OLD | NEW |
---|---|
(Empty) | |
1 // Copyright 2015 The Chromium Authors. All rights reserved. | |
2 // Use of this source code is governed by a BSD-style license that can be | |
3 // found in the LICENSE file. | |
davidben
2015/05/07 21:59:36
Since this already has some significant logic now,
Eran Messeri
2015/07/10 13:15:47
Acknowledged - will add to a later patchset. Any e
| |
4 | |
5 #include "components/certificate_transparency/log_proofs_fetcher.h" | |
6 | |
7 #include "base/base64.h" | |
8 #include "base/json/json_reader.h" | |
9 #include "base/logging.h" | |
10 #include "base/stl_util.h" | |
11 #include "base/strings/string_piece.h" | |
12 #include "base/time/time.h" | |
13 #include "base/values.h" | |
14 #include "net/base/load_flags.h" | |
15 #include "net/base/request_priority.h" | |
16 #include "net/cert/ct_log_verifier.h" | |
17 #include "net/cert/ct_serialization.h" | |
18 #include "net/cert/signed_tree_head.h" | |
19 #include "net/url_request/url_request_context.h" | |
20 | |
21 const int kMaxSTHSize = 600; | |
davidben
2015/05/07 21:59:37
Probably worth a comment. Notably mention that it'
Eran Messeri
2015/07/10 13:15:47
Done.
| |
22 | |
23 namespace certificate_transparency { | |
24 | |
25 LogProofsFetcher::LogProofsFetcher(net::URLRequestContext* request_context) | |
26 : request_context_(request_context) { | |
27 } | |
28 | |
29 LogProofsFetcher::~LogProofsFetcher() { | |
30 STLDeleteContainerPairPointers(inflight_requests_.begin(), | |
31 inflight_requests_.end()); | |
32 } | |
33 | |
34 scoped_ptr<net::URLRequest> LogProofsFetcher::CreateURLRequest( | |
davidben
2015/05/07 21:59:37
Nit: This doesn't match header file order.
Eran Messeri
2015/07/10 13:15:47
Done.
| |
35 GURL fetch_sth_url) { | |
36 scoped_ptr<net::URLRequest> request = request_context_->CreateRequest( | |
37 fetch_sth_url, net::DEFAULT_PRIORITY, this); | |
38 request->SetLoadFlags(net::LOAD_DO_NOT_SEND_COOKIES | | |
39 net::LOAD_DO_NOT_SAVE_COOKIES); | |
40 return request.Pass(); | |
41 } | |
42 | |
43 void LogProofsFetcher::FetchSTH(net::CTLogVerifier* verifier) { | |
44 GURL fetch_url(verifier->url().Resolve("/get-sth")); | |
45 scoped_ptr<net::URLRequest> request = CreateURLRequest(fetch_url); | |
46 request->set_method("GET"); | |
davidben
2015/05/07 21:59:36
Nit: Somewhat strange separation between CreateReq
Eran Messeri
2015/07/10 13:15:48
Fixed, CreateURLRequest now sets the method.
| |
47 | |
48 net::URLRequest* raw_request = request.get(); | |
49 FetchParams* params = new FetchParams(verifier); | |
50 inflight_requests_.insert(std::make_pair(request.release(), params)); | |
51 raw_request->Start(); | |
davidben
2015/05/07 21:59:36
Could also write this perhaps as
auto it = infl
Eran Messeri
2015/07/10 13:15:47
Done.
| |
52 } | |
53 | |
54 void LogProofsFetcher::OnResponseStarted(net::URLRequest* request) { | |
55 const net::URLRequestStatus& status(request->status()); | |
56 VLOG(0) << "Response started for fetch-sth from " << request->original_url(); | |
57 if (!status.is_success()) { | |
58 LOG(WARNING) << "Fetching STH from " << request->original_url() | |
59 << " failed. status:" << status.status() | |
60 << " error:" << status.error(); | |
davidben
2015/05/07 21:59:37
I imagine later we'll surface this up through to s
Eran Messeri
2015/07/10 13:15:47
Correct. Particularly, I'd like DomainReliability
| |
61 RequestCleanup(request); | |
62 } else if (request->GetResponseCode() != 200) { | |
63 LOG(WARNING) << "Fetch STH HTTP status: " << request->GetResponseCode(); | |
64 RequestCleanup(request); | |
65 return; | |
66 } | |
67 | |
68 RequestsMap::iterator it(inflight_requests_.find(request)); | |
69 DCHECK(it != inflight_requests_.end()); | |
70 scoped_refptr<net::IOBufferWithSize> buffer(it->second->sth_buffer); | |
71 VLOG(0) << "Kicking off read."; | |
72 request->Read(buffer.get(), buffer->size(), &(it->second->read_bytes)); | |
davidben
2015/05/07 21:59:36
Nit: I don't think those parens are necessary.
davidben
2015/05/07 21:59:36
[Confirmed with mmenke that ignoring URLRequest::R
Eran Messeri
2015/07/10 13:15:47
Done.
Eran Messeri
2015/07/10 13:15:47
Acknowledged.
| |
73 if (request->status().is_io_pending()) { | |
74 VLOG(0) << "IO Pending: Will wait."; | |
75 return; | |
76 } else { | |
77 VLOG(0) << "Data available: Invoking OnReadComplete."; | |
78 OnReadCompleted(request, it->second->read_bytes); | |
79 } | |
80 } | |
81 | |
82 void LogProofsFetcher::OnReadCompleted(net::URLRequest* request, | |
83 int bytes_read) { | |
davidben
2015/05/07 21:59:37
bytes_read may be -1 on error. You pull the error
Eran Messeri
2015/07/10 13:15:47
Done, is there anything interesting to do with the
| |
84 VLOG(0) << "Read complete, got " << bytes_read << " bytes."; | |
85 RequestComplete(request, bytes_read); | |
davidben
2015/05/07 21:59:37
There's no guarantee that the entire request will
Eran Messeri
2015/07/10 13:15:47
Fixed by creating a CheckReadStatus method to hand
| |
86 } | |
87 | |
88 void LogProofsFetcher::RequestComplete(net::URLRequest* request, | |
89 int bytes_read) { | |
90 RequestsMap::iterator it(inflight_requests_.find(request)); | |
91 DCHECK(it != inflight_requests_.end()); | |
92 if (it->first != request) { | |
93 LOG(WARNING) << "Different requests?!"; | |
davidben
2015/05/07 21:59:37
This can just be a DCHECK, right? If this fails, s
Eran Messeri
2015/07/10 13:15:47
Done.
| |
94 } | |
95 | |
96 FetchParams* params(it->second); | |
davidben
2015/05/07 21:59:36
Nit: This can just use =
Eran Messeri
2015/07/10 13:15:48
Done.
| |
97 VLOG(0) << "Got " << bytes_read << " bytes."; | |
98 | |
99 // Extract STH json an parse it | |
davidben
2015/05/07 21:59:37
Nit: period at the end of comment.
davidben
2015/05/07 21:59:37
I'd DCHECK that bytes_read is within the buffer's
Eran Messeri
2015/07/10 13:15:46
Done.
Eran Messeri
2015/07/10 13:15:47
Done.
| |
100 base::StringPiece json_sth(params->sth_buffer->data(), bytes_read); | |
101 VLOG(0) << "STH data: " << json_sth; | |
102 scoped_ptr<net::ct::SignedTreeHead> sth; | |
103 if (CTLogResponseParser::FillSignedTreeHead(json_sth, sth.get())) { | |
davidben
2015/05/07 21:59:36
This looks like it'll just crash on a null pointer
Eran Messeri
2015/07/10 13:15:47
Fixed.
| |
104 VLOG(0) << "Parsed STH successfully."; | |
105 if (params->verifier->VerifySignedTreeHead(sth.get())) { | |
106 VLOG(0) << "Received valid STH."; | |
107 } else { | |
108 VLOG(0) << "Received invalid STH."; | |
109 } | |
110 } else { | |
111 LOG(ERROR) << "Invalid STH."; | |
davidben
2015/05/07 21:59:37
(I'm assuming this is all to be routed up to somet
Eran Messeri
2015/07/10 13:15:47
It's now passed to a callback.
| |
112 } | |
113 RequestCleanup(request); | |
114 } | |
115 | |
116 void LogProofsFetcher::RequestCleanup(net::URLRequest* request) { | |
117 VLOG(0) << "Cleaning up request to " << request->original_url(); | |
118 RequestsMap::iterator it(inflight_requests_.find(request)); | |
119 DCHECK(it != inflight_requests_.end()); | |
120 | |
121 scoped_ptr<FetchParams> params(it->second); | |
122 // Delete the request, remove from map. | |
123 scoped_ptr<net::URLRequest> url_request(it->first); | |
124 // Both pointers will be deleted when exiting the method. | |
125 VLOG(0) << "Erasing iterator."; | |
126 inflight_requests_.erase(it); | |
127 } | |
128 | |
129 LogProofsFetcher::FetchParams::FetchParams(net::CTLogVerifier* verifier) | |
130 : verifier(verifier), sth_buffer(new net::IOBufferWithSize(kMaxSTHSize)) { | |
131 } | |
132 | |
133 LogProofsFetcher::FetchParams::~FetchParams() { | |
134 } | |
135 | |
136 bool CTLogResponseParser::FillSignedTreeHead(const base::StringPiece& json_sth, | |
137 net::ct::SignedTreeHead* sth) { | |
davidben
2015/05/07 21:59:37
How much do we trust our JSON parser on untrusted
Eran Messeri
2015/07/10 13:15:47
Not a lot, which is why I've switched to the SafeJ
| |
138 base::JSONReader json_reader; | |
139 base::Value* json = json_reader.Read(json_sth); | |
davidben
2015/05/07 21:59:37
This leaks memory. scoped_ptr<base::Value> json(js
Eran Messeri
2015/07/10 13:15:47
Done - irrelevant now.
| |
140 if (json == NULL) { | |
davidben
2015/05/07 21:59:37
nullptr. Or just !json.
Eran Messeri
2015/07/10 13:15:47
Done - irrelevant now.
| |
141 LOG(WARNING) << "Empty JSON."; | |
142 return false; | |
143 } | |
144 | |
davidben
2015/05/07 21:59:37
Comment linking to documentation on the format? [I
Eran Messeri
2015/07/10 13:15:46
Should be in the ct_log_response_parser.
| |
145 const base::DictionaryValue* json_dict; | |
146 if (!json->GetAsDictionary(&json_dict)) { | |
147 LOG(WARNING) << "Json value not a dictionary."; | |
davidben
2015/05/07 21:59:37
Json -> JSON, ditto below
Eran Messeri
2015/07/10 13:15:47
Done - irrelevant.
| |
148 return false; | |
149 } | |
150 | |
151 int tree_size; | |
152 if (!json_dict->GetInteger("tree_size", &tree_size)) { | |
153 LOG(WARNING) << "Json dictionary does not contain tree_size"; | |
154 return false; | |
155 } | |
156 | |
157 double timestamp; | |
158 if (!json_dict->GetDouble("timestamp", ×tamp)) { | |
159 LOG(WARNING) << "Json dictionary does not contain timestamp"; | |
160 return false; | |
161 } | |
162 | |
163 std::string sha256_root_hash; | |
164 if (!json_dict->GetString("sha256_root_hash", &sha256_root_hash)) { | |
165 LOG(WARNING) << "Json dictionary does not contain sha256_root_hash"; | |
166 return false; | |
167 } | |
168 | |
169 std::string tree_head_signature; | |
170 if (!json_dict->GetString("tree_head_signature", &tree_head_signature)) { | |
171 LOG(WARNING) << "Json dictionary does not contain tree_head_signature"; | |
172 return false; | |
173 } | |
174 | |
175 std::string decoded_root_hash; | |
176 if (!base::Base64Decode(sha256_root_hash, &decoded_root_hash)) { | |
177 LOG(WARNING) << "Failed decoding sha256_root_hash"; | |
178 return false; | |
179 } | |
180 | |
181 if (decoded_root_hash.length() != net::ct::kSthRootHashLength) { | |
182 LOG(WARNING) << "sha256_root_hash must be exactly 32 bit."; | |
davidben
2015/05/07 21:59:36
bit -> bits
Eran Messeri
2015/07/10 13:15:47
N/A.
| |
183 return false; | |
184 } | |
185 | |
186 std::string decoded_signature; | |
187 if (!base::Base64Decode(tree_head_signature, &decoded_signature)) { | |
davidben
2015/05/07 21:59:37
[Incidentally, RFC 6962 fails to mention that this
Eran Messeri
2015/07/10 13:15:48
Filed http://trac.tools.ietf.org/wg/trans/trac/tic
| |
188 LOG(WARNING) << "Failed decoding tree_head_signature"; | |
189 return false; | |
190 } | |
191 | |
192 base::StringPiece sp(decoded_signature); | |
193 if (!DecodeDigitallySigned(&sp, &(sth->signature))) { | |
davidben
2015/05/07 21:59:36
parens after & unnecessary.
davidben
2015/05/07 21:59:37
This should check sp.empty() afterwards, or you'll
Eran Messeri
2015/07/10 13:15:47
Good point, will do in a separate CL (since the co
Eran Messeri
2015/07/10 13:15:47
Done.
| |
194 LOG(WARNING) << "Failed decoding signature to DigitallySigned"; | |
195 return false; | |
196 } | |
197 | |
198 sth->version = net::ct::SignedTreeHead::V1; | |
199 sth->tree_size = tree_size; | |
200 sth->timestamp = | |
201 base::Time::UnixEpoch() + base::TimeDelta::FromMilliseconds(timestamp); | |
202 memcpy(sth->sha256_root_hash, decoded_root_hash.c_str(), | |
davidben
2015/05/07 21:59:36
Nit: I would c_str -> data. It's totally meaningle
Eran Messeri
2015/07/10 13:15:47
Done - N/A anymore.
| |
203 net::ct::kSthRootHashLength); | |
204 return true; | |
205 } | |
206 | |
207 } // namespace certificate_transparency | |
OLD | NEW |