Chromium Code Reviews Chromium Code Reviews
Issue 935663004:
Add checkbox for reporting invalid TLS/SSL cert chains (Closed)
Base URL: https://chromium.googlesource.com/chromium/src.git@master| OLD | NEW |
|---|---|
| 1 // Copyright 2015 The Chromium Authors. All rights reserved. | 1 // Copyright 2015 The Chromium Authors. All rights reserved. |
| 2 // Use of this source code is governed by a BSD-style license that can be | 2 // Use of this source code is governed by a BSD-style license that can be |
| 3 // found in the LICENSE file. | 3 // found in the LICENSE file. |
| 4 | 4 |
| 5 #include "chrome/browser/net/certificate_error_reporter.h" | 5 #include "chrome/browser/net/certificate_error_reporter.h" |
| 6 | 6 |
| 7 #include <set> | 7 #include <set> |
| 8 | 8 |
| 9 #include "base/logging.h" | 9 #include "base/logging.h" |
| 10 #include "base/stl_util.h" | 10 #include "base/stl_util.h" |
| 11 #include "base/time/time.h" | 11 #include "base/time/time.h" |
| 12 #include "chrome/browser/net/cert_logger.pb.h" | 12 #include "chrome/browser/net/cert_logger.pb.h" |
| 13 #include "net/base/elements_upload_data_stream.h" | 13 #include "net/base/elements_upload_data_stream.h" |
| 14 #include "net/base/load_flags.h" | 14 #include "net/base/load_flags.h" |
| 15 #include "net/base/request_priority.h" | 15 #include "net/base/request_priority.h" |
| 16 #include "net/base/upload_bytes_element_reader.h" | 16 #include "net/base/upload_bytes_element_reader.h" |
| 17 #include "net/cert/x509_certificate.h" | 17 #include "net/cert/x509_certificate.h" |
| 18 #include "net/ssl/ssl_info.h" | 18 #include "net/ssl/ssl_info.h" |
| 19 #include "net/url_request/url_request_context.h" | 19 #include "net/url_request/url_request_context.h" |
| 20 | 20 |
| 21 namespace chrome_browser_net { | 21 namespace chrome_browser_net { |
| 22 | 22 |
| 23 CertificateErrorReporter::CertificateErrorReporter( | 23 CertificateErrorReporter::CertificateErrorReporter( |
| 24 net::URLRequestContext* request_context, | 24 net::URLRequestContext* request_context, |
| 25 const GURL& upload_url) | 25 const GURL& upload_url, |
| 26 : request_context_(request_context), upload_url_(upload_url) { | 26 CookiesPreference cookies_preference) |
| 27 : request_context_(request_context), | |
| 28 upload_url_(upload_url), | |
| 29 cookies_preference_(cookies_preference) { | |
| 27 DCHECK(!upload_url.is_empty()); | 30 DCHECK(!upload_url.is_empty()); |
| 28 } | 31 } |
| 29 | 32 |
| 30 CertificateErrorReporter::~CertificateErrorReporter() { | 33 CertificateErrorReporter::~CertificateErrorReporter() { |
| 31 STLDeleteElements(&inflight_requests_); | 34 STLDeleteElements(&inflight_requests_); |
| 32 } | 35 } |
| 33 | 36 |
| 34 void CertificateErrorReporter::SendReport(ReportType type, | 37 void CertificateErrorReporter::SendReport(ReportType type, |
| 35 const std::string& hostname, | 38 const std::string& hostname, |
| 36 const net::SSLInfo& ssl_info) { | 39 const net::SSLInfo& ssl_info) { |
| 37 CertLoggerRequest request; | 40 CertLoggerRequest request; |
| 38 std::string out; | 41 std::string out; |
| 39 | 42 |
| 40 BuildReport(hostname, ssl_info, &request); | 43 BuildReport(hostname, ssl_info, &request); |
| 41 | 44 |
| 42 switch (type) { | 45 switch (type) { |
| 43 case REPORT_TYPE_PINNING_VIOLATION: | 46 case REPORT_TYPE_PINNING_VIOLATION: |
| 44 SendCertLoggerRequest(request); | 47 SendCertLoggerRequest(request); |
| 45 break; | 48 break; |
| 46 case REPORT_TYPE_EXTENDED_REPORTING: | 49 case REPORT_TYPE_EXTENDED_REPORTING: |
| 47 // TODO(estark): Double-check that the user is opted in. | 50 // TODO(estark): Double-check that the user is opted in. |
| 48 // TODO(estark): Temporarily, since this is no upload endpoint, just | 51 // TODO(estark): Temporarily, since this is no upload endpoint, just |
| 49 // log the information. | 52 // log the information. |
| 50 request.SerializeToString(&out); | 53 DVLOG(1) << "Would send certificate report for " << hostname; |
| 51 DVLOG(3) << "SSL report for " << hostname << ":\n" << out << "\n\n"; | |
| 52 break; | 54 break; |
| 53 default: | 55 default: |
| 54 NOTREACHED(); | 56 NOTREACHED(); |
| 55 } | 57 } |
| 56 } | 58 } |
| 57 | 59 |
| 58 void CertificateErrorReporter::OnResponseStarted(net::URLRequest* request) { | 60 void CertificateErrorReporter::OnResponseStarted(net::URLRequest* request) { |
| 59 const net::URLRequestStatus& status(request->status()); | 61 const net::URLRequestStatus& status(request->status()); |
| 60 if (!status.is_success()) { | 62 if (!status.is_success()) { |
| 61 LOG(WARNING) << "Certificate upload failed" | 63 LOG(WARNING) << "Certificate upload failed" |
| 62 << " status:" << status.status() | 64 << " status:" << status.status() |
| 63 << " error:" << status.error(); | 65 << " error:" << status.error(); |
| 64 } else if (request->GetResponseCode() != 200) { | 66 } else if (request->GetResponseCode() != 200) { |
| 65 LOG(WARNING) << "Certificate upload HTTP status: " | 67 LOG(WARNING) << "Certificate upload HTTP status: " |
| 66 << request->GetResponseCode(); | 68 << request->GetResponseCode(); |
| 67 } | 69 } |
| 68 RequestComplete(request); | 70 RequestComplete(request); |
| 69 } | 71 } |
| 70 | 72 |
| 71 void CertificateErrorReporter::OnReadCompleted(net::URLRequest* request, | 73 void CertificateErrorReporter::OnReadCompleted(net::URLRequest* request, |
| 72 int bytes_read) { | 74 int bytes_read) { |
| 73 } | 75 } |
| 74 | 76 |
| 75 scoped_ptr<net::URLRequest> CertificateErrorReporter::CreateURLRequest( | 77 scoped_ptr<net::URLRequest> CertificateErrorReporter::CreateURLRequest( |
| 76 net::URLRequestContext* context) { | 78 net::URLRequestContext* context) { |
| 77 scoped_ptr<net::URLRequest> request = | 79 scoped_ptr<net::URLRequest> request = |
| 78 context->CreateRequest(upload_url_, net::DEFAULT_PRIORITY, this, NULL); | 80 context->CreateRequest(upload_url_, net::DEFAULT_PRIORITY, this, NULL); |
| 79 request->SetLoadFlags(net::LOAD_DO_NOT_SEND_COOKIES | | 81 if (cookies_preference_ != SEND_COOKIES) { |
| 80 net::LOAD_DO_NOT_SAVE_COOKIES); | 82 request->SetLoadFlags(net::LOAD_DO_NOT_SEND_COOKIES | |
| 83 net::LOAD_DO_NOT_SAVE_COOKIES); | |
| 84 } | |
|
Ryan Sleevi
2015/03/25 04:49:45
You haven't added code to test this
(Edit: I see
estark
2015/03/25 05:34:33
Do I get bonus points for delivering both?
(crbug
| |
| 81 return request.Pass(); | 85 return request.Pass(); |
| 82 } | 86 } |
| 83 | 87 |
| 84 void CertificateErrorReporter::SendCertLoggerRequest( | 88 void CertificateErrorReporter::SendCertLoggerRequest( |
| 85 const CertLoggerRequest& request) { | 89 const CertLoggerRequest& request) { |
| 86 std::string serialized_request; | 90 std::string serialized_request; |
| 87 request.SerializeToString(&serialized_request); | 91 request.SerializeToString(&serialized_request); |
| 88 | 92 |
| 89 scoped_ptr<net::URLRequest> url_request = CreateURLRequest(request_context_); | 93 scoped_ptr<net::URLRequest> url_request = CreateURLRequest(request_context_); |
| 90 url_request->set_method("POST"); | 94 url_request->set_method("POST"); |
| (...skipping 32 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... | |
| 123 } | 127 } |
| 124 | 128 |
| 125 void CertificateErrorReporter::RequestComplete(net::URLRequest* request) { | 129 void CertificateErrorReporter::RequestComplete(net::URLRequest* request) { |
| 126 std::set<net::URLRequest*>::iterator i = inflight_requests_.find(request); | 130 std::set<net::URLRequest*>::iterator i = inflight_requests_.find(request); |
| 127 DCHECK(i != inflight_requests_.end()); | 131 DCHECK(i != inflight_requests_.end()); |
| 128 scoped_ptr<net::URLRequest> url_request(*i); | 132 scoped_ptr<net::URLRequest> url_request(*i); |
| 129 inflight_requests_.erase(i); | 133 inflight_requests_.erase(i); |
| 130 } | 134 } |
| 131 | 135 |
| 132 } // namespace chrome_browser_net | 136 } // namespace chrome_browser_net |
| OLD | NEW |
