| OLD | NEW |
|---|
| 1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. | 1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. |
| 2 // Use of this source code is governed by a BSD-style license that can be | 2 // Use of this source code is governed by a BSD-style license that can be |
| 3 // found in the LICENSE file. | 3 // found in the LICENSE file. |
| 4 | 4 |
| 5 #include "chrome/browser/net/chrome_fraudulent_certificate_reporter.h" | 5 #include "chrome/browser/net/chrome_fraudulent_certificate_reporter.h" |
| 6 | 6 |
| 7 #include <set> | 7 #include <set> |
| 8 | 8 |
| 9 #include "base/base64.h" | 9 #include "base/base64.h" |
| 10 #include "base/logging.h" | 10 #include "base/logging.h" |
| 11 #include "base/profiler/scoped_tracker.h" | 11 #include "base/profiler/scoped_tracker.h" |
| 12 #include "base/stl_util.h" | 12 #include "base/stl_util.h" |
| 13 #include "base/time/time.h" | 13 #include "base/time/time.h" |
| 14 #include "chrome/browser/net/cert_logger.pb.h" | 14 #include "chrome/browser/net/cert_logger.pb.h" |
| 15 #include "net/base/elements_upload_data_stream.h" | 15 #include "net/base/elements_upload_data_stream.h" |
| 16 #include "net/base/load_flags.h" | 16 #include "net/base/load_flags.h" |
| 17 #include "net/base/request_priority.h" | 17 #include "net/base/request_priority.h" |
| 18 #include "net/base/upload_bytes_element_reader.h" | 18 #include "net/base/upload_bytes_element_reader.h" |
| 19 #include "net/cert/x509_certificate.h" | 19 #include "net/cert/x509_certificate.h" |
| 20 #include "net/ssl/ssl_info.h" | 20 #include "net/ssl/ssl_info.h" |
| 21 #include "net/url_request/url_request_context.h" | 21 #include "net/url_request/url_request_context.h" |
| 22 | 22 |
| 23 namespace chrome_browser_net { | 23 namespace chrome_browser_net { |
| 24 | 24 |
| 25 // TODO(palmer): Switch to HTTPS when the error handling delegate is more | 25 // TODO(palmer): Switch to HTTPS when the error handling delegate is more |
| 26 // sophisticated. Ultimately we plan to attempt the report on many transports. | 26 // sophisticated. Ultimately we plan to attempt the report on many transports. |
| 27 static const char kFraudulentCertificateUploadEndpoint[] = | 27 const char kFraudulentCertificateUploadEndpoint[] = |
| 28 "http://clients3.google.com/log_cert_error"; | 28 "http://clients3.google.com/log_cert_error"; |
| 29 | 29 |
| 30 // TODO(estark): Add the real server endpoint when live. |
| 31 const char kInvalidCertificateChainUploadEndpoint[] = ""; |
| 32 |
| 30 ChromeFraudulentCertificateReporter::ChromeFraudulentCertificateReporter( | 33 ChromeFraudulentCertificateReporter::ChromeFraudulentCertificateReporter( |
| 31 net::URLRequestContext* request_context) | 34 net::URLRequestContext* request_context) |
| 32 : request_context_(request_context), | 35 : request_context_(request_context), |
| 33 upload_url_(kFraudulentCertificateUploadEndpoint) { | 36 pinning_violation_upload_url_(kFraudulentCertificateUploadEndpoint), |
| 37 invalid_chain_upload_url_(kInvalidCertificateChainUploadEndpoint) { |
| 34 } | 38 } |
| 35 | 39 |
| 36 ChromeFraudulentCertificateReporter::~ChromeFraudulentCertificateReporter() { | 40 ChromeFraudulentCertificateReporter::~ChromeFraudulentCertificateReporter() { |
| 37 STLDeleteElements(&inflight_requests_); | 41 STLDeleteElements(&inflight_requests_); |
| 38 } | 42 } |
| 39 | 43 |
| 40 static std::string BuildReport(const std::string& hostname, | 44 static std::string BuildReport(const std::string& hostname, |
| 41 const net::SSLInfo& ssl_info) { | 45 const net::SSLInfo& ssl_info) { |
| 42 CertLoggerRequest request; | 46 CertLoggerRequest request; |
| 43 base::Time now = base::Time::Now(); | 47 base::Time now = base::Time::Now(); |
| (...skipping 10 matching lines...) Expand all Loading... |
| 54 | 58 |
| 55 request.add_pin(ssl_info.pinning_failure_log); | 59 request.add_pin(ssl_info.pinning_failure_log); |
| 56 | 60 |
| 57 std::string out; | 61 std::string out; |
| 58 request.SerializeToString(&out); | 62 request.SerializeToString(&out); |
| 59 return out; | 63 return out; |
| 60 } | 64 } |
| 61 | 65 |
| 62 scoped_ptr<net::URLRequest> | 66 scoped_ptr<net::URLRequest> |
| 63 ChromeFraudulentCertificateReporter::CreateURLRequest( | 67 ChromeFraudulentCertificateReporter::CreateURLRequest( |
| 64 net::URLRequestContext* context) { | 68 net::URLRequestContext* context, |
| 69 const GURL& upload_url) { |
| 65 scoped_ptr<net::URLRequest> request = | 70 scoped_ptr<net::URLRequest> request = |
| 66 context->CreateRequest(upload_url_, net::DEFAULT_PRIORITY, this, NULL); | 71 context->CreateRequest(upload_url, net::DEFAULT_PRIORITY, this, NULL); |
| 67 request->SetLoadFlags(net::LOAD_DO_NOT_SEND_COOKIES | | 72 request->SetLoadFlags(net::LOAD_DO_NOT_SEND_COOKIES | |
| 68 net::LOAD_DO_NOT_SAVE_COOKIES); | 73 net::LOAD_DO_NOT_SAVE_COOKIES); |
| 69 return request.Pass(); | 74 return request.Pass(); |
| 70 } | 75 } |
| 71 | 76 |
| 72 void ChromeFraudulentCertificateReporter::SendReport( | 77 void ChromeFraudulentCertificateReporter::SendReport( |
| 78 ReportType type, |
| 73 const std::string& hostname, | 79 const std::string& hostname, |
| 74 const net::SSLInfo& ssl_info) { | 80 const net::SSLInfo& ssl_info) { |
| 81 if (type == REPORT_TYPE_EXTENDED_REPORTING) { |
| 82 // TODO(estark): Double-check that the user is opted in. |
| 83 |
| 84 // TODO(estark): Temporarily, since there is no upload endpoint, just log |
| 85 // the information. |
| 86 LOG(ERROR) << "SSL report for " << hostname << ":\n" |
| 87 << BuildReport(hostname, ssl_info) << "\n\n"; |
| 88 return; |
| 89 } |
| 90 |
| 75 // We do silent/automatic reporting ONLY for Google properties. For other | 91 // We do silent/automatic reporting ONLY for Google properties. For other |
| 76 // domains (when we start supporting that), we will ask for user permission. | 92 // domains (when we start supporting that), we will ask for user permission. |
| 77 if (!net::TransportSecurityState::IsGooglePinnedProperty(hostname)) { | 93 if (!net::TransportSecurityState::IsGooglePinnedProperty(hostname)) { |
| 78 return; | 94 return; |
| 79 } | 95 } |
| 80 | 96 |
| 81 std::string report = BuildReport(hostname, ssl_info); | 97 std::string report = BuildReport(hostname, ssl_info); |
| 82 | 98 |
| 83 scoped_ptr<net::URLRequest> url_request = CreateURLRequest(request_context_); | 99 scoped_ptr<net::URLRequest> url_request = |
| 100 CreateURLRequest(request_context_, pinning_violation_upload_url_); |
| 84 url_request->set_method("POST"); | 101 url_request->set_method("POST"); |
| 85 | 102 |
| 86 scoped_ptr<net::UploadElementReader> reader( | 103 scoped_ptr<net::UploadElementReader> reader( |
| 87 net::UploadOwnedBytesElementReader::CreateWithString(report)); | 104 net::UploadOwnedBytesElementReader::CreateWithString(report)); |
| 88 url_request->set_upload( | 105 url_request->set_upload( |
| 89 net::ElementsUploadDataStream::CreateWithReader(reader.Pass(), 0)); | 106 net::ElementsUploadDataStream::CreateWithReader(reader.Pass(), 0)); |
| 90 | 107 |
| 91 net::HttpRequestHeaders headers; | 108 net::HttpRequestHeaders headers; |
| 92 headers.SetHeader(net::HttpRequestHeaders::kContentType, | 109 headers.SetHeader(net::HttpRequestHeaders::kContentType, |
| 93 "x-application/chrome-fraudulent-cert-report"); | 110 "x-application/chrome-fraudulent-cert-report"); |
| (...skipping 31 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 125 LOG(WARNING) << "Certificate upload HTTP status: " | 142 LOG(WARNING) << "Certificate upload HTTP status: " |
| 126 << request->GetResponseCode(); | 143 << request->GetResponseCode(); |
| 127 } | 144 } |
| 128 RequestComplete(request); | 145 RequestComplete(request); |
| 129 } | 146 } |
| 130 | 147 |
| 131 void ChromeFraudulentCertificateReporter::OnReadCompleted( | 148 void ChromeFraudulentCertificateReporter::OnReadCompleted( |
| 132 net::URLRequest* request, int bytes_read) {} | 149 net::URLRequest* request, int bytes_read) {} |
| 133 | 150 |
| 134 } // namespace chrome_browser_net | 151 } // namespace chrome_browser_net |
| OLD | NEW |
|---|
Chromium Code Reviews
Issue 935663004:
Add checkbox for reporting invalid TLS/SSL cert chains (Closed)
Base URL: https://chromium.googlesource.com/chromium/src.git@master