Add checkbox for reporting invalid TLS/SSL cert chains

chrome/browser/net/chrome_fraudulent_certificate_reporter.cc

 // Copyright (c) 2012 The Chromium Authors. All rights reserved.
 // Use of this source code is governed by a BSD-style license that can be
 // found in the LICENSE file.
 
 #include "chrome/browser/net/chrome_fraudulent_certificate_reporter.h"
 
 #include <set>
 
 #include "base/base64.h"
 #include "base/logging.h"
 #include "base/profiler/scoped_tracker.h"
 #include "base/stl_util.h"
 #include "base/time/time.h"
 #include "chrome/browser/net/cert_logger.pb.h"
 #include "net/base/elements_upload_data_stream.h"
 #include "net/base/load_flags.h"
 #include "net/base/request_priority.h"
 #include "net/base/upload_bytes_element_reader.h"
 #include "net/cert/x509_certificate.h"
 #include "net/ssl/ssl_info.h"
 #include "net/url_request/url_request_context.h"
 
 namespace chrome_browser_net {
 
 // TODO(palmer): Switch to HTTPS when the error handling delegate is more
 // sophisticated. Ultimately we plan to attempt the report on many transports.
 static const char kFraudulentCertificateUploadEndpoint[] =
     "http://clients3.google.com/log_cert_error";
 
+static const char kInvalidCertificateChainUploadEndpoint[] = "";

[Bernhard Bauer, 2015/03/03 09:45:58]

Can you add a TODO to add the real endpoint?

Also, use an anonymous namespace instead of static (or if you have only
variables, you don't even need that, as constants automatically get internal
linkage).

[estark, 2015/03/03 15:36:24]

Done.

+
 ChromeFraudulentCertificateReporter::ChromeFraudulentCertificateReporter(
     net::URLRequestContext* request_context)
     : request_context_(request_context),
-      upload_url_(kFraudulentCertificateUploadEndpoint) {
+      pinning_violation_upload_url_(kFraudulentCertificateUploadEndpoint),
+      invalid_chain_upload_url_(kInvalidCertificateChainUploadEndpoint) {
 }
 
 ChromeFraudulentCertificateReporter::~ChromeFraudulentCertificateReporter() {
   STLDeleteElements(&inflight_requests_);
 }
 
 static std::string BuildReport(const std::string& hostname,
                                const net::SSLInfo& ssl_info) {
   CertLoggerRequest request;
   base::Time now = base::Time::Now();
@@ skipping 10 matching lines @@
 
   request.add_pin(ssl_info.pinning_failure_log);
 
   std::string out;
   request.SerializeToString(&out);
   return out;
 }
 
 scoped_ptr<net::URLRequest>
 ChromeFraudulentCertificateReporter::CreateURLRequest(
-    net::URLRequestContext* context) {
+    net::URLRequestContext* context,
+    const GURL& upload_url) {
   scoped_ptr<net::URLRequest> request =
-      context->CreateRequest(upload_url_, net::DEFAULT_PRIORITY, this, NULL);
+      context->CreateRequest(upload_url, net::DEFAULT_PRIORITY, this, NULL);
   request->SetLoadFlags(net::LOAD_DO_NOT_SEND_COOKIES |
                         net::LOAD_DO_NOT_SAVE_COOKIES);
   return request.Pass();
 }
 
 void ChromeFraudulentCertificateReporter::SendReport(
+    ReportType type,
     const std::string& hostname,
     const net::SSLInfo& ssl_info) {
+  if (type == REPORT_TYPE_EXTENDED_REPORTING) {
+    // TODO(estark): Double-check that the user is opted in.
+
+    // TODO(estark): Temporarily, since there is no upload endpoint, just log
+    // the information.
+    LOG(ERROR) << "SSL report for " << hostname << ":\n"
+               << BuildReport(hostname, ssl_info) << "\n\n";
+    return;
+  }
+
   // We do silent/automatic reporting ONLY for Google properties. For other
   // domains (when we start supporting that), we will ask for user permission.
   if (!net::TransportSecurityState::IsGooglePinnedProperty(hostname)) {
     return;
   }
 
   std::string report = BuildReport(hostname, ssl_info);
 
-  scoped_ptr<net::URLRequest> url_request = CreateURLRequest(request_context_);
+  scoped_ptr<net::URLRequest> url_request =
+      CreateURLRequest(request_context_, pinning_violation_upload_url_);
   url_request->set_method("POST");
 
   scoped_ptr<net::UploadElementReader> reader(
       net::UploadOwnedBytesElementReader::CreateWithString(report));
   url_request->set_upload(
       net::ElementsUploadDataStream::CreateWithReader(reader.Pass(), 0));
 
   net::HttpRequestHeaders headers;
   headers.SetHeader(net::HttpRequestHeaders::kContentType,
                     "x-application/chrome-fraudulent-cert-report");
@@ skipping 31 matching lines @@
     LOG(WARNING) << "Certificate upload HTTP status: "
                  << request->GetResponseCode();
   }
   RequestComplete(request);
 }
 
 void ChromeFraudulentCertificateReporter::OnReadCompleted(
     net::URLRequest* request, int bytes_read) {}
 
 }  // namespace chrome_browser_net