Log the certificate subjects from the server certificate sent via QUIC.

net/quic/quic_connection_logger.cc

 // Copyright (c) 2013 The Chromium Authors. All rights reserved.
 // Use of this source code is governed by a BSD-style license that can be
 // found in the LICENSE file.
 
 #include "net/quic/quic_connection_logger.h"
 
 #include <algorithm>
 #include <string>
 
 #include "base/bind.h"
 #include "base/callback.h"
 #include "base/metrics/histogram.h"
 #include "base/metrics/sparse_histogram.h"
 #include "base/strings/string_number_conversions.h"
 #include "base/values.h"
 #include "net/base/net_log.h"
 #include "net/base/net_util.h"
+#include "net/cert/cert_verify_result.h"
+#include "net/cert/x509_certificate.h"
 #include "net/quic/crypto/crypto_handshake_message.h"
 #include "net/quic/crypto/crypto_protocol.h"
 #include "net/quic/quic_address_mismatch.h"
 #include "net/quic/quic_socket_address_coder.h"
 
 using base::StringPiece;
 using std::string;
 
 namespace net {
 
@@ skipping 204 matching lines @@
 base::Value* NetLogQuicOnConnectionClosedCallback(
     QuicErrorCode error,
     bool from_peer,
     NetLog::LogLevel /* log_level */) {
   base::DictionaryValue* dict = new base::DictionaryValue();
   dict->SetInteger("quic_error", error);
   dict->SetBoolean("from_peer", from_peer);
   return dict;
 }
 
+base::Value* NetLogQuicCertificateVerifiedCallback(
+    scoped_refptr<X509Certificate> cert,
+    NetLog::LogLevel /* log_level */) {
+  std::vector<std::string> dns_names;
+  cert->GetDNSNames(&dns_names);
+  base::DictionaryValue* dict = new base::DictionaryValue();
+  base::ListValue* subjects = new base::ListValue();
+  for (std::vector<std::string>::const_iterator it = dns_names.begin();
+       it != dns_names.end(); it++) {
+    subjects->Append(new base::StringValue(*it));
+  }
+  dict->Set("subjects", subjects);
+  return dict;
+}
+
 void UpdatePacketGapSentHistogram(size_t num_consecutive_missing_packets) {
   UMA_HISTOGRAM_COUNTS("Net.QuicSession.PacketGapSent",
                        num_consecutive_missing_packets);
 }
 
 void UpdatePublicResetAddressMismatchHistogram(
     const IPEndPoint& server_hello_address,
     const IPEndPoint& public_reset_address) {
   int sample = GetAddressMismatch(server_hello_address, public_reset_address);
   // We are seemingly talking to an older server that does not support the
@@ skipping 413 matching lines @@
 void QuicConnectionLogger::UpdateReceivedFrameCounts(
     QuicStreamId stream_id,
     int num_frames_received,
     int num_duplicate_frames_received) {
   if (stream_id != kCryptoStreamId) {
     num_frames_received_ += num_frames_received;
     num_duplicate_frames_received_ += num_duplicate_frames_received;
   }
 }
 
+void QuicConnectionLogger::OnCertificateVerified(
+    const CertVerifyResult& result) {
+  net_log_.AddEvent(
+      NetLog::TYPE_QUIC_SESSION_CERTIFICATE_VERIFIED,
+      base::Bind(&NetLogQuicCertificateVerifiedCallback, result.verified_cert));

[wtc, 2014/07/24 17:34:36]

Nit: if we pass a const const CertVerifyResult& to base::Bind(), will
base::Bind() copy the entire CertVerifyResult object? If so, then passing a
reference to result.verified_cert is cheaper.

[Ryan Hamilton, 2014/07/24 17:45:09]

Yes, I believe that's exactly what will happen.

+}
+
 base::HistogramBase* QuicConnectionLogger::GetPacketSequenceNumberHistogram(
     const char* statistic_name) const {
   string prefix("Net.QuicSession.PacketReceived_");
   return base::LinearHistogram::FactoryGet(
       prefix + statistic_name + connection_description_,
       1, received_packets_.size(), received_packets_.size() + 1,
       base::HistogramBase::kUmaTargetedHistogramFlag);
 }
 
 base::HistogramBase* QuicConnectionLogger::Get6PacketHistogram(
@@ skipping 139 matching lines @@
       continue;
     }
     // Record some overlapping patterns, to get a better picture, since this is
     // not very expensive.
     if (i % 3 == 0)
       six_packet_histogram->Add(recent_6_mask);
   }
 }
 
 }  // namespace net