chrome/browser/net/certificate_error_reporter.h

   1 // Copyright 2015 The Chromium Authors. All rights reserved.
   2 // Use of this source code is governed by a BSD-style license that can be
   3 // found in the LICENSE file.
   4
   5 #ifndef CHROME_BROWSER_NET_CERTIFICATE_ERROR_REPORTER_H_
   6 #define CHROME_BROWSER_NET_CERTIFICATE_ERROR_REPORTER_H_
   7
   8 #include <set>
   9 #include <string>
  10
  11 #include "base/macros.h"
  12 #include "base/memory/scoped_ptr.h"
  13 #include "net/url_request/url_request.h"
  14 #include "url/gurl.h"
  15
  16 namespace net {
  17 class URLRequestContext;
  18 class SSLInfo;
  19 }
  20
  21 namespace chrome_browser_net {
  22
  23 class EncryptedCertLoggerRequest;
  24
  25 // Provides functionality for sending reports about invalid SSL
  26 // certificate chains to a report collection server.
  27 class CertificateErrorReporter : public net::URLRequest::Delegate {
  28  public:
  29   // These represent the types of reports that can be sent.
  30   enum ReportType {
  31     // A report of a certificate chain that failed a certificate pinning
  32     // check.
  33     REPORT_TYPE_PINNING_VIOLATION,
  34     // A report for an invalid certificate chain that is being sent for
  35     // a user who has opted-in to the extended reporting program.
  36     REPORT_TYPE_EXTENDED_REPORTING
  37   };
  38
  39   // Represents whether or not to send cookies along with reports sent
  40   // to the server.
  41   enum CookiesPreference { SEND_COOKIES, DO_NOT_SEND_COOKIES };
  42
  43   // Creates a certificate error reporter that will send certificate
  44   // error reports to |upload_url|, using |request_context| as the
  45   // context for the reports. |cookies_preference| controls whether
  46   // cookies will be sent along with the reports.
  47   CertificateErrorReporter(net::URLRequestContext* request_context,
  48                            const GURL& upload_url,
  49                            CookiesPreference cookies_preference);
  50
  51   // Allows tests to use a server public key with known private key.
  52   CertificateErrorReporter(net::URLRequestContext* request_context,
  53                            const GURL& upload_url,
  54                            CookiesPreference cookies_preference,
  55                            const uint8 server_public_key[32],
  56                            const uint32 server_public_key_version);
  57
  58   ~CertificateErrorReporter() override;
  59
  60   // Sends a certificate report to the report collection server. The
  61   // |serialized_report| is expected to be a serialized protobuf
  62   // containing information about the hostname, certificate chain, and
  63   // certificate errors encountered when validating the chain.
  64   //
  65   // |SendReport| actually sends the report over the network; callers are
  66   // responsible for enforcing any preconditions (such as obtaining user
  67   // opt-in, only sending reports for certain hostnames, checking for
  68   // incognito mode, etc.).
  69   //
  70   // On some platforms (but not all), CertificateErrorReporter can use
  71   // an HTTP endpoint to send encrypted extended reporting reports. On
  72   // unsupported platforms, callers must send extended reporting reports
  73   // over SSL.
  74   virtual void SendReport(ReportType type,
  75                           const std::string& serialized_report);
  76
  77   // net::URLRequest::Delegate
  78   void OnResponseStarted(net::URLRequest* request) override;
  79   void OnReadCompleted(net::URLRequest* request, int bytes_read) override;
  80
  81   // Callers can use this method to determine if sending reports over
  82   // HTTP is supported.
  83   static bool IsHttpUploadUrlSupported();
  84
  85   // Used by tests.
  86   static bool DecryptCertificateErrorReport(
  87       const uint8 server_private_key[32],
  88       const EncryptedCertLoggerRequest& encrypted_report,
  89       std::string* decrypted_serialized_report);
  90
  91  private:
  92   // Creates a URLRequest with which to send a certificate report to the
  93   // server.
  94   virtual scoped_ptr<net::URLRequest> CreateURLRequest(
  95       net::URLRequestContext* context);
  96
  97   // Sends a serialized report (encrypted or not) to the report
  98   // collection server.
  99   void SendSerializedRequest(const std::string& serialized_request);
 100
 101   // Performs post-report cleanup.
 102   void RequestComplete(net::URLRequest* request);
 103
 104   net::URLRequestContext* const request_context_;
 105   const GURL upload_url_;
 106
 107   // Owns the contained requests.
 108   std::set<net::URLRequest*> inflight_requests_;
 109
 110   CookiesPreference cookies_preference_;
 111
 112   const uint8* server_public_key_;
 113   const uint32 server_public_key_version_;
 114
 115   DISALLOW_COPY_AND_ASSIGN(CertificateErrorReporter);
 116 };
 117
 118 }  // namespace chrome_browser_net
 119
 120 #endif  // CHROME_BROWSER_NET_CERTIFICATE_ERROR_REPORTER_H_