Google Git
Sign in
chromium / chromium / src / 042e060af6b7cb66ac7bca6d3964a72bb18c522a / . / components / security_interstitials / content / cert_logger.proto
blob: 25cb78ae954a88426ee368449496d7d671c5a47f [file] [log] [blame]
// Copyright 2015 The Chromium Authors. All rights reserved.
// Use of this source code is governed by a BSD-style license that can be
// found in the LICENSE file.
//
// This protobuffer is intended to store reports from Chrome users of
// certificate errors. A report will be sent from Chrome when it gets
// e.g. a certificate for google.com that chains up to a root CA not expected by
// Chrome for that origin, such as DigiNotar (compromised in July 2011), or
// other pinning errors such as a blacklisted cert in the chain, or
// (when opted in) other certificate validation errors like an expired
// cert. The report from the user will include the hostname being accessed,
// the full certificate chain (in PEM format), and the
// timestamp of when the client tried to access the site. A response is
// generated by the frontend and logged, including validation and error checking
// done on the client's input data.
//
// This should be kept in sync with the internal Google copy when updated.
// Contact [email protected] if you have questions.
syntax = "proto2";
// Chrome requires this.
option optimize_for = LITE_RUNTIME;
package chrome_browser_ssl;
// Protocol types
message CertLoggerInterstitialInfo {
// The different reasons that an SSL warning interstitial could be shown to
// a user.
enum InterstitialReason {
UNKNOWN_INTERSTITIAL_REASON = 0;
// A standard SSL interstitial.
INTERSTITIAL_SSL = 1;
// An interstitial alerting the user that they are in a captive portal.
INTERSTITIAL_CAPTIVE_PORTAL = 2;
// An interstitial telling the user to update their system clock.
INTERSTITIAL_CLOCK = 3;
// An interstitial telling the user to remove the Superfish software from
// their system.
INTERSTITIAL_SUPERFISH = 4 [deprecated = true];
// An interstitial telling the user to fix misconfigured MITM software.
INTERSTITIAL_MITM_SOFTWARE = 5;
// An interstitial telling the user that their connection is being
// intercepted by a known certificate.
INTERSTITIAL_BLOCKED_INTERCEPTION = 6;
// An interstitial telling the user that the site they are visiting use an
// outdated version of TLS.
INTERSTITIAL_LEGACY_TLS = 7;
}
// The type of interstitial that was shown
optional InterstitialReason interstitial_reason = 1;
// True if the user clicked through to the offending website
optional bool user_proceeded = 2;
// True if the user was shown an option to click through
optional bool overridable = 3;
// The time (in usec since the Windows epoch) when the client created the
// interstitial.
optional int64 interstitial_created_time_usec = 4;
}
// Contains information about features that are enabled/disabled that
// might affect certificate validation.
message CertLoggerFeaturesInfo {
message NetworkTimeQueryingInfo {
// True if the network time querying feature is enabled.
optional bool network_time_queries_enabled = 1;
// The experimental parameter controlling the behavior of network time
// queries (whether they happen on-demand when a certificate date error is
// encountered, in the background, or both).
enum NetworkTimeFetchBehavior {
NETWORK_TIME_FETCHES_UNKNOWN = 0;
NETWORK_TIME_FETCHES_BACKGROUND_ONLY = 1;
NETWORK_TIME_FETCHES_ON_DEMAND_ONLY = 2;
NETWORK_TIME_FETCHES_IN_BACKGROUND_AND_ON_DEMAND = 3;
}
optional NetworkTimeFetchBehavior network_time_query_behavior = 2;
}
optional NetworkTimeQueryingInfo network_time_querying_info = 1;
// Records whether the Android AIA fetching feature is enabled.
//
// This is an enum rather than a boolean as a convenience to
// distinguish reports where fetching is disabled from reports that
// were sent before this field was present. (In other words, if it
// were a boolean, a value of false might mean that fetching was
// disabled, or it might mean that the browser version was older than
// when this field was added.)
enum AndroidAIAFetchingStatus {
ANDROID_AIA_FETCHING_UNKNOWN = 0;
ANDROID_AIA_FETCHING_ENABLED = 1;
ANDROID_AIA_FETCHING_DISABLED = 2;
}
optional AndroidAIAFetchingStatus android_aia_fetching_status = 2;
// Records the results of the dual certificate verification trial, if
// enabled. (See https://crbug.com/649026.)
optional TrialVerificationInfo trial_verification_info = 3;
}
message CertLoggerRequest {
// The hostname being accessed (required as the cert could be valid for
// multiple hosts, e.g. a wildcard or a SubjectAltName.
required string hostname = 1;
// The certificate chain as a series of PEM-encoded certificates, including
// intermediates but not necessarily the root.
required string cert_chain = 2;
// The time (in usec since the Windows epoch) when the client generated the
// report.
required int64 time_usec = 3;
// public_key_hash contains the string forms of the hashes calculated for
// the chain. (I.e. "sha1/<base64 data>".)
repeated string public_key_hash = 4;
// pin contains the string forms of the pins that were matched against for
// this host.
repeated string pin = 5;
enum CertError {
UNKNOWN_CERT_ERROR = 0;
ERR_CERT_REVOKED = 1;
ERR_CERT_INVALID = 2;
ERR_SSL_PINNED_KEY_NOT_IN_CERT_CHAIN = 3;
ERR_CERT_AUTHORITY_INVALID = 4;
ERR_CERT_COMMON_NAME_INVALID = 5;
ERR_CERT_NAME_CONSTRAINT_VIOLATION = 6;
ERR_CERT_WEAK_SIGNATURE_ALGORITHM = 7;
ERR_CERT_WEAK_KEY = 8;
ERR_CERT_DATE_INVALID = 9;
ERR_CERT_VALIDITY_TOO_LONG = 10;
ERR_CERT_UNABLE_TO_CHECK_REVOCATION = 11;
ERR_CERT_NO_REVOCATION_MECHANISM = 12;
ERR_CERT_NON_UNIQUE_NAME = 13;
ERR_CERTIFICATE_TRANSPARENCY_REQUIRED = 14;
ERR_CERT_SYMANTEC_LEGACY = 15;
ERR_CERT_KNOWN_INTERCEPTION_BLOCKED = 16;
};
// Certificate errors encountered (if any) when validating this
// certificate chain.
repeated CertError cert_error = 6;
// Information about the interstitial that was shown to the user for
// this certificate error.
optional CertLoggerInterstitialInfo interstitial_info = 7;
// The unverified certificate chain as received by the client, as a
// series of PEM-encoded certificates. Can be different than
// |cert_chain|, which is the chain the client built during
// verification.
optional string unverified_cert_chain = 8;
// True if the certificate was rooted at a standard CA root ,as opposed to a
// user-installed root, but is only meaningful if the underlying certificate
// validation library built a trusted chain (i.e. the Chrome net stack set the
// error, not the library).
optional bool is_issued_by_known_root = 9;
// Information about features that were enabled or disabled for the
// user that might affect certificate validation.
optional CertLoggerFeaturesInfo features_info = 10;
// False when the report is attempted to be uploaded for the first time. True
// in all other uploads.
optional bool is_retry_upload = 11;
enum ChromeChannel {
CHROME_CHANNEL_NONE = 0;
CHROME_CHANNEL_UNKNOWN = 1;
CHROME_CHANNEL_DEV = 2;
CHROME_CHANNEL_CANARY = 3;
CHROME_CHANNEL_BETA = 4;
CHROME_CHANNEL_STABLE = 5;
};
// The Chrome channel that this error occurred on.
optional ChromeChannel chrome_channel = 12;
// True if the machine is enterprise managed. Currently only available for
// Windows and ChromeOS clients.
optional bool is_enterprise_managed = 13;
enum CertStatus {
UNKNOWN_CERT_STATUS = 0;
STATUS_IS_EV = 1;
STATUS_REV_CHECKING_ENABLED = 2;
STATUS_SHA1_SIGNATURE_PRESENT = 3;
STATUS_CT_COMPLIANCE_FAILED = 4;
STATUS_KNOWN_INTERCEPTION_DETECTED = 5;
}
// The non-error status results of validating the chain.
repeated CertStatus cert_status = 14;
// Chrome version string, e.g. "95.0.4629.0".
optional string chrome_version = 15;
// The OS type that Chrome was compiled for, e.g. "Mac OS X", "Windows", etc.
optional string os_type = 16;
// The OS version Chrome is running on, e.g. "11.5.1".
optional string os_version = 17;
// The hardware name of the system Chrome is running on, e.g. "MacPro6,1".
optional string hardware_model_name = 18;
// The architecture of the OS Chrome is running on, e.g. "x86", "x86_64", etc.
optional string os_architecture = 19;
// The architecture that Chrome was compiled for. May be different than
// |os_architecture|.
optional string process_architecture = 20;
};
message MacCertEvidenceInfo {
// A bitfield indicating various status of the cert, defined in
// cssmapple.h
optional uint32 status_bits = 1;
// CSSM_RETURN status codes for the cert, defined in cssmtype.h, values in
// cssmerr.h and cssmErrorStrings.h.
repeated int32 status_codes = 2;
}
message MacPlatformDebugInfo {
// The SecTrustResultType result from SecTrustEvaluate.
optional uint32 trust_result = 1;
// The OSStatus resultCode from SecTrustGetCssmResultCode.
optional int32 result_code = 2;
// The CSSM_TP_APPLE_EVIDENCE_INFO statusChain from SecTrustGetResult. Each
// entry corresponds to one of the certs in the verified chain (leaf first).
repeated MacCertEvidenceInfo status_chain = 3;
}
message WinPlatformDebugInfo {
// The ThisUpdate of AuthRoot, as reflected in the registry, in usec since
// the Windows epoch.
optional int64 authroot_this_update_time_usec = 1;
// The Sequence Number of AuthRoot, as reflected in the registry.
optional bytes authroot_sequence_number = 2;
}
// Contains the results of verification by the trial verifier. All fields
// have the same meaning as those of the same name in CertLoggerRequest.
message TrialVerificationInfo {
optional string cert_chain = 1;
repeated string public_key_hash = 2;
repeated CertLoggerRequest.CertError cert_error = 3;
optional bool is_issued_by_known_root = 4;
repeated CertLoggerRequest.CertStatus cert_status = 5;
// Configuration flags used when validating a chain, corresponding to
// CertVerifier::VerifyFlags, however the numeric values are NOT equivalent.
enum VerifyFlags {
UNKNOWN_VERIFY_FLAG = 0;
VERIFY_REV_CHECKING_ENABLED = 1;
VERIFY_EV_CERT = 2 [deprecated = true];
VERIFY_CERT_IO_ENABLED = 3 [deprecated = true];
VERIFY_REV_CHECKING_ENABLED_EV_ONLY = 4 [deprecated = true];
VERIFY_REV_CHECKING_REQUIRED_LOCAL_ANCHORS = 5;
VERIFY_ENABLE_SHA1_LOCAL_ANCHORS = 6;
VERIFY_DISABLE_SYMANTEC_ENFORCEMENT = 7;
}
// The VerifyFlags that were used when validating this chain. (Note this
// applies to both the primary and trial verifiers.)
repeated VerifyFlags verify_flags = 6;
enum MacTrustFlags {
UNKNOWN_MAC_TRUST_FLAG = 0;
MAC_TRUST_SETTINGS_ARRAY_EMPTY = 1;
MAC_TRUST_SETTINGS_DICT_EMPTY = 2;
MAC_TRUST_SETTINGS_DICT_UNKNOWN_KEY = 3;
MAC_TRUST_SETTINGS_DICT_CONTAINS_POLICY = 4;
MAC_TRUST_SETTINGS_DICT_INVALID_POLICY_TYPE = 5;
MAC_TRUST_SETTINGS_DICT_CONTAINS_APPLICATION = 6;
MAC_TRUST_SETTINGS_DICT_CONTAINS_POLICY_STRING = 7;
MAC_TRUST_SETTINGS_DICT_CONTAINS_KEY_USAGE = 8;
MAC_TRUST_SETTINGS_DICT_CONTAINS_RESULT = 9;
MAC_TRUST_SETTINGS_DICT_INVALID_RESULT_TYPE = 10;
MAC_TRUST_SETTINGS_DICT_CONTAINS_ALLOWED_ERROR = 11;
MAC_COPY_TRUST_SETTINGS_ERROR = 12;
}
// Debug flags from the trial verifier path building attempt, only populated
// on reports from macOS. Contains the union of flags from all the GetTrust
// calls done during verification.
repeated MacTrustFlags mac_combined_trust_debug_info = 7;
enum MacTrustImplType {
MAC_TRUST_IMPL_UNKNOWN = 0;
MAC_TRUST_IMPL_DOMAIN_CACHE = 1;
MAC_TRUST_IMPL_SIMPLE = 2;
MAC_TRUST_IMPL_MRU_CACHE = 3;
};
optional MacTrustImplType mac_trust_impl = 13;
// The time (in usec since the Windows epoch) when the trial verifier
// attempted to verify the chain.
optional int64 trial_verification_time_usec = 8;
// The GeneralizedTime encoded time when the trial verifier attempted to
// verify the chain.
optional string trial_der_verification_time = 9;
// Debug information from CertVerifyProcMac (if it was the primary verifier).
optional MacPlatformDebugInfo mac_platform_debug_info = 10;
// DER encoded stapled OCSP response, if present.
optional bytes stapled_ocsp = 11;
// DER encoded SignedCertificateTimestampList from the TLS extension, if
// present.
optional bytes sct_list = 12;
// Debug information from CertVerifyProcWin (if it was the primary verifier).
optional WinPlatformDebugInfo win_platform_debug_info = 14;
}