Index: components/certificate_transparency/log_proof_fetcher.cc |
diff --git a/components/certificate_transparency/log_proof_fetcher.cc b/components/certificate_transparency/log_proof_fetcher.cc |
new file mode 100644 |
index 0000000000000000000000000000000000000000..8f70e09d8b629a57180a41477812a107021f2d09 |
--- /dev/null |
+++ b/components/certificate_transparency/log_proof_fetcher.cc |
@@ -0,0 +1,244 @@ |
+// Copyright 2015 The Chromium Authors. All rights reserved. |
+// Use of this source code is governed by a BSD-style license that can be |
+// found in the LICENSE file. |
+ |
+#include "components/certificate_transparency/log_proof_fetcher.h" |
+ |
+#include "base/logging.h" |
+#include "base/stl_util.h" |
+#include "base/strings/string_piece.h" |
+#include "base/strings/stringprintf.h" |
+#include "base/values.h" |
+#include "components/safe_json/safe_json_parser.h" |
+#include "net/base/load_flags.h" |
+#include "net/base/request_priority.h" |
+#include "net/cert/ct_log_response_parser.h" |
+#include "net/cert/ct_log_verifier.h" |
+#include "net/cert/signed_tree_head.h" |
+#include "net/http/http_status_code.h" |
+#include "net/url_request/url_request_context.h" |
+ |
+const unsigned long kMaxLogResponseSizeInBytes = 600u; |
mmenke
2015/07/29 18:51:51
This should be static, or in an anonymous namespac
mmenke
2015/07/29 18:51:51
This should be size_t, to match IOBufferWithSize a
Eran Messeri
2015/07/31 12:55:52
Done.
Eran Messeri
2015/07/31 12:55:52
Done.
|
+ |
+namespace certificate_transparency { |
+ |
+namespace { |
+ |
+// Shamelessly copied from domain_reliability/util.cc |
+int GetNetErrorFromURLRequestStatus(const net::URLRequestStatus& status) { |
+ switch (status.status()) { |
+ case net::URLRequestStatus::SUCCESS: |
+ return net::OK; |
+ case net::URLRequestStatus::CANCELED: |
+ return net::ERR_ABORTED; |
+ case net::URLRequestStatus::FAILED: |
+ return status.error(); |
+ default: |
+ NOTREACHED(); |
+ return net::ERR_FAILED; |
+ } |
+} |
+ |
+} // namespace |
+ |
+struct LogProofFetcher::FetchState { |
+ FetchState(const std::string& id, |
+ const SignedTreeHeadFetchedCallback& fetched_callback, |
+ const FetchFailedCallback& failed_callback); |
+ ~FetchState(); |
+ |
+ std::string log_id; |
+ SignedTreeHeadFetchedCallback fetched_callback; |
+ FetchFailedCallback failed_callback; |
+ scoped_refptr<net::IOBufferWithSize> response_buffer; |
+ int read_bytes; |
mmenke
2015/07/29 18:51:51
This member is now serving no purpose, and can be
Eran Messeri
2015/07/31 12:55:52
Done.
|
+ std::string assembled_response; |
+}; |
+ |
+LogProofFetcher::FetchState::FetchState( |
+ const std::string& id, |
+ const SignedTreeHeadFetchedCallback& fetched_callback, |
+ const FetchFailedCallback& failed_callback) |
+ : log_id(id), |
+ fetched_callback(fetched_callback), |
+ failed_callback(failed_callback), |
+ response_buffer(new net::IOBufferWithSize(kMaxLogResponseSizeInBytes)) {} |
+ |
+LogProofFetcher::FetchState::~FetchState() {} |
+ |
+LogProofFetcher::LogProofFetcher(net::URLRequestContext* request_context) |
+ : request_context_(request_context), weak_factory_(this) { |
+ DCHECK(request_context); |
+} |
+ |
+LogProofFetcher::~LogProofFetcher() { |
+ STLDeleteContainerPairPointers(inflight_requests_.begin(), |
+ inflight_requests_.end()); |
+} |
+ |
+void LogProofFetcher::FetchSignedTreeHead( |
+ const GURL& base_log_url, |
+ const std::string& log_id, |
+ const SignedTreeHeadFetchedCallback& fetched_callback, |
+ const FetchFailedCallback& failed_callback) { |
mmenke
2015/07/29 18:51:51
Is there some check upstream that base_log_url is
Eran Messeri
2015/07/31 12:55:52
Done - added DCHECK. The log URLs are hard-coded i
|
+ GURL fetch_url(base_log_url.Resolve("ct/v1/get-sth")); |
+ scoped_ptr<net::URLRequest> request = CreateURLRequest(fetch_url); |
+ |
+ FetchState* fetch_state = |
+ new FetchState(log_id, fetched_callback, failed_callback); |
+ request->Start(); |
+ inflight_requests_.insert(std::make_pair(request.release(), fetch_state)); |
+} |
+ |
+void LogProofFetcher::OnResponseStarted(net::URLRequest* request) { |
mmenke
2015/07/29 18:51:51
I assume we should be following redirects, if any?
Eran Messeri
2015/07/31 12:55:51
Yes - it is allowed for a CT log to redirect.
|
+ net::URLRequestStatus status(request->status()); |
+ DCHECK(inflight_requests_.count(request)); |
+ |
+ FetchState* fetch_state = inflight_requests_.find(request)->second; |
+ |
+ if (!status.is_success() || request->GetResponseCode() != 200) { |
mmenke
2015/07/29 18:51:51
200 -> net::HTTP_OK? Should be consistent within
Eran Messeri
2015/07/31 12:55:52
Done.
|
+ int error_value = 0; |
mmenke
2015/07/29 18:51:50
0 -> net::OK
mmenke
2015/07/29 18:51:50
Suggest calling this net_error here, and in the de
Eran Messeri
2015/07/31 12:55:52
Done.
Eran Messeri
2015/07/31 12:55:52
Done.
|
+ int http_response_code = request->GetResponseCode(); |
+ if (!status.is_success()) { |
+ DVLOG(1) << "Fetching STH from " << request->original_url() |
+ << " failed. status:" << status.status() |
+ << " error:" << status.error(); |
+ error_value = GetNetErrorFromURLRequestStatus(status); |
+ } else { // request->GetResponseCode != 200 |
mmenke
2015/07/29 18:51:50
I suggest removing this comment - it's confusing.
Eran Messeri
2015/07/31 12:55:51
Done.
|
+ DVLOG(1) << "Fetch STH HTTP status: " << http_response_code; |
+ error_value = net::OK; |
mmenke
2015/07/29 18:51:50
Remove the error_value = line.
Eran Messeri
2015/07/31 12:55:52
Done, with it goes the entire else clause.
|
+ } |
+ |
+ fetch_state->failed_callback.Run(fetch_state->log_id, error_value, |
+ http_response_code); |
+ CleanupRequest(request); |
+ return; |
+ } |
+ |
+ KickOffARead(request, fetch_state, true); |
+} |
+ |
+void LogProofFetcher::OnReadCompleted(net::URLRequest* request, |
+ int bytes_read) { |
+ DCHECK(inflight_requests_.count(request)); |
+ FetchState* fetch_state = inflight_requests_.find(request)->second; |
+ |
+ bool another_read = HandleReadResult(request, fetch_state, bytes_read); |
mmenke
2015/07/29 18:51:51
"continue_reading" seems a bit clearer to me, and
Eran Messeri
2015/07/31 12:55:51
Done.
|
+ KickOffARead(request, fetch_state, another_read); |
mmenke
2015/07/29 18:51:50
Having a bool that means "Should I really kick off
Eran Messeri
2015/07/31 12:55:52
Good point, apologies for the clunkiness in the fi
|
+} |
+ |
+bool LogProofFetcher::HandleReadResult(net::URLRequest* request, |
+ FetchState* params, |
+ const int bytes_read) { |
mmenke
2015/07/29 18:51:51
Remove const on bytes_read.
Eran Messeri
2015/07/31 12:55:51
Done.
|
+ // Start by checking for an error condition. |
+ if (bytes_read == -1 || !request->status().is_success()) { |
+ net::URLRequestStatus status(request->status()); |
+ DVLOG(1) << "Read error: " << status.status() << " " << status.error(); |
+ int error_value = GetNetErrorFromURLRequestStatus(status); |
mmenke
2015/07/29 18:51:50
again, suggest net_error
Eran Messeri
2015/07/31 12:55:51
Done.
|
+ params->failed_callback.Run(params->log_id, error_value, 0); |
+ CleanupRequest(request); |
+ return false; |
+ } |
+ |
+ // Not an error, but no data available, so wait for OnReadComplete |
mmenke
2015/07/29 18:51:50
OnReadCompleted
Eran Messeri
2015/07/31 12:55:52
Done.
|
+ // callback. |
+ if (request->status().is_io_pending()) { |
+ return false; |
+ } |
mmenke
2015/07/29 18:51:50
optional: Prevailing style in net/ is not to use
Eran Messeri
2015/07/31 12:55:52
Done, removed braces throughout the file where th
|
+ |
+ // Nothing more to read from the stream - finish handling the response. |
+ if (bytes_read == 0) { |
mmenke
2015/07/29 18:51:51
Optional: May want to handle the complete case la
Eran Messeri
2015/07/31 12:55:51
Unless you strongly object, I'd like to keep it th
|
+ RequestComplete(request); |
+ return false; |
+ } |
+ |
+ // We have data, collect it and indicate another read is needed. |
+ DVLOG(1) << "Have " << bytes_read << " bytes to assemble."; |
+ DCHECK_GE(bytes_read, 0); |
+ params->assembled_response.append(params->response_buffer->data(), |
+ bytes_read); |
+ // Indicate this fragment was read. |
+ params->read_bytes = 0; |
+ return true; |
+} |
+ |
+void LogProofFetcher::KickOffARead(net::URLRequest* request, |
+ FetchState* fetch_state, |
+ bool should_read) { |
+ bool continue_reading = should_read; |
+ while (continue_reading) { |
mmenke
2015/07/29 18:51:50
Per earlier comment, should remove the should_read
Eran Messeri
2015/07/31 12:55:52
Removed the should_read argument. Don't have a str
|
+ int read_bytes = 0; |
+ request->Read(fetch_state->response_buffer.get(), |
+ fetch_state->response_buffer->size(), &read_bytes); |
+ continue_reading = HandleReadResult(request, fetch_state, read_bytes); |
+ } |
+} |
+ |
+void LogProofFetcher::RequestComplete(net::URLRequest* request) { |
+ DCHECK(inflight_requests_.count(request)); |
+ |
+ FetchState* params = inflight_requests_.find(request)->second; |
+ |
+ // Extract STH json an parse it. |
+ DCHECK_LT(params->assembled_response.size(), kMaxLogResponseSizeInBytes); |
mmenke
2015/07/29 18:51:50
BUG: While you're making sure each read is <= (No
Eran Messeri
2015/07/31 12:55:52
Good catch, changed the code to check each time so
|
+ |
+ // Explicitly copy the request params as it'll be cleaned up by |
+ // CleanupRequest later on. |
+ FetchState request_params = *params; |
+ // Get rid of the buffer as it really isn't necessary. |
+ request_params.response_buffer = nullptr; |
+ safe_json::SafeJsonParser::Parse( |
+ params->assembled_response, |
+ base::Bind(&LogProofFetcher::OnSTHJsonParseSuccess, |
+ weak_factory_.GetWeakPtr(), request_params), |
+ base::Bind(&LogProofFetcher::OnSTHJsonParseError, |
+ weak_factory_.GetWeakPtr(), request_params)); |
mmenke
2015/07/29 18:51:51
You're copying request_params 3 times in this func
Eran Messeri
2015/07/31 12:55:52
One of the copies was redundant and removed, so no
|
+ |
+ CleanupRequest(request); |
+} |
+ |
+void LogProofFetcher::CleanupRequest(net::URLRequest* request) { |
+ DVLOG(1) << "Cleaning up request to " << request->original_url(); |
+ auto it = inflight_requests_.find(request); |
+ DCHECK(it != inflight_requests_.end()); |
+ |
+ // So that the fetch state will be deleted upon exiting. |
+ scoped_ptr<FetchState> params(it->second); |
+ // Delete the request, remove from map. |
+ scoped_ptr<net::URLRequest> url_request(it->first); |
mmenke
2015/07/29 18:51:50
Suggest just deleting these - I don't think the sc
Eran Messeri
2015/07/31 12:55:52
Done.
|
+ // Both pointers will be deleted when exiting the method. |
+ inflight_requests_.erase(it); |
+} |
+ |
+scoped_ptr<net::URLRequest> LogProofFetcher::CreateURLRequest( |
+ const GURL& fetch_sth_url) { |
+ DCHECK(request_context_); |
+ |
+ scoped_ptr<net::URLRequest> request = request_context_->CreateRequest( |
+ fetch_sth_url, net::DEFAULT_PRIORITY, this); |
+ request->SetLoadFlags(net::LOAD_DO_NOT_SEND_COOKIES | |
+ net::LOAD_DO_NOT_SAVE_COOKIES); |
+ request->set_method("GET"); |
mmenke
2015/07/29 18:51:51
Not needed. "GET" is the default method.
Eran Messeri
2015/07/31 12:55:52
Done.
|
+ return request.Pass(); |
+} |
+ |
+void LogProofFetcher::OnSTHJsonParseSuccess( |
+ FetchState fetch_state, |
+ scoped_ptr<base::Value> parsed_json) { |
+ net::ct::SignedTreeHead signed_tree_head; |
+ if (!net::ct::FillSignedTreeHead(*parsed_json.get(), &signed_tree_head)) { |
+ fetch_state.failed_callback.Run(fetch_state.log_id, |
+ net::ERR_CT_STH_INCOMPLETE, net::HTTP_OK); |
+ return; |
+ } |
+ |
+ fetch_state.fetched_callback.Run(fetch_state.log_id, signed_tree_head); |
+} |
+ |
+void LogProofFetcher::OnSTHJsonParseError(FetchState params, |
+ const std::string& error) { |
+ params.failed_callback.Run(params.log_id, net::ERR_CT_STH_PARSING_FAILED, |
+ net::HTTP_OK); |
+} |
+ |
+} // namespace certificate_transparency |