Index: chrome/browser/net/certificate_error_reporter.cc |
diff --git a/chrome/browser/net/chrome_fraudulent_certificate_reporter.cc b/chrome/browser/net/certificate_error_reporter.cc |
similarity index 50% |
copy from chrome/browser/net/chrome_fraudulent_certificate_reporter.cc |
copy to chrome/browser/net/certificate_error_reporter.cc |
index d5584938a7fe8e07f83636351ca752d4a03eda1a..57e737fce6d530e8c87fdbab7736527ab0d8a418 100644 |
--- a/chrome/browser/net/chrome_fraudulent_certificate_reporter.cc |
+++ b/chrome/browser/net/certificate_error_reporter.cc |
@@ -1,14 +1,12 @@ |
-// Copyright (c) 2012 The Chromium Authors. All rights reserved. |
+// Copyright 2015 The Chromium Authors. All rights reserved. |
// Use of this source code is governed by a BSD-style license that can be |
// found in the LICENSE file. |
-#include "chrome/browser/net/chrome_fraudulent_certificate_reporter.h" |
+#include "chrome/browser/net/certificate_error_reporter.h" |
#include <set> |
-#include "base/base64.h" |
#include "base/logging.h" |
-#include "base/profiler/scoped_tracker.h" |
#include "base/stl_util.h" |
#include "base/time/time.h" |
#include "chrome/browser/net/cert_logger.pb.h" |
@@ -22,45 +20,59 @@ |
namespace chrome_browser_net { |
-// TODO(palmer): Switch to HTTPS when the error handling delegate is more |
-// sophisticated. Ultimately we plan to attempt the report on many transports. |
-static const char kFraudulentCertificateUploadEndpoint[] = |
- "http://clients3.google.com/log_cert_error"; |
- |
-ChromeFraudulentCertificateReporter::ChromeFraudulentCertificateReporter( |
- net::URLRequestContext* request_context) |
- : request_context_(request_context), |
- upload_url_(kFraudulentCertificateUploadEndpoint) { |
+CertificateErrorReporter::CertificateErrorReporter( |
+ net::URLRequestContext* request_context, |
+ const GURL& upload_url) |
+ : request_context_(request_context), upload_url_(upload_url) { |
+ DCHECK(!upload_url.is_empty()); |
} |
-ChromeFraudulentCertificateReporter::~ChromeFraudulentCertificateReporter() { |
+CertificateErrorReporter::~CertificateErrorReporter() { |
STLDeleteElements(&inflight_requests_); |
} |
-static std::string BuildReport(const std::string& hostname, |
- const net::SSLInfo& ssl_info) { |
+void CertificateErrorReporter::SendReport(ReportType type, |
+ const std::string& hostname, |
+ const net::SSLInfo& ssl_info) { |
CertLoggerRequest request; |
- base::Time now = base::Time::Now(); |
- request.set_time_usec(now.ToInternalValue()); |
- request.set_hostname(hostname); |
+ std::string out; |
- std::vector<std::string> pem_encoded_chain; |
- if (!ssl_info.cert->GetPEMEncodedChain(&pem_encoded_chain)) { |
- LOG(ERROR) << "Could not get PEM encoded chain."; |
+ BuildReport(hostname, ssl_info, &request); |
+ |
+ switch (type) { |
+ case REPORT_TYPE_PINNING_VIOLATION: |
+ SendCertLoggerRequest(request); |
+ break; |
+ case REPORT_TYPE_EXTENDED_REPORTING: |
+ // TODO(estark): Double-check that the user is opted in. |
+ // TODO(estark): Temporarily, since this is no upload endpoint, just |
+ // log the information. |
+ request.SerializeToString(&out); |
+ DVLOG(3) << "SSL report for " << hostname << ":\n" << out << "\n\n"; |
+ break; |
+ default: |
+ NOTREACHED(); |
} |
- std::string* cert_chain = request.mutable_cert_chain(); |
- for (size_t i = 0; i < pem_encoded_chain.size(); ++i) |
- *cert_chain += pem_encoded_chain[i]; |
+} |
- request.add_pin(ssl_info.pinning_failure_log); |
+void CertificateErrorReporter::OnResponseStarted(net::URLRequest* request) { |
+ const net::URLRequestStatus& status(request->status()); |
+ if (!status.is_success()) { |
+ LOG(WARNING) << "Certificate upload failed" |
+ << " status:" << status.status() |
+ << " error:" << status.error(); |
+ } else if (request->GetResponseCode() != 200) { |
+ LOG(WARNING) << "Certificate upload HTTP status: " |
+ << request->GetResponseCode(); |
+ } |
+ RequestComplete(request); |
+} |
- std::string out; |
- request.SerializeToString(&out); |
- return out; |
+void CertificateErrorReporter::OnReadCompleted(net::URLRequest* request, |
+ int bytes_read) { |
} |
-scoped_ptr<net::URLRequest> |
-ChromeFraudulentCertificateReporter::CreateURLRequest( |
+scoped_ptr<net::URLRequest> CertificateErrorReporter::CreateURLRequest( |
net::URLRequestContext* context) { |
scoped_ptr<net::URLRequest> request = |
context->CreateRequest(upload_url_, net::DEFAULT_PRIORITY, this, NULL); |
@@ -69,22 +81,16 @@ ChromeFraudulentCertificateReporter::CreateURLRequest( |
return request.Pass(); |
} |
-void ChromeFraudulentCertificateReporter::SendReport( |
- const std::string& hostname, |
- const net::SSLInfo& ssl_info) { |
- // We do silent/automatic reporting ONLY for Google properties. For other |
- // domains (when we start supporting that), we will ask for user permission. |
- if (!net::TransportSecurityState::IsGooglePinnedProperty(hostname)) { |
- return; |
- } |
- |
- std::string report = BuildReport(hostname, ssl_info); |
+void CertificateErrorReporter::SendCertLoggerRequest( |
+ const CertLoggerRequest& request) { |
+ std::string serialized_request; |
+ request.SerializeToString(&serialized_request); |
scoped_ptr<net::URLRequest> url_request = CreateURLRequest(request_context_); |
url_request->set_method("POST"); |
scoped_ptr<net::UploadElementReader> reader( |
- net::UploadOwnedBytesElementReader::CreateWithString(report)); |
+ net::UploadOwnedBytesElementReader::CreateWithString(serialized_request)); |
url_request->set_upload( |
net::ElementsUploadDataStream::CreateWithReader(reader.Pass(), 0)); |
@@ -98,37 +104,29 @@ void ChromeFraudulentCertificateReporter::SendReport( |
raw_url_request->Start(); |
} |
-void ChromeFraudulentCertificateReporter::RequestComplete( |
- net::URLRequest* request) { |
+void CertificateErrorReporter::BuildReport(const std::string& hostname, |
+ const net::SSLInfo& ssl_info, |
+ CertLoggerRequest* out_request) { |
+ base::Time now = base::Time::Now(); |
+ out_request->set_time_usec(now.ToInternalValue()); |
+ out_request->set_hostname(hostname); |
+ |
+ std::vector<std::string> pem_encoded_chain; |
+ if (!ssl_info.cert->GetPEMEncodedChain(&pem_encoded_chain)) |
+ LOG(ERROR) << "Could not get PEM encoded chain."; |
+ |
+ std::string* cert_chain = out_request->mutable_cert_chain(); |
+ for (size_t i = 0; i < pem_encoded_chain.size(); ++i) |
+ *cert_chain += pem_encoded_chain[i]; |
+ |
+ out_request->add_pin(ssl_info.pinning_failure_log); |
+} |
+ |
+void CertificateErrorReporter::RequestComplete(net::URLRequest* request) { |
std::set<net::URLRequest*>::iterator i = inflight_requests_.find(request); |
DCHECK(i != inflight_requests_.end()); |
scoped_ptr<net::URLRequest> url_request(*i); |
inflight_requests_.erase(i); |
} |
-// TODO(palmer): Currently, the upload is fire-and-forget but soon we will |
-// try to recover by retrying, and trying different endpoints, and |
-// appealing to the user. |
-void ChromeFraudulentCertificateReporter::OnResponseStarted( |
- net::URLRequest* request) { |
- // TODO(vadimt): Remove ScopedTracker below once crbug.com/422516 is fixed. |
- tracked_objects::ScopedTracker tracking_profile( |
- FROM_HERE_WITH_EXPLICIT_FUNCTION( |
- "422516 ChromeFraudulentCertificateReporter::OnResponseStarted")); |
- |
- const net::URLRequestStatus& status(request->status()); |
- if (!status.is_success()) { |
- LOG(WARNING) << "Certificate upload failed" |
- << " status:" << status.status() |
- << " error:" << status.error(); |
- } else if (request->GetResponseCode() != 200) { |
- LOG(WARNING) << "Certificate upload HTTP status: " |
- << request->GetResponseCode(); |
- } |
- RequestComplete(request); |
-} |
- |
-void ChromeFraudulentCertificateReporter::OnReadCompleted( |
- net::URLRequest* request, int bytes_read) {} |
- |
} // namespace chrome_browser_net |