diff options
| author | estark <estark@chromium.org> | 2015-09-08 07:51:39 -0700 |
|---|---|---|
| committer | Commit bot <commit-bot@chromium.org> | 2015-09-08 14:52:12 +0000 |
| commit | 334673f447d516029d5af83aef001e790c00739d (patch) | |
| tree | ab281974f520e2a3e2f073aa6a8f3951fa7090d6 | |
| parent | 2fba84d7d4ba26a82c626018aa5924ffa7ed9c69 (diff) | |
| download | chromium_src-334673f447d516029d5af83aef001e790c00739d.zip chromium_src-334673f447d516029d5af83aef001e790c00739d.tar.gz chromium_src-334673f447d516029d5af83aef001e790c00739d.tar.bz2 | |
Componentize CertificateErrorReport and CertificateErrorReporter
BUG=516697
Committed: https://crrev.com/93df64e3cdc40d6a30f7944e211e334ce1880cf7
Cr-Commit-Position: refs/heads/master@{#347551}
Review URL: https://codereview.chromium.org/1302423003
Cr-Commit-Position: refs/heads/master@{#347701}
37 files changed, 319 insertions, 237 deletions
diff --git a/chrome/browser/BUILD.gn b/chrome/browser/BUILD.gn index 9b10cd8..90973f3 100644 --- a/chrome/browser/BUILD.gn +++ b/chrome/browser/BUILD.gn @@ -97,15 +97,14 @@ source_set("browser") { "//chrome/app:generated_resources_map", "//chrome/app/resources:platform_locale_settings", "//chrome/app/theme:theme_resources", - "//chrome/browser/net:encrypted_cert_logger_proto", "//chrome/browser/net:probe_message_proto", - "//chrome/browser/ssl:cert_logger_proto", "//chrome/browser/ui", "//chrome/common", "//components/autofill/core/browser", "//components/bookmarks/browser", "//components/bookmarks/managed", "//components/captive_portal", + "//components/certificate_reporting", "//components/cloud_devices/common", "//components/component_updater", "//components/compression", diff --git a/chrome/browser/DEPS b/chrome/browser/DEPS index fadf96f..19370fb 100644 --- a/chrome/browser/DEPS +++ b/chrome/browser/DEPS @@ -24,6 +24,7 @@ include_rules = [ "+components/browser_watcher", "+components/browsing_data", "+components/cdm/browser", + "+components/certificate_reporting", "+components/cloud_devices/common", "+components/component_updater", "+components/compression", diff --git a/chrome/browser/chromeos/BUILD.gn b/chrome/browser/chromeos/BUILD.gn index 900f3e0..934207c 100644 --- a/chrome/browser/chromeos/BUILD.gn +++ b/chrome/browser/chromeos/BUILD.gn @@ -50,11 +50,9 @@ source_set("chromeos") { "//components/wifi_sync", "//chrome/browser/devtools", "//chrome/browser/extensions", - "//chrome/browser/net:encrypted_cert_logger_proto", "//chrome/browser/safe_browsing:chunk_proto", "//chrome/browser/safe_browsing:metadata_proto", "//chrome/browser/safe_browsing:report_proto", - "//chrome/browser/ssl:cert_logger_proto", "//chrome/common", "//chrome/common/extensions/api", "//chrome/common/extensions/api:api_registration", @@ -65,6 +63,8 @@ source_set("chromeos") { "//chromeos:cryptohome_proto", "//chromeos:cryptohome_signkey_proto", "//chromeos:power_manager_proto", + "//components/certificate_reporting:cert_logger_proto", + "//components/certificate_reporting:encrypted_cert_logger_proto", "//components/onc", "//components/ownership", "//components/pairing", diff --git a/chrome/browser/net/BUILD.gn b/chrome/browser/net/BUILD.gn index 51aa200..4320c4c 100644 --- a/chrome/browser/net/BUILD.gn +++ b/chrome/browser/net/BUILD.gn @@ -10,10 +10,3 @@ proto_library("probe_message_proto") { "probe_message.proto", ] } - -# GYP version: chrome/chrome_browser.gypi:encrypted_cert_logger_proto -proto_library("encrypted_cert_logger_proto") { - sources = [ - "encrypted_cert_logger.proto", - ] -} diff --git a/chrome/browser/safe_browsing/ping_manager.cc b/chrome/browser/safe_browsing/ping_manager.cc index f4b2dfe..c7f031f 100644 --- a/chrome/browser/safe_browsing/ping_manager.cc +++ b/chrome/browser/safe_browsing/ping_manager.cc @@ -8,8 +8,8 @@ #include "base/stl_util.h" #include "base/strings/string_util.h" #include "base/strings/stringprintf.h" -#include "chrome/browser/net/certificate_error_reporter.h" #include "chrome/common/env_vars.h" +#include "components/certificate_reporting/error_reporter.h" #include "content/public/browser/browser_thread.h" #include "google_apis/google_api_keys.h" #include "net/base/escape.h" @@ -21,7 +21,6 @@ #include "net/url_request/url_request_status.h" #include "url/gurl.h" -using chrome_browser_net::CertificateErrorReporter; using content::BrowserThread; namespace { @@ -57,7 +56,7 @@ SafeBrowsingPingManager::SafeBrowsingPingManager( // Set the upload URL and whether or not to send cookies with // certificate reports sent to Safe Browsing servers. bool use_insecure_certificate_upload_url = - CertificateErrorReporter::IsHttpUploadUrlSupported(); + certificate_reporting::ErrorReporter::IsHttpUploadUrlSupported(); net::CertificateReportSender::CookiesPreference cookies_preference; GURL certificate_upload_url; @@ -69,7 +68,7 @@ SafeBrowsingPingManager::SafeBrowsingPingManager( certificate_upload_url = GURL(kExtendedReportingUploadUrlSecure); } - certificate_error_reporter_.reset(new CertificateErrorReporter( + certificate_error_reporter_.reset(new certificate_reporting::ErrorReporter( request_context_getter->GetURLRequestContext(), certificate_upload_url, cookies_preference)); } @@ -142,7 +141,8 @@ void SafeBrowsingPingManager::ReportInvalidCertificateChain( } void SafeBrowsingPingManager::SetCertificateErrorReporterForTesting( - scoped_ptr<CertificateErrorReporter> certificate_error_reporter) { + scoped_ptr<certificate_reporting::ErrorReporter> + certificate_error_reporter) { certificate_error_reporter_ = certificate_error_reporter.Pass(); } diff --git a/chrome/browser/safe_browsing/ping_manager.h b/chrome/browser/safe_browsing/ping_manager.h index 6c8c527..cb51f48 100644 --- a/chrome/browser/safe_browsing/ping_manager.h +++ b/chrome/browser/safe_browsing/ping_manager.h @@ -18,8 +18,8 @@ #include "net/url_request/url_fetcher_delegate.h" #include "url/gurl.h" -namespace chrome_browser_net { -class CertificateErrorReporter; +namespace certificate_reporting { +class ErrorReporter; } namespace net { @@ -59,8 +59,9 @@ class SafeBrowsingPingManager : public net::URLFetcherDelegate { // certificate chains. void ReportInvalidCertificateChain(const std::string& serialized_report); - void SetCertificateErrorReporterForTesting(scoped_ptr< - chrome_browser_net::CertificateErrorReporter> certificate_error_reporter); + void SetCertificateErrorReporterForTesting( + scoped_ptr<certificate_reporting::ErrorReporter> + certificate_error_reporter); private: FRIEND_TEST_ALL_PREFIXES(SafeBrowsingPingManagerTest, @@ -104,8 +105,7 @@ class SafeBrowsingPingManager : public net::URLFetcherDelegate { Reports safebrowsing_reports_; // Sends reports of invalid SSL certificate chains. - scoped_ptr<chrome_browser_net::CertificateErrorReporter> - certificate_error_reporter_; + scoped_ptr<certificate_reporting::ErrorReporter> certificate_error_reporter_; DISALLOW_COPY_AND_ASSIGN(SafeBrowsingPingManager); }; diff --git a/chrome/browser/ssl/BUILD.gn b/chrome/browser/ssl/BUILD.gn deleted file mode 100644 index 88f00288..0000000 --- a/chrome/browser/ssl/BUILD.gn +++ /dev/null @@ -1,12 +0,0 @@ -# Copyright 2015 The Chromium Authors. All rights reserved. -# Use of this source code is governed by a BSD-style license that can be -# found in the LICENSE file. - -import("//third_party/protobuf/proto_library.gni") - -# GYP version: chrome/chrome_browser.gypi:cert_logger_proto -proto_library("cert_logger_proto") { - sources = [ - "cert_logger.proto", - ] -} diff --git a/chrome/browser/ssl/captive_portal_blocking_page.cc b/chrome/browser/ssl/captive_portal_blocking_page.cc index 6c460e1..31562da 100644 --- a/chrome/browser/ssl/captive_portal_blocking_page.cc +++ b/chrome/browser/ssl/captive_portal_blocking_page.cc @@ -17,6 +17,7 @@ #include "chrome/browser/ssl/ssl_cert_reporter.h" #include "chrome/common/pref_names.h" #include "components/captive_portal/captive_portal_detector.h" +#include "components/certificate_reporting/error_reporter.h" #include "components/url_formatter/url_formatter.h" #include "components/wifi/wifi_service.h" #include "content/public/browser/web_contents.h" @@ -62,7 +63,8 @@ CaptivePortalBlockingPage::CaptivePortalBlockingPage( if (ssl_cert_reporter) { cert_report_helper_.reset(new CertReportHelper( ssl_cert_reporter.Pass(), web_contents, request_url, ssl_info, - CertificateErrorReport::INTERSTITIAL_CAPTIVE_PORTAL, false, nullptr)); + certificate_reporting::ErrorReport::INTERSTITIAL_CAPTIVE_PORTAL, false, + nullptr)); } RecordUMA(SHOW_ALL); @@ -203,7 +205,7 @@ void CaptivePortalBlockingPage::OnProceed() { // Finish collecting information about invalid certificates, if the // user opted in to. cert_report_helper_->FinishCertCollection( - CertificateErrorReport::USER_PROCEEDED); + certificate_reporting::ErrorReport::USER_PROCEEDED); } } @@ -212,7 +214,7 @@ void CaptivePortalBlockingPage::OnDontProceed() { // Finish collecting information about invalid certificates, if the // user opted in to. cert_report_helper_->FinishCertCollection( - CertificateErrorReport::USER_DID_NOT_PROCEED); + certificate_reporting::ErrorReport::USER_DID_NOT_PROCEED); } // Need to explicity deny the certificate via the callback, otherwise memory diff --git a/chrome/browser/ssl/cert_report_helper.cc b/chrome/browser/ssl/cert_report_helper.cc index 2f85c84..2e3e120 100644 --- a/chrome/browser/ssl/cert_report_helper.cc +++ b/chrome/browser/ssl/cert_report_helper.cc @@ -34,7 +34,7 @@ CertReportHelper::CertReportHelper( content::WebContents* web_contents, const GURL& request_url, const net::SSLInfo& ssl_info, - CertificateErrorReport::InterstitialReason interstitial_reason, + certificate_reporting::ErrorReport::InterstitialReason interstitial_reason, bool overridable, security_interstitials::MetricsHelper* metrics_helper) : ssl_cert_reporter_(ssl_cert_reporter.Pass()), @@ -75,7 +75,7 @@ void CertReportHelper::PopulateExtendedReportingOption( } void CertReportHelper::FinishCertCollection( - CertificateErrorReport::ProceedDecision user_proceeded) { + certificate_reporting::ErrorReport::ProceedDecision user_proceeded) { if (!ShouldShowCertificateReporterCheckbox()) return; @@ -91,12 +91,13 @@ void CertReportHelper::FinishCertCollection( return; std::string serialized_report; - CertificateErrorReport report(request_url_.host(), ssl_info_); + certificate_reporting::ErrorReport report(request_url_.host(), ssl_info_); report.SetInterstitialInfo( interstitial_reason_, user_proceeded, - overridable_ ? CertificateErrorReport::INTERSTITIAL_OVERRIDABLE - : CertificateErrorReport::INTERSTITIAL_NOT_OVERRIDABLE); + overridable_ + ? certificate_reporting::ErrorReport::INTERSTITIAL_OVERRIDABLE + : certificate_reporting::ErrorReport::INTERSTITIAL_NOT_OVERRIDABLE); if (!report.Serialize(&serialized_report)) { LOG(ERROR) << "Failed to serialize certificate report."; diff --git a/chrome/browser/ssl/cert_report_helper.h b/chrome/browser/ssl/cert_report_helper.h index 6bebaff..3e63405 100644 --- a/chrome/browser/ssl/cert_report_helper.h +++ b/chrome/browser/ssl/cert_report_helper.h @@ -8,7 +8,7 @@ #include <string> #include "chrome/browser/interstitials/security_interstitial_page.h" -#include "chrome/browser/ssl/certificate_error_report.h" +#include "components/certificate_reporting/error_report.h" #include "net/ssl/ssl_info.h" #include "url/gurl.h" @@ -36,14 +36,14 @@ class CertReportHelper { static const char kFinchGroupDontShowDontSend[]; static const char kFinchParamName[]; - CertReportHelper( - scoped_ptr<SSLCertReporter> ssl_cert_reporter, - content::WebContents* web_contents, - const GURL& request_url, - const net::SSLInfo& ssl_info, - CertificateErrorReport::InterstitialReason interstitial_reason, - bool overridable, - security_interstitials::MetricsHelper* metrics_helper); + CertReportHelper(scoped_ptr<SSLCertReporter> ssl_cert_reporter, + content::WebContents* web_contents, + const GURL& request_url, + const net::SSLInfo& ssl_info, + certificate_reporting::ErrorReport::InterstitialReason + interstitial_reason, + bool overridable, + security_interstitials::MetricsHelper* metrics_helper); virtual ~CertReportHelper(); @@ -55,7 +55,7 @@ class CertReportHelper { // server. |user_proceeded| indicates whether the user clicked through // the interstitial or not, and will be included in the report. void FinishCertCollection( - CertificateErrorReport::ProceedDecision user_proceeded); + certificate_reporting::ErrorReport::ProceedDecision user_proceeded); // Allows tests to inject a mock reporter. void SetSSLCertReporterForTesting( @@ -83,7 +83,7 @@ class CertReportHelper { // The SSLInfo used in this helper's report. const net::SSLInfo ssl_info_; // The reason for the interstitial, included in this helper's report. - CertificateErrorReport::InterstitialReason interstitial_reason_; + certificate_reporting::ErrorReport::InterstitialReason interstitial_reason_; // True if the user was given the option to proceed through the // certificate chain error being reported. bool overridable_; diff --git a/chrome/browser/ssl/certificate_reporting_test_utils.cc b/chrome/browser/ssl/certificate_reporting_test_utils.cc index b61340e..b99a36e 100644 --- a/chrome/browser/ssl/certificate_reporting_test_utils.cc +++ b/chrome/browser/ssl/certificate_reporting_test_utils.cc @@ -16,22 +16,22 @@ #include "chrome/browser/safe_browsing/safe_browsing_service.h" #include "chrome/browser/safe_browsing/ui_manager.h" #include "chrome/browser/ssl/cert_report_helper.h" -#include "chrome/browser/ssl/certificate_error_report.h" #include "chrome/browser/ssl/ssl_cert_reporter.h" #include "chrome/browser/ui/browser.h" #include "chrome/common/pref_names.h" +#include "components/certificate_reporting/error_report.h" +#include "components/certificate_reporting/error_reporter.h" #include "components/variations/variations_associated_data.h" #include "net/url_request/certificate_report_sender.h" #include "net/url_request/url_request_context.h" #include "testing/gtest/include/gtest/gtest.h" #include "url/gurl.h" -using chrome_browser_net::CertificateErrorReporter; - namespace { -void SetMockReporter(SafeBrowsingService* safe_browsing_service, - scoped_ptr<CertificateErrorReporter> reporter) { +void SetMockReporter( + SafeBrowsingService* safe_browsing_service, + scoped_ptr<certificate_reporting::ErrorReporter> reporter) { safe_browsing_service->ping_manager()->SetCertificateErrorReporterForTesting( reporter.Pass()); } @@ -80,14 +80,14 @@ namespace certificate_reporting_test_utils { // most recent hostname for which an extended reporting report would // have been sent over the network. class CertificateReportingTest::MockReporter - : public chrome_browser_net::CertificateErrorReporter { + : public certificate_reporting::ErrorReporter { public: MockReporter( net::URLRequestContext* request_context, const GURL& upload_url, net::CertificateReportSender::CookiesPreference cookies_preference); - // CertificateErrorReporter implementation. + // ErrorReporter implementation. void SendExtendedReportingReport( const std::string& serialized_report) override; @@ -107,13 +107,13 @@ CertificateReportingTest::MockReporter::MockReporter( net::URLRequestContext* request_context, const GURL& upload_url, net::CertificateReportSender::CookiesPreference cookies_preference) - : CertificateErrorReporter(request_context, - upload_url, - cookies_preference) {} + : certificate_reporting::ErrorReporter(request_context, + upload_url, + cookies_preference) {} void CertificateReportingTest::MockReporter::SendExtendedReportingReport( const std::string& serialized_report) { - CertificateErrorReport report; + certificate_reporting::ErrorReport report; ASSERT_TRUE(report.InitializeFromString(serialized_report)); latest_hostname_reported_ = report.hostname(); } @@ -134,9 +134,9 @@ void CertificateReportingTest::SetUpMockReporter() { content::BrowserThread::PostTask( content::BrowserThread::IO, FROM_HERE, - base::Bind( - SetMockReporter, safe_browsing_service, - base::Passed(scoped_ptr<CertificateErrorReporter>(reporter_)))); + base::Bind(SetMockReporter, safe_browsing_service, + base::Passed(scoped_ptr<certificate_reporting::ErrorReporter>( + reporter_)))); } const std::string& CertificateReportingTest::GetLatestHostnameReported() const { diff --git a/chrome/browser/ssl/certificate_reporting_test_utils.h b/chrome/browser/ssl/certificate_reporting_test_utils.h index 81d3d91..29cd62b 100644 --- a/chrome/browser/ssl/certificate_reporting_test_utils.h +++ b/chrome/browser/ssl/certificate_reporting_test_utils.h @@ -7,7 +7,6 @@ #include <string> -#include "chrome/browser/net/certificate_error_reporter.h" #include "chrome/test/base/in_process_browser_test.h" class Browser; diff --git a/chrome/browser/ssl/ssl_blocking_page.cc b/chrome/browser/ssl/ssl_blocking_page.cc index 61ca1ac..97148f3 100644 --- a/chrome/browser/ssl/ssl_blocking_page.cc +++ b/chrome/browser/ssl/ssl_blocking_page.cc @@ -25,7 +25,6 @@ #include "chrome/browser/profiles/profile.h" #include "chrome/browser/renderer_preferences_util.h" #include "chrome/browser/ssl/cert_report_helper.h" -#include "chrome/browser/ssl/certificate_error_report.h" #include "chrome/browser/ssl/ssl_cert_reporter.h" #include "chrome/browser/ssl/ssl_error_classification.h" #include "chrome/browser/ssl/ssl_error_info.h" @@ -150,10 +149,10 @@ SSLBlockingPage::SSLBlockingPage(content::WebContents* web_contents, metrics_helper()->RecordUserInteraction( security_interstitials::MetricsHelper::TOTAL_VISITS); - cert_report_helper_.reset( - new CertReportHelper(ssl_cert_reporter.Pass(), web_contents, request_url, - ssl_info, CertificateErrorReport::INTERSTITIAL_SSL, - overridable_, metrics_helper())); + cert_report_helper_.reset(new CertReportHelper( + ssl_cert_reporter.Pass(), web_contents, request_url, ssl_info, + certificate_reporting::ErrorReport::INTERSTITIAL_SSL, overridable_, + metrics_helper())); ssl_error_classification_.reset(new SSLErrorClassification( web_contents, @@ -384,7 +383,7 @@ void SSLBlockingPage::OnProceed() { // Finish collecting information about invalid certificates, if the // user opted in to. cert_report_helper_->FinishCertCollection( - CertificateErrorReport::USER_PROCEEDED); + certificate_reporting::ErrorReport::USER_PROCEEDED); RecordSSLExpirationPageEventState( expired_but_previously_allowed_, true, overridable_); @@ -399,7 +398,7 @@ void SSLBlockingPage::OnDontProceed() { // Finish collecting information about invalid certificates, if the // user opted in to. cert_report_helper_->FinishCertCollection( - CertificateErrorReport::USER_DID_NOT_PROCEED); + certificate_reporting::ErrorReport::USER_DID_NOT_PROCEED); RecordSSLExpirationPageEventState( expired_but_previously_allowed_, false, overridable_); diff --git a/chrome/browser/ssl/ssl_blocking_page.h b/chrome/browser/ssl/ssl_blocking_page.h index f096278..0c45e31 100644 --- a/chrome/browser/ssl/ssl_blocking_page.h +++ b/chrome/browser/ssl/ssl_blocking_page.h @@ -14,8 +14,8 @@ #include "base/time/time.h" #include "chrome/browser/interstitials/security_interstitial_page.h" #include "chrome/browser/profiles/profile.h" -#include "chrome/browser/ssl/certificate_error_report.h" #include "chrome/browser/ssl/ssl_cert_reporter.h" +#include "components/certificate_reporting/error_report.h" #include "net/ssl/ssl_info.h" #include "url/gurl.h" diff --git a/chrome/browser/ssl/ssl_browser_tests.cc b/chrome/browser/ssl/ssl_browser_tests.cc index d817a77..be0c1bb 100644 --- a/chrome/browser/ssl/ssl_browser_tests.cc +++ b/chrome/browser/ssl/ssl_browser_tests.cc @@ -21,13 +21,10 @@ #include "chrome/browser/browser_process.h" #include "chrome/browser/chrome_notification_types.h" #include "chrome/browser/interstitials/security_interstitial_page_test_utils.h" -#include "chrome/browser/net/certificate_error_reporter.h" #include "chrome/browser/profiles/profile.h" #include "chrome/browser/ssl/bad_clock_blocking_page.h" -#include "chrome/browser/ssl/cert_logger.pb.h" #include "chrome/browser/ssl/cert_report_helper.h" #include "chrome/browser/ssl/cert_verifier_browser_test.h" -#include "chrome/browser/ssl/certificate_error_report.h" #include "chrome/browser/ssl/certificate_reporting_test_utils.h" #include "chrome/browser/ssl/chrome_ssl_host_state_delegate.h" #include "chrome/browser/ssl/common_name_mismatch_handler.h" @@ -86,7 +83,6 @@ using base::ASCIIToUTF16; using chrome_browser_interstitials::SecurityInterstitialIDNTest; -using chrome_browser_net::CertificateErrorReporter; using content::InterstitialPage; using content::NavigationController; using content::NavigationEntry; diff --git a/chrome/browser/ui/BUILD.gn b/chrome/browser/ui/BUILD.gn index d442b31..c876981 100644 --- a/chrome/browser/ui/BUILD.gn +++ b/chrome/browser/ui/BUILD.gn @@ -43,11 +43,11 @@ source_set("ui") { "//chrome:strings", "//chrome/app/resources:platform_locale_settings", "//chrome/app/theme:theme_resources", - "//chrome/browser/net:encrypted_cert_logger_proto", - "//chrome/browser/ssl:cert_logger_proto", "//chrome/common", "//components/app_modal", "//components/auto_login_parser", + "//components/certificate_reporting:cert_logger_proto", + "//components/certificate_reporting:encrypted_cert_logger_proto", "//components/dom_distiller/webui", "//components/invalidation/impl", "//components/omnibox/common", diff --git a/chrome/chrome_browser.gypi b/chrome/chrome_browser.gypi index 40b3ea2..96c0237 100644 --- a/chrome/chrome_browser.gypi +++ b/chrome/chrome_browser.gypi @@ -1901,8 +1901,6 @@ 'chrome_browser_net_sources': [ 'browser/net/async_dns_field_trial.cc', 'browser/net/async_dns_field_trial.h', - 'browser/net/certificate_error_reporter.cc', - 'browser/net/certificate_error_reporter.h', 'browser/net/chrome_cookie_notification_details.h', 'browser/net/chrome_extensions_network_delegate.cc', 'browser/net/chrome_extensions_network_delegate.h', @@ -2741,8 +2739,6 @@ 'browser/ssl/bad_clock_blocking_page.h', 'browser/ssl/cert_report_helper.cc', 'browser/ssl/cert_report_helper.h', - 'browser/ssl/certificate_error_report.cc', - 'browser/ssl/certificate_error_report.h', 'browser/ssl/chrome_ssl_host_state_delegate.cc', 'browser/ssl/chrome_ssl_host_state_delegate.h', 'browser/ssl/chrome_ssl_host_state_delegate_factory.cc', @@ -3100,7 +3096,6 @@ # NOTE: New dependencies should generally be added in the OS!="ios" # dependencies block below, rather than here. 'browser_ui', - 'cert_logger_proto', 'chrome_resources.gyp:chrome_extra_resources', 'chrome_resources.gyp:chrome_resources', 'chrome_resources.gyp:chrome_strings', @@ -3108,7 +3103,6 @@ 'chrome_resources.gyp:platform_locale_settings', 'chrome_resources.gyp:theme_resources', 'common', - 'encrypted_cert_logger_proto', 'probe_message_proto', '../components/components.gyp:autofill_core_browser', '../components/components.gyp:bookmarks_browser', @@ -3236,6 +3230,7 @@ '../components/components.gyp:about_handler', '../components/components.gyp:autofill_content_browser', '../components/components.gyp:browsing_data', + '../components/components.gyp:certificate_reporting', '../components/components.gyp:data_reduction_proxy_content_browser', '../components/components.gyp:devtools_discovery', '../components/components.gyp:devtools_http_handler', @@ -3894,32 +3889,6 @@ ], }, { - # Protobuf compiler / generator for the certificate error reporting - # protocol buffer. - # GN version: //chrome/browser/ssl:cert_logger_proto - 'target_name': 'cert_logger_proto', - 'type': 'static_library', - 'sources': [ 'browser/ssl/cert_logger.proto', ], - 'variables': { - 'proto_in_dir': 'browser/ssl', - 'proto_out_dir': 'chrome/browser/ssl', - }, - 'includes': [ '../build/protoc.gypi', ], - }, - { - # Protobuf compiler / generator for the encrypted certificate - # reports protocol buffer. - # GN version: //chrome/browser/net:encrypted_cert_logger_proto - 'target_name': 'encrypted_cert_logger_proto', - 'type': 'static_library', - 'sources': [ 'browser/net/encrypted_cert_logger.proto', ], - 'variables': { - 'proto_in_dir': 'browser/net', - 'proto_out_dir': 'chrome/browser/net', - }, - 'includes': [ '../build/protoc.gypi', ], - }, - { # Protobuf compiler / generator for Probe Message. # GN version: //chrome/browser/net:probe_message_proto 'target_name': 'probe_message_proto', diff --git a/chrome/chrome_browser_chromeos.gypi b/chrome/chrome_browser_chromeos.gypi index e9b7962..1af1359 100644 --- a/chrome/chrome_browser_chromeos.gypi +++ b/chrome/chrome_browser_chromeos.gypi @@ -1079,7 +1079,6 @@ 'attestation_proto', 'browser/extensions/api/api_registration.gyp:chrome_api_registration', 'browser_extensions', - 'cert_logger_proto', 'chrome_resources.gyp:chrome_extra_resources', 'chrome_resources.gyp:chrome_resources', 'chrome_resources.gyp:platform_locale_settings', @@ -1089,7 +1088,6 @@ 'common_net', 'debugger', 'device_policy_proto', - 'encrypted_cert_logger_proto', 'installer_util', 'safe_browsing_chunk_proto', 'safe_browsing_proto', @@ -1103,6 +1101,7 @@ # browser_chromeos #includes power_supply_properties.pb.h directly. '../chromeos/chromeos.gyp:power_manager_proto', '../chromeos/ime/input_method.gyp:gencode', + '../components/components.gyp:certificate_reporting', '../components/components.gyp:cloud_policy_proto', '../components/components.gyp:drive', '../components/components.gyp:login', diff --git a/chrome/chrome_browser_ui.gypi b/chrome/chrome_browser_ui.gypi index f35800a..39dc3ce 100644 --- a/chrome/chrome_browser_ui.gypi +++ b/chrome/chrome_browser_ui.gypi @@ -2720,7 +2720,6 @@ 'dependencies': [ # NOTE: New dependencies should generally be added in the OS!="ios" # dependencies block below, rather than here. - 'cert_logger_proto', 'chrome_browser_ui_views.gyp:browser_ui_views', 'chrome_resources.gyp:chrome_extra_resources', 'chrome_resources.gyp:chrome_resources', @@ -2728,8 +2727,8 @@ 'chrome_resources.gyp:platform_locale_settings', 'chrome_resources.gyp:theme_resources', 'common', - 'encrypted_cert_logger_proto', '../components/components.gyp:auto_login_parser', + '../components/components.gyp:certificate_reporting', '../components/components.gyp:device_event_log_component', '../components/components.gyp:dom_distiller_core', '../components/components.gyp:dom_distiller_webui', diff --git a/chrome/chrome_tests.gypi b/chrome/chrome_tests.gypi index d19e942..a092289 100644 --- a/chrome/chrome_tests.gypi +++ b/chrome/chrome_tests.gypi @@ -2050,6 +2050,7 @@ '../components/components.gyp:autofill_content_risk_proto', '../components/components.gyp:autofill_content_test_support', '../components/components.gyp:captive_portal_test_support', + '../components/components.gyp:certificate_reporting', '../components/components.gyp:dom_distiller_content_browser', '../components/components.gyp:dom_distiller_test_support', '../components/components.gyp:guest_view_test_support', diff --git a/chrome/chrome_tests_unit.gypi b/chrome/chrome_tests_unit.gypi index fc67ef66..5cd931f 100644 --- a/chrome/chrome_tests_unit.gypi +++ b/chrome/chrome_tests_unit.gypi @@ -145,7 +145,6 @@ 'browser/metrics/time_ticks_experiment_unittest.cc', 'browser/metrics/variations/generated_resources_map_lookup_unittest.cc', 'browser/mod_pagespeed/mod_pagespeed_metrics_unittest.cc', - 'browser/net/certificate_error_reporter_unittest.cc', 'browser/net/chrome_network_delegate_unittest.cc', 'browser/net/dns_probe_runner_unittest.cc', 'browser/net/dns_probe_service_unittest.cc', @@ -226,7 +225,6 @@ 'browser/signin/signin_manager_unittest.cc', 'browser/signin/signin_tracker_unittest.cc', 'browser/signin/test_signin_client_builder.cc', - 'browser/ssl/certificate_error_report_unittest.cc', 'browser/ssl/ssl_error_classification_unittest.cc', 'browser/ssl/ssl_error_handler_unittest.cc', 'browser/status_icons/status_icon_menu_model_unittest.cc', diff --git a/components/BUILD.gn b/components/BUILD.gn index 4327c19..4b40165 100644 --- a/components/BUILD.gn +++ b/components/BUILD.gn @@ -28,6 +28,7 @@ group("all_components") { "//components/cdm/browser", "//components/cdm/common", "//components/cdm/renderer", + "//components/certificate_reporting", "//components/cloud_devices/common", "//components/chrome_apps", "//components/component_updater", diff --git a/components/certificate_reporting.gypi b/components/certificate_reporting.gypi new file mode 100644 index 0000000..87f9f50 --- /dev/null +++ b/components/certificate_reporting.gypi @@ -0,0 +1,57 @@ +# Copyright 2015 The Chromium Authors. All rights reserved. +# Use of this source code is governed by a BSD-style license that can be +# found in the LICENSE file. + +{ + 'targets': [ + { + # GN version: //components/certificate_reporting + 'target_name': 'certificate_reporting', + 'type': 'static_library', + 'dependencies': [ + '../base/base.gyp:base', + '../crypto/crypto.gyp:crypto', + '../net/net.gyp:net', + '../url/url.gyp:url_lib', + 'cert_logger_proto', + 'encrypted_cert_logger_proto', + ], + 'include_dirs': [ + '..', + ], + 'sources': [ + # Note: sources list duplicated in GN build. + "certificate_reporting/error_report.cc", + "certificate_reporting/error_report.h", + "certificate_reporting/error_reporter.cc", + "certificate_reporting/error_reporter.h", + ] + }, + { + # Protobuf compiler / generator for the certificate error reporting + # protocol buffer. + # GN version: //components/certificate_reporting:cert_logger_proto + 'target_name': 'cert_logger_proto', + 'type': 'static_library', + 'sources': [ 'certificate_reporting/cert_logger.proto', ], + 'variables': { + 'proto_in_dir': 'certificate_reporting/', + 'proto_out_dir': 'components/certificate_reporting/', + }, + 'includes': [ '../build/protoc.gypi', ], + }, + { + # Protobuf compiler / generator for the encrypted certificate + # reports protocol buffer. + # GN version: //components/certificate_reporting:encrypted_cert_logger_proto + 'target_name': 'encrypted_cert_logger_proto', + 'type': 'static_library', + 'sources': [ 'certificate_reporting/encrypted_cert_logger.proto', ], + 'variables': { + 'proto_in_dir': 'certificate_reporting/', + 'proto_out_dir': 'components/certificate_reporting/', + }, + 'includes': [ '../build/protoc.gypi', ], + }, + ] +} diff --git a/components/certificate_reporting/BUILD.gn b/components/certificate_reporting/BUILD.gn new file mode 100644 index 0000000..c175e6c --- /dev/null +++ b/components/certificate_reporting/BUILD.gn @@ -0,0 +1,55 @@ +# Copyright 2015 The Chromium Authors. All rights reserved. +# Use of this source code is governed by a BSD-style license that can be +# found in the LICENSE file. + +import("//third_party/protobuf/proto_library.gni") + +# GYP version: components/certificate_reporting.gyp:certificate_reporting +static_library("certificate_reporting") { + sources = [ + "cert_logger.proto", + "encrypted_cert_logger.proto", + "error_report.cc", + "error_report.h", + "error_reporter.cc", + "error_reporter.h", + ] + + deps = [ + ":cert_logger_proto", + ":encrypted_cert_logger_proto", + "//base", + "//crypto", + "//net", + "//url", + ] +} + +# GYP version: components/certificate_reporting.gypi:cert_logger_proto +proto_library("cert_logger_proto") { + sources = [ + "cert_logger.proto", + ] +} + +# GYP version: components/certificate_reporting.gypi:encrypted_cert_logger_proto +proto_library("encrypted_cert_logger_proto") { + sources = [ + "encrypted_cert_logger.proto", + ] +} + +source_set("unit_tests") { + testonly = true + sources = [ + "error_report_unittest.cc", + "error_reporter_unittest.cc", + ] + + deps = [ + ":certificate_reporting", + "//base", + "//net:test_support", + "//testing/gtest", + ] +} diff --git a/components/certificate_reporting/DEPS b/components/certificate_reporting/DEPS new file mode 100644 index 0000000..8078553 --- /dev/null +++ b/components/certificate_reporting/DEPS @@ -0,0 +1,4 @@ +include_rules = [ + "+crypto", + "+net" +]
\ No newline at end of file diff --git a/components/certificate_reporting/OWNERS b/components/certificate_reporting/OWNERS new file mode 100644 index 0000000..e99de876 --- /dev/null +++ b/components/certificate_reporting/OWNERS @@ -0,0 +1,4 @@ +estark@chromium.org +felt@chromium.org +palmer@chromium.org +rsleevi@chromium.org
\ No newline at end of file diff --git a/chrome/browser/ssl/cert_logger.proto b/components/certificate_reporting/cert_logger.proto index bb11bf2..846c7f9 100644 --- a/chrome/browser/ssl/cert_logger.proto +++ b/components/certificate_reporting/cert_logger.proto @@ -19,6 +19,8 @@ syntax = "proto2"; // Chrome requires this. option optimize_for = LITE_RUNTIME; +package certificate_reporting; + // Protocol types message CertLoggerInterstitialInfo { diff --git a/chrome/browser/net/encrypted_cert_logger.proto b/components/certificate_reporting/encrypted_cert_logger.proto index 6c6274e..dc1ab38 100644 --- a/chrome/browser/net/encrypted_cert_logger.proto +++ b/components/certificate_reporting/encrypted_cert_logger.proto @@ -5,7 +5,7 @@ syntax = "proto2"; -package chrome_browser_net; +package certificate_reporting; // Chrome requires this. option optimize_for = LITE_RUNTIME; diff --git a/chrome/browser/ssl/certificate_error_report.cc b/components/certificate_reporting/error_report.cc index 49ca918..c5233ee 100644 --- a/chrome/browser/ssl/certificate_error_report.cc +++ b/components/certificate_reporting/error_report.cc @@ -2,18 +2,20 @@ // Use of this source code is governed by a BSD-style license that can be // found in the LICENSE file. -#include "chrome/browser/ssl/certificate_error_report.h" +#include "components/certificate_reporting/error_report.h" #include <vector> #include "base/stl_util.h" #include "base/strings/string_util.h" #include "base/time/time.h" -#include "chrome/browser/ssl/cert_logger.pb.h" +#include "components/certificate_reporting/cert_logger.pb.h" #include "net/cert/cert_status_flags.h" #include "net/cert/x509_certificate.h" #include "net/ssl/ssl_info.h" +namespace certificate_reporting { + namespace { void AddCertStatusToReportErrors(net::CertStatus cert_status, @@ -53,12 +55,10 @@ bool CertificateChainToString(scoped_refptr<net::X509Certificate> cert, } // namespace -CertificateErrorReport::CertificateErrorReport() - : cert_report_(new CertLoggerRequest()) { -} +ErrorReport::ErrorReport() : cert_report_(new CertLoggerRequest()) {} -CertificateErrorReport::CertificateErrorReport(const std::string& hostname, - const net::SSLInfo& ssl_info) +ErrorReport::ErrorReport(const std::string& hostname, + const net::SSLInfo& ssl_info) : cert_report_(new CertLoggerRequest()) { base::Time now = base::Time::Now(); cert_report_->set_time_usec(now.ToInternalValue()); @@ -81,19 +81,17 @@ CertificateErrorReport::CertificateErrorReport(const std::string& hostname, AddCertStatusToReportErrors(ssl_info.cert_status, cert_report_.get()); } -CertificateErrorReport::~CertificateErrorReport() { -} +ErrorReport::~ErrorReport() {} -bool CertificateErrorReport::InitializeFromString( - const std::string& serialized_report) { +bool ErrorReport::InitializeFromString(const std::string& serialized_report) { return cert_report_->ParseFromString(serialized_report); } -bool CertificateErrorReport::Serialize(std::string* output) const { +bool ErrorReport::Serialize(std::string* output) const { return cert_report_->SerializeToString(output); } -void CertificateErrorReport::SetInterstitialInfo( +void ErrorReport::SetInterstitialInfo( const InterstitialReason& interstitial_reason, const ProceedDecision& proceed_decision, const Overridable& overridable) { @@ -119,6 +117,8 @@ void CertificateErrorReport::SetInterstitialInfo( interstitial_info->set_overridable(overridable == INTERSTITIAL_OVERRIDABLE); } -const std::string& CertificateErrorReport::hostname() const { +const std::string& ErrorReport::hostname() const { return cert_report_->hostname(); } + +} // namespace certificate_reporting diff --git a/chrome/browser/ssl/certificate_error_report.h b/components/certificate_reporting/error_report.h index 61830dc..8600cec 100644 --- a/chrome/browser/ssl/certificate_error_report.h +++ b/components/certificate_reporting/error_report.h @@ -2,8 +2,8 @@ // Use of this source code is governed by a BSD-style license that can be // found in the LICENSE file. -#ifndef CHROME_BROWSER_SSL_CERTIFICATE_ERROR_REPORT_H_ -#define CHROME_BROWSER_SSL_CERTIFICATE_ERROR_REPORT_H_ +#ifndef COMPONENTS_CERTIFICATE_REPORTING_CERTIFICATE_ERROR_REPORT_H_ +#define COMPONENTS_CERTIFICATE_REPORTING_CERTIFICATE_ERROR_REPORT_H_ #include <string> @@ -13,12 +13,13 @@ namespace net { class SSLInfo; } // namespace net +namespace certificate_reporting { + class CertLoggerRequest; // This class builds and serializes reports for invalid SSL certificate -// chains, intended to be sent with -// chrome_browser_net::CertificateErrorReporter. -class CertificateErrorReport { +// chains, intended to be sent with ErrorReporter. +class ErrorReport { public: // Describes the type of interstitial that the user was shown for the // error that this report represents. Gets mapped to @@ -37,14 +38,13 @@ class CertificateErrorReport { enum Overridable { INTERSTITIAL_OVERRIDABLE, INTERSTITIAL_NOT_OVERRIDABLE }; // Constructs an empty report. - CertificateErrorReport(); + ErrorReport(); // Constructs a report for the given |hostname| using the SSL // properties in |ssl_info|. - CertificateErrorReport(const std::string& hostname, - const net::SSLInfo& ssl_info); + ErrorReport(const std::string& hostname, const net::SSLInfo& ssl_info); - ~CertificateErrorReport(); + ~ErrorReport(); // Initializes an empty report by parsing the given serialized // report. |serialized_report| should be a serialized @@ -68,4 +68,6 @@ class CertificateErrorReport { scoped_ptr<CertLoggerRequest> cert_report_; }; -#endif // CHROME_BROWSER_SSL_CERTIFICATE_ERROR_REPORT_H_ +} // namespace certificate_reporting + +#endif // COMPONENTS_CERTIFICATE_REPORTING_CERTIFICATE_ERROR_REPORT_H_ diff --git a/chrome/browser/ssl/certificate_error_report_unittest.cc b/components/certificate_reporting/error_report_unittest.cc index 5c712ee..b1345b7 100644 --- a/chrome/browser/ssl/certificate_error_report_unittest.cc +++ b/components/certificate_reporting/error_report_unittest.cc @@ -2,7 +2,7 @@ // Use of this source code is governed by a BSD-style license that can be // found in the LICENSE file. -#include "chrome/browser/ssl/certificate_error_report.h" +#include "components/certificate_reporting/error_report.h" #include <set> #include <string> @@ -10,8 +10,7 @@ #include "base/files/file_path.h" #include "base/files/file_util.h" #include "base/path_service.h" -#include "chrome/browser/ssl/cert_logger.pb.h" -#include "chrome/common/chrome_paths.h" +#include "components/certificate_reporting/cert_logger.pb.h" #include "net/base/test_data_directory.h" #include "net/cert/cert_status_flags.h" #include "net/ssl/ssl_info.h" @@ -22,6 +21,8 @@ using net::SSLInfo; using testing::UnorderedElementsAre; +namespace certificate_reporting { + namespace { const char kDummyHostname[] = "dummy.hostname.com"; @@ -44,18 +45,19 @@ enum UnverifiedCertChainStatus { EXCLUDE_UNVERIFIED_CERT_CHAIN }; -SSLInfo GetTestSSLInfo(UnverifiedCertChainStatus unverified_cert_chain_status) { - SSLInfo info; - info.cert = +void GetTestSSLInfo(UnverifiedCertChainStatus unverified_cert_chain_status, + SSLInfo* info) { + info->cert = net::ImportCertFromFile(net::GetTestCertsDirectory(), kTestCertFilename); + ASSERT_TRUE(info->cert); if (unverified_cert_chain_status == INCLUDE_UNVERIFIED_CERT_CHAIN) { - info.unverified_cert = net::ImportCertFromFile(net::GetTestCertsDirectory(), - kTestCertFilename); + info->unverified_cert = net::ImportCertFromFile( + net::GetTestCertsDirectory(), kTestCertFilename); + ASSERT_TRUE(info->unverified_cert); } - info.is_issued_by_known_root = true; - info.cert_status = kCertStatus; - info.pinning_failure_log = kDummyFailureLog; - return info; + info->is_issued_by_known_root = true; + info->cert_status = kCertStatus; + info->pinning_failure_log = kDummyFailureLog; } std::string GetPEMEncodedChain() { @@ -66,13 +68,15 @@ std::string GetPEMEncodedChain() { return cert_data; } -// Test that a serialized CertificateErrorReport can be deserialized as +// Test that a serialized ErrorReport can be deserialized as // a CertLoggerRequest protobuf (which is the format that the receiving // server expects it in) with the right data in it. -TEST(CertificateErrorReportTest, SerializedReportAsProtobuf) { +TEST(ErrorReportTest, SerializedReportAsProtobuf) { std::string serialized_report; - CertificateErrorReport report(kDummyHostname, - GetTestSSLInfo(INCLUDE_UNVERIFIED_CERT_CHAIN)); + SSLInfo ssl_info; + ASSERT_NO_FATAL_FAILURE( + GetTestSSLInfo(INCLUDE_UNVERIFIED_CERT_CHAIN, &ssl_info)); + ErrorReport report(kDummyHostname, ssl_info); ASSERT_TRUE(report.Serialize(&serialized_report)); CertLoggerRequest deserialized_report; @@ -88,18 +92,19 @@ TEST(CertificateErrorReportTest, SerializedReportAsProtobuf) { UnorderedElementsAre(kFirstReportedCertError, kSecondReportedCertError)); } -TEST(CertificateErrorReportTest, - SerializedReportAsProtobufWithInterstitialInfo) { +TEST(ErrorReportTest, SerializedReportAsProtobufWithInterstitialInfo) { std::string serialized_report; + SSLInfo ssl_info; // Use EXCLUDE_UNVERIFIED_CERT_CHAIN here to exercise the code path // where SSLInfo does not contain the unverified cert chain. (The test // above exercises the path where it does.) - CertificateErrorReport report(kDummyHostname, - GetTestSSLInfo(EXCLUDE_UNVERIFIED_CERT_CHAIN)); + ASSERT_NO_FATAL_FAILURE( + GetTestSSLInfo(EXCLUDE_UNVERIFIED_CERT_CHAIN, &ssl_info)); + ErrorReport report(kDummyHostname, ssl_info); - report.SetInterstitialInfo(CertificateErrorReport::INTERSTITIAL_CLOCK, - CertificateErrorReport::USER_PROCEEDED, - CertificateErrorReport::INTERSTITIAL_OVERRIDABLE); + report.SetInterstitialInfo(ErrorReport::INTERSTITIAL_CLOCK, + ErrorReport::USER_PROCEEDED, + ErrorReport::INTERSTITIAL_OVERRIDABLE); ASSERT_TRUE(report.Serialize(&serialized_report)); @@ -122,16 +127,20 @@ TEST(CertificateErrorReportTest, } // Test that a serialized report can be parsed. -TEST(CertificateErrorReportTest, ParseSerializedReport) { +TEST(ErrorReportTest, ParseSerializedReport) { std::string serialized_report; - CertificateErrorReport report(kDummyHostname, - GetTestSSLInfo(EXCLUDE_UNVERIFIED_CERT_CHAIN)); + SSLInfo ssl_info; + ASSERT_NO_FATAL_FAILURE( + GetTestSSLInfo(INCLUDE_UNVERIFIED_CERT_CHAIN, &ssl_info)); + ErrorReport report(kDummyHostname, ssl_info); EXPECT_EQ(kDummyHostname, report.hostname()); ASSERT_TRUE(report.Serialize(&serialized_report)); - CertificateErrorReport parsed; + ErrorReport parsed; ASSERT_TRUE(parsed.InitializeFromString(serialized_report)); EXPECT_EQ(report.hostname(), parsed.hostname()); } } // namespace + +} // namespace certificate_reporting diff --git a/chrome/browser/net/certificate_error_reporter.cc b/components/certificate_reporting/error_reporter.cc index 19f9f4a..d811112 100644 --- a/chrome/browser/net/certificate_error_reporter.cc +++ b/components/certificate_reporting/error_reporter.cc @@ -2,12 +2,12 @@ // Use of this source code is governed by a BSD-style license that can be // found in the LICENSE file. -#include "chrome/browser/net/certificate_error_reporter.h" +#include "components/certificate_reporting/error_reporter.h" #include <set> #include "base/logging.h" -#include "chrome/browser/net/encrypted_cert_logger.pb.h" +#include "components/certificate_reporting/encrypted_cert_logger.pb.h" #if defined(USE_OPENSSL) #include "crypto/aead_openssl.h" @@ -18,6 +18,8 @@ #include "crypto/random.h" #include "net/url_request/certificate_report_sender.h" +namespace certificate_reporting { + namespace { // Constants used for crypto. The corresponding private key is used by @@ -56,11 +58,10 @@ std::string GetHkdfSubkeySecret(size_t subkey_length, return hkdf.subkey_secret().as_string(); } -bool EncryptSerializedReport( - const uint8* server_public_key, - uint32 server_public_key_version, - const std::string& report, - chrome_browser_net::EncryptedCertLoggerRequest* encrypted_report) { +bool EncryptSerializedReport(const uint8* server_public_key, + uint32 server_public_key_version, + const std::string& report, + EncryptedCertLoggerRequest* encrypted_report) { // Generate an ephemeral key pair to generate a shared secret. uint8 public_key[crypto::curve25519::kBytes]; uint8 private_key[crypto::curve25519::kScalarBytes]; @@ -88,28 +89,25 @@ bool EncryptSerializedReport( encrypted_report->set_client_public_key(reinterpret_cast<char*>(public_key), sizeof(public_key)); encrypted_report->set_algorithm( - chrome_browser_net::EncryptedCertLoggerRequest:: - AEAD_ECDH_AES_128_CTR_HMAC_SHA256); + EncryptedCertLoggerRequest::AEAD_ECDH_AES_128_CTR_HMAC_SHA256); return true; } #endif } // namespace -namespace chrome_browser_net { - -CertificateErrorReporter::CertificateErrorReporter( +ErrorReporter::ErrorReporter( net::URLRequestContext* request_context, const GURL& upload_url, net::CertificateReportSender::CookiesPreference cookies_preference) - : CertificateErrorReporter(upload_url, - kServerPublicKey, - kServerPublicKeyVersion, - make_scoped_ptr(new net::CertificateReportSender( - request_context, - cookies_preference))) {} - -CertificateErrorReporter::CertificateErrorReporter( + : ErrorReporter(upload_url, + kServerPublicKey, + kServerPublicKeyVersion, + make_scoped_ptr(new net::CertificateReportSender( + request_context, + cookies_preference))) {} + +ErrorReporter::ErrorReporter( const GURL& upload_url, const uint8 server_public_key[/* 32 */], const uint32 server_public_key_version, @@ -122,10 +120,9 @@ CertificateErrorReporter::CertificateErrorReporter( DCHECK(!upload_url.is_empty()); } -CertificateErrorReporter::~CertificateErrorReporter() { -} +ErrorReporter::~ErrorReporter() {} -void CertificateErrorReporter::SendExtendedReportingReport( +void ErrorReporter::SendExtendedReportingReport( const std::string& serialized_report) { if (upload_url_.SchemeIsCryptographic()) { certificate_report_sender_->Send(upload_url_, serialized_report); @@ -145,7 +142,7 @@ void CertificateErrorReporter::SendExtendedReportingReport( } } -bool CertificateErrorReporter::IsHttpUploadUrlSupported() { +bool ErrorReporter::IsHttpUploadUrlSupported() { #if defined(USE_OPENSSL) return true; #else @@ -155,7 +152,7 @@ bool CertificateErrorReporter::IsHttpUploadUrlSupported() { // Used only by tests. #if defined(USE_OPENSSL) -bool CertificateErrorReporter::DecryptCertificateErrorReport( +bool ErrorReporter::DecryptErrorReport( const uint8 server_private_key[32], const EncryptedCertLoggerRequest& encrypted_report, std::string* decrypted_serialized_report) { @@ -174,4 +171,4 @@ bool CertificateErrorReporter::DecryptCertificateErrorReport( } #endif -} // namespace chrome_browser_net +} // namespace certificate_reporting diff --git a/chrome/browser/net/certificate_error_reporter.h b/components/certificate_reporting/error_reporter.h index dbfbb5b..3bfc1d4 100644 --- a/chrome/browser/net/certificate_error_reporter.h +++ b/components/certificate_reporting/error_reporter.h @@ -2,8 +2,8 @@ // Use of this source code is governed by a BSD-style license that can be // found in the LICENSE file. -#ifndef CHROME_BROWSER_NET_CERTIFICATE_ERROR_REPORTER_H_ -#define CHROME_BROWSER_NET_CERTIFICATE_ERROR_REPORTER_H_ +#ifndef COMPONENTS_CERTIFICATE_REPORTING_CERTIFICATE_ERROR_REPORTER_H_ +#define COMPONENTS_CERTIFICATE_REPORTING_CERTIFICATE_ERROR_REPORTER_H_ #include <set> #include <string> @@ -18,33 +18,33 @@ class URLRequestContext; class SSLInfo; } -namespace chrome_browser_net { +namespace certificate_reporting { class EncryptedCertLoggerRequest; // Provides functionality for sending reports about invalid SSL // certificate chains to a report collection server. -class CertificateErrorReporter { +class ErrorReporter { public: // Creates a certificate error reporter that will send certificate // error reports to |upload_url|, using |request_context| as the // context for the reports. |cookies_preference| controls whether // cookies will be sent along with the reports. - CertificateErrorReporter( + ErrorReporter( net::URLRequestContext* request_context, const GURL& upload_url, net::CertificateReportSender::CookiesPreference cookies_preference); // Allows tests to use a server public key with known private key and // a mock CertificateReportSender. |server_public_key| must outlive - // the CertificateErrorReporter. - CertificateErrorReporter( + // the ErrorReporter. + ErrorReporter( const GURL& upload_url, const uint8 server_public_key[/* 32 */], const uint32 server_public_key_version, scoped_ptr<net::CertificateReportSender> certificate_report_sender); - virtual ~CertificateErrorReporter(); + virtual ~ErrorReporter(); // Sends a certificate report to the report collection server. The // |serialized_report| is expected to be a serialized protobuf @@ -56,7 +56,7 @@ class CertificateErrorReporter { // opt-in, only sending reports for certain hostnames, checking for // incognito mode, etc.). // - // On some platforms (but not all), CertificateErrorReporter can use + // On some platforms (but not all), ErrorReporter can use // an HTTP endpoint to send encrypted extended reporting reports. On // unsupported platforms, callers must send extended reporting reports // over SSL. @@ -68,7 +68,7 @@ class CertificateErrorReporter { #if defined(USE_OPENSSL) // Used by tests. - static bool DecryptCertificateErrorReport( + static bool DecryptErrorReport( const uint8 server_private_key[32], const EncryptedCertLoggerRequest& encrypted_report, std::string* decrypted_serialized_report); @@ -82,9 +82,9 @@ class CertificateErrorReporter { const uint8* server_public_key_; const uint32 server_public_key_version_; - DISALLOW_COPY_AND_ASSIGN(CertificateErrorReporter); + DISALLOW_COPY_AND_ASSIGN(ErrorReporter); }; -} // namespace chrome_browser_net +} // namespace certificate_reporting -#endif // CHROME_BROWSER_NET_CERTIFICATE_ERROR_REPORTER_H_ +#endif // COMPONENTS_CERTIFICATE_REPORTING_CERTIFICATE_ERROR_REPORTER_H_ diff --git a/chrome/browser/net/certificate_error_reporter_unittest.cc b/components/certificate_reporting/error_reporter_unittest.cc index 194d569..4d5b623 100644 --- a/chrome/browser/net/certificate_error_reporter_unittest.cc +++ b/components/certificate_reporting/error_reporter_unittest.cc @@ -2,7 +2,7 @@ // Use of this source code is governed by a BSD-style license that can be // found in the LICENSE file. -#include "chrome/browser/net/certificate_error_reporter.h" +#include "components/certificate_reporting/error_reporter.h" #include <set> #include <string> @@ -10,13 +10,12 @@ #include "base/bind.h" #include "base/bind_helpers.h" #include "base/macros.h" -#include "chrome/browser/net/encrypted_cert_logger.pb.h" -#include "chrome/common/chrome_paths.h" +#include "components/certificate_reporting/encrypted_cert_logger.pb.h" #include "crypto/curve25519.h" #include "net/url_request/certificate_report_sender.h" #include "testing/gtest/include/gtest/gtest.h" -using chrome_browser_net::CertificateErrorReporter; +namespace certificate_reporting { namespace { @@ -49,57 +48,56 @@ class MockCertificateReportSender : public net::CertificateReportSender { DISALLOW_COPY_AND_ASSIGN(MockCertificateReportSender); }; -class CertificateErrorReporterTest : public ::testing::Test { +class ErrorReporterTest : public ::testing::Test { public: - CertificateErrorReporterTest() { + ErrorReporterTest() { memset(server_private_key_, 1, sizeof(server_private_key_)); crypto::curve25519::ScalarBaseMult(server_private_key_, server_public_key_); } - ~CertificateErrorReporterTest() override {} + ~ErrorReporterTest() override {} protected: uint8_t server_public_key_[32]; uint8_t server_private_key_[32]; }; -// Test that CertificateErrorReporter::SendExtendedReportingReport sends +// Test that ErrorReporter::SendExtendedReportingReport sends // an encrypted or plaintext extended reporting report as appropriate. -TEST_F(CertificateErrorReporterTest, ExtendedReportingSendReport) { +TEST_F(ErrorReporterTest, ExtendedReportingSendReport) { // Data should not be encrypted when sent to an HTTPS URL. MockCertificateReportSender* mock_report_sender = new MockCertificateReportSender(); GURL https_url(kDummyHttpsReportUri); - CertificateErrorReporter https_reporter(https_url, server_public_key_, - kServerPublicKeyTestVersion, - make_scoped_ptr(mock_report_sender)); + ErrorReporter https_reporter(https_url, server_public_key_, + kServerPublicKeyTestVersion, + make_scoped_ptr(mock_report_sender)); https_reporter.SendExtendedReportingReport(kDummyReport); EXPECT_EQ(mock_report_sender->latest_report_uri(), https_url); EXPECT_EQ(mock_report_sender->latest_report(), kDummyReport); // Data should be encrypted when sent to an HTTP URL. - if (CertificateErrorReporter::IsHttpUploadUrlSupported()) { + if (ErrorReporter::IsHttpUploadUrlSupported()) { MockCertificateReportSender* http_mock_report_sender = new MockCertificateReportSender(); GURL http_url(kDummyHttpReportUri); - CertificateErrorReporter http_reporter( - http_url, server_public_key_, kServerPublicKeyTestVersion, - make_scoped_ptr(http_mock_report_sender)); + ErrorReporter http_reporter(http_url, server_public_key_, + kServerPublicKeyTestVersion, + make_scoped_ptr(http_mock_report_sender)); http_reporter.SendExtendedReportingReport(kDummyReport); EXPECT_EQ(http_mock_report_sender->latest_report_uri(), http_url); std::string uploaded_report; #if defined(USE_OPENSSL) - chrome_browser_net::EncryptedCertLoggerRequest encrypted_request; + EncryptedCertLoggerRequest encrypted_request; ASSERT_TRUE(encrypted_request.ParseFromString( http_mock_report_sender->latest_report())); EXPECT_EQ(kServerPublicKeyTestVersion, encrypted_request.server_public_key_version()); - EXPECT_EQ(chrome_browser_net::EncryptedCertLoggerRequest:: - AEAD_ECDH_AES_128_CTR_HMAC_SHA256, + EXPECT_EQ(EncryptedCertLoggerRequest::AEAD_ECDH_AES_128_CTR_HMAC_SHA256, encrypted_request.algorithm()); - ASSERT_TRUE(CertificateErrorReporter::DecryptCertificateErrorReport( + ASSERT_TRUE(ErrorReporter::DecryptErrorReport( server_private_key_, encrypted_request, &uploaded_report)); #else ADD_FAILURE() << "Only supported in OpenSSL ports"; @@ -114,7 +112,7 @@ TEST_F(CertificateErrorReporterTest, ExtendedReportingSendReport) { // in order to catch changes in report encryption that could cause the // server to no longer be able to decrypt reports that it receives from // Chrome. -TEST_F(CertificateErrorReporterTest, DecryptExampleReport) { +TEST_F(ErrorReporterTest, DecryptExampleReport) { // This data should not be changed without also changing the // corresponding server-side test. const unsigned char kSerializedEncryptedReport[] = { @@ -261,16 +259,16 @@ TEST_F(CertificateErrorReporterTest, DecryptExampleReport) { 0xA6, 0x2D, 0x00, 0xCC, 0xB5, 0x3B, 0x31, 0x2E, 0xB4, 0x30, 0xA5, 0x08, 0x1A, 0x7D, 0x19, 0x81, 0xF0, 0x4D, 0x20, 0x01}; - chrome_browser_net::EncryptedCertLoggerRequest encrypted_request; + EncryptedCertLoggerRequest encrypted_request; std::string decrypted_serialized_report; ASSERT_TRUE(encrypted_request.ParseFromString( std::string(reinterpret_cast<const char*>(kSerializedEncryptedReport), sizeof(kSerializedEncryptedReport)))); - ASSERT_TRUE( - chrome_browser_net::CertificateErrorReporter:: - DecryptCertificateErrorReport(server_private_key_, encrypted_request, - &decrypted_serialized_report)); + ASSERT_TRUE(ErrorReporter::DecryptErrorReport( + server_private_key_, encrypted_request, &decrypted_serialized_report)); } #endif } // namespace + +} // namespace certificate_reporting diff --git a/components/components.gyp b/components/components.gyp index 1d10c7e..abd3e5e 100644 --- a/components/components.gyp +++ b/components/components.gyp @@ -16,6 +16,7 @@ 'bookmarks.gypi', 'bubble.gypi', 'captive_portal.gypi', + 'certificate_reporting.gypi', 'cloud_devices.gypi', 'component_updater.gypi', 'compression.gypi', diff --git a/components/components_tests.gyp b/components/components_tests.gyp index c217a59..3ed7d52 100644 --- a/components/components_tests.gyp +++ b/components/components_tests.gyp @@ -87,6 +87,10 @@ 'captive_portal_unittest_sources': [ 'captive_portal/captive_portal_detector_unittest.cc', ], + 'certificate_reporting_unittest_sources': [ + 'certificate_reporting/error_report_unittest.cc', + 'certificate_reporting/error_reporter_unittest.cc', + ], 'certificate_transparency_unittest_sources': [ 'certificate_transparency/log_proof_fetcher_unittest.cc', ], @@ -777,6 +781,7 @@ '<@(browser_watcher_unittest_sources)', '<@(bubble_unittest_sources)', '<@(captive_portal_unittest_sources)', + '<@(certificate_reporting_unittest_sources)', '<@(cloud_devices_unittest_sources)', '<@(component_updater_unittest_sources)', '<@(compression_unittest_sources)', @@ -871,6 +876,7 @@ 'components.gyp:bookmarks_test_support', 'components.gyp:bubble', 'components.gyp:captive_portal_test_support', + 'components.gyp:certificate_reporting', 'components.gyp:cloud_devices_common', 'components.gyp:component_updater', 'components.gyp:compression', @@ -1123,6 +1129,7 @@ 'action_name': 'copy_test_data', 'variables': { 'test_data_files': [ + '../net/data/ssl/certificates', 'test/data', ], 'test_data_prefix': 'components', diff --git a/components/components_unittests.isolate b/components/components_unittests.isolate index dda3761..6682b8c 100644 --- a/components/components_unittests.isolate +++ b/components/components_unittests.isolate @@ -37,6 +37,7 @@ ['OS=="android" or OS=="linux" or OS=="mac" or OS=="win"', { 'variables': { 'files': [ + '../net/data/', 'test/data/', '<(PRODUCT_DIR)/components_tests_resources.pak', '<(PRODUCT_DIR)/ui_test.pak', |