diff options
author | estark <estark@chromium.org> | 2015-04-24 21:52:25 -0700 |
---|---|---|
committer | Commit bot <commit-bot@chromium.org> | 2015-04-25 04:53:31 +0000 |
commit | 03206a1fcfe475604570d49dca0a885591e45ad7 (patch) | |
tree | 9db0b365d0feffcd71793a677d7c377f1c875d96 /chrome/browser/safe_browsing/ping_manager.cc | |
parent | 5d190be1a5da69d013592f5590a9f825a48c1200 (diff) | |
download | chromium_src-03206a1fcfe475604570d49dca0a885591e45ad7.zip chromium_src-03206a1fcfe475604570d49dca0a885591e45ad7.tar.gz chromium_src-03206a1fcfe475604570d49dca0a885591e45ad7.tar.bz2 |
Encrypt certificate reports before uploading to HTTP URLs
This CL introduces a new protobuf to store encrypted
CertLoggerRequests. Serialized certificate reports are encrypted with an
AES-CTR-128-HMAC-SHA256 AEAD (from BoringSSL, thus encrypted reports are
only supported on BoringSSL platforms) before being uploaded to HTTP
endpoints. |CertificateErrorReporter::IsHttpUploadUrlSupported| allows
users of the class to set an HTTP URL if supported.
BUG=461590
Committed: https://crrev.com/0a3351c2a7c81284f82e6531380a21d079f55056
Cr-Commit-Position: refs/heads/master@{#326876}
Review URL: https://codereview.chromium.org/1083493003
Cr-Commit-Position: refs/heads/master@{#326957}
Diffstat (limited to 'chrome/browser/safe_browsing/ping_manager.cc')
-rw-r--r-- | chrome/browser/safe_browsing/ping_manager.cc | 30 |
1 files changed, 20 insertions, 10 deletions
diff --git a/chrome/browser/safe_browsing/ping_manager.cc b/chrome/browser/safe_browsing/ping_manager.cc index d23c67a..86b29d3 100644 --- a/chrome/browser/safe_browsing/ping_manager.cc +++ b/chrome/browser/safe_browsing/ping_manager.cc @@ -24,8 +24,12 @@ using chrome_browser_net::CertificateErrorReporter; using content::BrowserThread; namespace { -// URL to upload invalid certificate chain reports -const char kExtendedReportingUploadUrl[] = +// URLs to upload invalid certificate chain reports. The HTTP URL is +// preferred since a client seeing an invalid cert might not be able to +// make an HTTPS connection to report it. +// TODO(estark): insert the production HTTP URL when it's ready +const char kExtendedReportingUploadUrlInsecure[] = ""; +const char kExtendedReportingUploadUrlSecure[] = "https://sb-ssl.google.com/safebrowsing/clientreport/chrome-certs"; } // namespace @@ -44,16 +48,22 @@ SafeBrowsingPingManager::SafeBrowsingPingManager( const SafeBrowsingProtocolConfig& config) : client_name_(config.client_name), request_context_getter_(request_context_getter), - url_prefix_(config.url_prefix), - certificate_error_reporter_( - request_context_getter - ? new CertificateErrorReporter( - request_context_getter->GetURLRequestContext(), - GURL(kExtendedReportingUploadUrl), - CertificateErrorReporter::SEND_COOKIES) - : nullptr) { + url_prefix_(config.url_prefix) { DCHECK(!url_prefix_.empty()); + if (request_context_getter) { + bool use_insecure_certificate_upload_url = + CertificateErrorReporter::IsHttpUploadUrlSupported() && + strlen(kExtendedReportingUploadUrlInsecure) > 0; + GURL certificate_upload_url(use_insecure_certificate_upload_url + ? kExtendedReportingUploadUrlInsecure + : kExtendedReportingUploadUrlSecure); + + certificate_error_reporter_.reset(new CertificateErrorReporter( + request_context_getter->GetURLRequestContext(), certificate_upload_url, + CertificateErrorReporter::SEND_COOKIES)); + } + version_ = SafeBrowsingProtocolManagerHelper::Version(); } |