OLD | NEW |
1 // Copyright 2016 The Chromium Authors. All rights reserved. | 1 // Copyright 2016 The Chromium Authors. All rights reserved. |
2 // Use of this source code is governed by a BSD-style license that can be | 2 // Use of this source code is governed by a BSD-style license that can be |
3 // found in the LICENSE file. | 3 // found in the LICENSE file. |
4 | 4 |
5 #ifndef CHROME_BROWSER_SSL_CHROME_EXPECT_CT_REPORTER_H_ | 5 #ifndef CHROME_BROWSER_SSL_CHROME_EXPECT_CT_REPORTER_H_ |
6 #define CHROME_BROWSER_SSL_CHROME_EXPECT_CT_REPORTER_H_ | 6 #define CHROME_BROWSER_SSL_CHROME_EXPECT_CT_REPORTER_H_ |
7 | 7 |
| 8 #include <map> |
8 #include <memory> | 9 #include <memory> |
9 | 10 |
10 #include "base/macros.h" | 11 #include "base/macros.h" |
11 #include "net/http/transport_security_state.h" | 12 #include "net/http/transport_security_state.h" |
| 13 #include "net/url_request/url_request.h" |
12 | 14 |
13 namespace net { | 15 namespace net { |
14 class ReportSender; | 16 class ReportSender; |
15 class URLRequestContext; | 17 class URLRequestContext; |
16 } // namespace net | 18 } // namespace net |
17 | 19 |
18 // This class monitors for violations of CT policy and sends reports | 20 // This class monitors for violations of CT policy and sends reports |
19 // about failures for sites that have opted in. Must be deleted before | 21 // about failures for sites that have opted in. Must be deleted before |
20 // the URLRequestContext that is passed to the constructor, so that it | 22 // the URLRequestContext that is passed to the constructor, so that it |
21 // can cancel its requests. | 23 // can cancel its requests. |
| 24 // |
| 25 // Since reports are sent with a non-CORS-whitelisted Content-Type, this class |
| 26 // sends CORS preflight requests before sending reports. Expect-CT is not |
| 27 // evaluated with a particular frame or request as context, so the preflight |
| 28 // request contains an `Origin: null` header instead of a particular origin. |
22 class ChromeExpectCTReporter | 29 class ChromeExpectCTReporter |
23 : public net::TransportSecurityState::ExpectCTReporter { | 30 : public net::TransportSecurityState::ExpectCTReporter, |
| 31 net::URLRequest::Delegate { |
24 public: | 32 public: |
25 explicit ChromeExpectCTReporter(net::URLRequestContext* request_context); | 33 explicit ChromeExpectCTReporter(net::URLRequestContext* request_context); |
26 ~ChromeExpectCTReporter() override; | 34 ~ChromeExpectCTReporter() override; |
27 | 35 |
28 // net::ExpectCTReporter: | 36 // net::ExpectCTReporter: |
29 void OnExpectCTFailed(const net::HostPortPair& host_port_pair, | 37 void OnExpectCTFailed(const net::HostPortPair& host_port_pair, |
30 const GURL& report_uri, | 38 const GURL& report_uri, |
31 base::Time expiration, | 39 base::Time expiration, |
32 const net::X509Certificate* validated_certificate_chain, | 40 const net::X509Certificate* validated_certificate_chain, |
33 const net::X509Certificate* served_certificate_chain, | 41 const net::X509Certificate* served_certificate_chain, |
34 const net::SignedCertificateTimestampAndStatusList& | 42 const net::SignedCertificateTimestampAndStatusList& |
35 signed_certificate_timestamps) override; | 43 signed_certificate_timestamps) override; |
36 | 44 |
| 45 // net::URLRequest::Delegate: |
| 46 void OnResponseStarted(net::URLRequest* request, int net_error) override; |
| 47 void OnReadCompleted(net::URLRequest* request, int bytes_read) override; |
| 48 |
37 private: | 49 private: |
| 50 // Used to keep track of in-flight CORS preflight requests. When |request| |
| 51 // completes successfully and the CORS check passes, |serialized_report| will |
| 52 // be sent to |report_uri| using |report_sender_|. |
| 53 struct PreflightInProgress { |
| 54 PreflightInProgress(std::unique_ptr<net::URLRequest> request, |
| 55 const std::string& serialized_report, |
| 56 const GURL& report_uri); |
| 57 ~PreflightInProgress(); |
| 58 // The preflight request. |
| 59 const std::unique_ptr<net::URLRequest> request; |
| 60 // |serialized_report| should be sent to |report_uri| if the preflight |
| 61 // succeeds. |
| 62 const std::string serialized_report; |
| 63 const GURL report_uri; |
| 64 }; |
| 65 |
38 FRIEND_TEST_ALL_PREFIXES(ChromeExpectCTReporterTest, FeatureDisabled); | 66 FRIEND_TEST_ALL_PREFIXES(ChromeExpectCTReporterTest, FeatureDisabled); |
39 FRIEND_TEST_ALL_PREFIXES(ChromeExpectCTReporterTest, EmptyReportURI); | 67 FRIEND_TEST_ALL_PREFIXES(ChromeExpectCTReporterTest, EmptyReportURI); |
40 FRIEND_TEST_ALL_PREFIXES(ChromeExpectCTReporterTest, SendReport); | 68 FRIEND_TEST_ALL_PREFIXES(ChromeExpectCTReporterTest, SendReport); |
| 69 FRIEND_TEST_ALL_PREFIXES(ChromeExpectCTReporterTest, |
| 70 BadCORSPreflightResponseOrigin); |
| 71 FRIEND_TEST_ALL_PREFIXES(ChromeExpectCTReporterTest, |
| 72 BadCORSPreflightResponseMethods); |
| 73 FRIEND_TEST_ALL_PREFIXES(ChromeExpectCTReporterTest, |
| 74 BadCORSPreflightResponseHeaders); |
| 75 |
| 76 // Starts a CORS preflight request to obtain permission from the server to |
| 77 // send a report with Content-Type: application/expect-ct-report+json. The |
| 78 // preflight result is checked in OnResponseStarted(), and an actual report is |
| 79 // sent with |report_sender_| if the preflight succeeds. |
| 80 void SendPreflight(const GURL& report_uri, |
| 81 const std::string& serialized_report); |
41 | 82 |
42 std::unique_ptr<net::ReportSender> report_sender_; | 83 std::unique_ptr<net::ReportSender> report_sender_; |
43 | 84 |
| 85 net::URLRequestContext* request_context_; |
| 86 |
| 87 // The CORS preflight requests, with corresponding report information, that |
| 88 // are currently in-flight. Entries in this map are deleted when the |
| 89 // preflight's OnResponseStarted() is called. |
| 90 std::map<net::URLRequest*, std::unique_ptr<PreflightInProgress>> |
| 91 inflight_preflights_; |
| 92 |
44 DISALLOW_COPY_AND_ASSIGN(ChromeExpectCTReporter); | 93 DISALLOW_COPY_AND_ASSIGN(ChromeExpectCTReporter); |
45 }; | 94 }; |
46 | 95 |
47 #endif // CHROME_BROWSER_SSL_CHROME_EXPECT_CT_REPORTER_H_ | 96 #endif // CHROME_BROWSER_SSL_CHROME_EXPECT_CT_REPORTER_H_ |
OLD | NEW |