SignedCertificateTimestamp storing & serialization code.

net/http/http_response_info.cc

 // Copyright (c) 2012 The Chromium Authors. All rights reserved.
 // Use of this source code is governed by a BSD-style license that can be
 // found in the LICENSE file.
 
 #include "net/http/http_response_info.h"
 
 #include "base/logging.h"
 #include "base/pickle.h"
 #include "base/time/time.h"
 #include "net/base/auth.h"
 #include "net/base/io_buffer.h"
 #include "net/base/net_errors.h"
+#include "net/cert/signed_certificate_timestamp.h"
 #include "net/cert/x509_certificate.h"
 #include "net/http/http_response_headers.h"
 #include "net/ssl/ssl_cert_request_info.h"
 
 using base::Time;
 
 namespace net {
 
 namespace {
 
@@ skipping 57 matching lines @@
 
   // This bit is set if the response info has protocol version.
   RESPONSE_INFO_HAS_NPN_NEGOTIATED_PROTOCOL = 1 << 17,
 
   // This bit is set if the response info has connection info.
   RESPONSE_INFO_HAS_CONNECTION_INFO = 1 << 18,
 
   // This bit is set if the request has http authentication.
   RESPONSE_INFO_USE_HTTP_AUTHENTICATION = 1 << 19,
 
+  // This bit is set if ssl_info has SCTs.
+  RESPONSE_INFO_HAS_SIGNED_CERTIFICATE_TIMESTAMPS = 1 << 20,
+
   // TODO(darin): Add other bits to indicate alternate request methods.
   // For now, we don't support storing those.
 };
 
 HttpResponseInfo::HttpResponseInfo()
     : was_cached(false),
       server_data_unavailable(false),
       network_accessed(false),
       was_fetched_via_spdy(false),
       was_npn_negotiated(false),
@@ skipping 100 matching lines @@
     ssl_info.security_bits = security_bits;
   }
 
   if (flags & RESPONSE_INFO_HAS_SSL_CONNECTION_STATUS) {
     int connection_status;
     if (!pickle.ReadInt(&iter, &connection_status))
       return false;
     ssl_info.connection_status = connection_status;
   }
 
+  if (flags & RESPONSE_INFO_HAS_SIGNED_CERTIFICATE_TIMESTAMPS) {
+    int num_scts;
+    if (!pickle.ReadInt(&iter, &num_scts))
+      return false;
+    for (int i = 0; i < num_scts; ++i) {
+      scoped_refptr<ct::SignedCertificateTimestamp> sct(
+          ct::SignedCertificateTimestamp::CreateFromPickle(&iter));
+      uint16 status;
+      if (!sct.get() || !pickle.ReadUInt16(&iter, &status))
+        return false;
+      ssl_info.signed_certificate_timestamps.push_back(
+          SignedCertificateTimestampAndStatus(
+              sct, static_cast<ct::SCTVerifyStatus>(status)));
+    }
+  }
+
   // Read vary-data
   if (flags & RESPONSE_INFO_HAS_VARY_DATA) {
     if (!vary_data.InitFromPickle(pickle, &iter))
       return false;
   }
 
   // Read socket_address.
   std::string socket_address_host;
   if (pickle.ReadString(&iter, &socket_address_host)) {
     // If the host was written, we always expect the port to follow.
@@ skipping 59 matching lines @@
   if (was_npn_negotiated) {
     flags |= RESPONSE_INFO_WAS_NPN;
     flags |= RESPONSE_INFO_HAS_NPN_NEGOTIATED_PROTOCOL;
   }
   if (was_fetched_via_proxy)
     flags |= RESPONSE_INFO_WAS_PROXY;
   if (connection_info != CONNECTION_INFO_UNKNOWN)
     flags |= RESPONSE_INFO_HAS_CONNECTION_INFO;
   if (did_use_http_auth)
     flags |= RESPONSE_INFO_USE_HTTP_AUTHENTICATION;
+  if (!ssl_info.signed_certificate_timestamps.empty())
+    flags |= RESPONSE_INFO_HAS_SIGNED_CERTIFICATE_TIMESTAMPS;
 
   pickle->WriteInt(flags);
   pickle->WriteInt64(request_time.ToInternalValue());
   pickle->WriteInt64(response_time.ToInternalValue());
 
   net::HttpResponseHeaders::PersistOptions persist_options =
       net::HttpResponseHeaders::PERSIST_RAW;
 
   if (skip_transient_headers) {
     persist_options =
         net::HttpResponseHeaders::PERSIST_SANS_COOKIES |
         net::HttpResponseHeaders::PERSIST_SANS_CHALLENGES |
         net::HttpResponseHeaders::PERSIST_SANS_HOP_BY_HOP |
         net::HttpResponseHeaders::PERSIST_SANS_NON_CACHEABLE |
         net::HttpResponseHeaders::PERSIST_SANS_RANGES |
         net::HttpResponseHeaders::PERSIST_SANS_SECURITY_STATE;
   }
 
   headers->Persist(pickle, persist_options);
 
   if (ssl_info.is_valid()) {
     ssl_info.cert->Persist(pickle);
     pickle->WriteUInt32(ssl_info.cert_status);
     if (ssl_info.security_bits != -1)
       pickle->WriteInt(ssl_info.security_bits);
     if (ssl_info.connection_status != 0)
       pickle->WriteInt(ssl_info.connection_status);
+    if (ssl_info.signed_certificate_timestamps.size() > 0) {
+      pickle->WriteInt(!ssl_info.signed_certificate_timestamps.empty());

[wtc, 2013/11/28 01:28:02]

1. BUG: the argument to pickle->WriteInt() should be
  ssl_info.signed_certificate_timestamps.size()

2. Nit: but the conditional expression on the previous line should be
  !ssl_info.signed_certificate_timestamps.empty()

[alcutter, 2013/11/28 12:08:19]

Blimey ! O_O
Good catch, thank you.

Done.

[wtc, 2013/11/28 16:15:07]

I learned a new word today. Thanks :-)

+      for (SignedCertificateTimestampAndStatusList::const_iterator it =
+           ssl_info.signed_certificate_timestamps.begin(); it !=
+           ssl_info.signed_certificate_timestamps.end(); ++it) {
+        it->sct_->Persist(pickle);
+        pickle->WriteUInt16(it->status_);
+      }
+    }
   }
 
   if (vary_data.is_valid())
     vary_data.Persist(pickle);
 
   pickle->WriteString(socket_address.host());
   pickle->WriteUInt16(socket_address.port());
 
   if (was_npn_negotiated)
     pickle->WriteString(npn_negotiated_protocol);
@@ skipping 45 matching lines @@
     case CONNECTION_INFO_QUIC1_SPDY3:
       return "quic/1+spdy/3";
     case NUM_OF_CONNECTION_INFOS:
       break;
   }
   NOTREACHED();
   return "";
 }
 
 }  // namespace net