chrome/browser/ssl/ssl_error_assistant.h - chromium/src - Git at Google

 // Copyright 2017 The Chromium Authors. All rights reserved.
 // Use of this source code is governed by a BSD-style license that can be
 // found in the LICENSE file.

 #ifndef CHROME_BROWSER_SSL_SSL_ERROR_ASSISTANT_H_
 #define CHROME_BROWSER_SSL_SSL_ERROR_ASSISTANT_H_

 #include <string>
 #include <unordered_set>
 #include <vector>

 #include "base/optional.h"
 #include "chrome/browser/ssl/ssl_error_assistant.pb.h"
 #include "net/ssl/ssl_info.h"
 #include "url/gurl.h"

 namespace net {
 class SSLInfo;
 }

 // Struct which stores data about a known MITM software pulled from the
 // SSLErrorAssistant proto.
 struct MITMSoftwareType {
   MITMSoftwareType(const std::string& name,
                    const std::string& issuer_common_name_regex,
                    const std::string& issuer_organization_regex);

   const std::string name;
   const std::string issuer_common_name_regex;
   const std::string issuer_organization_regex;
 };

 // Struct which stores data about a dynamic interstitial pulled from the
 // SSLErrorAssistant proto.
 struct DynamicInterstitialInfo {
   DynamicInterstitialInfo(
       const std::unordered_set<std::string>& spki_hashes,
       const std::string& issuer_common_name_regex,
       const std::string& issuer_organization_regex,
       const std::string& mitm_software_name,
       chrome_browser_ssl::DynamicInterstitial::InterstitialPageType
           interstitial_type,
       int cert_error,
       const GURL& support_url,
       bool show_only_for_nonoverridable_errors);

   DynamicInterstitialInfo(const DynamicInterstitialInfo& other);

   ~DynamicInterstitialInfo();

   const std::unordered_set<std::string> spki_hashes;
   const std::string issuer_common_name_regex;
   const std::string issuer_organization_regex;
   const std::string mitm_software_name;
   const chrome_browser_ssl::DynamicInterstitial::InterstitialPageType
       interstitial_type;
   const int cert_error;
   const GURL support_url;
   bool show_only_for_nonoverridable_errors;
 };

 // Helper class for SSLErrorHandler. This class is responsible for reading in
 // the ssl_error_assistant protobuf and parsing through the data.
 class SSLErrorAssistant {
  public:
   SSLErrorAssistant();

   ~SSLErrorAssistant();

   // Returns true if any of the SHA256 hashes in |ssl_info| is of a captive
   // portal certificate. The set of captive portal hashes is loaded on first
   // use.
   bool IsKnownCaptivePortalCertificate(const net::SSLInfo& ssl_info);

   // Returns the name of a known MITM software provider that matches the
   // certificate passed in as the |cert| parameter. Returns empty string if
   // there is no match.
   const std::string MatchKnownMITMSoftware(
       const scoped_refptr<net::X509Certificate>& cert);

   // Returns a DynamicInterstitialInfo from |dynamic_interstitial_list_| that
   // matches with |ssl_info|. If there is no match, returns null. Loads
   // |dynamic_interstitial_list_| on the first use.
   base::Optional<DynamicInterstitialInfo> MatchDynamicInterstitial(
       const net::SSLInfo& ssl_info,
       bool is_overridable = false);

   void SetErrorAssistantProto(
       std::unique_ptr<chrome_browser_ssl::SSLErrorAssistantConfig> proto);

   // Returns the SSL error assistant config stored in the resource bundle. This
   // function is thread-safe and can safely be called multiple times.
   static std::unique_ptr<chrome_browser_ssl::SSLErrorAssistantConfig>
   GetErrorAssistantProtoFromResourceBundle();

   // Testing methods:
   void ResetForTesting();
   int GetErrorAssistantProtoVersionIdForTesting() const;

  private:
   void EnsureInitialized();

   // SPKI hashes belonging to certs treated as captive portals. Null until the
   // first time ShouldDisplayCaptiveProtalInterstitial() or
   // SetErrorAssistantProto() is called.
   std::unique_ptr<std::unordered_set<std::string>> captive_portal_spki_hashes_;

   // Data about a known MITM software pulled from the SSLErrorAssistant proto.
   // Null until MatchKnownMITMSoftware() is called.
   std::unique_ptr<std::vector<MITMSoftwareType>> mitm_software_list_;

   // Dynamic interstitial data pulled from the SSLErrorAssistant proto. Null
   // until MatchDynamicInterstitial() is called.
   std::unique_ptr<std::vector<DynamicInterstitialInfo>>
       dynamic_interstitial_list_;

   // Error assistant configuration.
   std::unique_ptr<chrome_browser_ssl::SSLErrorAssistantConfig>
       error_assistant_proto_;

   DISALLOW_COPY_AND_ASSIGN(SSLErrorAssistant);
 };

 #endif  // CHROME_BROWSER_SSL_SSL_ERROR_ASSISTANT_H_
	// Copyright 2017 The Chromium Authors. All rights reserved.
	// Use of this source code is governed by a BSD-style license that can be
	// found in the LICENSE file.

	#ifndef CHROME_BROWSER_SSL_SSL_ERROR_ASSISTANT_H_
	#define CHROME_BROWSER_SSL_SSL_ERROR_ASSISTANT_H_

	#include <string>
	#include <unordered_set>
	#include <vector>

	#include "base/optional.h"
	#include "chrome/browser/ssl/ssl_error_assistant.pb.h"
	#include "net/ssl/ssl_info.h"
	#include "url/gurl.h"

	namespace net {
	class SSLInfo;
	}

	// Struct which stores data about a known MITM software pulled from the
	// SSLErrorAssistant proto.
	struct MITMSoftwareType {
	MITMSoftwareType(const std::string& name,
	const std::string& issuer_common_name_regex,
	const std::string& issuer_organization_regex);

	const std::string name;
	const std::string issuer_common_name_regex;
	const std::string issuer_organization_regex;
	};

	// Struct which stores data about a dynamic interstitial pulled from the
	// SSLErrorAssistant proto.
	struct DynamicInterstitialInfo {
	DynamicInterstitialInfo(
	const std::unordered_set<std::string>& spki_hashes,
	const std::string& issuer_common_name_regex,
	const std::string& issuer_organization_regex,
	const std::string& mitm_software_name,
	chrome_browser_ssl::DynamicInterstitial::InterstitialPageType
	interstitial_type,
	int cert_error,
	const GURL& support_url,
	bool show_only_for_nonoverridable_errors);

	DynamicInterstitialInfo(const DynamicInterstitialInfo& other);

	~DynamicInterstitialInfo();

	const std::unordered_set<std::string> spki_hashes;
	const std::string issuer_common_name_regex;
	const std::string issuer_organization_regex;
	const std::string mitm_software_name;
	const chrome_browser_ssl::DynamicInterstitial::InterstitialPageType
	interstitial_type;
	const int cert_error;
	const GURL support_url;
	bool show_only_for_nonoverridable_errors;
	};

	// Helper class for SSLErrorHandler. This class is responsible for reading in
	// the ssl_error_assistant protobuf and parsing through the data.
	class SSLErrorAssistant {
	public:
	SSLErrorAssistant();

	~SSLErrorAssistant();

	// Returns true if any of the SHA256 hashes in \|ssl_info\| is of a captive
	// portal certificate. The set of captive portal hashes is loaded on first
	// use.
	bool IsKnownCaptivePortalCertificate(const net::SSLInfo& ssl_info);

	// Returns the name of a known MITM software provider that matches the
	// certificate passed in as the \|cert\| parameter. Returns empty string if
	// there is no match.
	const std::string MatchKnownMITMSoftware(
	const scoped_refptr<net::X509Certificate>& cert);

	// Returns a DynamicInterstitialInfo from \|dynamic_interstitial_list_\| that
	// matches with \|ssl_info\|. If there is no match, returns null. Loads
	// \|dynamic_interstitial_list_\| on the first use.
	base::Optional<DynamicInterstitialInfo> MatchDynamicInterstitial(
	const net::SSLInfo& ssl_info,
	bool is_overridable = false);

	void SetErrorAssistantProto(
	std::unique_ptr<chrome_browser_ssl::SSLErrorAssistantConfig> proto);

	// Returns the SSL error assistant config stored in the resource bundle. This
	// function is thread-safe and can safely be called multiple times.
	static std::unique_ptr<chrome_browser_ssl::SSLErrorAssistantConfig>
	GetErrorAssistantProtoFromResourceBundle();

	// Testing methods:
	void ResetForTesting();
	int GetErrorAssistantProtoVersionIdForTesting() const;

	private:
	void EnsureInitialized();

	// SPKI hashes belonging to certs treated as captive portals. Null until the
	// first time ShouldDisplayCaptiveProtalInterstitial() or
	// SetErrorAssistantProto() is called.
	std::unique_ptr<std::unordered_set<std::string>> captive_portal_spki_hashes_;

	// Data about a known MITM software pulled from the SSLErrorAssistant proto.
	// Null until MatchKnownMITMSoftware() is called.
	std::unique_ptr<std::vector<MITMSoftwareType>> mitm_software_list_;

	// Dynamic interstitial data pulled from the SSLErrorAssistant proto. Null
	// until MatchDynamicInterstitial() is called.
	std::unique_ptr<std::vector<DynamicInterstitialInfo>>
	dynamic_interstitial_list_;

	// Error assistant configuration.
	std::unique_ptr<chrome_browser_ssl::SSLErrorAssistantConfig>
	error_assistant_proto_;

	DISALLOW_COPY_AND_ASSIGN(SSLErrorAssistant);
	};

	#endif // CHROME_BROWSER_SSL_SSL_ERROR_ASSISTANT_H_