// Copyright (c) 2011 The Chromium Authors. All rights reserved.
// Use of this source code is governed by a BSD-style license that can be
// found in the LICENSE file.
//
// This protobuffer is intended to store reports from Chrome users of
// certificate pinning errors. A report will be sent from Chrome when it gets
// e.g. a certificate for google.com that chains up to a root CA not expected by
// Chrome for that origin, such as DigiNotar (compromised in July 2011), or
// other pinning errors such as a blacklisted cert in the chain. The
// report from the user will include the hostname being accessed, 
// the full certificate chain (in PEM format), and the
// timestamp of when the client tried to access the site. A response is
// generated by the frontend and logged, including validation and error checking
// done on the client's input data.


syntax = "proto2";

package chrome_browser_net;

// Chrome requires this.
option optimize_for = LITE_RUNTIME;

// Protocol types
message CertLoggerRequest {
  // The hostname being accessed (required as the cert could be valid for
  // multiple hosts, e.g. a wildcard or a SubjectAltName.
  required string hostname = 1;
  // The certificate chain as a series of PEM-encoded certificates, including
  // intermediates but not necessarily the root.
  required string cert_chain = 2;
  // The time (in usec since the epoch) when the client attempted to access the
  // site generating the pinning error.
  required int64 time_usec = 3;
};

// The response sent back to the user.
message CertLoggerResponse {
  enum ResponseCode {
    OK = 1;
    MALFORMED_CERT_DATA = 2;
    HOST_CERT_DONT_MATCH = 3;
    ROOT_NOT_RECOGNIZED = 4;
    ROOT_NOT_UNEXPECTED = 5;
    OTHER_ERROR = 6;
  };
  required ResponseCode response = 1;
};