net: dump certificate chain to LOG(ERROR) when a provenance check fails.

BUG=none TEST=none http://codereview.chromium.org/6051006 git-svn-id: svn://svn.chromium.org/chrome/trunk/src@69961 0039d316-1c4b-4281-b951-d872f2087c98
author: agl@chromium.org <agl@chromium.org@0039d316-1c4b-4281-b951-d872f2087c98> 2010-12-22 18:01:15 +0000
committer: agl@chromium.org <agl@chromium.org@0039d316-1c4b-4281-b951-d872f2087c98> 2010-12-22 18:01:15 +0000
commit: dd445fb1fabc555b0232488e3ef58a09beaaa195 (patch)
tree: 15fe769946a5fa66d403c3e460620fb1f15b52e2 /net
parent: 26f91aa75137941d37b1db54c69b113a9201bd21 (diff)
download: chromium_src-dd445fb1fabc555b0232488e3ef58a09beaaa195.zip
chromium_src-dd445fb1fabc555b0232488e3ef58a09beaaa195.tar.gz
chromium_src-dd445fb1fabc555b0232488e3ef58a09beaaa195.tar.bz2
1 files changed, 31 insertions, 0 deletions
diff --git a/net/socket/dns_cert_provenance_checker.cc b/net/socket/dns_cert_provenance_checker.cc
index 8779c8e..51a9750 100644
--- a/net/socket/dns_cert_provenance_checker.cc
+++ b/net/socket/dns_cert_provenance_checker.cc
@@ -16,6 +16,7 @@
 #include <set>
 #include <string>
 
+#include "base/base64.h"
 #include "base/basictypes.h"
 #include "base/crypto/encryptor.h"
 #include "base/crypto/symmetric_key.h"
@@ -150,6 +151,7 @@ class DnsCertProvenanceCheck : public NonThreadSafe {
                  << " hostname:" << hostname_
                  << " domain:" << domain_;
       g_dns_cert_limits.Get().DidUpload(hostname_);
+      LogCertificates(der_certs_);
       delegate_->OnDnsCertLookupFailed(hostname_, der_certs_);
     } else if (status == OK) {
       LOG(ERROR) << "GOOD"
@@ -162,6 +164,35 @@ class DnsCertProvenanceCheck : public NonThreadSafe {
     delete this;
   }
 
+  // LogCertificates writes a certificate chain, in PEM format, to LOG(ERROR).
+  static void LogCertificates(
+      const std::vector<std::string>& der_certs) {
+    std::string dump;
+    bool first = true;
+
+    for (std::vector<std::string>::const_iterator
+         i = der_certs.begin(); i != der_certs.end(); i++) {
+      if (!first)
+        dump += "\n";
+      first = false;
+
+      dump += "-----BEGIN CERTIFICATE-----\n";
+      std::string b64_encoded;
+      base::Base64Encode(*i, &b64_encoded);
+      for (size_t i = 0; i < b64_encoded.size();) {
+        size_t todo = b64_encoded.size() - i;
+        if (todo > 64)
+          todo = 64;
+        dump += b64_encoded.substr(i, todo);
+        dump += "\n";
+        i += todo;
+      }
+      dump += "-----END CERTIFICATE-----";
+    }
+
+    LOG(ERROR) << "Offending certificates:\n" << dump;
+  }
+
   const std::string hostname_;
   std::string domain_;
   DnsRRResolver* dnsrr_resolver_;
author	agl@chromium.org <agl@chromium.org@0039d316-1c4b-4281-b951-d872f2087c98>	2010-12-22 18:01:15 +0000
committer	agl@chromium.org <agl@chromium.org@0039d316-1c4b-4281-b951-d872f2087c98>	2010-12-22 18:01:15 +0000
commit	dd445fb1fabc555b0232488e3ef58a09beaaa195 (patch)
tree	15fe769946a5fa66d403c3e460620fb1f15b52e2 /net
parent	26f91aa75137941d37b1db54c69b113a9201bd21 (diff)
download	chromium_src-dd445fb1fabc555b0232488e3ef58a09beaaa195.zip chromium_src-dd445fb1fabc555b0232488e3ef58a09beaaa195.tar.gz chromium_src-dd445fb1fabc555b0232488e3ef58a09beaaa195.tar.bz2