chrome/browser/net/certificate_error_reporter.h

   1 // Copyright 2015 The Chromium Authors. All rights reserved.
   2 // Use of this source code is governed by a BSD-style license that can be
   3 // found in the LICENSE file.
   4
   5 #ifndef CHROME_BROWSER_NET_CERTIFICATE_ERROR_REPORTER_H_
   6 #define CHROME_BROWSER_NET_CERTIFICATE_ERROR_REPORTER_H_
   7
   8 #include <set>
   9 #include <string>
  10
  11 #include "base/macros.h"
  12 #include "base/memory/scoped_ptr.h"
  13 #include "net/url_request/certificate_report_sender.h"
  14 #include "url/gurl.h"
  15
  16 namespace net {
  17 class URLRequestContext;
  18 class SSLInfo;
  19 }
  20
  21 namespace chrome_browser_net {
  22
  23 class EncryptedCertLoggerRequest;
  24
  25 // Provides functionality for sending reports about invalid SSL
  26 // certificate chains to a report collection server.
  27 class CertificateErrorReporter {
  28  public:
  29   // Creates a certificate error reporter that will send certificate
  30   // error reports to |upload_url|, using |request_context| as the
  31   // context for the reports. |cookies_preference| controls whether
  32   // cookies will be sent along with the reports.
  33   CertificateErrorReporter(
  34       net::URLRequestContext* request_context,
  35       const GURL& upload_url,
  36       net::CertificateReportSender::CookiesPreference cookies_preference);
  37
  38   // Allows tests to use a server public key with known private key and
  39   // a mock CertificateReportSender. |server_public_key| must outlive
  40   // the CertificateErrorReporter.
  41   CertificateErrorReporter(
  42       const GURL& upload_url,
  43       const uint8 server_public_key[/* 32 */],
  44       const uint32 server_public_key_version,
  45       scoped_ptr<net::CertificateReportSender> certificate_report_sender);
  46
  47   virtual ~CertificateErrorReporter();
  48
  49   // Sends a certificate report to the report collection server. The
  50   // |serialized_report| is expected to be a serialized protobuf
  51   // containing information about the hostname, certificate chain, and
  52   // certificate errors encountered when validating the chain.
  53   //
  54   // |SendReport| actually sends the report over the network; callers are
  55   // responsible for enforcing any preconditions (such as obtaining user
  56   // opt-in, only sending reports for certain hostnames, checking for
  57   // incognito mode, etc.).
  58   //
  59   // On some platforms (but not all), CertificateErrorReporter can use
  60   // an HTTP endpoint to send encrypted extended reporting reports. On
  61   // unsupported platforms, callers must send extended reporting reports
  62   // over SSL.
  63   virtual void SendExtendedReportingReport(
  64       const std::string& serialized_report);
  65
  66   // Whether sending reports over HTTP is supported.
  67   static bool IsHttpUploadUrlSupported();
  68
  69 #if defined(USE_OPENSSL)
  70   // Used by tests.
  71   static bool DecryptCertificateErrorReport(
  72       const uint8 server_private_key[32],
  73       const EncryptedCertLoggerRequest& encrypted_report,
  74       std::string* decrypted_serialized_report);
  75 #endif
  76
  77  private:
  78   scoped_ptr<net::CertificateReportSender> certificate_report_sender_;
  79
  80   const GURL upload_url_;
  81
  82   const uint8* server_public_key_;
  83   const uint32 server_public_key_version_;
  84
  85   DISALLOW_COPY_AND_ASSIGN(CertificateErrorReporter);
  86 };
  87
  88 }  // namespace chrome_browser_net
  89
  90 #endif  // CHROME_BROWSER_NET_CERTIFICATE_ERROR_REPORTER_H_