OLD | NEW |
---|---|
(Empty) | |
1 // Copyright 2015 The Chromium Authors. All rights reserved. | |
2 // Use of this source code is governed by a BSD-style license that can be | |
3 // found in the LICENSE file. | |
4 | |
5 #include "components/certificate_transparency/log_proof_fetcher.h" | |
6 | |
7 #include "base/logging.h" | |
8 #include "base/stl_util.h" | |
9 #include "base/strings/string_piece.h" | |
10 #include "base/strings/stringprintf.h" | |
11 #include "base/values.h" | |
12 #include "components/safe_json/safe_json_parser.h" | |
13 #include "net/base/load_flags.h" | |
14 #include "net/base/request_priority.h" | |
15 #include "net/cert/ct_log_response_parser.h" | |
16 #include "net/cert/ct_log_verifier.h" | |
17 #include "net/cert/signed_tree_head.h" | |
18 #include "net/http/http_status_code.h" | |
19 #include "net/url_request/url_request_context.h" | |
20 | |
21 const unsigned long kMaxLogResponseSizeInBytes = 600u; | |
mmenke
2015/07/29 18:51:51
This should be static, or in an anonymous namespac
mmenke
2015/07/29 18:51:51
This should be size_t, to match IOBufferWithSize a
Eran Messeri
2015/07/31 12:55:52
Done.
Eran Messeri
2015/07/31 12:55:52
Done.
| |
22 | |
23 namespace certificate_transparency { | |
24 | |
25 namespace { | |
26 | |
27 // Shamelessly copied from domain_reliability/util.cc | |
28 int GetNetErrorFromURLRequestStatus(const net::URLRequestStatus& status) { | |
29 switch (status.status()) { | |
30 case net::URLRequestStatus::SUCCESS: | |
31 return net::OK; | |
32 case net::URLRequestStatus::CANCELED: | |
33 return net::ERR_ABORTED; | |
34 case net::URLRequestStatus::FAILED: | |
35 return status.error(); | |
36 default: | |
37 NOTREACHED(); | |
38 return net::ERR_FAILED; | |
39 } | |
40 } | |
41 | |
42 } // namespace | |
43 | |
44 struct LogProofFetcher::FetchState { | |
45 FetchState(const std::string& id, | |
46 const SignedTreeHeadFetchedCallback& fetched_callback, | |
47 const FetchFailedCallback& failed_callback); | |
48 ~FetchState(); | |
49 | |
50 std::string log_id; | |
51 SignedTreeHeadFetchedCallback fetched_callback; | |
52 FetchFailedCallback failed_callback; | |
53 scoped_refptr<net::IOBufferWithSize> response_buffer; | |
54 int read_bytes; | |
mmenke
2015/07/29 18:51:51
This member is now serving no purpose, and can be
Eran Messeri
2015/07/31 12:55:52
Done.
| |
55 std::string assembled_response; | |
56 }; | |
57 | |
58 LogProofFetcher::FetchState::FetchState( | |
59 const std::string& id, | |
60 const SignedTreeHeadFetchedCallback& fetched_callback, | |
61 const FetchFailedCallback& failed_callback) | |
62 : log_id(id), | |
63 fetched_callback(fetched_callback), | |
64 failed_callback(failed_callback), | |
65 response_buffer(new net::IOBufferWithSize(kMaxLogResponseSizeInBytes)) {} | |
66 | |
67 LogProofFetcher::FetchState::~FetchState() {} | |
68 | |
69 LogProofFetcher::LogProofFetcher(net::URLRequestContext* request_context) | |
70 : request_context_(request_context), weak_factory_(this) { | |
71 DCHECK(request_context); | |
72 } | |
73 | |
74 LogProofFetcher::~LogProofFetcher() { | |
75 STLDeleteContainerPairPointers(inflight_requests_.begin(), | |
76 inflight_requests_.end()); | |
77 } | |
78 | |
79 void LogProofFetcher::FetchSignedTreeHead( | |
80 const GURL& base_log_url, | |
81 const std::string& log_id, | |
82 const SignedTreeHeadFetchedCallback& fetched_callback, | |
83 const FetchFailedCallback& failed_callback) { | |
mmenke
2015/07/29 18:51:51
Is there some check upstream that base_log_url is
Eran Messeri
2015/07/31 12:55:52
Done - added DCHECK. The log URLs are hard-coded i
| |
84 GURL fetch_url(base_log_url.Resolve("ct/v1/get-sth")); | |
85 scoped_ptr<net::URLRequest> request = CreateURLRequest(fetch_url); | |
86 | |
87 FetchState* fetch_state = | |
88 new FetchState(log_id, fetched_callback, failed_callback); | |
89 request->Start(); | |
90 inflight_requests_.insert(std::make_pair(request.release(), fetch_state)); | |
91 } | |
92 | |
93 void LogProofFetcher::OnResponseStarted(net::URLRequest* request) { | |
mmenke
2015/07/29 18:51:51
I assume we should be following redirects, if any?
Eran Messeri
2015/07/31 12:55:51
Yes - it is allowed for a CT log to redirect.
| |
94 net::URLRequestStatus status(request->status()); | |
95 DCHECK(inflight_requests_.count(request)); | |
96 | |
97 FetchState* fetch_state = inflight_requests_.find(request)->second; | |
98 | |
99 if (!status.is_success() || request->GetResponseCode() != 200) { | |
mmenke
2015/07/29 18:51:51
200 -> net::HTTP_OK? Should be consistent within
Eran Messeri
2015/07/31 12:55:52
Done.
| |
100 int error_value = 0; | |
mmenke
2015/07/29 18:51:50
0 -> net::OK
mmenke
2015/07/29 18:51:50
Suggest calling this net_error here, and in the de
Eran Messeri
2015/07/31 12:55:52
Done.
Eran Messeri
2015/07/31 12:55:52
Done.
| |
101 int http_response_code = request->GetResponseCode(); | |
102 if (!status.is_success()) { | |
103 DVLOG(1) << "Fetching STH from " << request->original_url() | |
104 << " failed. status:" << status.status() | |
105 << " error:" << status.error(); | |
106 error_value = GetNetErrorFromURLRequestStatus(status); | |
107 } else { // request->GetResponseCode != 200 | |
mmenke
2015/07/29 18:51:50
I suggest removing this comment - it's confusing.
Eran Messeri
2015/07/31 12:55:51
Done.
| |
108 DVLOG(1) << "Fetch STH HTTP status: " << http_response_code; | |
109 error_value = net::OK; | |
mmenke
2015/07/29 18:51:50
Remove the error_value = line.
Eran Messeri
2015/07/31 12:55:52
Done, with it goes the entire else clause.
| |
110 } | |
111 | |
112 fetch_state->failed_callback.Run(fetch_state->log_id, error_value, | |
113 http_response_code); | |
114 CleanupRequest(request); | |
115 return; | |
116 } | |
117 | |
118 KickOffARead(request, fetch_state, true); | |
119 } | |
120 | |
121 void LogProofFetcher::OnReadCompleted(net::URLRequest* request, | |
122 int bytes_read) { | |
123 DCHECK(inflight_requests_.count(request)); | |
124 FetchState* fetch_state = inflight_requests_.find(request)->second; | |
125 | |
126 bool another_read = HandleReadResult(request, fetch_state, bytes_read); | |
mmenke
2015/07/29 18:51:51
"continue_reading" seems a bit clearer to me, and
Eran Messeri
2015/07/31 12:55:51
Done.
| |
127 KickOffARead(request, fetch_state, another_read); | |
mmenke
2015/07/29 18:51:50
Having a bool that means "Should I really kick off
Eran Messeri
2015/07/31 12:55:52
Good point, apologies for the clunkiness in the fi
| |
128 } | |
129 | |
130 bool LogProofFetcher::HandleReadResult(net::URLRequest* request, | |
131 FetchState* params, | |
132 const int bytes_read) { | |
mmenke
2015/07/29 18:51:51
Remove const on bytes_read.
Eran Messeri
2015/07/31 12:55:51
Done.
| |
133 // Start by checking for an error condition. | |
134 if (bytes_read == -1 || !request->status().is_success()) { | |
135 net::URLRequestStatus status(request->status()); | |
136 DVLOG(1) << "Read error: " << status.status() << " " << status.error(); | |
137 int error_value = GetNetErrorFromURLRequestStatus(status); | |
mmenke
2015/07/29 18:51:50
again, suggest net_error
Eran Messeri
2015/07/31 12:55:51
Done.
| |
138 params->failed_callback.Run(params->log_id, error_value, 0); | |
139 CleanupRequest(request); | |
140 return false; | |
141 } | |
142 | |
143 // Not an error, but no data available, so wait for OnReadComplete | |
mmenke
2015/07/29 18:51:50
OnReadCompleted
Eran Messeri
2015/07/31 12:55:52
Done.
| |
144 // callback. | |
145 if (request->status().is_io_pending()) { | |
146 return false; | |
147 } | |
mmenke
2015/07/29 18:51:50
optional: Prevailing style in net/ is not to use
Eran Messeri
2015/07/31 12:55:52
Done, removed braces throughout the file where th
| |
148 | |
149 // Nothing more to read from the stream - finish handling the response. | |
150 if (bytes_read == 0) { | |
mmenke
2015/07/29 18:51:51
Optional: May want to handle the complete case la
Eran Messeri
2015/07/31 12:55:51
Unless you strongly object, I'd like to keep it th
| |
151 RequestComplete(request); | |
152 return false; | |
153 } | |
154 | |
155 // We have data, collect it and indicate another read is needed. | |
156 DVLOG(1) << "Have " << bytes_read << " bytes to assemble."; | |
157 DCHECK_GE(bytes_read, 0); | |
158 params->assembled_response.append(params->response_buffer->data(), | |
159 bytes_read); | |
160 // Indicate this fragment was read. | |
161 params->read_bytes = 0; | |
162 return true; | |
163 } | |
164 | |
165 void LogProofFetcher::KickOffARead(net::URLRequest* request, | |
166 FetchState* fetch_state, | |
167 bool should_read) { | |
168 bool continue_reading = should_read; | |
169 while (continue_reading) { | |
mmenke
2015/07/29 18:51:50
Per earlier comment, should remove the should_read
Eran Messeri
2015/07/31 12:55:52
Removed the should_read argument. Don't have a str
| |
170 int read_bytes = 0; | |
171 request->Read(fetch_state->response_buffer.get(), | |
172 fetch_state->response_buffer->size(), &read_bytes); | |
173 continue_reading = HandleReadResult(request, fetch_state, read_bytes); | |
174 } | |
175 } | |
176 | |
177 void LogProofFetcher::RequestComplete(net::URLRequest* request) { | |
178 DCHECK(inflight_requests_.count(request)); | |
179 | |
180 FetchState* params = inflight_requests_.find(request)->second; | |
181 | |
182 // Extract STH json an parse it. | |
183 DCHECK_LT(params->assembled_response.size(), kMaxLogResponseSizeInBytes); | |
mmenke
2015/07/29 18:51:50
BUG: While you're making sure each read is <= (No
Eran Messeri
2015/07/31 12:55:52
Good catch, changed the code to check each time so
| |
184 | |
185 // Explicitly copy the request params as it'll be cleaned up by | |
186 // CleanupRequest later on. | |
187 FetchState request_params = *params; | |
188 // Get rid of the buffer as it really isn't necessary. | |
189 request_params.response_buffer = nullptr; | |
190 safe_json::SafeJsonParser::Parse( | |
191 params->assembled_response, | |
192 base::Bind(&LogProofFetcher::OnSTHJsonParseSuccess, | |
193 weak_factory_.GetWeakPtr(), request_params), | |
194 base::Bind(&LogProofFetcher::OnSTHJsonParseError, | |
195 weak_factory_.GetWeakPtr(), request_params)); | |
mmenke
2015/07/29 18:51:51
You're copying request_params 3 times in this func
Eran Messeri
2015/07/31 12:55:52
One of the copies was redundant and removed, so no
| |
196 | |
197 CleanupRequest(request); | |
198 } | |
199 | |
200 void LogProofFetcher::CleanupRequest(net::URLRequest* request) { | |
201 DVLOG(1) << "Cleaning up request to " << request->original_url(); | |
202 auto it = inflight_requests_.find(request); | |
203 DCHECK(it != inflight_requests_.end()); | |
204 | |
205 // So that the fetch state will be deleted upon exiting. | |
206 scoped_ptr<FetchState> params(it->second); | |
207 // Delete the request, remove from map. | |
208 scoped_ptr<net::URLRequest> url_request(it->first); | |
mmenke
2015/07/29 18:51:50
Suggest just deleting these - I don't think the sc
Eran Messeri
2015/07/31 12:55:52
Done.
| |
209 // Both pointers will be deleted when exiting the method. | |
210 inflight_requests_.erase(it); | |
211 } | |
212 | |
213 scoped_ptr<net::URLRequest> LogProofFetcher::CreateURLRequest( | |
214 const GURL& fetch_sth_url) { | |
215 DCHECK(request_context_); | |
216 | |
217 scoped_ptr<net::URLRequest> request = request_context_->CreateRequest( | |
218 fetch_sth_url, net::DEFAULT_PRIORITY, this); | |
219 request->SetLoadFlags(net::LOAD_DO_NOT_SEND_COOKIES | | |
220 net::LOAD_DO_NOT_SAVE_COOKIES); | |
221 request->set_method("GET"); | |
mmenke
2015/07/29 18:51:51
Not needed. "GET" is the default method.
Eran Messeri
2015/07/31 12:55:52
Done.
| |
222 return request.Pass(); | |
223 } | |
224 | |
225 void LogProofFetcher::OnSTHJsonParseSuccess( | |
226 FetchState fetch_state, | |
227 scoped_ptr<base::Value> parsed_json) { | |
228 net::ct::SignedTreeHead signed_tree_head; | |
229 if (!net::ct::FillSignedTreeHead(*parsed_json.get(), &signed_tree_head)) { | |
230 fetch_state.failed_callback.Run(fetch_state.log_id, | |
231 net::ERR_CT_STH_INCOMPLETE, net::HTTP_OK); | |
232 return; | |
233 } | |
234 | |
235 fetch_state.fetched_callback.Run(fetch_state.log_id, signed_tree_head); | |
236 } | |
237 | |
238 void LogProofFetcher::OnSTHJsonParseError(FetchState params, | |
239 const std::string& error) { | |
240 params.failed_callback.Run(params.log_id, net::ERR_CT_STH_PARSING_FAILED, | |
241 net::HTTP_OK); | |
242 } | |
243 | |
244 } // namespace certificate_transparency | |
OLD | NEW |