1 // Copyright 2015 The Chromium Authors. All rights reserved.
2 // Use of this source code is governed by a BSD-style license that can be
3 // found in the LICENSE file.
5 #include "chrome/browser/net/certificate_error_reporter.h"
9 #include "base/logging.h"
10 #include "base/stl_util.h"
11 #include "base/time/time.h"
12 #include "chrome/browser/net/cert_logger.pb.h"
13 #include "net/base/elements_upload_data_stream.h"
14 #include "net/base/load_flags.h"
15 #include "net/base/request_priority.h"
16 #include "net/base/upload_bytes_element_reader.h"
17 #include "net/cert/x509_certificate.h"
18 #include "net/ssl/ssl_info.h"
19 #include "net/url_request/url_request_context.h"
21 namespace chrome_browser_net
{
23 CertificateErrorReporter::CertificateErrorReporter(
24 net::URLRequestContext
* request_context
,
25 const GURL
& upload_url
,
26 CookiesPreference cookies_preference
)
27 : request_context_(request_context
),
28 upload_url_(upload_url
),
29 cookies_preference_(cookies_preference
) {
30 DCHECK(!upload_url
.is_empty());
33 CertificateErrorReporter::~CertificateErrorReporter() {
34 STLDeleteElements(&inflight_requests_
);
37 void CertificateErrorReporter::SendReport(ReportType type
,
38 const std::string
& hostname
,
39 const net::SSLInfo
& ssl_info
) {
40 CertLoggerRequest request
;
43 BuildReport(hostname
, ssl_info
, &request
);
46 case REPORT_TYPE_PINNING_VIOLATION
:
47 SendCertLoggerRequest(request
);
49 case REPORT_TYPE_EXTENDED_REPORTING
:
50 // TODO(estark): Encrypt the report if not sending over HTTPS
51 DCHECK(upload_url_
.SchemeIsSecure());
52 SendCertLoggerRequest(request
);
59 void CertificateErrorReporter::OnResponseStarted(net::URLRequest
* request
) {
60 const net::URLRequestStatus
& status(request
->status());
61 if (!status
.is_success()) {
62 LOG(WARNING
) << "Certificate upload failed"
63 << " status:" << status
.status()
64 << " error:" << status
.error();
65 } else if (request
->GetResponseCode() != 200) {
66 LOG(WARNING
) << "Certificate upload HTTP status: "
67 << request
->GetResponseCode();
69 RequestComplete(request
);
72 void CertificateErrorReporter::OnReadCompleted(net::URLRequest
* request
,
76 scoped_ptr
<net::URLRequest
> CertificateErrorReporter::CreateURLRequest(
77 net::URLRequestContext
* context
) {
78 scoped_ptr
<net::URLRequest
> request
=
79 context
->CreateRequest(upload_url_
, net::DEFAULT_PRIORITY
, this);
80 if (cookies_preference_
!= SEND_COOKIES
) {
81 request
->SetLoadFlags(net::LOAD_DO_NOT_SEND_COOKIES
|
82 net::LOAD_DO_NOT_SAVE_COOKIES
);
84 return request
.Pass();
87 void CertificateErrorReporter::SendCertLoggerRequest(
88 const CertLoggerRequest
& request
) {
89 std::string serialized_request
;
90 request
.SerializeToString(&serialized_request
);
92 scoped_ptr
<net::URLRequest
> url_request
= CreateURLRequest(request_context_
);
93 url_request
->set_method("POST");
95 scoped_ptr
<net::UploadElementReader
> reader(
96 net::UploadOwnedBytesElementReader::CreateWithString(serialized_request
));
97 url_request
->set_upload(
98 net::ElementsUploadDataStream::CreateWithReader(reader
.Pass(), 0));
100 net::HttpRequestHeaders headers
;
101 headers
.SetHeader(net::HttpRequestHeaders::kContentType
,
102 "x-application/chrome-fraudulent-cert-report");
103 url_request
->SetExtraRequestHeaders(headers
);
105 net::URLRequest
* raw_url_request
= url_request
.get();
106 inflight_requests_
.insert(url_request
.release());
107 raw_url_request
->Start();
110 void CertificateErrorReporter::BuildReport(const std::string
& hostname
,
111 const net::SSLInfo
& ssl_info
,
112 CertLoggerRequest
* out_request
) {
113 base::Time now
= base::Time::Now();
114 out_request
->set_time_usec(now
.ToInternalValue());
115 out_request
->set_hostname(hostname
);
117 std::vector
<std::string
> pem_encoded_chain
;
118 if (!ssl_info
.cert
->GetPEMEncodedChain(&pem_encoded_chain
))
119 LOG(ERROR
) << "Could not get PEM encoded chain.";
121 std::string
* cert_chain
= out_request
->mutable_cert_chain();
122 for (size_t i
= 0; i
< pem_encoded_chain
.size(); ++i
)
123 *cert_chain
+= pem_encoded_chain
[i
];
125 out_request
->add_pin(ssl_info
.pinning_failure_log
);
128 void CertificateErrorReporter::RequestComplete(net::URLRequest
* request
) {
129 std::set
<net::URLRequest
*>::iterator i
= inflight_requests_
.find(request
);
130 DCHECK(i
!= inflight_requests_
.end());
131 scoped_ptr
<net::URLRequest
> url_request(*i
);
132 inflight_requests_
.erase(i
);
135 } // namespace chrome_browser_net