Add checkbox for reporting invalid TLS/SSL cert chains

chrome/browser/net/chrome_fraudulent_certificate_reporter.cc

 // Copyright (c) 2012 The Chromium Authors. All rights reserved.
 // Use of this source code is governed by a BSD-style license that can be
 // found in the LICENSE file.
 
 #include "chrome/browser/net/chrome_fraudulent_certificate_reporter.h"
 
 #include <set>
 
 #include "base/base64.h"
 #include "base/logging.h"
 #include "base/profiler/scoped_tracker.h"
 #include "base/stl_util.h"
 #include "base/time/time.h"
 #include "chrome/browser/net/cert_logger.pb.h"
 #include "net/base/elements_upload_data_stream.h"
 #include "net/base/load_flags.h"
 #include "net/base/request_priority.h"
 #include "net/base/upload_bytes_element_reader.h"
 #include "net/cert/x509_certificate.h"
 #include "net/ssl/ssl_info.h"
 #include "net/url_request/url_request_context.h"
 
 namespace chrome_browser_net {
 
 // TODO(palmer): Switch to HTTPS when the error handling delegate is more
 // sophisticated. Ultimately we plan to attempt the report on many transports.
-static const char kFraudulentCertificateUploadEndpoint[] =
+const char kFraudulentCertificateUploadEndpoint[] =
     "http://clients3.google.com/log_cert_error";
 
+// TODO(estark): Add the real server endpoint when live.
+const char kInvalidCertificateChainUploadEndpoint[] = "";
+
 ChromeFraudulentCertificateReporter::ChromeFraudulentCertificateReporter(
     net::URLRequestContext* request_context)
     : request_context_(request_context),
-      upload_url_(kFraudulentCertificateUploadEndpoint) {
+      pinning_violation_upload_url_(kFraudulentCertificateUploadEndpoint),
+      invalid_chain_upload_url_(kInvalidCertificateChainUploadEndpoint) {
 }
 
 ChromeFraudulentCertificateReporter::~ChromeFraudulentCertificateReporter() {
   STLDeleteElements(&inflight_requests_);
 }
 
 static std::string BuildReport(const std::string& hostname,
                                const net::SSLInfo& ssl_info) {
   CertLoggerRequest request;
   base::Time now = base::Time::Now();
@@ skipping 10 matching lines @@
 
   request.add_pin(ssl_info.pinning_failure_log);
 
   std::string out;
   request.SerializeToString(&out);
   return out;
 }
 
 scoped_ptr<net::URLRequest>
 ChromeFraudulentCertificateReporter::CreateURLRequest(
-    net::URLRequestContext* context) {
+    net::URLRequestContext* context,
+    const GURL& upload_url) {
   scoped_ptr<net::URLRequest> request =
-      context->CreateRequest(upload_url_, net::DEFAULT_PRIORITY, this, NULL);
+      context->CreateRequest(upload_url, net::DEFAULT_PRIORITY, this, NULL);
   request->SetLoadFlags(net::LOAD_DO_NOT_SEND_COOKIES |
                         net::LOAD_DO_NOT_SAVE_COOKIES);
   return request.Pass();
 }
 
 void ChromeFraudulentCertificateReporter::SendReport(
+    ReportType type,
     const std::string& hostname,
     const net::SSLInfo& ssl_info) {
+  if (type == REPORT_TYPE_EXTENDED_REPORTING) {
+    // TODO(estark): Double-check that the user is opted in.
+
+    // TODO(estark): Temporarily, since there is no upload endpoint, just log
+    // the information.
+    LOG(ERROR) << "SSL report for " << hostname << ":\n"

[mattm, 2015/03/04 02:58:41]

This dumps a serialized protobuf to the log? I think it should be removed, or at
least converted to DVLOG(20).

[estark, 2015/03/12 22:22:21]

Changed to DVLOG(3).

[mattm, 2015/03/17 20:58:12]

I still question the wisdom of logging binary data.  Eg. on linux you can
randomly screw up your terminal state.

[estark, 2015/03/18 15:57:18]

Ok, I changed it to just log the hostname. We don't really need to log the full
report anyway; it's just a stub until I implement the actual upload.

+               << BuildReport(hostname, ssl_info) << "\n\n";
+    return;
+  }
+
   // We do silent/automatic reporting ONLY for Google properties. For other
   // domains (when we start supporting that), we will ask for user permission.
   if (!net::TransportSecurityState::IsGooglePinnedProperty(hostname)) {
     return;
   }
 
   std::string report = BuildReport(hostname, ssl_info);
 
-  scoped_ptr<net::URLRequest> url_request = CreateURLRequest(request_context_);
+  scoped_ptr<net::URLRequest> url_request =
+      CreateURLRequest(request_context_, pinning_violation_upload_url_);
   url_request->set_method("POST");
 
   scoped_ptr<net::UploadElementReader> reader(
       net::UploadOwnedBytesElementReader::CreateWithString(report));
   url_request->set_upload(
       net::ElementsUploadDataStream::CreateWithReader(reader.Pass(), 0));
 
   net::HttpRequestHeaders headers;
   headers.SetHeader(net::HttpRequestHeaders::kContentType,
                     "x-application/chrome-fraudulent-cert-report");
@@ skipping 31 matching lines @@
     LOG(WARNING) << "Certificate upload HTTP status: "
                  << request->GetResponseCode();
   }
   RequestComplete(request);
 }
 
 void ChromeFraudulentCertificateReporter::OnReadCompleted(
     net::URLRequest* request, int bytes_read) {}
 
 }  // namespace chrome_browser_net