Chromium Code Reviews Chromium Code Reviews
Issue 979893003:
Refactor ChromeFraudulentCertReporter for code reuse by SSL reporting (Closed)
Base URL: https://chromium.googlesource.com/chromium/src.git@master| Index: chrome/browser/net/certificate_error_reporter.cc |
| diff --git a/chrome/browser/net/chrome_fraudulent_certificate_reporter.cc b/chrome/browser/net/certificate_error_reporter.cc |
| similarity index 50% |
| copy from chrome/browser/net/chrome_fraudulent_certificate_reporter.cc |
| copy to chrome/browser/net/certificate_error_reporter.cc |
| index d5584938a7fe8e07f83636351ca752d4a03eda1a..af931fc65dff363e317f6cc909e905bffe6bec05 100644 |
| --- a/chrome/browser/net/chrome_fraudulent_certificate_reporter.cc |
| +++ b/chrome/browser/net/certificate_error_reporter.cc |
| @@ -1,14 +1,12 @@ |
| -// Copyright (c) 2012 The Chromium Authors. All rights reserved. |
| +// Copyright 2015 The Chromium Authors. All rights reserved. |
| // Use of this source code is governed by a BSD-style license that can be |
| // found in the LICENSE file. |
| -#include "chrome/browser/net/chrome_fraudulent_certificate_reporter.h" |
| +#include "chrome/browser/net/certificate_error_reporter.h" |
| #include <set> |
| -#include "base/base64.h" |
| #include "base/logging.h" |
| -#include "base/profiler/scoped_tracker.h" |
| #include "base/stl_util.h" |
| #include "base/time/time.h" |
| #include "chrome/browser/net/cert_logger.pb.h" |
| @@ -22,45 +20,59 @@ |
| namespace chrome_browser_net { |
| -// TODO(palmer): Switch to HTTPS when the error handling delegate is more |
| -// sophisticated. Ultimately we plan to attempt the report on many transports. |
| -static const char kFraudulentCertificateUploadEndpoint[] = |
| - "http://clients3.google.com/log_cert_error"; |
| - |
| -ChromeFraudulentCertificateReporter::ChromeFraudulentCertificateReporter( |
| - net::URLRequestContext* request_context) |
| - : request_context_(request_context), |
| - upload_url_(kFraudulentCertificateUploadEndpoint) { |
| +CertificateErrorReporter::CertificateErrorReporter( |
| + net::URLRequestContext* request_context, |
| + const GURL& upload_url) |
| + : request_context_(request_context), upload_url_(upload_url) { |
| + DCHECK(!upload_url.is_empty()); |
| } |
| -ChromeFraudulentCertificateReporter::~ChromeFraudulentCertificateReporter() { |
| +CertificateErrorReporter::~CertificateErrorReporter() { |
| STLDeleteElements(&inflight_requests_); |
| } |
| -static std::string BuildReport(const std::string& hostname, |
| - const net::SSLInfo& ssl_info) { |
| +void CertificateErrorReporter::SendReport(ReportType type, |
| + const std::string& hostname, |
| + const net::SSLInfo& ssl_info) { |
| CertLoggerRequest request; |
| - base::Time now = base::Time::Now(); |
| - request.set_time_usec(now.ToInternalValue()); |
| - request.set_hostname(hostname); |
| + std::string out; |
| - std::vector<std::string> pem_encoded_chain; |
| - if (!ssl_info.cert->GetPEMEncodedChain(&pem_encoded_chain)) { |
| - LOG(ERROR) << "Could not get PEM encoded chain."; |
| + BuildReport(hostname, ssl_info, &request); |
| + |
| + switch (type) { |
| + case REPORT_TYPE_PINNING_VIOLATION: |
| + SendCertLoggerRequest(request); |
| + break; |
| + case REPORT_TYPE_EXTENDED_REPORTING: |
| + // TODO(estark): Double-check that the user is opted in. |
| + // TODO(estark): Temporarily, since this is no upload endpoint, just |
| + // log the information. |
| + request.SerializeToString(&out); |
| + DVLOG(3) << "SSL report for " << hostname << ":\n" << out << "\n\n"; |
| + break; |
| + default: |
| + NOTREACHED(); |
| } |
| - std::string* cert_chain = request.mutable_cert_chain(); |
| - for (size_t i = 0; i < pem_encoded_chain.size(); ++i) |
| - *cert_chain += pem_encoded_chain[i]; |
| +} |
| - request.add_pin(ssl_info.pinning_failure_log); |
| +void CertificateErrorReporter::OnResponseStarted(net::URLRequest* request) { |
| + const net::URLRequestStatus& status(request->status()); |
| + if (!status.is_success()) { |
| + LOG(WARNING) << "Certificate upload failed" |
| + << " status:" << status.status() |
| + << " error:" << status.error(); |
| + } else if (request->GetResponseCode() != 200) { |
| + LOG(WARNING) << "Certificate upload HTTP status: " |
| + << request->GetResponseCode(); |
| + } |
| + RequestComplete(request); |
| +} |
| - std::string out; |
| - request.SerializeToString(&out); |
| - return out; |
| +void CertificateErrorReporter::OnReadCompleted(net::URLRequest* request, |
| + int bytes_read) { |
| } |
| -scoped_ptr<net::URLRequest> |
| -ChromeFraudulentCertificateReporter::CreateURLRequest( |
| +scoped_ptr<net::URLRequest> CertificateErrorReporter::CreateURLRequest( |
| net::URLRequestContext* context) { |
| scoped_ptr<net::URLRequest> request = |
| context->CreateRequest(upload_url_, net::DEFAULT_PRIORITY, this, NULL); |
| @@ -69,22 +81,16 @@ ChromeFraudulentCertificateReporter::CreateURLRequest( |
| return request.Pass(); |
| } |
| -void ChromeFraudulentCertificateReporter::SendReport( |
| - const std::string& hostname, |
| - const net::SSLInfo& ssl_info) { |
| - // We do silent/automatic reporting ONLY for Google properties. For other |
| - // domains (when we start supporting that), we will ask for user permission. |
| - if (!net::TransportSecurityState::IsGooglePinnedProperty(hostname)) { |
| - return; |
| - } |
| - |
| - std::string report = BuildReport(hostname, ssl_info); |
| +void CertificateErrorReporter::SendCertLoggerRequest( |
| + const CertLoggerRequest& request) { |
| + std::string serialized_request; |
| + request.SerializeToString(&serialized_request); |
| scoped_ptr<net::URLRequest> url_request = CreateURLRequest(request_context_); |
| url_request->set_method("POST"); |
| scoped_ptr<net::UploadElementReader> reader( |
| - net::UploadOwnedBytesElementReader::CreateWithString(report)); |
| + net::UploadOwnedBytesElementReader::CreateWithString(serialized_request)); |
| url_request->set_upload( |
| net::ElementsUploadDataStream::CreateWithReader(reader.Pass(), 0)); |
|
mmenke
2015/03/10 15:08:45
The tests should check the contents of this, and t
estark
2015/03/10 15:54:15
rsleevi advised against this on the grounds that i
mmenke
2015/03/10 16:08:52
We need to be sure we are sending sane data. With
|
| @@ -98,37 +104,30 @@ void ChromeFraudulentCertificateReporter::SendReport( |
| raw_url_request->Start(); |
| } |
| -void ChromeFraudulentCertificateReporter::RequestComplete( |
| - net::URLRequest* request) { |
| +void CertificateErrorReporter::BuildReport(const std::string& hostname, |
| + const net::SSLInfo& ssl_info, |
| + CertLoggerRequest* out_request) { |
| + base::Time now = base::Time::Now(); |
| + out_request->set_time_usec(now.ToInternalValue()); |
| + out_request->set_hostname(hostname); |
| + |
| + std::vector<std::string> pem_encoded_chain; |
| + if (!ssl_info.cert->GetPEMEncodedChain(&pem_encoded_chain)) { |
| + LOG(ERROR) << "Could not get PEM encoded chain."; |
| + } |
| + std::string* cert_chain = out_request->mutable_cert_chain(); |
| + for (size_t i = 0; i < pem_encoded_chain.size(); ++i) { |
| + *cert_chain += pem_encoded_chain[i]; |
| + } |
| + |
| + out_request->add_pin(ssl_info.pinning_failure_log); |
| +} |
| + |
| +void CertificateErrorReporter::RequestComplete(net::URLRequest* request) { |
| std::set<net::URLRequest*>::iterator i = inflight_requests_.find(request); |
| DCHECK(i != inflight_requests_.end()); |
| scoped_ptr<net::URLRequest> url_request(*i); |
| inflight_requests_.erase(i); |
| } |
| -// TODO(palmer): Currently, the upload is fire-and-forget but soon we will |
| -// try to recover by retrying, and trying different endpoints, and |
| -// appealing to the user. |
| -void ChromeFraudulentCertificateReporter::OnResponseStarted( |
| - net::URLRequest* request) { |
| - // TODO(vadimt): Remove ScopedTracker below once crbug.com/422516 is fixed. |
| - tracked_objects::ScopedTracker tracking_profile( |
| - FROM_HERE_WITH_EXPLICIT_FUNCTION( |
| - "422516 ChromeFraudulentCertificateReporter::OnResponseStarted")); |
| - |
| - const net::URLRequestStatus& status(request->status()); |
| - if (!status.is_success()) { |
| - LOG(WARNING) << "Certificate upload failed" |
| - << " status:" << status.status() |
| - << " error:" << status.error(); |
| - } else if (request->GetResponseCode() != 200) { |
| - LOG(WARNING) << "Certificate upload HTTP status: " |
| - << request->GetResponseCode(); |
| - } |
| - RequestComplete(request); |
| -} |
| - |
| -void ChromeFraudulentCertificateReporter::OnReadCompleted( |
| - net::URLRequest* request, int bytes_read) {} |
| - |
| } // namespace chrome_browser_net |
