chrome/browser/net/certificate_error_reporter.h

   1 // Copyright 2015 The Chromium Authors. All rights reserved.
   2 // Use of this source code is governed by a BSD-style license that can be
   3 // found in the LICENSE file.
   4
   5 #ifndef CHROME_BROWSER_NET_CERTIFICATE_ERROR_REPORTER_H_
   6 #define CHROME_BROWSER_NET_CERTIFICATE_ERROR_REPORTER_H_
   7
   8 #include <set>
   9 #include <string>
  10
  11 #include "base/macros.h"
  12 #include "base/memory/scoped_ptr.h"
  13 #include "net/url_request/certificate_report_sender.h"
  14 #include "url/gurl.h"
  15
  16 namespace net {
  17 class URLRequestContext;
  18 class SSLInfo;
  19 }
  20
  21 namespace chrome_browser_net {
  22
  23 class EncryptedCertLoggerRequest;
  24
  25 // Provides functionality for sending reports about invalid SSL
  26 // certificate chains to a report collection server.
  27 class CertificateErrorReporter {
  28  public:
  29   // These represent the types of reports that can be sent.
  30   enum ReportType {
  31     // A report of a certificate chain that failed a certificate pinning
  32     // check.
  33     REPORT_TYPE_PINNING_VIOLATION,
  34     // A report for an invalid certificate chain that is being sent for
  35     // a user who has opted-in to the extended reporting program.
  36     REPORT_TYPE_EXTENDED_REPORTING
  37   };
  38
  39   // Creates a certificate error reporter that will send certificate
  40   // error reports to |upload_url|, using |request_context| as the
  41   // context for the reports. |cookies_preference| controls whether
  42   // cookies will be sent along with the reports.
  43   CertificateErrorReporter(
  44       net::URLRequestContext* request_context,
  45       const GURL& upload_url,
  46       net::CertificateReportSender::CookiesPreference cookies_preference);
  47
  48   // Allows tests to use a server public key with known private key and
  49   // a mock CertificateReportSender.
  50   CertificateErrorReporter(
  51       const GURL& upload_url,
  52       const uint8 server_public_key[32],
  53       const uint32 server_public_key_version,
  54       scoped_ptr<net::CertificateReportSender> certificate_report_sender);
  55
  56   virtual ~CertificateErrorReporter();
  57
  58   // Sends a certificate report to the report collection server. The
  59   // |serialized_report| is expected to be a serialized protobuf
  60   // containing information about the hostname, certificate chain, and
  61   // certificate errors encountered when validating the chain.
  62   //
  63   // |SendReport| actually sends the report over the network; callers are
  64   // responsible for enforcing any preconditions (such as obtaining user
  65   // opt-in, only sending reports for certain hostnames, checking for
  66   // incognito mode, etc.).
  67   //
  68   // On some platforms (but not all), CertificateErrorReporter can use
  69   // an HTTP endpoint to send encrypted extended reporting reports. On
  70   // unsupported platforms, callers must send extended reporting reports
  71   // over SSL.
  72   virtual void SendReport(ReportType type,
  73                           const std::string& serialized_report);
  74
  75   // Callers can use this method to determine if sending reports over
  76   // HTTP is supported.
  77   static bool IsHttpUploadUrlSupported();
  78
  79 #if defined(USE_OPENSSL)
  80   // Used by tests.
  81   static bool DecryptCertificateErrorReport(
  82       const uint8 server_private_key[32],
  83       const EncryptedCertLoggerRequest& encrypted_report,
  84       std::string* decrypted_serialized_report);
  85 #endif
  86
  87  private:
  88   scoped_ptr<net::CertificateReportSender> certificate_report_sender_;
  89
  90   const GURL upload_url_;
  91
  92   const uint8* server_public_key_;
  93   const uint32 server_public_key_version_;
  94
  95   DISALLOW_COPY_AND_ASSIGN(CertificateErrorReporter);
  96 };
  97
  98 }  // namespace chrome_browser_net
  99
 100 #endif  // CHROME_BROWSER_NET_CERTIFICATE_ERROR_REPORTER_H_