File: ssl_error_assistant.proto

package info (click to toggle)
chromium 139.0.7258.127-1
  • links: PTS, VCS
  • area: main
  • in suites:
  • size: 6,122,068 kB
  • sloc: cpp: 35,100,771; ansic: 7,163,530; javascript: 4,103,002; python: 1,436,920; asm: 946,517; xml: 746,709; pascal: 187,653; perl: 88,691; sh: 88,436; objc: 79,953; sql: 51,488; cs: 44,583; fortran: 24,137; makefile: 22,147; tcl: 15,277; php: 13,980; yacc: 8,984; ruby: 7,485; awk: 3,720; lisp: 3,096; lex: 1,327; ada: 727; jsp: 228; sed: 36
file content (121 lines) | stat: -rw-r--r-- 4,883 bytes parent folder | download | duplicates (5) 
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
 
// Copyright 2016 The Chromium Authors
// Use of this source code is governed by a BSD-style license that can be
// found in the LICENSE file.

syntax = "proto2";

option optimize_for = LITE_RUNTIME;

package chrome_browser_ssl;

message CaptivePortalCert {
  // Sha256 hash of the certificate's public key. The fingerprint is prefixed
  // with "sha256/" and encoded in base64 (same format as
  // src/net/http/transport_security_state_static.pins)
  // Example: sha256/AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA=
  //
  // NOTE: Only leaf certs must be added here.
  optional string sha256_hash = 1;
}

// The MITMSoftware list is used to match potential MITM software certificates.
// The certificate issuer common name and organization names are matched against
// the |issuer_common_name_pattern| and |issuer_organization_pattern| fields.
message MITMSoftware {
  // Human readable name of the MITM software to display on the interstitial.
  optional string name = 1;

  // Regex pattern that matches the  issuer common name on this MITM software's
  // certificates. Chrome doesn't use common name field for certificate
  // validation anymore, but it's still useful for identifying MITM software.
  optional string issuer_common_name_regex = 2;

  // Regex pattern that matches the issuer organization on this MITM software's
  // certificates.
  optional string issuer_organization_regex = 3;
}

// Unlike MITMSoftware and CaptivePortalCert, DynamicInterstitial is used to
// trigger a number of different interstitials based on a number of different
// characteristics.
// TODO(spqchan): Deprecate MITMSoftware and CaptivePortalCert and use
// DynamicInterstitial in their place.
// TODO(spqchan): Add additional fields for process list, registry key
// keywords, etc.
message DynamicInterstitial {
  // Enum class used to represent the interstitial page that would be displayed
  // for a dynamic interstitial.
  enum InterstitialPageType {
    INTERSTITIAL_PAGE_NONE = 0;
    // A standard SSL interstitial page.
    INTERSTITIAL_PAGE_SSL = 1;
    // An interstitial page alerting the user that they are in a captive portal.
    INTERSTITIAL_PAGE_CAPTIVE_PORTAL = 2;
    // An interstitial page telling the user to fix misconfigured MITM software.
    INTERSTITIAL_PAGE_MITM_SOFTWARE = 3;
  }

  // Maps to CertStatus flags (See cert_status_flags_list.h).
  enum CertError {
    // Special value. If |cert_error| is set to this value, then anything that
    // matches with the other fields will be treated as a match, regardless of
    // |cert_error|.
    UNKNOWN_CERT_ERROR = 0;
    ERR_CERT_REVOKED = 1;
    ERR_CERT_INVALID = 2;
    ERR_SSL_PINNED_KEY_NOT_IN_CERT_CHAIN = 3;
    ERR_CERT_AUTHORITY_INVALID = 4;
    ERR_CERT_COMMON_NAME_INVALID = 5;
    ERR_CERT_NAME_CONSTRAINT_VIOLATION = 6;
    ERR_CERT_WEAK_SIGNATURE_ALGORITHM = 7;
    ERR_CERT_WEAK_KEY = 8;
    ERR_CERT_DATE_INVALID = 9;
    ERR_CERT_VALIDITY_TOO_LONG = 10;
    ERR_CERT_UNABLE_TO_CHECK_REVOCATION = 11;
    ERR_CERT_NO_REVOCATION_MECHANISM = 12;
    ERR_CERT_NON_UNIQUE_NAME = 13;
    ERR_CERTIFICATE_TRANSPARENCY_REQUIRED = 14;
    // ERR_CERT_SYMANTEC_LEGACY = 15;
    ERR_CERT_KNOWN_INTERCEPTION_BLOCKED = 16;
  };

  // Sha256 hashes of the certificate's public key. If this field is not
  // empty, then at least one of certificate in the certificate chain must
  // match with a hash in order for the dynamic interstitial to be treated as a
  // match. Otherwise, this field will be ignored.
  repeated string sha256_hash = 1;

  // If nonempty, the issuer common name of the leaf certificate must match
  // this regex for the dynamic interstitial to match.
  optional string issuer_common_name_regex = 2;

  // If nonempty, the issuer organization name of the leaf certificate must
  // match this regex for the dynamic interstitial to match.
  optional string issuer_organization_regex = 3;

  // If |interstitial_type| is INTERSTITIAL_PAGE_MITM_SOFTWARE, this
  // human-readable name will be displayed on the interstitial.
  optional string mitm_software_name = 4;

  // If the SSL error's cert status contains |cert_error|, then it can be
  // matched with this dynamic interstitial.
  optional CertError cert_error = 5;

  // The type of interstitial that should be shown. This value is associated
  // with the DynamicInterstitialPageType enum.
  optional InterstitialPageType interstitial_type = 6;

  // The support URL that will be displayed on the interstitial.
  optional string support_url = 7;

  // If true, dynamic interstitials will be displayed only for non-overridable
  // errors.
  optional bool show_only_for_nonoverridable_errors = 8;
}

message SSLErrorAssistantConfig {
  optional uint32 version_id = 1;
  repeated CaptivePortalCert captive_portal_cert = 2;
  repeated MITMSoftware mitm_software = 3;
  repeated DynamicInterstitial dynamic_interstitial = 4;
}