chrome/browser/ssl/certificate_error_report.cc

   1 // Copyright 2015 The Chromium Authors. All rights reserved.
   2 // Use of this source code is governed by a BSD-style license that can be
   3 // found in the LICENSE file.
   4
   5 #include "chrome/browser/ssl/certificate_error_report.h"
   6
   7 #include <vector>
   8
   9 #include "base/stl_util.h"
  10 #include "base/strings/string_util.h"
  11 #include "base/time/time.h"
  12 #include "chrome/browser/ssl/cert_logger.pb.h"
  13 #include "net/cert/cert_status_flags.h"
  14 #include "net/cert/x509_certificate.h"
  15 #include "net/ssl/ssl_info.h"
  16
  17 namespace {
  18
  19 void AddCertStatusToReportErrors(net::CertStatus cert_status,
  20                                  CertLoggerRequest* report) {
  21   if (cert_status & net::CERT_STATUS_REVOKED)
  22     report->add_cert_error(CertLoggerRequest::ERR_CERT_REVOKED);
  23   if (cert_status & net::CERT_STATUS_INVALID)
  24     report->add_cert_error(CertLoggerRequest::ERR_CERT_INVALID);
  25   if (cert_status & net::CERT_STATUS_PINNED_KEY_MISSING)
  26     report->add_cert_error(
  27         CertLoggerRequest::ERR_SSL_PINNED_KEY_NOT_IN_CERT_CHAIN);
  28   if (cert_status & net::CERT_STATUS_AUTHORITY_INVALID)
  29     report->add_cert_error(CertLoggerRequest::ERR_CERT_AUTHORITY_INVALID);
  30   if (cert_status & net::CERT_STATUS_COMMON_NAME_INVALID)
  31     report->add_cert_error(CertLoggerRequest::ERR_CERT_COMMON_NAME_INVALID);
  32   if (cert_status & net::CERT_STATUS_NON_UNIQUE_NAME)
  33     report->add_cert_error(CertLoggerRequest::ERR_CERT_NON_UNIQUE_NAME);
  34   if (cert_status & net::CERT_STATUS_NAME_CONSTRAINT_VIOLATION)
  35     report->add_cert_error(
  36         CertLoggerRequest::ERR_CERT_NAME_CONSTRAINT_VIOLATION);
  37   if (cert_status & net::CERT_STATUS_WEAK_SIGNATURE_ALGORITHM)
  38     report->add_cert_error(
  39         CertLoggerRequest::ERR_CERT_WEAK_SIGNATURE_ALGORITHM);
  40   if (cert_status & net::CERT_STATUS_WEAK_KEY)
  41     report->add_cert_error(CertLoggerRequest::ERR_CERT_WEAK_KEY);
  42   if (cert_status & net::CERT_STATUS_DATE_INVALID)
  43     report->add_cert_error(CertLoggerRequest::ERR_CERT_DATE_INVALID);
  44   if (cert_status & net::CERT_STATUS_VALIDITY_TOO_LONG)
  45     report->add_cert_error(CertLoggerRequest::ERR_CERT_VALIDITY_TOO_LONG);
  46   if (cert_status & net::CERT_STATUS_UNABLE_TO_CHECK_REVOCATION)
  47     report->add_cert_error(
  48         CertLoggerRequest::ERR_CERT_UNABLE_TO_CHECK_REVOCATION);
  49   if (cert_status & net::CERT_STATUS_NO_REVOCATION_MECHANISM)
  50     report->add_cert_error(CertLoggerRequest::ERR_CERT_NO_REVOCATION_MECHANISM);
  51 }
  52
  53 bool CertificateChainToString(scoped_refptr<net::X509Certificate> cert,
  54                               std::string* result) {
  55   std::vector<std::string> pem_encoded_chain;
  56   if (!cert->GetPEMEncodedChain(&pem_encoded_chain))
  57     return false;
  58
  59   *result = base::JoinString(pem_encoded_chain, base::StringPiece());
  60   return true;
  61 }
  62
  63 }  // namespace
  64
  65 CertificateErrorReport::CertificateErrorReport()
  66     : cert_report_(new CertLoggerRequest()) {
  67 }
  68
  69 CertificateErrorReport::CertificateErrorReport(const std::string& hostname,
  70                                                const net::SSLInfo& ssl_info)
  71     : cert_report_(new CertLoggerRequest()) {
  72   base::Time now = base::Time::Now();
  73   cert_report_->set_time_usec(now.ToInternalValue());
  74   cert_report_->set_hostname(hostname);
  75
  76   if (!CertificateChainToString(ssl_info.cert,
  77                                 cert_report_->mutable_cert_chain())) {
  78     LOG(ERROR) << "Could not get PEM encoded chain.";
  79   }
  80
  81   if (ssl_info.unverified_cert &&
  82       !CertificateChainToString(
  83           ssl_info.unverified_cert,
  84           cert_report_->mutable_unverified_cert_chain())) {
  85     LOG(ERROR) << "Could not get PEM encoded unverified certificate chain.";
  86   }
  87
  88   cert_report_->add_pin(ssl_info.pinning_failure_log);
  89
  90   AddCertStatusToReportErrors(ssl_info.cert_status, cert_report_.get());
  91 }
  92
  93 CertificateErrorReport::~CertificateErrorReport() {
  94 }
  95
  96 bool CertificateErrorReport::InitializeFromString(
  97     const std::string& serialized_report) {
  98   return cert_report_->ParseFromString(serialized_report);
  99 }
 100
 101 bool CertificateErrorReport::Serialize(std::string* output) const {
 102   return cert_report_->SerializeToString(output);
 103 }
 104
 105 void CertificateErrorReport::SetInterstitialInfo(
 106     const InterstitialReason& interstitial_reason,
 107     const ProceedDecision& proceed_decision,
 108     const Overridable& overridable) {
 109   CertLoggerInterstitialInfo* interstitial_info =
 110       cert_report_->mutable_interstitial_info();
 111
 112   switch (interstitial_reason) {
 113     case INTERSTITIAL_SSL:
 114       interstitial_info->set_interstitial_reason(
 115           CertLoggerInterstitialInfo::INTERSTITIAL_SSL);
 116       break;
 117     case INTERSTITIAL_CAPTIVE_PORTAL:
 118       interstitial_info->set_interstitial_reason(
 119           CertLoggerInterstitialInfo::INTERSTITIAL_CAPTIVE_PORTAL);
 120       break;
 121     case INTERSTITIAL_CLOCK:
 122       interstitial_info->set_interstitial_reason(
 123           CertLoggerInterstitialInfo::INTERSTITIAL_CLOCK);
 124       break;
 125   }
 126
 127   interstitial_info->set_user_proceeded(proceed_decision == USER_PROCEEDED);
 128   interstitial_info->set_overridable(overridable == INTERSTITIAL_OVERRIDABLE);
 129 }
 130
 131 const std::string& CertificateErrorReport::hostname() const {
 132   return cert_report_->hostname();
 133 }