OLD | NEW |
---|---|
(Empty) | |
1 // Copyright 2015 The Chromium Authors. All rights reserved. | |
2 // Use of this source code is governed by a BSD-style license that can be | |
3 // found in the LICENSE file. | |
4 | |
5 #include "components/certificate_transparency/log_proof_fetcher.h" | |
6 | |
7 #include <iterator> | |
8 #include <utility> | |
9 | |
10 #include "base/logging.h" | |
11 #include "base/memory/ref_counted.h" | |
12 #include "base/stl_util.h" | |
13 #include "base/strings/string_piece.h" | |
14 #include "base/strings/stringprintf.h" | |
15 #include "base/values.h" | |
16 #include "components/safe_json/safe_json_parser.h" | |
17 #include "net/base/load_flags.h" | |
18 #include "net/base/net_errors.h" | |
19 #include "net/base/request_priority.h" | |
20 #include "net/cert/ct_log_response_parser.h" | |
21 #include "net/cert/ct_log_verifier.h" | |
22 #include "net/cert/signed_tree_head.h" | |
23 #include "net/http/http_status_code.h" | |
24 #include "net/url_request/url_request_context.h" | |
25 #include "url/gurl.h" | |
26 | |
27 static const size_t kMaxLogResponseSizeInBytes = 600; | |
28 | |
29 namespace certificate_transparency { | |
30 | |
31 namespace { | |
32 | |
33 // Shamelessly copied from domain_reliability/util.cc | |
34 int GetNetErrorFromURLRequestStatus(const net::URLRequestStatus& status) { | |
35 switch (status.status()) { | |
36 case net::URLRequestStatus::SUCCESS: | |
37 return net::OK; | |
38 case net::URLRequestStatus::CANCELED: | |
39 return net::ERR_ABORTED; | |
40 case net::URLRequestStatus::FAILED: | |
41 return status.error(); | |
42 default: | |
43 NOTREACHED(); | |
44 return net::ERR_FAILED; | |
45 } | |
46 } | |
47 | |
48 } // namespace | |
49 | |
50 LogProofFetcher::FetchState::FetchState( | |
51 const std::string& id, | |
52 const SignedTreeHeadFetchedCallback& fetched_callback, | |
53 const FetchFailedCallback& failed_callback) | |
54 : log_id(id), | |
55 fetched_callback(fetched_callback), | |
56 failed_callback(failed_callback), | |
57 response_buffer(new net::IOBufferWithSize(kMaxLogResponseSizeInBytes)) {} | |
58 | |
59 LogProofFetcher::FetchState::~FetchState() {} | |
60 | |
61 LogProofFetcher::LogProofFetcher(net::URLRequestContext* request_context) | |
62 : request_context_(request_context), weak_factory_(this) { | |
63 DCHECK(request_context); | |
64 } | |
65 | |
66 LogProofFetcher::~LogProofFetcher() { | |
67 STLDeleteContainerPairPointers(inflight_requests_.begin(), | |
68 inflight_requests_.end()); | |
69 } | |
70 | |
71 void LogProofFetcher::FetchSignedTreeHead( | |
72 const GURL& base_log_url, | |
73 const std::string& log_id, | |
74 const SignedTreeHeadFetchedCallback& fetched_callback, | |
75 const FetchFailedCallback& failed_callback) { | |
76 DCHECK(base_log_url.SchemeIsHTTPOrHTTPS()); | |
77 GURL fetch_url(base_log_url.Resolve("ct/v1/get-sth")); | |
78 scoped_ptr<net::URLRequest> request = CreateURLRequest(fetch_url); | |
79 | |
80 FetchState* fetch_state = | |
81 new FetchState(log_id, fetched_callback, failed_callback); | |
82 request->Start(); | |
83 inflight_requests_.insert(std::make_pair(request.release(), fetch_state)); | |
84 } | |
85 | |
86 void LogProofFetcher::OnResponseStarted(net::URLRequest* request) { | |
87 net::URLRequestStatus status(request->status()); | |
88 DCHECK(inflight_requests_.count(request)); | |
89 | |
90 FetchState* fetch_state = inflight_requests_.find(request)->second; | |
91 | |
92 if (!status.is_success() || request->GetResponseCode() != net::HTTP_OK) { | |
93 int net_error = net::OK; | |
94 int http_response_code = request->GetResponseCode(); | |
95 | |
96 DVLOG(1) << "Fetching STH from " << request->original_url() | |
97 << " failed. status:" << status.status() | |
98 << " error:" << status.error() | |
99 << " http response code: " << http_response_code; | |
100 if (!status.is_success()) | |
101 net_error = GetNetErrorFromURLRequestStatus(status); | |
102 | |
103 fetch_state->failed_callback.Run(fetch_state->log_id, net_error, | |
104 http_response_code); | |
105 CleanupRequest(request); | |
106 return; | |
107 } | |
108 | |
109 StartNextRead(request, fetch_state); | |
110 } | |
111 | |
112 void LogProofFetcher::OnReadCompleted(net::URLRequest* request, | |
113 int bytes_read) { | |
114 DCHECK(inflight_requests_.count(request)); | |
115 FetchState* fetch_state = inflight_requests_.find(request)->second; | |
116 | |
117 if (HandleReadResult(request, fetch_state, bytes_read)) | |
118 StartNextRead(request, fetch_state); | |
119 } | |
120 | |
121 bool LogProofFetcher::HandleReadResult(net::URLRequest* request, | |
122 FetchState* fetch_state, | |
123 int bytes_read) { | |
124 // Start by checking for an error condition. | |
125 // If there are errors, invoke the failure callback and clean up the | |
126 // request. | |
127 if (bytes_read == -1 || !request->status().is_success()) { | |
128 net::URLRequestStatus status(request->status()); | |
129 DVLOG(1) << "Read error: " << status.status() << " " << status.error(); | |
130 int net_error = GetNetErrorFromURLRequestStatus(status); | |
131 fetch_state->failed_callback.Run(fetch_state->log_id, net_error, 0); | |
132 CleanupRequest(request); | |
133 return false; | |
134 } | |
135 | |
136 // Not an error, but no data available, so wait for OnReadCompleted | |
137 // callback. | |
138 if (request->status().is_io_pending()) | |
139 return false; | |
140 | |
141 // Nothing more to read from the stream - finish handling the response. | |
142 if (bytes_read == 0) { | |
143 RequestComplete(request); | |
144 return false; | |
145 } | |
146 | |
147 // We have data, collect it and indicate another read is needed. | |
148 DVLOG(1) << "Have " << bytes_read << " bytes to assemble."; | |
149 DCHECK_GE(bytes_read, 0); | |
150 fetch_state->assembled_response.append(fetch_state->response_buffer->data(), | |
151 bytes_read); | |
152 if (fetch_state->assembled_response.size() > kMaxLogResponseSizeInBytes) { | |
153 // Log response is too big, invoke the failure callback. | |
154 fetch_state->failed_callback.Run(fetch_state->log_id, net::ERR_FILE_TOO_BIG, | |
155 net::HTTP_OK); | |
156 CleanupRequest(request); | |
157 return false; | |
158 } | |
159 | |
160 return true; | |
161 } | |
162 | |
163 void LogProofFetcher::StartNextRead(net::URLRequest* request, | |
164 FetchState* fetch_state) { | |
165 bool continue_reading = true; | |
166 while (continue_reading) { | |
167 int read_bytes = 0; | |
168 request->Read(fetch_state->response_buffer.get(), | |
169 fetch_state->response_buffer->size(), &read_bytes); | |
170 continue_reading = HandleReadResult(request, fetch_state, read_bytes); | |
171 } | |
172 } | |
173 | |
174 void LogProofFetcher::RequestComplete(net::URLRequest* request) { | |
175 DCHECK(inflight_requests_.count(request)); | |
176 | |
177 FetchState* fetch_state = inflight_requests_.find(request)->second; | |
178 | |
179 // Get rid of the buffer as it really isn't necessary. | |
180 fetch_state->response_buffer = nullptr; | |
181 // Move the assembled_response to a separate string as well and clear | |
182 // it so copying the FetchState is cheaper. | |
183 std::string assembled_response = std::move(fetch_state->assembled_response); | |
184 fetch_state->assembled_response.clear(); | |
185 safe_json::SafeJsonParser::Parse( | |
186 assembled_response, base::Bind(&LogProofFetcher::OnSTHJsonParseSuccess, | |
187 weak_factory_.GetWeakPtr(), *fetch_state), | |
188 base::Bind(&LogProofFetcher::OnSTHJsonParseError, | |
189 weak_factory_.GetWeakPtr(), *fetch_state)); | |
190 | |
191 CleanupRequest(request); | |
mmenke
2015/07/31 15:40:25
Suggestion: Pass in the request to LogProofFetche
Eran Messeri
2015/08/03 12:53:01
Done.
| |
192 } | |
193 | |
194 void LogProofFetcher::CleanupRequest(net::URLRequest* request) { | |
195 DVLOG(1) << "Cleaning up request to " << request->original_url(); | |
196 auto it = inflight_requests_.find(request); | |
197 DCHECK(it != inflight_requests_.end()); | |
198 | |
199 // Delete FetchState and URLRequest, then the entry from inflight_requests_. | |
200 STLDeleteContainerPairPointers(it, std::next(it)); | |
201 inflight_requests_.erase(it); | |
202 } | |
203 | |
204 scoped_ptr<net::URLRequest> LogProofFetcher::CreateURLRequest( | |
mmenke
2015/07/31 15:40:25
optional: May want to just inline this - I don't
Eran Messeri
2015/08/03 12:53:01
Done.
| |
205 const GURL& fetch_sth_url) { | |
206 DCHECK(request_context_); | |
mmenke
2015/07/31 15:40:25
optional: We already DCHECK on this in the constr
Eran Messeri
2015/08/03 12:53:01
N/A since I inlined this method.
| |
207 | |
208 scoped_ptr<net::URLRequest> request = request_context_->CreateRequest( | |
209 fetch_sth_url, net::DEFAULT_PRIORITY, this); | |
210 request->SetLoadFlags(net::LOAD_DO_NOT_SEND_COOKIES | | |
211 net::LOAD_DO_NOT_SAVE_COOKIES); | |
mmenke
2015/07/31 15:40:25
LOAD_DO_NOT_SEND_AUTH_DATA? That extra flag kinda
Eran Messeri
2015/08/03 12:53:01
Done.
| |
212 return request.Pass(); | |
213 } | |
214 | |
215 void LogProofFetcher::OnSTHJsonParseSuccess( | |
216 FetchState fetch_state, | |
mmenke
2015/07/31 15:40:25
const FetchState& avoids a copy when invoked.
Eran Messeri
2015/08/03 12:53:01
N/A since it now takes a URLRequest*.
| |
217 scoped_ptr<base::Value> parsed_json) { | |
218 net::ct::SignedTreeHead signed_tree_head; | |
219 if (!net::ct::FillSignedTreeHead(*parsed_json.get(), &signed_tree_head)) { | |
220 fetch_state.failed_callback.Run(fetch_state.log_id, | |
221 net::ERR_CT_STH_INCOMPLETE, net::HTTP_OK); | |
222 return; | |
223 } | |
224 | |
225 fetch_state.fetched_callback.Run(fetch_state.log_id, signed_tree_head); | |
226 } | |
227 | |
228 void LogProofFetcher::OnSTHJsonParseError(FetchState fetch_state, | |
mmenke
2015/07/31 15:40:25
const FetchState& avoids a copy when invoked.
Eran Messeri
2015/08/03 12:53:01
N/A since it now takes a URLRequest*.
| |
229 const std::string& error) { | |
230 fetch_state.failed_callback.Run(fetch_state.log_id, | |
231 net::ERR_CT_STH_PARSING_FAILED, net::HTTP_OK); | |
232 } | |
233 | |
234 } // namespace certificate_transparency | |
OLD | NEW |