| OLD | NEW |
|---|
| (Empty) | |
| 1 // Copyright 2015 The Chromium Authors. All rights reserved. |
| 2 // Use of this source code is governed by a BSD-style license that can be |
| 3 // found in the LICENSE file. |
| 4 |
| 5 #include "components/certificate_transparency/log_proof_fetcher.h" |
| 6 |
| 7 #include <iterator> |
| 8 |
| 9 #include "base/logging.h" |
| 10 #include "base/memory/ref_counted.h" |
| 11 #include "base/stl_util.h" |
| 12 #include "base/values.h" |
| 13 #include "components/safe_json/safe_json_parser.h" |
| 14 #include "net/base/io_buffer.h" |
| 15 #include "net/base/load_flags.h" |
| 16 #include "net/base/net_errors.h" |
| 17 #include "net/base/request_priority.h" |
| 18 #include "net/cert/ct_log_response_parser.h" |
| 19 #include "net/cert/signed_tree_head.h" |
| 20 #include "net/http/http_status_code.h" |
| 21 #include "net/url_request/url_request_context.h" |
| 22 #include "url/gurl.h" |
| 23 |
| 24 namespace certificate_transparency { |
| 25 |
| 26 namespace { |
| 27 |
| 28 // Shamelessly copied from domain_reliability/util.cc |
| 29 int GetNetErrorFromURLRequestStatus(const net::URLRequestStatus& status) { |
| 30 switch (status.status()) { |
| 31 case net::URLRequestStatus::SUCCESS: |
| 32 return net::OK; |
| 33 case net::URLRequestStatus::CANCELED: |
| 34 return net::ERR_ABORTED; |
| 35 case net::URLRequestStatus::FAILED: |
| 36 return status.error(); |
| 37 default: |
| 38 NOTREACHED(); |
| 39 return net::ERR_FAILED; |
| 40 } |
| 41 } |
| 42 |
| 43 } // namespace |
| 44 |
| 45 struct LogProofFetcher::FetchState { |
| 46 FetchState(const std::string& log_id, |
| 47 const SignedTreeHeadFetchedCallback& fetched_callback, |
| 48 const FetchFailedCallback& failed_callback); |
| 49 ~FetchState(); |
| 50 |
| 51 std::string log_id; |
| 52 SignedTreeHeadFetchedCallback fetched_callback; |
| 53 FetchFailedCallback failed_callback; |
| 54 scoped_refptr<net::IOBufferWithSize> response_buffer; |
| 55 std::string assembled_response; |
| 56 }; |
| 57 |
| 58 LogProofFetcher::FetchState::FetchState( |
| 59 const std::string& log_id, |
| 60 const SignedTreeHeadFetchedCallback& fetched_callback, |
| 61 const FetchFailedCallback& failed_callback) |
| 62 : log_id(log_id), |
| 63 fetched_callback(fetched_callback), |
| 64 failed_callback(failed_callback), |
| 65 response_buffer(new net::IOBufferWithSize(kMaxLogResponseSizeInBytes)) {} |
| 66 |
| 67 LogProofFetcher::FetchState::~FetchState() {} |
| 68 |
| 69 LogProofFetcher::LogProofFetcher(net::URLRequestContext* request_context) |
| 70 : request_context_(request_context), weak_factory_(this) { |
| 71 DCHECK(request_context); |
| 72 } |
| 73 |
| 74 LogProofFetcher::~LogProofFetcher() { |
| 75 STLDeleteContainerPairPointers(inflight_requests_.begin(), |
| 76 inflight_requests_.end()); |
| 77 } |
| 78 |
| 79 void LogProofFetcher::FetchSignedTreeHead( |
| 80 const GURL& base_log_url, |
| 81 const std::string& log_id, |
| 82 const SignedTreeHeadFetchedCallback& fetched_callback, |
| 83 const FetchFailedCallback& failed_callback) { |
| 84 DCHECK(base_log_url.SchemeIsHTTPOrHTTPS()); |
| 85 GURL fetch_url(base_log_url.Resolve("ct/v1/get-sth")); |
| 86 scoped_ptr<net::URLRequest> request = |
| 87 request_context_->CreateRequest(fetch_url, net::DEFAULT_PRIORITY, this); |
| 88 request->SetLoadFlags(net::LOAD_DO_NOT_SEND_COOKIES | |
| 89 net::LOAD_DO_NOT_SAVE_COOKIES | |
| 90 net::LOAD_DO_NOT_SEND_AUTH_DATA); |
| 91 |
| 92 FetchState* fetch_state = |
| 93 new FetchState(log_id, fetched_callback, failed_callback); |
| 94 request->Start(); |
| 95 inflight_requests_.insert(std::make_pair(request.release(), fetch_state)); |
| 96 } |
| 97 |
| 98 void LogProofFetcher::OnResponseStarted(net::URLRequest* request) { |
| 99 net::URLRequestStatus status(request->status()); |
| 100 DCHECK(inflight_requests_.count(request)); |
| 101 FetchState* fetch_state = inflight_requests_.find(request)->second; |
| 102 |
| 103 if (!status.is_success() || request->GetResponseCode() != net::HTTP_OK) { |
| 104 int net_error = net::OK; |
| 105 int http_response_code = request->GetResponseCode(); |
| 106 |
| 107 DVLOG(1) << "Fetching STH from " << request->original_url() |
| 108 << " failed. status:" << status.status() |
| 109 << " error:" << status.error() |
| 110 << " http response code: " << http_response_code; |
| 111 if (!status.is_success()) |
| 112 net_error = GetNetErrorFromURLRequestStatus(status); |
| 113 |
| 114 InvokeFailureCallback(request, net_error, http_response_code); |
| 115 return; |
| 116 } |
| 117 |
| 118 StartNextRead(request, fetch_state); |
| 119 } |
| 120 |
| 121 void LogProofFetcher::OnReadCompleted(net::URLRequest* request, |
| 122 int bytes_read) { |
| 123 DCHECK(inflight_requests_.count(request)); |
| 124 FetchState* fetch_state = inflight_requests_.find(request)->second; |
| 125 |
| 126 if (HandleReadResult(request, fetch_state, bytes_read)) |
| 127 StartNextRead(request, fetch_state); |
| 128 } |
| 129 |
| 130 bool LogProofFetcher::HandleReadResult(net::URLRequest* request, |
| 131 FetchState* fetch_state, |
| 132 int bytes_read) { |
| 133 // Start by checking for an error condition. |
| 134 // If there are errors, invoke the failure callback and clean up the |
| 135 // request. |
| 136 if (bytes_read == -1 || !request->status().is_success()) { |
| 137 net::URLRequestStatus status(request->status()); |
| 138 DVLOG(1) << "Read error: " << status.status() << " " << status.error(); |
| 139 InvokeFailureCallback(request, GetNetErrorFromURLRequestStatus(status), |
| 140 net::OK); |
| 141 |
| 142 return false; |
| 143 } |
| 144 |
| 145 // Not an error, but no data available, so wait for OnReadCompleted |
| 146 // callback. |
| 147 if (request->status().is_io_pending()) |
| 148 return false; |
| 149 |
| 150 // Nothing more to read from the stream - finish handling the response. |
| 151 if (bytes_read == 0) { |
| 152 RequestComplete(request); |
| 153 return false; |
| 154 } |
| 155 |
| 156 // We have data, collect it and indicate another read is needed. |
| 157 DVLOG(1) << "Have " << bytes_read << " bytes to assemble."; |
| 158 DCHECK_GE(bytes_read, 0); |
| 159 fetch_state->assembled_response.append(fetch_state->response_buffer->data(), |
| 160 bytes_read); |
| 161 if (fetch_state->assembled_response.size() > kMaxLogResponseSizeInBytes) { |
| 162 // Log response is too big, invoke the failure callback. |
| 163 InvokeFailureCallback(request, net::ERR_FILE_TOO_BIG, net::HTTP_OK); |
| 164 return false; |
| 165 } |
| 166 |
| 167 return true; |
| 168 } |
| 169 |
| 170 void LogProofFetcher::StartNextRead(net::URLRequest* request, |
| 171 FetchState* fetch_state) { |
| 172 bool continue_reading = true; |
| 173 while (continue_reading) { |
| 174 int read_bytes = 0; |
| 175 request->Read(fetch_state->response_buffer.get(), |
| 176 fetch_state->response_buffer->size(), &read_bytes); |
| 177 continue_reading = HandleReadResult(request, fetch_state, read_bytes); |
| 178 } |
| 179 } |
| 180 |
| 181 void LogProofFetcher::RequestComplete(net::URLRequest* request) { |
| 182 DCHECK(inflight_requests_.count(request)); |
| 183 |
| 184 FetchState* fetch_state = inflight_requests_.find(request)->second; |
| 185 |
| 186 // Get rid of the buffer as it really isn't necessary. |
| 187 fetch_state->response_buffer = nullptr; |
| 188 safe_json::SafeJsonParser::Parse( |
| 189 fetch_state->assembled_response, |
| 190 base::Bind(&LogProofFetcher::OnSTHJsonParseSuccess, |
| 191 weak_factory_.GetWeakPtr(), request), |
| 192 base::Bind(&LogProofFetcher::OnSTHJsonParseError, |
| 193 weak_factory_.GetWeakPtr(), request)); |
| 194 } |
| 195 |
| 196 void LogProofFetcher::CleanupRequest(net::URLRequest* request) { |
| 197 DVLOG(1) << "Cleaning up request to " << request->original_url(); |
| 198 auto it = inflight_requests_.find(request); |
| 199 DCHECK(it != inflight_requests_.end()); |
| 200 auto next_it = it; |
| 201 std::advance(next_it, 1); |
| 202 |
| 203 // Delete FetchState and URLRequest, then the entry from inflight_requests_. |
| 204 STLDeleteContainerPairPointers(it, next_it); |
| 205 inflight_requests_.erase(it); |
| 206 } |
| 207 |
| 208 void LogProofFetcher::InvokeFailureCallback(net::URLRequest* request, |
| 209 int net_error, |
| 210 int http_response_code) { |
| 211 DCHECK(inflight_requests_.count(request)); |
| 212 auto it = inflight_requests_.find(request); |
| 213 FetchState* fetch_state = it->second; |
| 214 |
| 215 fetch_state->failed_callback.Run(fetch_state->log_id, net_error, |
| 216 http_response_code); |
| 217 CleanupRequest(request); |
| 218 } |
| 219 |
| 220 void LogProofFetcher::OnSTHJsonParseSuccess( |
| 221 net::URLRequest* request, |
| 222 scoped_ptr<base::Value> parsed_json) { |
| 223 DCHECK(inflight_requests_.count(request)); |
| 224 |
| 225 FetchState* fetch_state = inflight_requests_.find(request)->second; |
| 226 net::ct::SignedTreeHead signed_tree_head; |
| 227 if (net::ct::FillSignedTreeHead(*parsed_json.get(), &signed_tree_head)) { |
| 228 fetch_state->fetched_callback.Run(fetch_state->log_id, signed_tree_head); |
| 229 } else { |
| 230 fetch_state->failed_callback.Run(fetch_state->log_id, |
| 231 net::ERR_CT_STH_INCOMPLETE, net::HTTP_OK); |
| 232 } |
| 233 |
| 234 CleanupRequest(request); |
| 235 } |
| 236 |
| 237 void LogProofFetcher::OnSTHJsonParseError(net::URLRequest* request, |
| 238 const std::string& error) { |
| 239 InvokeFailureCallback(request, net::ERR_CT_STH_PARSING_FAILED, net::HTTP_OK); |
| 240 } |
| 241 |
| 242 } // namespace certificate_transparency |
| OLD | NEW |
|---|
Chromium Code Reviews
Issue 1222953002:
Certificate Transparency: Add STH Fetching capability. (Closed)
Base URL: https://chromium.googlesource.com/chromium/src.git@master