chrome/browser/ssl/chrome_expect_ct_reporter.h - Issue 2970913002: Implement CORS preflights for Expect-CT reports

Side by Side Diff: chrome/browser/ssl/chrome_expect_ct_reporter.h

Issue 2970913002: Implement CORS preflights for Expect-CT reports (Closed)

Patch Set: Created 3 years, 5 months ago

Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.

Jump to:

OLD	NEW
1 // Copyright 2016 The Chromium Authors. All rights reserved.	1 // Copyright 2016 The Chromium Authors. All rights reserved.

2 // Use of this source code is governed by a BSD-style license that can be	2 // Use of this source code is governed by a BSD-style license that can be

3 // found in the LICENSE file.	3 // found in the LICENSE file.

4	4

5 #ifndef CHROME_BROWSER_SSL_CHROME_EXPECT_CT_REPORTER_H_	5 #ifndef CHROME_BROWSER_SSL_CHROME_EXPECT_CT_REPORTER_H_

6 #define CHROME_BROWSER_SSL_CHROME_EXPECT_CT_REPORTER_H_	6 #define CHROME_BROWSER_SSL_CHROME_EXPECT_CT_REPORTER_H_

7	7

	8 #include <map>

8 #include <memory>	9 #include <memory>

9	10

10 #include "base/macros.h"	11 #include "base/macros.h"

11 #include "net/http/transport_security_state.h"	12 #include "net/http/transport_security_state.h"

	13 #include "net/url_request/url_request.h"

12	14

13 namespace net {	15 namespace net {

14 class ReportSender;	16 class ReportSender;

15 class URLRequestContext;	17 class URLRequestContext;

16 } // namespace net	18 } // namespace net

17	19

18 // This class monitors for violations of CT policy and sends reports	20 // This class monitors for violations of CT policy and sends reports

19 // about failures for sites that have opted in. Must be deleted before	21 // about failures for sites that have opted in. Must be deleted before

20 // the URLRequestContext that is passed to the constructor, so that it	22 // the URLRequestContext that is passed to the constructor, so that it

21 // can cancel its requests.	23 // can cancel its requests.

	24 //

	25 // Since reports are sent with a non-CORS-whitelisted Content-Type, this class

	26 // sends CORS preflight requests before sending reports. Expect-CT is not

	27 // evaluated with a particular frame or request as context, so the preflight

	28 // request contains an `Origin: null` header instead of a particular origin.

22 class ChromeExpectCTReporter	29 class ChromeExpectCTReporter

23 : public net::TransportSecurityState::ExpectCTReporter {	30 : public net::TransportSecurityState::ExpectCTReporter,

	31 net::URLRequest::Delegate {

24 public:	32 public:

25 explicit ChromeExpectCTReporter(net::URLRequestContext* request_context);	33 explicit ChromeExpectCTReporter(net::URLRequestContext* request_context);

26 ~ChromeExpectCTReporter() override;	34 ~ChromeExpectCTReporter() override;

27	35

28 // net::ExpectCTReporter:	36 // net::ExpectCTReporter:

29 void OnExpectCTFailed(const net::HostPortPair& host_port_pair,	37 void OnExpectCTFailed(const net::HostPortPair& host_port_pair,

30 const GURL& report_uri,	38 const GURL& report_uri,

31 base::Time expiration,	39 base::Time expiration,

32 const net::X509Certificate* validated_certificate_chain,	40 const net::X509Certificate* validated_certificate_chain,

33 const net::X509Certificate* served_certificate_chain,	41 const net::X509Certificate* served_certificate_chain,

34 const net::SignedCertificateTimestampAndStatusList&	42 const net::SignedCertificateTimestampAndStatusList&

35 signed_certificate_timestamps) override;	43 signed_certificate_timestamps) override;

36	44

	45 // net::URLRequest::Delegate:

	46 void OnResponseStarted(net::URLRequest* request, int net_error) override;

	47 void OnReadCompleted(net::URLRequest* request, int bytes_read) override;

	48

37 private:	49 private:

	50 // Used to keep track of in-flight CORS preflight requests. When \|request\|

	51 // completes successfully and the CORS check passes, \|serialized_report\| will

	52 // be sent to \|report_uri\| using \|report_sender_\|.

	53 struct InFlightPreflight {
	meacer 2017/07/05 23:48:59 nit: I think the name is a tad confusing but unfor nit: I think the name is a tad confusing but unfortunately I don't have better suggestion. SoaringPreflightRequest? (No) Feel free to keep as is. estark 2017/07/06 06:39:43 Renamed to PreflightInProgress Show quoted text On 2017/07/05 23:48:59, meacer wrote: > nit: I think the name is a tad confusing but unfortunately I don't have better > suggestion. > > SoaringPreflightRequest? (No) > > Feel free to keep as is. Renamed to PreflightInProgress
	54 InFlightPreflight();

	55 ~InFlightPreflight();

	56 // The preflight request.

	57 std::unique_ptr<net::URLRequest> request;

	58 // \|serialized_report\| should be sent to \|report_uri\| if the preflight

	59 // succeeds.

	60 std::string serialized_report;

	61 GURL report_uri;

	62 };

	63

38 FRIEND_TEST_ALL_PREFIXES(ChromeExpectCTReporterTest, FeatureDisabled);	64 FRIEND_TEST_ALL_PREFIXES(ChromeExpectCTReporterTest, FeatureDisabled);

39 FRIEND_TEST_ALL_PREFIXES(ChromeExpectCTReporterTest, EmptyReportURI);	65 FRIEND_TEST_ALL_PREFIXES(ChromeExpectCTReporterTest, EmptyReportURI);

40 FRIEND_TEST_ALL_PREFIXES(ChromeExpectCTReporterTest, SendReport);	66 FRIEND_TEST_ALL_PREFIXES(ChromeExpectCTReporterTest, SendReport);

	67 FRIEND_TEST_ALL_PREFIXES(ChromeExpectCTReporterTest,

	68 BadCORSPreflightResponseOrigin);

	69 FRIEND_TEST_ALL_PREFIXES(ChromeExpectCTReporterTest,

	70 BadCORSPreflightResponseMethods);

	71 FRIEND_TEST_ALL_PREFIXES(ChromeExpectCTReporterTest,

	72 BadCORSPreflightResponseHeaders);

	73

	74 // Starts a CORS preflight request to obtain permission from the server to

	75 // send a report with Content-Type: application/expect-ct-report+json. The

	76 // preflight result is checked in OnResponseStarted(), and an actual report is

	77 // sent with \|report_sender_\| if the preflight succeeds.

	78 void SendPreflight(const GURL& report_uri,

	79 const std::string& serialized_report);

41	80

42 std::unique_ptr<net::ReportSender> report_sender_;	81 std::unique_ptr<net::ReportSender> report_sender_;

43	82

	83 net::URLRequestContext* request_context_;

	84

	85 // The CORS preflight requests, with corresponding report information, that

	86 // are currently in-flight. Entries in this map are deleted when the

	87 // preflight's OnResponseStarted() is called.

	88 std::map<net::URLRequest*, InFlightPreflight> inflight_preflights_;

	89

44 DISALLOW_COPY_AND_ASSIGN(ChromeExpectCTReporter);	90 DISALLOW_COPY_AND_ASSIGN(ChromeExpectCTReporter);

45 };	91 };

46	92

47 #endif // CHROME_BROWSER_SSL_CHROME_EXPECT_CT_REPORTER_H_	93 #endif // CHROME_BROWSER_SSL_CHROME_EXPECT_CT_REPORTER_H_

OLD	NEW

« no previous file with comments | « no previous file | chrome/browser/ssl/chrome_expect_ct_reporter.cc » ('j') | chrome/browser/ssl/chrome_expect_ct_reporter.cc » ('J')