chrome/browser/ssl/ssl_error_assistant.proto - chromium/src - Git at Google

 // Copyright 2016 The Chromium Authors. All rights reserved.
 // Use of this source code is governed by a BSD-style license that can be
 // found in the LICENSE file.

 syntax = "proto2";

 option optimize_for = LITE_RUNTIME;

 package chrome_browser_ssl;

 message CaptivePortalCert {
   // Sha256 hash of the certificate's public key. The fingerprint is prefixed
   // with "sha256/" and encoded in base64 (same format as
   // src/net/http/transport_security_state_static.pins)
   // Example: sha256/AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA=
   //
   // NOTE: Only leaf certs must be added here.
   optional string sha256_hash = 1;
 }

 // The MITMSoftware list is used to match potential MITM software certificates.
 // The certificate issuer common name and organization names are matched against
 // the |issuer_common_name_pattern| and |issuer_organization_pattern| fields.
 message MITMSoftware {
   // Human readable name of the MITM software to display on the interstitial.
   optional string name = 1;

   // Regex pattern that matches the  issuer common name on this MITM software's
   // certificates. Chrome doesn't use common name field for certificate
   // validation anymore, but it's still useful for identifying MITM software.
   optional string issuer_common_name_regex = 2;

   // Regex pattern that matches the issuer organization on this MITM software's
   // certificates.
   optional string issuer_organization_regex = 3;
 }

 // Unlike MITMSoftware and CaptivePortalCert, DynamicInterstitial is used to
 // trigger a number of different interstitials based on a number of different
 // characteristics.
 // TODO(spqchan): Deprecate MITMSoftware and CaptivePortalCert and use
 // DynamicInterstitial in their place.
 // TODO(spqchan): Add additional fields for process list, registry key
 // keywords, etc.
 message DynamicInterstitial {
   // Enum class used to represent the interstitial page that would be displayed
   // for a dynamic interstitial.
   enum InterstitialPageType {
     INTERSTITIAL_PAGE_NONE = 0;
     // A standard SSL interstitial page.
     INTERSTITIAL_PAGE_SSL = 1;
     // An interstitial page alerting the user that they are in a captive portal.
     INTERSTITIAL_PAGE_CAPTIVE_PORTAL = 2;
     // An interstitial page telling the user to fix misconfigured MITM software.
     INTERSTITIAL_PAGE_MITM_SOFTWARE = 3;
   }

   // Maps to CertStatus flags (See cert_status_flags_list.h).
   enum CertError {
     // Special value. If |cert_error| is set to this value, then anything that
     // matches with the other fields will be treated as a match, regardless of
     // |cert_error|.
     UNKNOWN_CERT_ERROR = 0;
     ERR_CERT_REVOKED = 1;
     ERR_CERT_INVALID = 2;
     ERR_SSL_PINNED_KEY_NOT_IN_CERT_CHAIN = 3;
     ERR_CERT_AUTHORITY_INVALID = 4;
     ERR_CERT_COMMON_NAME_INVALID = 5;
     ERR_CERT_NAME_CONSTRAINT_VIOLATION = 6;
     ERR_CERT_WEAK_SIGNATURE_ALGORITHM = 7;
     ERR_CERT_WEAK_KEY = 8;
     ERR_CERT_DATE_INVALID = 9;
     ERR_CERT_VALIDITY_TOO_LONG = 10;
     ERR_CERT_UNABLE_TO_CHECK_REVOCATION = 11;
     ERR_CERT_NO_REVOCATION_MECHANISM = 12;
     ERR_CERT_NON_UNIQUE_NAME = 13;
     ERR_CERTIFICATE_TRANSPARENCY_REQUIRED = 14;
     ERR_CERT_SYMANTEC_LEGACY = 15;
   };

   // Sha256 hashes of the certificate's public key. If this field is not
   // empty, then at least one of certificate in the certificate chain must
   // match with a hash in order for the dynamic interstitial to be treated as a
   // match. Otherwise, this field will be ignored.
   repeated string sha256_hash = 1;

   // If nonempty, the issuer common name of the leaf certificate must match
   // this regex for the dynamic interstitial to match.
   optional string issuer_common_name_regex = 2;

   // If nonempty, the issuer organization name of the leaf certificate must
   // match this regex for the dynamic interstitial to match.
   optional string issuer_organization_regex = 3;

   // If |interstitial_type| is INTERSTITIAL_PAGE_MITM_SOFTWARE, this
   // human-readable name will be displayed on the interstitial.
   optional string mitm_software_name = 4;

   // If the SSL error's cert status contains |cert_error|, then it can be
   // matched with this dynamic interstitial.
   optional CertError cert_error = 5;

   // The type of interstitial that should be shown. This value is associated
   // with the DynamicInterstitialPageType enum.
   optional InterstitialPageType interstitial_type = 6;

   // The support URL that will be displayed on the interstitial.
   optional string support_url = 7;

   // If true, dynamic interstitials will be displayed only for non-overridable
   // errors.
   optional bool show_only_for_nonoverridable_errors = 8;
 }

 message SSLErrorAssistantConfig {
   optional uint32 version_id = 1;
   repeated CaptivePortalCert captive_portal_cert = 2;
   repeated MITMSoftware mitm_software = 3;
   repeated DynamicInterstitial dynamic_interstitial = 4;
 }
	// Copyright 2016 The Chromium Authors. All rights reserved.
	// Use of this source code is governed by a BSD-style license that can be
	// found in the LICENSE file.

	syntax = "proto2";

	option optimize_for = LITE_RUNTIME;

	package chrome_browser_ssl;

	message CaptivePortalCert {
	// Sha256 hash of the certificate's public key. The fingerprint is prefixed
	// with "sha256/" and encoded in base64 (same format as
	// src/net/http/transport_security_state_static.pins)
	// Example: sha256/AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA=
	//
	// NOTE: Only leaf certs must be added here.
	optional string sha256_hash = 1;
	}

	// The MITMSoftware list is used to match potential MITM software certificates.
	// The certificate issuer common name and organization names are matched against
	// the \|issuer_common_name_pattern\| and \|issuer_organization_pattern\| fields.
	message MITMSoftware {
	// Human readable name of the MITM software to display on the interstitial.
	optional string name = 1;

	// Regex pattern that matches the issuer common name on this MITM software's
	// certificates. Chrome doesn't use common name field for certificate
	// validation anymore, but it's still useful for identifying MITM software.
	optional string issuer_common_name_regex = 2;

	// Regex pattern that matches the issuer organization on this MITM software's
	// certificates.
	optional string issuer_organization_regex = 3;
	}

	// Unlike MITMSoftware and CaptivePortalCert, DynamicInterstitial is used to
	// trigger a number of different interstitials based on a number of different
	// characteristics.
	// TODO(spqchan): Deprecate MITMSoftware and CaptivePortalCert and use
	// DynamicInterstitial in their place.
	// TODO(spqchan): Add additional fields for process list, registry key
	// keywords, etc.
	message DynamicInterstitial {
	// Enum class used to represent the interstitial page that would be displayed
	// for a dynamic interstitial.
	enum InterstitialPageType {
	INTERSTITIAL_PAGE_NONE = 0;
	// A standard SSL interstitial page.
	INTERSTITIAL_PAGE_SSL = 1;
	// An interstitial page alerting the user that they are in a captive portal.
	INTERSTITIAL_PAGE_CAPTIVE_PORTAL = 2;
	// An interstitial page telling the user to fix misconfigured MITM software.
	INTERSTITIAL_PAGE_MITM_SOFTWARE = 3;
	}

	// Maps to CertStatus flags (See cert_status_flags_list.h).
	enum CertError {
	// Special value. If \|cert_error\| is set to this value, then anything that
	// matches with the other fields will be treated as a match, regardless of
	// \|cert_error\|.
	UNKNOWN_CERT_ERROR = 0;
	ERR_CERT_REVOKED = 1;
	ERR_CERT_INVALID = 2;
	ERR_SSL_PINNED_KEY_NOT_IN_CERT_CHAIN = 3;
	ERR_CERT_AUTHORITY_INVALID = 4;
	ERR_CERT_COMMON_NAME_INVALID = 5;
	ERR_CERT_NAME_CONSTRAINT_VIOLATION = 6;
	ERR_CERT_WEAK_SIGNATURE_ALGORITHM = 7;
	ERR_CERT_WEAK_KEY = 8;
	ERR_CERT_DATE_INVALID = 9;
	ERR_CERT_VALIDITY_TOO_LONG = 10;
	ERR_CERT_UNABLE_TO_CHECK_REVOCATION = 11;
	ERR_CERT_NO_REVOCATION_MECHANISM = 12;
	ERR_CERT_NON_UNIQUE_NAME = 13;
	ERR_CERTIFICATE_TRANSPARENCY_REQUIRED = 14;
	ERR_CERT_SYMANTEC_LEGACY = 15;
	};

	// Sha256 hashes of the certificate's public key. If this field is not
	// empty, then at least one of certificate in the certificate chain must
	// match with a hash in order for the dynamic interstitial to be treated as a
	// match. Otherwise, this field will be ignored.
	repeated string sha256_hash = 1;

	// If nonempty, the issuer common name of the leaf certificate must match
	// this regex for the dynamic interstitial to match.
	optional string issuer_common_name_regex = 2;

	// If nonempty, the issuer organization name of the leaf certificate must
	// match this regex for the dynamic interstitial to match.
	optional string issuer_organization_regex = 3;

	// If \|interstitial_type\| is INTERSTITIAL_PAGE_MITM_SOFTWARE, this
	// human-readable name will be displayed on the interstitial.
	optional string mitm_software_name = 4;

	// If the SSL error's cert status contains \|cert_error\|, then it can be
	// matched with this dynamic interstitial.
	optional CertError cert_error = 5;

	// The type of interstitial that should be shown. This value is associated
	// with the DynamicInterstitialPageType enum.
	optional InterstitialPageType interstitial_type = 6;

	// The support URL that will be displayed on the interstitial.
	optional string support_url = 7;

	// If true, dynamic interstitials will be displayed only for non-overridable
	// errors.
	optional bool show_only_for_nonoverridable_errors = 8;
	}

	message SSLErrorAssistantConfig {
	optional uint32 version_id = 1;
	repeated CaptivePortalCert captive_portal_cert = 2;
	repeated MITMSoftware mitm_software = 3;
	repeated DynamicInterstitial dynamic_interstitial = 4;
	}