Added net_log logging statments for CertVerifyResult

R=rsleevi@chromium.org,wtc@chromium.org

Review URL: https://codereview.chromium.org/303133006

git-svn-id: svn://svn.chromium.org/chrome/trunk/src@274456 0039d316-1c4b-4281-b951-d872f2087c98

net/base/net_log_event_type_list.h

@@ -1881,12 +1881,51 @@ EVENT_TYPE(CHROME_POLICY_ABORTED_REQUEST)
 EVENT_TYPE(CERT_VERIFIER_REQUEST)
 
 // This event is created when we start a CertVerifier job.
+// The BEGIN phase event parameters are:
+// {
+//   "certificates": <A list of PEM encoded certificates, the first one
+//                    being the certificate to verify and the remaining
+//                    being intermediate certificates to assist path
+//                    building. Only present when byte logging is enabled.>
+// }
+//
 // The END phase event parameters are:
 //   {
-//     "certificates": <A list of PEM encoded certificates, the first one
-//                      being the certificate to verify and the remaining
-//                      being intermediate certificates to assist path
-//                      building. Only present when byte logging is enabled.>
+//     "cert_status": <Bitmask of CERT_STATUS_*
+//                     from net/base/cert_status_flags.h>
+//     "common_name_fallback_used": <True if a fallback to the common name
+//                                   was used when matching the host
+//                                   name, rather than using the
+//                                   subjectAltName.>
+//     "has_md2": <True if a certificate in the certificate chain is signed with
+//                 a MD2 signature.>
+//     "has_md4": <True if a certificate in the certificate chain is signed with
+//                 a MD4 signature.>
+//     "has_md5": <True if a certificate in the certificate chain is signed with
+//                 a MD5 signature.>
+//     "is_issued_by_additional_trust_anchor": <True if the root CA used for
+//                                              this verification came from the
+//                                              list of additional trust
+//                                              anchors.>
+//     "is_issued_by_known_root": <True if we recognise the root CA as a
+//                                 standard root.  If it isn't then it's
+//                                 probably the case that this certificate
+//                                 was generated by a MITM proxy whose root
+//                                 has been installed locally. This is
+//                                 meaningless if the certificate was not
+//                                 trusted.>
+//     "public_key_hashes": <If the certificate was successfully verified then
+//                           this contains the hashes, in several hash
+//                           algorithms, of the SubjectPublicKeyInfos of the
+//                           chain.>
+//     "verified_cert": <The certificate chain that was constructed
+//                       during verification. Note that though the verified
+//                       certificate will match the originally supplied
+//                       certificate, the intermediate certificates stored
+//                       within may be substantially different. In the event
+//                       of a verification failure, this will contain the
+//                       chain as supplied by the server. This may be NULL
+//                       if running within the sandbox.>
 //   }
 EVENT_TYPE(CERT_VERIFIER_JOB)
 

net/cert/multi_threaded_cert_verifier.cc

@@ -15,6 +15,8 @@
 #include "base/synchronization/lock.h"
 #include "base/threading/worker_pool.h"
 #include "base/time/time.h"
+#include "base/values.h"
+#include "net/base/hash_value.h"
 #include "net/base/net_errors.h"
 #include "net/base/net_log.h"
 #include "net/cert/cert_trust_anchor_provider.h"
@@ -78,6 +80,35 @@ const unsigned kMaxCacheEntries = 256;
 // The number of seconds for which we'll cache a cache entry.
 const unsigned kTTLSecs = 1800;  // 30 minutes.
 
+base::Value* CertVerifyResultCallback(const CertVerifyResult& verify_result,
+                                      NetLog::LogLevel log_level) {
+  base::DictionaryValue* results = new base::DictionaryValue();
+  results->SetBoolean("has_md5", verify_result.has_md5);
+  results->SetBoolean("has_md2", verify_result.has_md2);
+  results->SetBoolean("has_md4", verify_result.has_md4);
+  results->SetBoolean("is_issued_by_known_root",
+                      verify_result.is_issued_by_known_root);
+  results->SetBoolean("is_issued_by_additional_trust_anchor",
+                      verify_result.is_issued_by_additional_trust_anchor);
+  results->SetBoolean("common_name_fallback_used",
+                      verify_result.common_name_fallback_used);
+  results->SetInteger("cert_status", verify_result.cert_status);
+  results->Set(
+      "verified_cert",
+      NetLogX509CertificateCallback(verify_result.verified_cert, log_level));
+
+  base::ListValue* hashes = new base::ListValue();
+  for (std::vector<HashValue>::const_iterator it =
+           verify_result.public_key_hashes.begin();
+       it != verify_result.public_key_hashes.end();
+       ++it) {
+    hashes->AppendString(it->ToString());
+  }
+  results->Set("public_key_hashes", hashes);
+
+  return results;
+}
+
 }  // namespace
 
 MultiThreadedCertVerifier::CachedResult::CachedResult() : error(ERR_FAILED) {}
@@ -351,7 +382,9 @@ class CertVerifierJob {
       const MultiThreadedCertVerifier::CachedResult& verify_result,
       bool is_first_job) {
     worker_ = NULL;
-    net_log_.EndEvent(NetLog::TYPE_CERT_VERIFIER_JOB);
+    net_log_.EndEvent(
+        NetLog::TYPE_CERT_VERIFIER_JOB,
+        base::Bind(&CertVerifyResultCallback, verify_result.result));
     base::TimeDelta latency = base::TimeTicks::Now() - start_time_;
     UMA_HISTOGRAM_CUSTOM_TIMES("Net.CertVerifier_Job_Latency",
                                latency,
@@ -583,3 +616,4 @@ void MultiThreadedCertVerifier::OnCACertChanged(
 }
 
 }  // namespace net
+