net: add issued_by_known_hash and public_key_hashes to SSLInfo.

BUG=none
TEST=none

Review URL: http://codereview.chromium.org/6839024

git-svn-id: svn://svn.chromium.org/chrome/trunk/src@81494 0039d316-1c4b-4281-b951-d872f2087c98

6 files changed, 35 insertions, 8 deletions

diff --git a/net/base/ssl_info.cc b/net/base/ssl_info.cc
index 1b60644..40c0fd3 100644
--- a/net/base/ssl_info.cc
+++ b/net/base/ssl_info.cc
@@ -1,4 +1,4 @@
-// Copyright (c) 2010 The Chromium Authors. All rights reserved.
+// Copyright (c) 2011 The Chromium Authors. All rights reserved.
 // Use of this source code is governed by a BSD-style license that can be
 // found in the LICENSE file.
 
@@ -12,14 +12,17 @@ namespace net {
 SSLInfo::SSLInfo()
     : cert_status(0),
       security_bits(-1),
-      connection_status(0) {
+      connection_status(0),
+      is_issued_by_known_root(false) {
 }
 
 SSLInfo::SSLInfo(const SSLInfo& info)
     : cert(info.cert),
       cert_status(info.cert_status),
       security_bits(info.security_bits),
-      connection_status(info.connection_status) {
+      connection_status(info.connection_status),
+      is_issued_by_known_root(info.is_issued_by_known_root),
+      public_key_hashes(info.public_key_hashes) {
 }
 
 SSLInfo::~SSLInfo() {
@@ -30,6 +33,8 @@ SSLInfo& SSLInfo::operator=(const SSLInfo& info) {
   cert_status = info.cert_status;
   security_bits = info.security_bits;
   connection_status = info.connection_status;
+  public_key_hashes = info.public_key_hashes;
+  is_issued_by_known_root = info.is_issued_by_known_root;
   return *this;
 }
 
@@ -38,6 +43,8 @@ void SSLInfo::Reset() {
   cert_status = 0;
   security_bits = -1;
   connection_status = 0;
+  is_issued_by_known_root = false;
+  public_key_hashes.clear();
 }
 
 void SSLInfo::SetCertError(int error) {
diff --git a/net/base/ssl_info.h b/net/base/ssl_info.h
index 1a85919..7b65a1b 100644
--- a/net/base/ssl_info.h
+++ b/net/base/ssl_info.h
@@ -6,7 +6,10 @@
 #define NET_BASE_SSL_INFO_H_
 #pragma once
 
+#include <vector>
+
 #include "base/memory/ref_counted.h"
+#include "net/base/x509_cert_types.h"
 
 namespace net {
 
@@ -45,6 +48,13 @@ class SSLInfo {
   // ssl_connection_status_flags.h for values. The protocol version,
   // ciphersuite, and compression in use are encoded within.
   int connection_status;
+
+  // If the certificate is valid, then this is true iff it was rooted at a
+  // standard CA root. (As opposed to a user-installed root.)
+  bool is_issued_by_known_root;
+
+  // The hashes of the SubjectPublicKeyInfos from each certificate in the chain.
+  std::vector<SHA1Fingerprint> public_key_hashes;
 };
 
 }  // namespace net
diff --git a/net/socket/ssl_client_socket_mac.cc b/net/socket/ssl_client_socket_mac.cc
index 25d1401..09103ce 100644
--- a/net/socket/ssl_client_socket_mac.cc
+++ b/net/socket/ssl_client_socket_mac.cc
@@ -1,4 +1,4 @@
-// Copyright (c) 2010 The Chromium Authors. All rights reserved.
+// Copyright (c) 2011 The Chromium Authors. All rights reserved.
 // Use of this source code is governed by a BSD-style license that can be
 // found in the LICENSE file.
 
@@ -707,11 +707,11 @@ void SSLClientSocketMac::GetSSLInfo(SSLInfo* ssl_info) {
     return;
   }
 
-  // set cert
   ssl_info->cert = server_cert_;
-
-  // update status
   ssl_info->cert_status = server_cert_verify_result_.cert_status;
+  ssl_info->public_key_hashes = server_cert_verify_result_.public_key_hashes;
+  ssl_info->is_issued_by_known_root =
+      server_cert_verify_result_.is_issued_by_known_root;
 
   // security info
   SSLCipherSuite suite;
diff --git a/net/socket/ssl_client_socket_nss.cc b/net/socket/ssl_client_socket_nss.cc
index a5fe5b1..37e93f2 100644
--- a/net/socket/ssl_client_socket_nss.cc
+++ b/net/socket/ssl_client_socket_nss.cc
@@ -521,6 +521,9 @@ void SSLClientSocketNSS::GetSSLInfo(SSLInfo* ssl_info) {
   DCHECK(server_cert_ != NULL);
   ssl_info->cert = server_cert_;
   ssl_info->connection_status = ssl_connection_status_;
+  ssl_info->public_key_hashes = server_cert_verify_result_->public_key_hashes;
+  ssl_info->is_issued_by_known_root =
+      server_cert_verify_result_->is_issued_by_known_root;
 
   PRUint16 cipher_suite =
       SSLConnectionStatusToCipherSuite(ssl_connection_status_);
diff --git a/net/socket/ssl_client_socket_openssl.cc b/net/socket/ssl_client_socket_openssl.cc
index eefc839..13af0c6 100644
--- a/net/socket/ssl_client_socket_openssl.cc
+++ b/net/socket/ssl_client_socket_openssl.cc
@@ -558,6 +558,10 @@ void SSLClientSocketOpenSSL::GetSSLInfo(SSLInfo* ssl_info) {
 
   ssl_info->cert = server_cert_;
   ssl_info->cert_status = server_cert_verify_result_.cert_status;
+  ssl_info->is_issued_by_known_root =
+      server_cert_verify_result_.is_issued_by_known_root;
+  ssl_info->public_key_hashes =
+    server_cert_verify_result_.public_key_hashes;
 
   const SSL_CIPHER* cipher = SSL_get_current_cipher(ssl_);
   CHECK(cipher);
diff --git a/net/socket/ssl_client_socket_win.cc b/net/socket/ssl_client_socket_win.cc
index 61369b4..2ae8673 100644
--- a/net/socket/ssl_client_socket_win.cc
+++ b/net/socket/ssl_client_socket_win.cc
@@ -1,4 +1,4 @@
-// Copyright (c) 2010 The Chromium Authors. All rights reserved.
+// Copyright (c) 2011 The Chromium Authors. All rights reserved.
 // Use of this source code is governed by a BSD-style license that can be
 // found in the LICENSE file.
 
@@ -433,6 +433,9 @@ void SSLClientSocketWin::GetSSLInfo(SSLInfo* ssl_info) {
 
   ssl_info->cert = server_cert_;
   ssl_info->cert_status = server_cert_verify_result_.cert_status;
+  ssl_info->public_key_hashes = server_cert_verify_result_.public_key_hashes;
+  ssl_info->is_issued_by_known_root =
+      server_cert_verify_result_.is_issued_by_known_root;
   SecPkgContext_ConnectionInfo connection_info;
   SECURITY_STATUS status = QueryContextAttributes(
       &ctxt_, SECPKG_ATTR_CONNECTION_INFO, &connection_info);