Resolve issue from feedback for 1417363004

chrome/browser/local_discovery/privet_http_impl.cc

 // Copyright 2013 The Chromium Authors. All rights reserved.
 // Use of this source code is governed by a BSD-style license that can be
 // found in the LICENSE file.
 
 #include "chrome/browser/local_discovery/privet_http_impl.h"
 
 #include <algorithm>
 #include <vector>
 
 #include "base/bind.h"
+#include "base/command_line.h"
 #include "base/location.h"
 #include "base/rand_util.h"
 #include "base/single_thread_task_runner.h"
 #include "base/strings/string_number_conversions.h"
 #include "base/strings/utf_string_conversions.h"
 #include "base/thread_task_runner_handle.h"
 #include "chrome/browser/local_discovery/privet_constants.h"
 #include "chrome/common/chrome_content_client.h"
+#include "chrome/common/chrome_switches.h"
 #include "chrome/common/cloud_print/cloud_print_constants.h"
 #include "net/base/url_util.h"
 #include "net/cert/cert_verifier.h"
 #include "net/cert/cert_verify_result.h"
 #include "net/url_request/url_request_context.h"
 #include "net/url_request/url_request_context_builder.h"
 #include "url/gurl.h"
 
 #if defined(ENABLE_PRINT_PREVIEW)
 #include "chrome/browser/local_discovery/pwg_raster_converter.h"
@@ skipping 51 matching lines @@
                           const std::string& query_params) {
   GURL url(kUrlPlaceHolder);
   GURL::Replacements replacements;
   replacements.SetPathStr(path);
   if (!query_params.empty()) {
     replacements.SetQueryStr(query_params);
   }
   return url.ReplaceComponents(replacements);
 }
 
-// Used before we have any certificate fingerprint.
-class FailingCertVerifier : public net::CertVerifier {
- public:
-  int Verify(net::X509Certificate* cert,
-             const std::string& hostname,
-             const std::string& ocsp_response,
-             int flags,
-             net::CRLSet* crl_set,
-             net::CertVerifyResult* verify_result,
-             const net::CompletionCallback& callback,
-             scoped_ptr<Request>* out_req,
-             const net::BoundNetLog& net_log) override {
-    verify_result->verified_cert = cert;
-    verify_result->cert_status = net::CERT_STATUS_INVALID;
-    return net::ERR_CERT_INVALID;
-  }
-};
-
-// Used before when we have the certificate fingerprint.
-// Privet v3 devices should supports https but with self-signed sertificates.
-// So normal validation is not usefull.
-// Before using https Privet v3 pairing generates same secret on device and
-// client side Spake2 on insecure channel. Than device sends fingerprint
-// to client using same insecure channel. fingerprint is signed with the secret
-// generated before.
-// More info on pairing:
-// https://developers.google.com/cloud-devices/v1/reference/local-api/pairing_start
+// Class verifies certificate by its fingerprint received using different
+// channel. It's the only know information about device with self-signed
+// certificate.
 class FingerprintVerifier : public net::CertVerifier {
  public:
   explicit FingerprintVerifier(
       const net::SHA256HashValue& certificate_fingerprint)
       : certificate_fingerprint_(certificate_fingerprint) {}
 
   int Verify(net::X509Certificate* cert,
              const std::string& hostname,
              const std::string& ocsp_response,
              int flags,
              net::CRLSet* crl_set,
              net::CertVerifyResult* verify_result,
              const net::CompletionCallback& callback,
              scoped_ptr<Request>* out_req,
              const net::BoundNetLog& net_log) override {
-    // Mark certificat as invalid as we didn't check that.
+    // Mark certificate as invalid as we didn't check it.
+    verify_result->Reset();
     verify_result->verified_cert = cert;
     verify_result->cert_status = net::CERT_STATUS_INVALID;
 
     auto fingerprint =
         net::X509Certificate::CalculateFingerprint256(cert->os_cert_handle());
 
     return certificate_fingerprint_.Equals(fingerprint) ? net::OK
                                                         : net::ERR_CERT_INVALID;
   }
 
  private:
   net::SHA256HashValue certificate_fingerprint_;
 
   DISALLOW_COPY_AND_ASSIGN(FingerprintVerifier);
 };
 
 class PrivetContextGetter : public net::URLRequestContextGetter {
  public:
   PrivetContextGetter(
       const scoped_refptr<base::SingleThreadTaskRunner>& net_task_runner,
       const net::SHA256HashValue& certificate_fingerprint)
       : verifier_(new FingerprintVerifier(certificate_fingerprint)),
-        net_task_runner_(net_task_runner) {}
-
-  // Don't allow any https without fingerprint. Device with valid certificate
-  // may be different from the one which user is trying to pair.
-  explicit PrivetContextGetter(
-      const scoped_refptr<base::SingleThreadTaskRunner>& net_task_runner)
-      : verifier_(new FailingCertVerifier()),
-        net_task_runner_(net_task_runner) {}
+        net_task_runner_(net_task_runner) {
+    CHECK(base::CommandLine::ForCurrentProcess()->HasSwitch(
+        switches::kEnablePrivetV3));
+  }
 
   net::URLRequestContext* GetURLRequestContext() override {
+    DCHECK(net_task_runner_->BelongsToCurrentThread());
     if (!context_) {
       net::URLRequestContextBuilder builder;
       builder.set_proxy_service(net::ProxyService::CreateDirect());
       builder.SetSpdyAndQuicEnabled(false, false);
       builder.DisableHttpCache();
       builder.SetCertVerifier(verifier_.Pass());
       builder.set_user_agent(::GetUserAgent());
       context_ = builder.Build();
     }
     return context_.get();
   }
 
   scoped_refptr<base::SingleThreadTaskRunner> GetNetworkTaskRunner()
       const override {
     return net_task_runner_;
   }
 
  protected:
-  ~PrivetContextGetter() override = default;
+  ~PrivetContextGetter() override {
+    DCHECK(net_task_runner_->BelongsToCurrentThread());
+  }
 
  private:
   scoped_ptr<net::CertVerifier> verifier_;
   scoped_ptr<net::URLRequestContext> context_;
   scoped_refptr<base::SingleThreadTaskRunner> net_task_runner_;
 
   DISALLOW_COPY_AND_ASSIGN(PrivetContextGetter);
 };
 
 }  // namespace
@@ skipping 430 matching lines @@
   }
 
   url_fetcher_ =
       privet_client_->CreateURLFetcher(url, net::URLFetcher::POST, this);
 
   if (!use_pdf_) {
     url_fetcher_->SetUploadFilePath(kPrivetContentTypePWGRaster,
                                     pwg_file_path_);
   } else {
     // TODO(noamsml): Move to file-based upload data?
     std::string data_str((const char*)data_->front(), data_->size());

[Ryan Sleevi, 2015/10/30 23:17:27]

STYLE: This violates the style-guide rules on casting.

[Vitaly Buka (NO REVIEWS), 2015/10/31 03:55:35]

Done.

     url_fetcher_->SetUploadData(kPrivetContentTypePDF, data_str);
   }
 
   url_fetcher_->Start();
 }
 
 void PrivetLocalPrintOperationImpl::StartPrinting() {
   if (has_extended_workflow_ && jobid_.empty()) {
     DoCreatejob();
   } else {
@@ skipping 147 matching lines @@
 
 void PrivetLocalPrintOperationImpl::SetPWGRasterConverterForTesting(
     scoped_ptr<PWGRasterConverter> pwg_raster_converter) {
   pwg_raster_converter_ = pwg_raster_converter.Pass();
 }
 #endif  // ENABLE_PRINT_PREVIEW
 
 PrivetHTTPClientImpl::PrivetHTTPClientImpl(
     const std::string& name,
     const net::HostPortPair& host_port,
-    net::URLRequestContextGetter* request_context)
-    : PrivetHTTPClientImpl(name,
-                           host_port,
-                           request_context->GetNetworkTaskRunner()) {}
-
-PrivetHTTPClientImpl::PrivetHTTPClientImpl(
-    const std::string& name,
-    const net::HostPortPair& host_port,
-    const scoped_refptr<base::SingleThreadTaskRunner>& net_task_runner)
-    : name_(name),
-      context_getter_(new PrivetContextGetter(net_task_runner)),
-      host_port_(host_port) {}
+    const scoped_refptr<net::URLRequestContextGetter>& context_getter)
+    : name_(name), context_getter_(context_getter), host_port_(host_port) {}
 
 PrivetHTTPClientImpl::~PrivetHTTPClientImpl() {
 }
 
 const std::string& PrivetHTTPClientImpl::GetName() {
   return name_;
 }
 
 scoped_ptr<PrivetJSONOperation> PrivetHTTPClientImpl::CreateInfoOperation(
     const PrivetJSONOperation::ResultCallback& callback) {
   return scoped_ptr<PrivetJSONOperation>(
       new PrivetInfoOperationImpl(this, callback));
 }
 
 scoped_ptr<PrivetURLFetcher> PrivetHTTPClientImpl::CreateURLFetcher(
     const GURL& url,
     net::URLFetcher::RequestType request_type,
     PrivetURLFetcher::Delegate* delegate) {
   GURL::Replacements replacements;
   replacements.SetHostStr(host_port_.host());

[Ryan Sleevi, 2015/10/30 23:17:27]

BUG? Should this be HostForURL()? Do you not have any tests for IPv6?

[Vitaly Buka (NO REVIEWS), 2015/10/31 03:55:35]

All tests with IPv4. We had IPv6 working, so i need to investigate this.
crbug.com/549870

   std::string port = base::UintToString(host_port_.port());
   replacements.SetPortStr(port);
   std::string scheme = IsInHttpsMode() ? "https" : "http";
   replacements.SetSchemeStr(scheme);
   return scoped_ptr<PrivetURLFetcher>(
       new PrivetURLFetcher(url.ReplaceComponents(replacements), request_type,
                            context_getter_, delegate));
 }
 
 void PrivetHTTPClientImpl::RefreshPrivetToken(
@@ skipping 78 matching lines @@
     PrivetLocalPrintOperation::Delegate* delegate) {
 #if defined(ENABLE_PRINT_PREVIEW)
   return scoped_ptr<PrivetLocalPrintOperation>(
       new PrivetLocalPrintOperationImpl(info_client(), delegate));
 #else
   return scoped_ptr<PrivetLocalPrintOperation>();
 #endif  // ENABLE_PRINT_PREVIEW
 }
 
 }  // namespace local_discovery