments | « no previous file | chrome/browser/ssl/chrome_expect_ct_reporter_unittest.cc » ('j') | no next file with comments »
Expand Comments ('e') | Collapse Comments ('c') | Show Comments Hide Comments ('s')
Index: chrome/browser/ssl/chrome_expect_ct_reporter.cc
diff --git a/chrome/browser/ssl/chrome_expect_ct_reporter.cc b/chrome/browser/ssl/chrome_expect_ct_reporter.cc
index e56942601b05426dee75926286d1902f0f04351f..9697c086078451a8e6acdc5a9d1ecc4147b765ea 100644
--- a/chrome/browser/ssl/chrome_expect_ct_reporter.cc
+++ b/chrome/browser/ssl/chrome_expect_ct_reporter.cc
@@ -17,7 +17,6 @@
#include "base/strings/stringprintf.h"
#include "base/values.h"
#include "chrome/common/chrome_features.h"
-#include "net/cert/ct_serialization.h"
#include "net/traffic_annotation/network_traffic_annotation.h"
#include "net/url_request/report_sender.h"
@@ -52,42 +51,57 @@
case net::ct::SignedCertificateTimestamp::SCT_EMBEDDED:
return "embedded";
case net::ct::SignedCertificateTimestamp::SCT_FROM_TLS_EXTENSION:
- return "tls-extension";
+ return "from-tls-extension";
case net::ct::SignedCertificateTimestamp::SCT_FROM_OCSP_RESPONSE:
- return "ocsp";
- case net::ct::SignedCertificateTimestamp::SCT_ORIGIN_MAX:
+ return "from-ocsp-response";
+ default:
NOTREACHED();
}
return "";
}
-void AddSCT(const net::SignedCertificateTimestampAndStatus& sct,
- base::ListValue* list) {
+void AddUnknownSCT(
+ const net::SignedCertificateTimestampAndStatus& sct_and_status,
+ base::ListValue* list) {
std::unique_ptr<base::DictionaryValue> list_item(new base::DictionaryValue());
- // Chrome implements RFC6962, not 6962-bis, so the reports contain v1 SCTs.
- list_item->SetInteger("version", 1);
- std::string status;
- switch (sct.status) {
- case net::ct::SCT_STATUS_LOG_UNKNOWN:
- status = "unknown";
- break;
- case net::ct::SCT_STATUS_INVALID_SIGNATURE:
- case net::ct::SCT_STATUS_INVALID_TIMESTAMP:
- status = "invalid";
- break;
- case net::ct::SCT_STATUS_OK:
- status = "valid";
- break;
- case net::ct::SCT_STATUS_NONE:
- NOTREACHED();
- }
- list_item->SetString("status", status);
- list_item->SetString("source", SCTOriginToString(sct.sct->origin));
- std::string serialized_sct;
- net::ct::EncodeSignedCertificateTimestamp(sct.sct, &serialized_sct);
- std::string encoded_serialized_sct;
- base::Base64Encode(serialized_sct, &encoded_serialized_sct);
- list_item->SetString("serialized_sct", encoded_serialized_sct);
+ list_item->SetString("origin", SCTOriginToString(sct_and_status.sct->origin));
+ list->Append(std::move(list_item));
+}
+
+void AddInvalidSCT(
+ const net::SignedCertificateTimestampAndStatus& sct_and_status,
+ base::ListValue* list) {
+ std::unique_ptr<base::DictionaryValue> list_item(new base::DictionaryValue());
+ list_item->SetString("origin", SCTOriginToString(sct_and_status.sct->origin));
+ std::string log_id;
+ base::Base64Encode(sct_and_status.sct->log_id, &log_id);
+ list_item->SetString("id", log_id);
+ list->Append(std::move(list_item));
+}
+
+void AddValidSCT(const net::SignedCertificateTimestampAndStatus& sct_and_status,
+ base::ListValue* list) {
+ std::unique_ptr<base::DictionaryValue> list_item(new base::DictionaryValue());
+ list_item->SetString("origin", SCTOriginToString(sct_and_status.sct->origin));
+
+ // The structure of the SCT object is defined in
+ // http://tools.ietf.org/html/rfc6962#section-4.1.
+ std::unique_ptr<base::DictionaryValue> sct(new base::DictionaryValue());
+ sct->SetInteger("sct_version", sct_and_status.sct->version);
+ std::string log_id;
+ base::Base64Encode(sct_and_status.sct->log_id, &log_id);
+ sct->SetString("id", log_id);
+ base::TimeDelta timestamp =
+ sct_and_status.sct->timestamp - base::Time::UnixEpoch();
+ sct->SetString("timestamp", base::Int64ToString(timestamp.InMilliseconds()));
+ std::string extensions;
+ base::Base64Encode(sct_and_status.sct->extensions, &extensions);
+ sct->SetString("extensions", extensions);
+ std::string signature;
+ base::Base64Encode(sct_and_status.sct->signature.signature_data, &signature);
+ sct->SetString("signature", signature);
+
+ list_item->Set("sct", std::move(sct));
list->Append(std::move(list_item));
}
@@ -147,26 +161,43 @@
if (!base::FeatureList::IsEnabled(features::kExpectCTReporting))
return;
- base::DictionaryValue outer_report;
- base::DictionaryValue* report = outer_report.SetDictionary(
- "expect-ct-report", base::MakeUnique<base::DictionaryValue>());
- report->SetString("hostname", host_port_pair.host());
- report->SetInteger("port", host_port_pair.port());
- report->SetString("date-time", TimeToISO8601(base::Time::Now()));
- report->SetString("effective-expiration-date", TimeToISO8601(expiration));
- report->Set("served-certificate-chain",
- GetPEMEncodedChainAsList(served_certificate_chain));
- report->Set("validated-certificate-chain",
- GetPEMEncodedChainAsList(validated_certificate_chain));
-
- std::unique_ptr<base::ListValue> scts(new base::ListValue());
+ base::DictionaryValue report;
+ report.SetString("hostname", host_port_pair.host());
+ report.SetInteger("port", host_port_pair.port());
+ report.SetString("date-time", TimeToISO8601(base::Time::Now()));
+ report.SetString("effective-expiration-date", TimeToISO8601(expiration));
+ report.Set("served-certificate-chain",
+ GetPEMEncodedChainAsList(served_certificate_chain));
+ report.Set("validated-certificate-chain",
+ GetPEMEncodedChainAsList(validated_certificate_chain));
+
+ std::unique_ptr<base::ListValue> unknown_scts(new base::ListValue());
+ std::unique_ptr<base::ListValue> invalid_scts(new base::ListValue());
+ std::unique_ptr<base::ListValue> valid_scts(new base::ListValue());
+
for (const auto& sct_and_status : signed_certificate_timestamps) {
- AddSCT(sct_and_status, scts.get());
+ switch (sct_and_status.status) {
+ case net::ct::SCT_STATUS_LOG_UNKNOWN:
+ AddUnknownSCT(sct_and_status, unknown_scts.get());
+ break;
+ case net::ct::SCT_STATUS_INVALID_SIGNATURE:
+ case net::ct::SCT_STATUS_INVALID_TIMESTAMP:
+ AddInvalidSCT(sct_and_status, invalid_scts.get());
+ break;
+ case net::ct::SCT_STATUS_OK:
+ AddValidSCT(sct_and_status, valid_scts.get());
+ break;
+ default:
+ NOTREACHED();
+ }
}
- report->Set("scts", std::move(scts));
+
+ report.Set("unknown-scts", std::move(unknown_scts));
+ report.Set("invalid-scts", std::move(invalid_scts));
+ report.Set("valid-scts", std::move(valid_scts));
std::string serialized_report;
- if (!base::JSONWriter::Write(outer_report, &serialized_report)) {
+ if (!base::JSONWriter::Write(report, &serialized_report)) {
LOG(ERROR) << "Failed to serialize Expect CT report";
return;
}
« no previous file with comments | « no previous file | chrome/browser/ssl/chrome_expect_ct_reporter_unittest.cc » ('j') | no next file with comments »

Powered by Google App Engine
This is Rietveld 408576698