chrome/browser/ssl/certificate_error_report.cc

   1 // Copyright 2015 The Chromium Authors. All rights reserved.
   2 // Use of this source code is governed by a BSD-style license that can be
   3 // found in the LICENSE file.
   4
   5 #include "chrome/browser/ssl/certificate_error_report.h"
   6
   7 #include <vector>
   8
   9 #include "base/stl_util.h"
  10 #include "base/time/time.h"
  11 #include "chrome/browser/ssl/cert_logger.pb.h"
  12 #include "net/cert/cert_status_flags.h"
  13 #include "net/cert/x509_certificate.h"
  14 #include "net/ssl/ssl_info.h"
  15
  16 namespace {
  17
  18 void AddCertStatusToReportErrors(net::CertStatus cert_status,
  19                                  CertLoggerRequest* report) {
  20   if (cert_status & net::CERT_STATUS_REVOKED)
  21     report->add_cert_error(CertLoggerRequest::ERR_CERT_REVOKED);
  22   if (cert_status & net::CERT_STATUS_INVALID)
  23     report->add_cert_error(CertLoggerRequest::ERR_CERT_INVALID);
  24   if (cert_status & net::CERT_STATUS_PINNED_KEY_MISSING)
  25     report->add_cert_error(
  26         CertLoggerRequest::ERR_SSL_PINNED_KEY_NOT_IN_CERT_CHAIN);
  27   if (cert_status & net::CERT_STATUS_AUTHORITY_INVALID)
  28     report->add_cert_error(CertLoggerRequest::ERR_CERT_AUTHORITY_INVALID);
  29   if (cert_status & net::CERT_STATUS_COMMON_NAME_INVALID)
  30     report->add_cert_error(CertLoggerRequest::ERR_CERT_COMMON_NAME_INVALID);
  31   if (cert_status & net::CERT_STATUS_NON_UNIQUE_NAME)
  32     report->add_cert_error(CertLoggerRequest::ERR_CERT_NON_UNIQUE_NAME);
  33   if (cert_status & net::CERT_STATUS_NAME_CONSTRAINT_VIOLATION)
  34     report->add_cert_error(
  35         CertLoggerRequest::ERR_CERT_NAME_CONSTRAINT_VIOLATION);
  36   if (cert_status & net::CERT_STATUS_WEAK_SIGNATURE_ALGORITHM)
  37     report->add_cert_error(
  38         CertLoggerRequest::ERR_CERT_WEAK_SIGNATURE_ALGORITHM);
  39   if (cert_status & net::CERT_STATUS_WEAK_KEY)
  40     report->add_cert_error(CertLoggerRequest::ERR_CERT_WEAK_KEY);
  41   if (cert_status & net::CERT_STATUS_DATE_INVALID)
  42     report->add_cert_error(CertLoggerRequest::ERR_CERT_DATE_INVALID);
  43   if (cert_status & net::CERT_STATUS_VALIDITY_TOO_LONG)
  44     report->add_cert_error(CertLoggerRequest::ERR_CERT_VALIDITY_TOO_LONG);
  45   if (cert_status & net::CERT_STATUS_UNABLE_TO_CHECK_REVOCATION)
  46     report->add_cert_error(
  47         CertLoggerRequest::ERR_CERT_UNABLE_TO_CHECK_REVOCATION);
  48   if (cert_status & net::CERT_STATUS_NO_REVOCATION_MECHANISM)
  49     report->add_cert_error(CertLoggerRequest::ERR_CERT_NO_REVOCATION_MECHANISM);
  50 }
  51 }  // namespace
  52
  53 CertificateErrorReport::CertificateErrorReport()
  54     : cert_report_(new CertLoggerRequest()) {
  55 }
  56
  57 CertificateErrorReport::CertificateErrorReport(const std::string& hostname,
  58                                                const net::SSLInfo& ssl_info)
  59     : cert_report_(new CertLoggerRequest()) {
  60   base::Time now = base::Time::Now();
  61   cert_report_->set_time_usec(now.ToInternalValue());
  62   cert_report_->set_hostname(hostname);
  63
  64   std::vector<std::string> pem_encoded_chain;
  65   if (!ssl_info.cert->GetPEMEncodedChain(&pem_encoded_chain)) {
  66     LOG(ERROR) << "Could not get PEM encoded chain.";
  67   }
  68
  69   std::string* cert_chain = cert_report_->mutable_cert_chain();
  70   for (size_t i = 0; i < pem_encoded_chain.size(); ++i)
  71     cert_chain->append(pem_encoded_chain[i]);
  72
  73   cert_report_->add_pin(ssl_info.pinning_failure_log);
  74
  75   AddCertStatusToReportErrors(ssl_info.cert_status, cert_report_.get());
  76 }
  77
  78 CertificateErrorReport::~CertificateErrorReport() {
  79 }
  80
  81 bool CertificateErrorReport::InitializeFromString(
  82     const std::string& serialized_report) {
  83   return cert_report_->ParseFromString(serialized_report);
  84 }
  85
  86 bool CertificateErrorReport::Serialize(std::string* output) const {
  87   return cert_report_->SerializeToString(output);
  88 }
  89
  90 void CertificateErrorReport::SetInterstitialInfo(
  91     const InterstitialReason& interstitial_reason,
  92     const ProceedDecision& proceed_decision,
  93     const Overridable& overridable) {
  94   CertLoggerInterstitialInfo* interstitial_info =
  95       cert_report_->mutable_interstitial_info();
  96
  97   switch (interstitial_reason) {
  98     case INTERSTITIAL_SSL:
  99       interstitial_info->set_interstitial_reason(
 100           CertLoggerInterstitialInfo::INTERSTITIAL_SSL);
 101       break;
 102     case INTERSTITIAL_CAPTIVE_PORTAL:
 103       interstitial_info->set_interstitial_reason(
 104           CertLoggerInterstitialInfo::INTERSTITIAL_CAPTIVE_PORTAL);
 105       break;
 106     case INTERSTITIAL_CLOCK:
 107       interstitial_info->set_interstitial_reason(
 108           CertLoggerInterstitialInfo::INTERSTITIAL_CLOCK);
 109       break;
 110   }
 111
 112   interstitial_info->set_user_proceeded(proceed_decision == USER_PROCEEDED);
 113   interstitial_info->set_overridable(overridable == INTERSTITIAL_OVERRIDABLE);
 114 }
 115
 116 const std::string& CertificateErrorReport::hostname() const {
 117   return cert_report_->hostname();
 118 }