Allow preloaded pins to contain report URIs; remove special-case reporting

This CL processes report URIs in preloaded pins and removes special-case code for reporting pin violations on Google properties (FraudulentCertificateReporter and its implementation ChromeFraudulentCertificateReporter), in favor of a preloaded report URI. BUG=445793 Review URL: https://codereview.chromium.org/1267383002 Cr-Commit-Position: refs/heads/master@{#342967}
author: estark <estark@chromium.org> 2015-08-11 19:35:50 -0700
committer: Commit bot <commit-bot@chromium.org> 2015-08-12 02:36:28 +0000
commit: db949c345a8c561f45a2351daa06dc9c85671e88 (patch)
tree: 72d86093c9e62bf5abf3eda26a0d3df5843bb369 /net/url_request
parent: 20162d198ff2e82c959c133801a5ae47c4470c6e (diff)
download: chromium_src-db949c345a8c561f45a2351daa06dc9c85671e88.zip
chromium_src-db949c345a8c561f45a2351daa06dc9c85671e88.tar.gz
chromium_src-db949c345a8c561f45a2351daa06dc9c85671e88.tar.bz2
8 files changed, 9 insertions, 92 deletions
diff --git a/net/url_request/certificate_report_sender.cc b/net/url_request/certificate_report_sender.cc
index fd5d11c..0ff637b 100644
--- a/net/url_request/certificate_report_sender.cc
+++ b/net/url_request/certificate_report_sender.cc
@@ -28,7 +28,15 @@ CertificateReportSender::~CertificateReportSender() {
 void CertificateReportSender::Send(const GURL& report_uri,
                                    const std::string& report) {
   scoped_ptr<URLRequest> url_request =
-      CreateURLRequest(request_context_, report_uri);
+      request_context_->CreateRequest(report_uri, DEFAULT_PRIORITY, this);
+
+  int load_flags =
+      LOAD_BYPASS_CACHE | LOAD_DISABLE_CACHE | LOAD_DO_NOT_SEND_AUTH_DATA;
+  if (cookies_preference_ != SEND_COOKIES) {
+    load_flags |= LOAD_DO_NOT_SEND_COOKIES | LOAD_DO_NOT_SAVE_COOKIES;
+  }
+  url_request->SetLoadFlags(load_flags);
+
   url_request->set_method("POST");
 
   scoped_ptr<UploadElementReader> reader(
@@ -56,19 +64,4 @@ void CertificateReportSender::OnReadCompleted(URLRequest* request,
   NOTREACHED();
 }
 
-scoped_ptr<URLRequest> CertificateReportSender::CreateURLRequest(
-    URLRequestContext* context,
-    const GURL& report_uri) {
-  scoped_ptr<URLRequest> request =
-      context->CreateRequest(report_uri, DEFAULT_PRIORITY, this);
-  int load_flags =
-      LOAD_BYPASS_CACHE | LOAD_DISABLE_CACHE | LOAD_DO_NOT_SEND_AUTH_DATA;
-  if (cookies_preference_ != SEND_COOKIES) {
-    load_flags =
-        load_flags | LOAD_DO_NOT_SEND_COOKIES | LOAD_DO_NOT_SAVE_COOKIES;
-  }
-  request->SetLoadFlags(load_flags);
-  return request.Pass();
-}
-
 }  // namespace net
diff --git a/net/url_request/certificate_report_sender.h b/net/url_request/certificate_report_sender.h
index dac8a57..0f247c3 100644
--- a/net/url_request/certificate_report_sender.h
+++ b/net/url_request/certificate_report_sender.h
@@ -49,15 +49,6 @@ class NET_EXPORT CertificateReportSender
   void OnReadCompleted(URLRequest* request, int bytes_read) override;
 
  private:
-  // Creates a URLRequest with which to send a certificate report to the
-  // server.
-  //
-  // TODO(estark): inline this into Send() once
-  // ChromeFraudulentCertificateReporter goes away.
-  virtual scoped_ptr<URLRequest> CreateURLRequest(
-      net::URLRequestContext* context,
-      const GURL& report_uri);
-
   net::URLRequestContext* const request_context_;
 
   CookiesPreference cookies_preference_;
diff --git a/net/url_request/fraudulent_certificate_reporter.h b/net/url_request/fraudulent_certificate_reporter.h
deleted file mode 100644
index 8d5d60a..0000000
--- a/net/url_request/fraudulent_certificate_reporter.h
+++ /dev/null
@@ -1,30 +0,0 @@
-// Copyright (c) 2011 The Chromium Authors. All rights reserved.
-// Use of this source code is governed by a BSD-style license that can be
-// found in the LICENSE file.
-
-#ifndef NET_URL_REQUEST_FRAUDULENT_CERTIFICATE_REPORTER_H_
-#define NET_URL_REQUEST_FRAUDULENT_CERTIFICATE_REPORTER_H_
-
-#include <string>
-
-namespace net {
-
-class SSLInfo;
-
-// FraudulentCertificateReporter is an interface for asynchronously
-// reporting certificate chains that fail the certificate pinning
-// check.
-class FraudulentCertificateReporter {
- public:
-  virtual ~FraudulentCertificateReporter() {}
-
-  // Sends a report to the report collection server containing the |ssl_info|
-  // associated with a connection to |hostname|.
-  virtual void SendReport(const std::string& hostname,
-                          const SSLInfo& ssl_info) = 0;
-};
-
-}  // namespace net
-
-#endif  // NET_URL_REQUEST_FRAUDULENT_CERTIFICATE_REPORTER_H_
-
diff --git a/net/url_request/url_request_context.cc b/net/url_request/url_request_context.cc
index fa0db79..b83cf02 100644
--- a/net/url_request/url_request_context.cc
+++ b/net/url_request/url_request_context.cc
@@ -21,7 +21,6 @@ URLRequestContext::URLRequestContext()
       host_resolver_(nullptr),
       cert_verifier_(nullptr),
       channel_id_service_(nullptr),
-      fraudulent_certificate_reporter_(nullptr),
       http_auth_handler_factory_(nullptr),
       proxy_service_(nullptr),
       network_delegate_(nullptr),
@@ -47,7 +46,6 @@ void URLRequestContext::CopyFrom(const URLRequestContext* other) {
   set_host_resolver(other->host_resolver_);
   set_cert_verifier(other->cert_verifier_);
   set_channel_id_service(other->channel_id_service_);
-  set_fraudulent_certificate_reporter(other->fraudulent_certificate_reporter_);
   set_http_auth_handler_factory(other->http_auth_handler_factory_);
   set_proxy_service(other->proxy_service_);
   set_ssl_config_service(other->ssl_config_service_.get());
diff --git a/net/url_request/url_request_context.h b/net/url_request/url_request_context.h
index a50225c..b9f1276d 100644
--- a/net/url_request/url_request_context.h
+++ b/net/url_request/url_request_context.h
@@ -31,7 +31,6 @@ class CertVerifier;
 class ChannelIDService;
 class CookieStore;
 class CTVerifier;
-class FraudulentCertificateReporter;
 class HostResolver;
 class HttpAuthHandlerFactory;
 class HttpTransactionFactory;
@@ -99,14 +98,6 @@ class NET_EXPORT URLRequestContext
     channel_id_service_ = channel_id_service;
   }
 
-  FraudulentCertificateReporter* fraudulent_certificate_reporter() const {
-    return fraudulent_certificate_reporter_;
-  }
-  void set_fraudulent_certificate_reporter(
-      FraudulentCertificateReporter* fraudulent_certificate_reporter) {
-    fraudulent_certificate_reporter_ = fraudulent_certificate_reporter;
-  }
-
   // Get the proxy service for this context.
   ProxyService* proxy_service() const { return proxy_service_; }
   void set_proxy_service(ProxyService* proxy_service) {
@@ -239,7 +230,6 @@ class NET_EXPORT URLRequestContext
   HostResolver* host_resolver_;
   CertVerifier* cert_verifier_;
   ChannelIDService* channel_id_service_;
-  FraudulentCertificateReporter* fraudulent_certificate_reporter_;
   HttpAuthHandlerFactory* http_auth_handler_factory_;
   ProxyService* proxy_service_;
   scoped_refptr<SSLConfigService> ssl_config_service_;
diff --git a/net/url_request/url_request_context_storage.cc b/net/url_request/url_request_context_storage.cc
index e1452be..b334632 100644
--- a/net/url_request/url_request_context_storage.cc
+++ b/net/url_request/url_request_context_storage.cc
@@ -17,7 +17,6 @@
 #include "net/log/net_log.h"
 #include "net/proxy/proxy_service.h"
 #include "net/ssl/channel_id_service.h"
-#include "net/url_request/fraudulent_certificate_reporter.h"
 #include "net/url_request/http_user_agent_settings.h"
 #include "net/url_request/url_request_backoff_manager.h"
 #include "net/url_request/url_request_context.h"
@@ -55,13 +54,6 @@ void URLRequestContextStorage::set_channel_id_service(
   channel_id_service_ = channel_id_service.Pass();
 }
 
-void URLRequestContextStorage::set_fraudulent_certificate_reporter(
-    FraudulentCertificateReporter* fraudulent_certificate_reporter) {
-  context_->set_fraudulent_certificate_reporter(
-      fraudulent_certificate_reporter);
-  fraudulent_certificate_reporter_.reset(fraudulent_certificate_reporter);
-}
-
 void URLRequestContextStorage::set_http_auth_handler_factory(
     HttpAuthHandlerFactory* http_auth_handler_factory) {
   context_->set_http_auth_handler_factory(http_auth_handler_factory);
diff --git a/net/url_request/url_request_context_storage.h b/net/url_request/url_request_context_storage.h
index a37e30a..fd3c4a2 100644
--- a/net/url_request/url_request_context_storage.h
+++ b/net/url_request/url_request_context_storage.h
@@ -15,7 +15,6 @@ namespace net {
 class CertVerifier;
 class ChannelIDService;
 class CookieStore;
-class FraudulentCertificateReporter;
 class FtpTransactionFactory;
 class HostResolver;
 class HttpAuthHandlerFactory;
@@ -50,8 +49,6 @@ class NET_EXPORT URLRequestContextStorage {
   void set_host_resolver(scoped_ptr<HostResolver> host_resolver);
   void set_cert_verifier(CertVerifier* cert_verifier);
   void set_channel_id_service(scoped_ptr<ChannelIDService> channel_id_service);
-  void set_fraudulent_certificate_reporter(
-      FraudulentCertificateReporter* fraudulent_certificate_reporter);
   void set_http_auth_handler_factory(
       HttpAuthHandlerFactory* http_auth_handler_factory);
   void set_proxy_service(ProxyService* proxy_service);
@@ -83,7 +80,6 @@ class NET_EXPORT URLRequestContextStorage {
   scoped_ptr<CertVerifier> cert_verifier_;
   // The ChannelIDService must outlive the HttpTransactionFactory.
   scoped_ptr<ChannelIDService> channel_id_service_;
-  scoped_ptr<FraudulentCertificateReporter> fraudulent_certificate_reporter_;
   scoped_ptr<HttpAuthHandlerFactory> http_auth_handler_factory_;
   scoped_ptr<ProxyService> proxy_service_;
   // TODO(willchan): Remove refcounting on these members.
diff --git a/net/url_request/url_request_http_job.cc b/net/url_request/url_request_http_job.cc
index 2e55ca5..0a6632e 100644
--- a/net/url_request/url_request_http_job.cc
+++ b/net/url_request/url_request_http_job.cc
@@ -42,7 +42,6 @@
 #include "net/proxy/proxy_info.h"
 #include "net/ssl/ssl_cert_request_info.h"
 #include "net/ssl/ssl_config_service.h"
-#include "net/url_request/fraudulent_certificate_reporter.h"
 #include "net/url_request/http_user_agent_settings.h"
 #include "net/url_request/url_request.h"
 #include "net/url_request/url_request_backoff_manager.h"
@@ -919,18 +918,6 @@ void URLRequestHttpJob::OnStartCompleted(int result) {
 
   const URLRequestContext* context = request_->context();
 
-  if (result == ERR_SSL_PINNED_KEY_NOT_IN_CERT_CHAIN &&
-      transaction_->GetResponseInfo() != NULL) {
-    FraudulentCertificateReporter* reporter =
-      context->fraudulent_certificate_reporter();
-    if (reporter != NULL) {
-      const SSLInfo& ssl_info = transaction_->GetResponseInfo()->ssl_info;
-      const std::string& host = request_->url().host();
-
-      reporter->SendReport(host, ssl_info);
-    }
-  }
-
   if (result == OK) {
     if (transaction_ && transaction_->GetResponseInfo()) {
       SetProxyServer(transaction_->GetResponseInfo()->proxy_server);
author	estark <estark@chromium.org>	2015-08-11 19:35:50 -0700
committer	Commit bot <commit-bot@chromium.org>	2015-08-12 02:36:28 +0000
commit	db949c345a8c561f45a2351daa06dc9c85671e88 (patch)
tree	72d86093c9e62bf5abf3eda26a0d3df5843bb369 /net/url_request
parent	20162d198ff2e82c959c133801a5ae47c4470c6e (diff)
download	chromium_src-db949c345a8c561f45a2351daa06dc9c85671e88.zip chromium_src-db949c345a8c561f45a2351daa06dc9c85671e88.tar.gz chromium_src-db949c345a8c561f45a2351daa06dc9c85671e88.tar.bz2