| // Copyright 2016 The Chromium Authors. All rights reserved. |
| // Use of this source code is governed by a BSD-style license that can be |
| // found in the LICENSE file. |
| |
| syntax = "proto2"; |
| |
| option optimize_for = LITE_RUNTIME; |
| |
| package chrome_browser_ssl; |
| |
| message CaptivePortalCert { |
| // Sha256 hash of the certificate's public key. The fingerprint is prefixed |
| // with "sha256/" and encoded in base64 (same format as |
| // src/net/http/transport_security_state_static.pins) |
| // Example: sha256/AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA= |
| // |
| // NOTE: Only leaf certs must be added here. |
| optional string sha256_hash = 1; |
| } |
| |
| // The MITMSoftware list is used to match potential MITM software certificates. |
| // The certificate issuer common name and organization names are matched against |
| // the |issuer_common_name_pattern| and |issuer_organization_pattern| fields. |
| message MITMSoftware { |
| // Human readable name of the MITM software to display on the interstitial. |
| optional string name = 1; |
| |
| // Regex pattern that matches the issuer common name on this MITM software's |
| // certificates. Chrome doesn't use common name field for certificate |
| // validation anymore, but it's still useful for identifying MITM software. |
| optional string issuer_common_name_regex = 2; |
| |
| // Regex pattern that matches the issuer organization on this MITM software's |
| // certificates. |
| optional string issuer_organization_regex = 3; |
| } |
| |
| // Unlike MITMSoftware and CaptivePortalCert, DynamicInterstitial is used to |
| // trigger a number of different interstitials based on a number of different |
| // characteristics. |
| // TODO(spqchan): Deprecate MITMSoftware and CaptivePortalCert and use |
| // DynamicInterstitial in their place. |
| // TODO(spqchan): Add additional fields for process list, registry key |
| // keywords, etc. |
| message DynamicInterstitial { |
| // Enum class used to represent the interstitial page that would be displayed |
| // for a dynamic interstitial. |
| enum InterstitialPageType { |
| INTERSTITIAL_PAGE_NONE = 0; |
| // A standard SSL interstitial page. |
| INTERSTITIAL_PAGE_SSL = 1; |
| // An interstitial page alerting the user that they are in a captive portal. |
| INTERSTITIAL_PAGE_CAPTIVE_PORTAL = 2; |
| // An interstitial page telling the user to fix misconfigured MITM software. |
| INTERSTITIAL_PAGE_MITM_SOFTWARE = 3; |
| } |
| |
| // Maps to CertStatus flags (See cert_status_flags_list.h). |
| enum CertError { |
| // Special value. If |cert_error| is set to this value, then anything that |
| // matches with the other fields will be treated as a match, regardless of |
| // |cert_error|. |
| UNKNOWN_CERT_ERROR = 0; |
| ERR_CERT_REVOKED = 1; |
| ERR_CERT_INVALID = 2; |
| ERR_SSL_PINNED_KEY_NOT_IN_CERT_CHAIN = 3; |
| ERR_CERT_AUTHORITY_INVALID = 4; |
| ERR_CERT_COMMON_NAME_INVALID = 5; |
| ERR_CERT_NAME_CONSTRAINT_VIOLATION = 6; |
| ERR_CERT_WEAK_SIGNATURE_ALGORITHM = 7; |
| ERR_CERT_WEAK_KEY = 8; |
| ERR_CERT_DATE_INVALID = 9; |
| ERR_CERT_VALIDITY_TOO_LONG = 10; |
| ERR_CERT_UNABLE_TO_CHECK_REVOCATION = 11; |
| ERR_CERT_NO_REVOCATION_MECHANISM = 12; |
| ERR_CERT_NON_UNIQUE_NAME = 13; |
| ERR_CERTIFICATE_TRANSPARENCY_REQUIRED = 14; |
| ERR_CERT_SYMANTEC_LEGACY = 15; |
| }; |
| |
| // Sha256 hashes of the certificate's public key. If this field is not |
| // empty, then at least one of certificate in the certificate chain must |
| // match with a hash in order for the dynamic interstitial to be treated as a |
| // match. Otherwise, this field will be ignored. |
| repeated string sha256_hash = 1; |
| |
| // If nonempty, the issuer common name of the leaf certificate must match |
| // this regex for the dynamic interstitial to match. |
| optional string issuer_common_name_regex = 2; |
| |
| // If nonempty, the issuer organization name of the leaf certificate must |
| // match this regex for the dynamic interstitial to match. |
| optional string issuer_organization_regex = 3; |
| |
| // If |interstitial_type| is INTERSTITIAL_PAGE_MITM_SOFTWARE, this |
| // human-readable name will be displayed on the interstitial. |
| optional string mitm_software_name = 4; |
| |
| // If the SSL error's cert status contains |cert_error|, then it can be |
| // matched with this dynamic interstitial. |
| optional CertError cert_error = 5; |
| |
| // The type of interstitial that should be shown. This value is associated |
| // with the DynamicInterstitialPageType enum. |
| optional InterstitialPageType interstitial_type = 6; |
| |
| // The support URL that will be displayed on the interstitial. |
| optional string support_url = 7; |
| |
| // If true, dynamic interstitials will be displayed only for non-overridable |
| // errors. |
| optional bool show_only_for_nonoverridable_errors = 8; |
| } |
| |
| message SSLErrorAssistantConfig { |
| optional uint32 version_id = 1; |
| repeated CaptivePortalCert captive_portal_cert = 2; |
| repeated MITMSoftware mitm_software = 3; |
| repeated DynamicInterstitial dynamic_interstitial = 4; |
| } |