| OLD | NEW |
|---|
| 1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. | 1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. |
| 2 // Use of this source code is governed by a BSD-style license that can be | 2 // Use of this source code is governed by a BSD-style license that can be |
| 3 // found in the LICENSE file. | 3 // found in the LICENSE file. |
| 4 | 4 |
| 5 #include "chrome/browser/net/chrome_fraudulent_certificate_reporter.h" | 5 #include "chrome/browser/net/chrome_fraudulent_certificate_reporter.h" |
| 6 | 6 |
| 7 #include <set> | |
| 8 | |
| 9 #include "base/base64.h" | |
| 10 #include "base/logging.h" | |
| 11 #include "base/profiler/scoped_tracker.h" | 7 #include "base/profiler/scoped_tracker.h" |
| 12 #include "base/stl_util.h" | 8 #include "chrome/browser/net/certificate_error_reporter.h" |
| 13 #include "base/time/time.h" | |
| 14 #include "chrome/browser/net/cert_logger.pb.h" | |
| 15 #include "net/base/elements_upload_data_stream.h" | |
| 16 #include "net/base/load_flags.h" | |
| 17 #include "net/base/request_priority.h" | |
| 18 #include "net/base/upload_bytes_element_reader.h" | |
| 19 #include "net/cert/x509_certificate.h" | |
| 20 #include "net/ssl/ssl_info.h" | 9 #include "net/ssl/ssl_info.h" |
| 21 #include "net/url_request/url_request_context.h" | 10 #include "net/url_request/url_request_context.h" |
| 11 #include "url/gurl.h" |
| 12 |
| 13 namespace { |
| 14 |
| 15 // TODO(palmer): Switch to HTTPS when the error handling delegate is more |
| 16 // sophisticated. Ultimately we plan to attempt the report on many transports. |
| 17 const char kFraudulentCertificateUploadEndpoint[] = |
| 18 "http://clients3.google.com/log_cert_error"; |
| 19 |
| 20 } // namespace |
| 22 | 21 |
| 23 namespace chrome_browser_net { | 22 namespace chrome_browser_net { |
| 24 | 23 |
| 25 // TODO(palmer): Switch to HTTPS when the error handling delegate is more | 24 ChromeFraudulentCertificateReporter::ChromeFraudulentCertificateReporter( |
| 26 // sophisticated. Ultimately we plan to attempt the report on many transports. | 25 net::URLRequestContext* request_context) |
| 27 static const char kFraudulentCertificateUploadEndpoint[] = | 26 : certificate_reporter_(new CertificateErrorReporter( |
| 28 "http://clients3.google.com/log_cert_error"; | 27 request_context, |
| 28 GURL(kFraudulentCertificateUploadEndpoint))) { |
| 29 } |
| 29 | 30 |
| 30 ChromeFraudulentCertificateReporter::ChromeFraudulentCertificateReporter( | 31 ChromeFraudulentCertificateReporter::ChromeFraudulentCertificateReporter( |
| 31 net::URLRequestContext* request_context) | 32 scoped_ptr<CertificateErrorReporter> certificate_reporter) |
| 32 : request_context_(request_context), | 33 : certificate_reporter_(certificate_reporter.Pass()) { |
| 33 upload_url_(kFraudulentCertificateUploadEndpoint) { | |
| 34 } | 34 } |
| 35 | 35 |
| 36 ChromeFraudulentCertificateReporter::~ChromeFraudulentCertificateReporter() { | 36 ChromeFraudulentCertificateReporter::~ChromeFraudulentCertificateReporter() { |
| 37 STLDeleteElements(&inflight_requests_); | |
| 38 } | |
| 39 | |
| 40 static std::string BuildReport(const std::string& hostname, | |
| 41 const net::SSLInfo& ssl_info) { | |
| 42 CertLoggerRequest request; | |
| 43 base::Time now = base::Time::Now(); | |
| 44 request.set_time_usec(now.ToInternalValue()); | |
| 45 request.set_hostname(hostname); | |
| 46 | |
| 47 std::vector<std::string> pem_encoded_chain; | |
| 48 if (!ssl_info.cert->GetPEMEncodedChain(&pem_encoded_chain)) { | |
| 49 LOG(ERROR) << "Could not get PEM encoded chain."; | |
| 50 } | |
| 51 std::string* cert_chain = request.mutable_cert_chain(); | |
| 52 for (size_t i = 0; i < pem_encoded_chain.size(); ++i) | |
| 53 *cert_chain += pem_encoded_chain[i]; | |
| 54 | |
| 55 request.add_pin(ssl_info.pinning_failure_log); | |
| 56 | |
| 57 std::string out; | |
| 58 request.SerializeToString(&out); | |
| 59 return out; | |
| 60 } | |
| 61 | |
| 62 scoped_ptr<net::URLRequest> | |
| 63 ChromeFraudulentCertificateReporter::CreateURLRequest( | |
| 64 net::URLRequestContext* context) { | |
| 65 scoped_ptr<net::URLRequest> request = | |
| 66 context->CreateRequest(upload_url_, net::DEFAULT_PRIORITY, this, NULL); | |
| 67 request->SetLoadFlags(net::LOAD_DO_NOT_SEND_COOKIES | | |
| 68 net::LOAD_DO_NOT_SAVE_COOKIES); | |
| 69 return request.Pass(); | |
| 70 } | 37 } |
| 71 | 38 |
| 72 void ChromeFraudulentCertificateReporter::SendReport( | 39 void ChromeFraudulentCertificateReporter::SendReport( |
| 73 const std::string& hostname, | 40 const std::string& hostname, |
| 74 const net::SSLInfo& ssl_info) { | 41 const net::SSLInfo& ssl_info) { |
| 75 // We do silent/automatic reporting ONLY for Google properties. For other | 42 // Do silent/automatic reporting ONLY for Google properties. For other |
| 76 // domains (when we start supporting that), we will ask for user permission. | 43 // domains (when that is supported), Chrome will ask for user permission. |
| 77 if (!net::TransportSecurityState::IsGooglePinnedProperty(hostname)) { | 44 if (!net::TransportSecurityState::IsGooglePinnedProperty(hostname)) |
| 78 return; | 45 return; |
| 79 } | |
| 80 | 46 |
| 81 std::string report = BuildReport(hostname, ssl_info); | 47 certificate_reporter_->SendReport( |
| 82 | 48 CertificateErrorReporter::REPORT_TYPE_PINNING_VIOLATION, hostname, |
| 83 scoped_ptr<net::URLRequest> url_request = CreateURLRequest(request_context_); | 49 ssl_info); |
| 84 url_request->set_method("POST"); | |
| 85 | |
| 86 scoped_ptr<net::UploadElementReader> reader( | |
| 87 net::UploadOwnedBytesElementReader::CreateWithString(report)); | |
| 88 url_request->set_upload( | |
| 89 net::ElementsUploadDataStream::CreateWithReader(reader.Pass(), 0)); | |
| 90 | |
| 91 net::HttpRequestHeaders headers; | |
| 92 headers.SetHeader(net::HttpRequestHeaders::kContentType, | |
| 93 "x-application/chrome-fraudulent-cert-report"); | |
| 94 url_request->SetExtraRequestHeaders(headers); | |
| 95 | |
| 96 net::URLRequest* raw_url_request = url_request.get(); | |
| 97 inflight_requests_.insert(url_request.release()); | |
| 98 raw_url_request->Start(); | |
| 99 } | 50 } |
| 100 | 51 |
| 101 void ChromeFraudulentCertificateReporter::RequestComplete( | |
| 102 net::URLRequest* request) { | |
| 103 std::set<net::URLRequest*>::iterator i = inflight_requests_.find(request); | |
| 104 DCHECK(i != inflight_requests_.end()); | |
| 105 scoped_ptr<net::URLRequest> url_request(*i); | |
| 106 inflight_requests_.erase(i); | |
| 107 } | |
| 108 | |
| 109 // TODO(palmer): Currently, the upload is fire-and-forget but soon we will | |
| 110 // try to recover by retrying, and trying different endpoints, and | |
| 111 // appealing to the user. | |
| 112 void ChromeFraudulentCertificateReporter::OnResponseStarted( | |
| 113 net::URLRequest* request) { | |
| 114 // TODO(vadimt): Remove ScopedTracker below once crbug.com/422516 is fixed. | |
| 115 tracked_objects::ScopedTracker tracking_profile( | |
| 116 FROM_HERE_WITH_EXPLICIT_FUNCTION( | |
| 117 "422516 ChromeFraudulentCertificateReporter::OnResponseStarted")); | |
| 118 | |
| 119 const net::URLRequestStatus& status(request->status()); | |
| 120 if (!status.is_success()) { | |
| 121 LOG(WARNING) << "Certificate upload failed" | |
| 122 << " status:" << status.status() | |
| 123 << " error:" << status.error(); | |
| 124 } else if (request->GetResponseCode() != 200) { | |
| 125 LOG(WARNING) << "Certificate upload HTTP status: " | |
| 126 << request->GetResponseCode(); | |
| 127 } | |
| 128 RequestComplete(request); | |
| 129 } | |
| 130 | |
| 131 void ChromeFraudulentCertificateReporter::OnReadCompleted( | |
| 132 net::URLRequest* request, int bytes_read) {} | |
| 133 | |
| 134 } // namespace chrome_browser_net | 52 } // namespace chrome_browser_net |
| OLD | NEW |
|---|
Chromium Code Reviews
Issue 979893003:
Refactor ChromeFraudulentCertReporter for code reuse by SSL reporting (Closed)
Base URL: https://chromium.googlesource.com/chromium/src.git@master