// Copyright 2015 The Chromium Authors. All rights reserved. // Use of this source code is governed by a BSD-style license that can be // found in the LICENSE file. #include "components/certificate_reporting/error_report.h" #include #include "base/stl_util.h" #include "base/strings/string_util.h" #include "base/time/time.h" #include "components/certificate_reporting/cert_logger.pb.h" #include "net/cert/cert_status_flags.h" #include "net/cert/x509_certificate.h" #include "net/ssl/ssl_info.h" namespace certificate_reporting { namespace { void AddCertStatusToReportErrors(net::CertStatus cert_status, CertLoggerRequest* report) { #define COPY_CERT_STATUS(error) RENAME_CERT_STATUS(error, CERT_##error) #define RENAME_CERT_STATUS(status_error, logger_error) \ if (cert_status & net::CERT_STATUS_##status_error) \ report->add_cert_error(CertLoggerRequest::ERR_##logger_error); COPY_CERT_STATUS(REVOKED) COPY_CERT_STATUS(INVALID) RENAME_CERT_STATUS(PINNED_KEY_MISSING, SSL_PINNED_KEY_NOT_IN_CERT_CHAIN) COPY_CERT_STATUS(AUTHORITY_INVALID) COPY_CERT_STATUS(COMMON_NAME_INVALID) COPY_CERT_STATUS(NON_UNIQUE_NAME) COPY_CERT_STATUS(NAME_CONSTRAINT_VIOLATION) COPY_CERT_STATUS(WEAK_SIGNATURE_ALGORITHM) COPY_CERT_STATUS(WEAK_KEY) COPY_CERT_STATUS(DATE_INVALID) COPY_CERT_STATUS(VALIDITY_TOO_LONG) COPY_CERT_STATUS(UNABLE_TO_CHECK_REVOCATION) COPY_CERT_STATUS(NO_REVOCATION_MECHANISM) #undef RENAME_CERT_STATUS #undef COPY_CERT_STATUS } bool CertificateChainToString(scoped_refptr cert, std::string* result) { std::vector pem_encoded_chain; if (!cert->GetPEMEncodedChain(&pem_encoded_chain)) return false; *result = base::JoinString(pem_encoded_chain, ""); return true; } } // namespace ErrorReport::ErrorReport() : cert_report_(new CertLoggerRequest()) {} ErrorReport::ErrorReport(const std::string& hostname, const net::SSLInfo& ssl_info) : cert_report_(new CertLoggerRequest()) { base::Time now = base::Time::Now(); cert_report_->set_time_usec(now.ToInternalValue()); cert_report_->set_hostname(hostname); if (!CertificateChainToString(ssl_info.cert, cert_report_->mutable_cert_chain())) { LOG(ERROR) << "Could not get PEM encoded chain."; } if (ssl_info.unverified_cert && !CertificateChainToString( ssl_info.unverified_cert, cert_report_->mutable_unverified_cert_chain())) { LOG(ERROR) << "Could not get PEM encoded unverified certificate chain."; } cert_report_->add_pin(ssl_info.pinning_failure_log); AddCertStatusToReportErrors(ssl_info.cert_status, cert_report_.get()); } ErrorReport::~ErrorReport() {} bool ErrorReport::InitializeFromString(const std::string& serialized_report) { return cert_report_->ParseFromString(serialized_report); } bool ErrorReport::Serialize(std::string* output) const { return cert_report_->SerializeToString(output); } void ErrorReport::SetInterstitialInfo( const InterstitialReason& interstitial_reason, const ProceedDecision& proceed_decision, const Overridable& overridable) { CertLoggerInterstitialInfo* interstitial_info = cert_report_->mutable_interstitial_info(); switch (interstitial_reason) { case INTERSTITIAL_SSL: interstitial_info->set_interstitial_reason( CertLoggerInterstitialInfo::INTERSTITIAL_SSL); break; case INTERSTITIAL_CAPTIVE_PORTAL: interstitial_info->set_interstitial_reason( CertLoggerInterstitialInfo::INTERSTITIAL_CAPTIVE_PORTAL); break; case INTERSTITIAL_CLOCK: interstitial_info->set_interstitial_reason( CertLoggerInterstitialInfo::INTERSTITIAL_CLOCK); break; } interstitial_info->set_user_proceeded(proceed_decision == USER_PROCEEDED); interstitial_info->set_overridable(overridable == INTERSTITIAL_OVERRIDABLE); } const std::string& ErrorReport::hostname() const { return cert_report_->hostname(); } } // namespace certificate_reporting