Chromium Code Reviews Chromium Code Reviews
Issue 1100003006:
Certificate Transparency: Fetching of Signed Tree Heads (DRAFT) (Closed)
Base URL: https://chromium.googlesource.com/chromium/src.git@master| Index: components/certificate_transparency/log_proof_fetcher.cc |
| diff --git a/components/certificate_transparency/log_proof_fetcher.cc b/components/certificate_transparency/log_proof_fetcher.cc |
| new file mode 100644 |
| index 0000000000000000000000000000000000000000..9e70f1414fd1b2e29ce1e45fc1af4dacb3a5b119 |
| --- /dev/null |
| +++ b/components/certificate_transparency/log_proof_fetcher.cc |
| @@ -0,0 +1,185 @@ |
| +// Copyright 2015 The Chromium Authors. All rights reserved. |
| +// Use of this source code is governed by a BSD-style license that can be |
| +// found in the LICENSE file. |
| + |
| +#include "components/certificate_transparency/log_proof_fetcher.h" |
| + |
| +#include "base/logging.h" |
| +#include "base/stl_util.h" |
| +#include "base/strings/string_piece.h" |
| +#include "base/values.h" |
| +#include "components/certificate_transparency/log_response_parser.h" |
| +#include "components/safe_json_parser/safe_json_parser.h" |
| +#include "net/base/load_flags.h" |
| +#include "net/base/request_priority.h" |
| +#include "net/cert/ct_log_verifier.h" |
| +#include "net/cert/signed_tree_head.h" |
| +#include "net/url_request/url_request_context.h" |
| + |
| +const int kMaxSTHSizeInBytes = 600; |
| + |
| +namespace certificate_transparency { |
| + |
| +struct LogProofFetcher::FetchParams { |
| + explicit FetchParams(const std::string& id, FetchSTHCallback callback); |
| + ~FetchParams(); |
| + |
| + std::string log_id; |
| + FetchSTHCallback fetched_callback; |
| + scoped_refptr<net::IOBufferWithSize> sth_buffer; |
| + int read_bytes; |
| +}; |
| + |
| +LogProofFetcher::LogProofFetcher(net::URLRequestContext* request_context) |
| + : request_context_(request_context), weak_factory_(this) { |
| + DCHECK(request_context); |
| +} |
| + |
| +LogProofFetcher::~LogProofFetcher() { |
| + for (auto it = inflight_requests_.begin(); it != inflight_requests_.end(); |
|
Ryan Sleevi
2015/06/29 11:58:13
const auto& ||
for (inflight_request : inflight_r
|
| + ++it) |
| + it->first->Cancel(); |
| + STLDeleteContainerPairPointers(inflight_requests_.begin(), |
| + inflight_requests_.end()); |
| +} |
| + |
| +scoped_ptr<net::URLRequest> LogProofFetcher::CreateURLRequest( |
| + const GURL& fetch_sth_url) { |
| + DCHECK(request_context_); |
| + |
| + scoped_ptr<net::URLRequest> request = request_context_->CreateRequest( |
| + fetch_sth_url, net::DEFAULT_PRIORITY, this); |
| + request->SetLoadFlags(net::LOAD_DO_NOT_SEND_COOKIES | |
|
Ryan Sleevi
2015/06/29 11:58:13
TBD: Whether or not we should send AUTH_DATA or an
|
| + net::LOAD_DO_NOT_SAVE_COOKIES); |
| + return request.Pass(); |
| +} |
| + |
| +void LogProofFetcher::FetchSTH(const GURL& log_url, |
| + const std::string& log_id, |
| + FetchSTHCallback fetched_cb) { |
| + GURL fetch_url(log_url.Resolve("ct/v1/get-sth")); |
| + VLOG(1) << "About to fetch STH from " << fetch_url; |
| + scoped_ptr<net::URLRequest> request = CreateURLRequest(fetch_url); |
| + |
| + request->set_method("GET"); |
| + |
| + net::URLRequest* raw_request = request.get(); |
| + FetchParams* params = new FetchParams(log_id, fetched_cb); |
| + inflight_requests_.insert(std::make_pair(request.release(), params)); |
| + raw_request->Start(); |
| +} |
| + |
| +void LogProofFetcher::OnResponseStarted(net::URLRequest* request) { |
| + const net::URLRequestStatus& status(request->status()); |
| + VLOG(1) << "Response started for fetch-sth from " << request->original_url(); |
| + if (!status.is_success()) { |
| + LOG(WARNING) << "Fetching STH from " << request->original_url() |
| + << " failed. status:" << status.status() |
| + << " error:" << status.error(); |
| + CleanupRequest(request); |
| + } else if (request->GetResponseCode() != 200) { |
| + LOG(WARNING) << "Fetch STH HTTP status: " << request->GetResponseCode(); |
| + CleanupRequest(request); |
| + return; |
| + } |
| + |
| + auto it(inflight_requests_.find(request)); |
| + DCHECK(it != inflight_requests_.end()); |
| + scoped_refptr<net::IOBufferWithSize> buffer(it->second->sth_buffer); |
| + VLOG(1) << "Kicking off read."; |
| + request->Read(buffer.get(), buffer->size(), &(it->second->read_bytes)); |
| + if (request->status().is_io_pending()) { |
| + VLOG(1) << "IO Pending: Will wait."; |
| + return; |
| + } else { |
| + VLOG(1) << "Data available: Invoking OnReadComplete."; |
| + OnReadCompleted(request, it->second->read_bytes); |
| + } |
| +} |
| + |
| +void LogProofFetcher::OnReadCompleted(net::URLRequest* request, |
| + int bytes_read) { |
| + VLOG(1) << "Read complete, got " << bytes_read << " bytes."; |
| + RequestComplete(request, bytes_read); |
| +} |
| + |
| +void LogProofFetcher::RequestComplete(net::URLRequest* request, |
| + int bytes_read) { |
| + auto it(inflight_requests_.find(request)); |
| + DCHECK(it != inflight_requests_.end()); |
| + if (it->first != request) { |
| + NOTREACHED(); |
| + return; |
| + } |
| + |
| + FetchParams* params(it->second); |
| + VLOG(1) << "Got " << bytes_read << " bytes."; |
| + |
| + // Extract STH json an parse it |
| + std::string json_sth(params->sth_buffer->data(), bytes_read); |
| + VLOG(1) << "STH data: " << json_sth; |
| + |
| + FetchParams request_params(*params); |
| + // Get rid of the buffer as it really isn't necessary. |
| + request_params.sth_buffer = nullptr; |
| + scoped_refptr<safe_json_parser::SafeJsonParser> parser = |
|
Ryan Sleevi
2015/06/29 11:58:13
nit: s/parser = /parser(/
|
| + new safe_json_parser::SafeJsonParser( |
| + json_sth, |
| + base::Bind(&LogProofFetcher::OnSTHJsonParseSuccess, |
| + weak_factory_.GetWeakPtr(), |
| + request_params), |
| + base::Bind(&LogProofFetcher::OnSTHJsonParseError, |
| + weak_factory_.GetWeakPtr(), |
| + request_params)); |
| + // The parser will call us back via one of the callbacks. |
| + parser->Start(); |
| + |
| + CleanupRequest(request); |
| +} |
| + |
| +void LogProofFetcher::CleanupRequest(net::URLRequest* request) { |
| + VLOG(1) << "Cleaning up request to " << request->original_url(); |
| + auto it(inflight_requests_.find(request)); |
| + DCHECK(it != inflight_requests_.end()); |
| + |
| + scoped_ptr<FetchParams> params(it->second); |
| + // Delete the request, remove from map. |
| + scoped_ptr<net::URLRequest> url_request(it->first); |
| + // Both pointers will be deleted when exiting the method. |
| + VLOG(1) << "Erasing iterator."; |
| + inflight_requests_.erase(it); |
| +} |
| + |
| + |
| +void LogProofFetcher::OnSTHJsonParseSuccess( |
| + FetchParams params, |
| + scoped_ptr<base::Value> parsed_json) { |
| + VLOG(1) << "Successfully parsed STH JSON."; |
| + net::ct::SignedTreeHead sth; |
| + if (!CTLogResponseParser::FillSignedTreeHead(parsed_json.Pass(), &sth)) { |
| + LOG(ERROR) << "Invalid STH."; |
| + return; |
| + } |
| + |
| + VLOG(1) << "Parsed STH successfully."; |
| + params.fetched_callback.Run(params.log_id, sth); |
| + VLOG(1) << "Invoked callback."; |
| +} |
| + |
| +void LogProofFetcher::OnSTHJsonParseError( |
| + FetchParams params, |
| + const std::string& error) { |
| + VLOG(1) << "Parsing of STH JSON failed."; |
| +} |
| + |
| +LogProofFetcher::FetchParams::FetchParams(const std::string& id, |
| + FetchSTHCallback callback) |
| + : log_id(id), |
| + fetched_callback(callback), |
| + sth_buffer(new net::IOBufferWithSize(kMaxSTHSizeInBytes)) { |
| +} |
| + |
| +LogProofFetcher::FetchParams::~FetchParams() { |
| +} |
| + |
| +} // namespace certificate_transparency |
