blimp/client/session/assignment_source.cc - Issue 1696563002: Blimp: add support for SSL connections.

Side by Side Diff: blimp/client/session/assignment_source.cc

Issue 1696563002: Blimp: add support for SSL connections. (Closed) Base URL: https://chromium.googlesource.com/chromium/src.git@master

Patch Set: Address wez feedback Created 4 years, 10 months ago

Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.

Jump to:

View unified diff | Download patch

OLD	NEW
1 // Copyright 2016 The Chromium Authors. All rights reserved.	1 // Copyright 2016 The Chromium Authors. All rights reserved.

2 // Use of this source code is governed by a BSD-style license that can be	2 // Use of this source code is governed by a BSD-style license that can be

3 // found in the LICENSE file.	3 // found in the LICENSE file.

4	4

5 #include "blimp/client/session/assignment_source.h"	5 #include "blimp/client/session/assignment_source.h"

6	6

7 #include "base/bind.h"	7 #include "base/bind.h"

	8 #include "base/callback.h"

8 #include "base/command_line.h"	9 #include "base/command_line.h"

	10 #include "base/files/file_util.h"

9 #include "base/location.h"	11 #include "base/location.h"

10 #include "base/numerics/safe_conversions.h"	12 #include "base/numerics/safe_conversions.h"

11 #include "base/strings/string_number_conversions.h"	13 #include "base/strings/string_number_conversions.h"

12 #include "blimp/client/app/blimp_client_switches.h"	14 #include "blimp/client/app/blimp_client_switches.h"

	15 #include "net/base/hash_value.h"

13 #include "net/base/ip_address.h"	16 #include "net/base/ip_address.h"

14 #include "net/base/ip_endpoint.h"	17 #include "net/base/ip_endpoint.h"

	18 #include "net/cert/pem_tokenizer.h"
	Ryan Sleevi 2016/02/19 22:56:08 DESIGN: This is not intended to be used outside of DESIGN: This is not intended to be used outside of //net Please use the supported //net interface of X509Certificate::CreateFromBytes(..., ..., X509Certificate::FORMAT_PEM_SEQUENCE); (The existing uses are bugs that should be fixed - filed https://bugs.chromium.org/p/chromium/issues/detail?id=588298 for that ) Kevin M 2016/02/23 00:28:09 Done. Show quoted text On 2016/02/19 22:56:08, Ryan Sleevi wrote: > DESIGN: This is not intended to be used outside of //net > > Please use the supported //net interface of > X509Certificate::CreateFromBytes(..., ..., > X509Certificate::FORMAT_PEM_SEQUENCE); > > (The existing uses are bugs that should be fixed - filed > https://bugs.chromium.org/p/chromium/issues/detail?id=588298 for that ) Done.
15	19

16 namespace blimp {	20 namespace blimp {

	21 namespace client {

17 namespace {	22 namespace {

18	23

19 // TODO(kmarshall): Take values from configuration data.	24 // TODO(kmarshall): Take values from configuration data.

20 const char kDummyClientToken[] = "MyVoiceIsMyPassport";	25 const char kDummyClientToken[] = "MyVoiceIsMyPassport";

21 const std::string kDefaultBlimpletIPAddress = "127.0.0.1";	26 const std::string kDefaultBlimpletIPAddress = "127.0.0.1";

22 const uint16_t kDefaultBlimpletTCPPort = 25467;

23	27

24 net::IPAddress GetBlimpletIPAddress() {	28 net::IPAddress GetBlimpletIPAddress() {

25 std::string host;	29 std::string host =

26 if (base::CommandLine::ForCurrentProcess()->HasSwitch(	30 base::CommandLine::ForCurrentProcess()->GetSwitchValueASCII(

27 switches::kBlimpletHost)) {	31 switches::kEngineHost);

28 host = base::CommandLine::ForCurrentProcess()->GetSwitchValueASCII(	32 if (host.empty()) {

29 switches::kBlimpletHost);

30 } else {

31 host = kDefaultBlimpletIPAddress;	33 host = kDefaultBlimpletIPAddress;

32 }	34 }

33 net::IPAddress ip_address;	35 net::IPAddress ip_address;

34 if (!ip_address.AssignFromIPLiteral(host))	36 CHECK(ip_address.AssignFromIPLiteral(host))
	Ryan Sleevi 2016/02/19 22:56:08 DESIGN: It seems counter to Chromium practices to DESIGN: It seems counter to Chromium practices to CHECK() on user-input. Kevin M 2016/02/22 22:53:31 Do command line parameters count as user input, as Show quoted text On 2016/02/19 22:56:08, Ryan Sleevi wrote: > DESIGN: It seems counter to Chromium practices to CHECK() on user-input. Do command line parameters count as user input, as is the case here? Wez 2016/03/01 00:23:55 For code which users will invoke via the command-l Show quoted text On 2016/02/22 at 22:53:31, Kevin M wrote: > On 2016/02/19 22:56:08, Ryan Sleevi wrote: > > DESIGN: It seems counter to Chromium practices to CHECK() on user-input. > > Do command line parameters count as user input, as is the case here? For code which users will invoke via the command-line, yes. :) In this case it's a developer-facing command-line interface, so we should go with whatever mechanism is easiest for a developer to work with.
35 CHECK(false) << "Invalid BlimpletAssignment host " << host;	37 << "Invalid BlimpletAssignment host " << host;

36 return ip_address;	38 return ip_address;

37 }	39 }

38	40

39 uint16_t GetBlimpletTCPPort() {	41 // Puts the value of the command line parameter \|param\| in \|output\|.

40 if (base::CommandLine::ForCurrentProcess()->HasSwitch(	42 // If the parameter was not found, \|output\| is set to 0.

41 switches::kBlimpletTCPPort)) {	43 // CHECK()s that \|params\| decodes to a valid IP port number.

42 std::string port_str =	44 void GetUint16Parameter(const std::string& param, uint16_t* output) {

43 base::CommandLine::ForCurrentProcess()->GetSwitchValueASCII(	45 *output = 0;

44 switches::kBlimpletTCPPort);	46 std::string param_str =

45 uint port_64t;	47 base::CommandLine::ForCurrentProcess()->GetSwitchValueASCII(param);

46 if (!base::StringToUint(port_str, &port_64t) \|\|	48 if (param_str.empty()) {

47 !base::IsValueInRangeForNumericType<uint16_t>(port_64t)) {	49 return;

48 CHECK(false) << "Invalid BlimpletAssignment port " << port_str;

49 }

50 return base::checked_cast<uint16_t>(port_64t);

51 } else {

52 return kDefaultBlimpletTCPPort;

53 }	50 }

	51

	52 uint param_parsed = 0;
	Ryan Sleevi 2016/02/19 22:56:07 BUG: C++ does not define "uint". Please use one of BUG: C++ does not define "uint". Please use one of the standard types from the language or stddef.h. In this case, your API contract is "unsigned". Kevin M 2016/02/22 22:53:31 Done. Show quoted text On 2016/02/19 22:56:07, Ryan Sleevi wrote: > BUG: C++ does not define "uint". Please use one of the standard types from the > language or stddef.h. > > In this case, your API contract is "unsigned". Done.
	53 bool is_valid = base::StringToUint(param_str, &param_parsed) &&

	54 param_parsed > 0 && param_parsed <= 65535;

	55 CHECK(is_valid) << "Invalid range for parameter " << param;
	Ryan Sleevi 2016/02/19 22:56:08 DESIGN: Please use //base/numerics/safe_conversion DESIGN: Please use //base/numerics/safe_conversions.h checked_cast for converting "unsigned" to uint16_t Kevin M 2016/02/22 22:53:31 Done. Should ParseHostAndPort be made to return \|p Show quoted text On 2016/02/19 22:56:08, Ryan Sleevi wrote: > DESIGN: Please use //base/numerics/safe_conversions.h checked_cast for > converting "unsigned" to uint16_t Done. Should ParseHostAndPort be made to return \|port\| as an uint16_t* instead of an int*?
	56 *output = param_parsed;

	57 }

	58

	59 // Reads the contents of \|path\| into \|output\|.

	60 void ReadFromDisk(const base::FilePath& path, std::string* output) {

	61 DCHECK(output);

	62 CHECK(base::ReadFileToString(path, output)) << "Couldn't read from file: "

	63 << path.LossyDisplayName();

	64 }

	65

	66 // Parses a certificate from PEM-encoded \|cert_str\| and attaches it to

	67 // \|assignment\|. Returns the populated assignment object via \|callback\|.

	68 void ParseCertForAssignment(

	69 scoped_ptr<std::string> cert_str,

	70 scoped_ptr<Assignment> assignment,

	71 const AssignmentSource::AssignmentCallback& callback) {

	72 DCHECK(cert_str);

	73 DCHECK(!cert_str->empty());

	74

	75 net::PEMTokenizer pem_tokenizer(*cert_str, {"CERTIFICATE"});
	Ryan Sleevi 2016/02/19 22:56:07 STYLE: Uniform initialization syntax is explicitly STYLE: Uniform initialization syntax is explicitly forbidden in Chromium - see https://chromium-cpp.appspot.com/#core-blacklist Kevin M 2016/02/22 22:53:31 Done. (FYI, other PEMTokenizer clients do the same Show quoted text On 2016/02/19 22:56:07, Ryan Sleevi wrote: > STYLE: Uniform initialization syntax is explicitly forbidden in Chromium - see > https://chromium-cpp.appspot.com/#core-blacklist Done. (FYI, other PEMTokenizer clients do the same thing and should be clened up - though, they shouldn't be using that class in the first place?) Kevin M 2016/02/23 00:28:09 PEMTokenizer was removed and replaced with CreateC Show quoted text On 2016/02/22 22:53:31, Kevin M wrote: > On 2016/02/19 22:56:07, Ryan Sleevi wrote: > > STYLE: Uniform initialization syntax is explicitly forbidden in Chromium - see > > https://chromium-cpp.appspot.com/#core-blacklist > > Done. (FYI, other PEMTokenizer clients do the same thing and should be clened up > - though, they shouldn't be using that class in the first place?) PEMTokenizer was removed and replaced with CreateCertificateListFromBytes.
	76 while (pem_tokenizer.GetNext()) {

	77 CHECK(!assignment->cert) << "More than one CERTIFICATE entries provided.";

	78 assignment->cert = net::X509Certificate::CreateFromBytes(

	79 pem_tokenizer.data().data(), pem_tokenizer.data().length());

	80 CHECK(assignment->cert) << "Couldn't parse CERTIFICATE entry.";

	81 }

	82

	83 callback.Run(*assignment);

54 }	84 }

55	85

56 } // namespace	86 } // namespace

57	87

58 namespace client {	88 Assignment::Assignment() {}

	89

	90 Assignment::~Assignment() {}

59	91

60 AssignmentSource::AssignmentSource(	92 AssignmentSource::AssignmentSource(

61 const scoped_refptr<base::SingleThreadTaskRunner>& main_task_runner)	93 const scoped_refptr<base::SingleThreadTaskRunner>& main_task_runner)

62 : main_task_runner_(main_task_runner) {}	94 : main_task_runner_(main_task_runner) {}

63	95

64 AssignmentSource::~AssignmentSource() {}	96 AssignmentSource::~AssignmentSource() {}

65	97

	98 scoped_refptr<base::SingleThreadTaskRunner>
	Ryan Sleevi 2016/02/19 22:56:08 DESIGN: Your API contract does not require the use DESIGN: Your API contract does not require the use of a SingleThreadTaskRunner; you could return a better type, such as a SequencedTaskRunner or, ideally, a TaskRunner, which accomplishes your goal/use case. Kevin M 2016/02/22 22:53:31 The URLRequestContextGetter (now integrated on tru Show quoted text On 2016/02/19 22:56:08, Ryan Sleevi wrote: > DESIGN: Your API contract does not require the use of a SingleThreadTaskRunner; > you could return a better type, such as a SequencedTaskRunner or, ideally, a > TaskRunner, which accomplishes your goal/use case. The URLRequestContextGetter (now integrated on trunk, see the rebased file) needs a SingleThreadTaskRunner. I'll store it in a field as a plain ol' TaskRunner for PostBackAndReplyWithResult.
	99 AssignmentSource::GetIOTaskRunner() {

	100 if (!io_thread_) {

	101 io_thread_.reset(new base::Thread("CertFileThread"));

	102 base::Thread::Options options(base::MessageLoop::TYPE_IO, 0);

	103 io_thread_->StartWithOptions(options);

	104 }

	105 return io_thread_->task_runner();

	106 }

	107

66 void AssignmentSource::GetAssignment(const AssignmentCallback& callback) {	108 void AssignmentSource::GetAssignment(const AssignmentCallback& callback) {

67 DCHECK(main_task_runner_->BelongsToCurrentThread());	109 DCHECK(main_task_runner_->BelongsToCurrentThread());

68 Assignment assignment;	110

69 assignment.ip_endpoint =	111 scoped_ptr<Assignment> assignment(new Assignment);

70 net::IPEndPoint(GetBlimpletIPAddress(), GetBlimpletTCPPort());	112 assignment->client_token = kDummyClientToken;

71 assignment.client_token = kDummyClientToken;	113 assignment->ip_addresses.push_back(GetBlimpletIPAddress());

72 main_task_runner_->PostTask(FROM_HERE, base::Bind(callback, assignment));	114 GetUint16Parameter(switches::kEngineTCPPort, &assignment->tcp_port);

	115 GetUint16Parameter(switches::kEngineSSLPort, &assignment->ssl_port);

	116 if (assignment->ssl_port > 0) {

	117 base::FilePath cert_path =

	118 base::CommandLine::ForCurrentProcess()->GetSwitchValuePath(

	119 switches::kEngineCertPath);

	120 CHECK(!cert_path.empty()) << "Missing required parameter --"

	121 << switches::kEngineCertPath << ".";

	122

	123 scoped_ptr<std::string> cert_str(new std::string);

	124 std::string* cert_str_ptr = cert_str.get();
	Ryan Sleevi 2016/02/19 22:56:08 PostTaskAndReplyWithResult explicitly exists to av PostTaskAndReplyWithResult explicitly exists to avoid needing this level of heap allocation gymanstics Change your signature to std::string ReadFromDisk(const base::FilePath& path) to accomodate this. Kevin M 2016/02/22 22:53:31 Thanks, done. I switched GetCustomAssignment to us Show quoted text On 2016/02/19 22:56:08, Ryan Sleevi wrote: > PostTaskAndReplyWithResult explicitly exists to avoid needing this level of heap > allocation gymanstics > > Change your signature to > > std::string ReadFromDisk(const base::FilePath& path) to accomodate this. Thanks, done. I switched GetCustomAssignment to use PostTaskAndReplyWithResult, and it's a nice improvement.
	125 GetIOTaskRunner()->PostTaskAndReply(
	Ryan Sleevi 2016/02/19 22:56:07 BUG/DESIGN: This seems improperly named, or at lea BUG/DESIGN: This seems improperly named, or at least, likely to confuse any Chromie that works on this, as the IO thread is not allowed to do file access (that's handled by a file thread). Nor is it necessary for your use case to use a MessageLoop::TYPE_IO file thread for this, IIRC ( I believe all our FILE threads are just normal MessageLoops) Kevin M 2016/02/22 22:53:31 Question: how do we create a FILE thread using bas Show quoted text On 2016/02/19 22:56:07, Ryan Sleevi wrote: > BUG/DESIGN: This seems improperly named, or at least, likely to confuse any > Chromie that works on this, as the IO thread is not allowed to do file access > (that's handled by a file thread). > > Nor is it necessary for your use case to use a MessageLoop::TYPE_IO file thread > for this, IIRC ( I believe all our FILE threads are just normal MessageLoops) Question: how do we create a FILE thread using base::Thread? The client doesn't depend on content/ so we don't have access to the usual BrowserThreads. Bernhard Bauer 2016/02/26 16:26:30 +1 on Ryan's comment; it was very confusing to me Show quoted text On 2016/02/22 22:53:31, Kevin M wrote: > On 2016/02/19 22:56:07, Ryan Sleevi wrote: > > BUG/DESIGN: This seems improperly named, or at least, likely to confuse any > > Chromie that works on this, as the IO thread is not allowed to do file > access > > (that's handled by a file thread). > > > > Nor is it necessary for your use case to use a MessageLoop::TYPE_IO file > thread > > for this, IIRC ( I believe all our FILE threads are just normal MessageLoops) > > Question: how do we create a FILE thread using base::Thread? > > The client doesn't depend on content/ so we don't have access to the usual > BrowserThreads. +1 on Ryan's comment; it was very confusing to me to see references to "the IO thread" everywhere. You don't need to use the FILE thread if you can't depend on content/ (in fact, even if you could, you should probably use BrowserThread::GetBlockingPool() instead), just don't refer to the thread as the IO thread or task runner, and remove the MessageLoop::TYPE_IO. Kevin M 2016/02/26 19:57:22 In the latest patch, you'll notice that we take a Show quoted text On 2016/02/26 16:26:30, Bernhard Bauer wrote: > On 2016/02/22 22:53:31, Kevin M wrote: > > On 2016/02/19 22:56:07, Ryan Sleevi wrote: > > > BUG/DESIGN: This seems improperly named, or at least, likely to confuse any > > > Chromie that works on this, as the IO thread is not allowed to do file > > access > > > (that's handled by a file thread). > > > > > > Nor is it necessary for your use case to use a MessageLoop::TYPE_IO file > > thread > > > for this, IIRC ( I believe all our FILE threads are just normal > MessageLoops) > > > > Question: how do we create a FILE thread using base::Thread? > > > > The client doesn't depend on content/ so we don't have access to the usual > > BrowserThreads. > > +1 on Ryan's comment; it was very confusing to me to see references to "the IO > thread" everywhere. > > You don't need to use the FILE thread if you can't depend on content/ (in fact, > even if you could, you should probably use BrowserThread::GetBlockingPool() > instead), just don't refer to the thread as the IO thread or task runner, and > remove the MessageLoop::TYPE_IO. In the latest patch, you'll notice that we take a task runner from the object owner for network and file tasks. That would be considered an IO thread, wouldn't it? Re: using BrowserThread::GetBlockingPool, we have a "-content" DEPS exclusion rule on the Android client to keep us honest about not pulling in content/.
	126 FROM_HERE, base::Bind(&ReadFromDisk, cert_path, cert_str_ptr),

	127 base::Bind(&ParseCertForAssignment, base::Passed(std::move(cert_str)),

	128 base::Passed(std::move(assignment)), callback));
	Ryan Sleevi 2016/02/19 22:56:07 DESIGN: While this is only one level, I find mysel DESIGN: While this is only one level, I find myself frequently discouraging people from this pattern, because it makes it difficult to follow the code flow and execution state machine, and makes it easy to introduce bugs later on, as time has repeatedly borne out. Our encouragement from //net is to consider explicit state machines to make this clear - but this is up to you and your team, who will ultimately maintain this. Kevin M 2016/02/22 22:53:31 Ack. Show quoted text On 2016/02/19 22:56:07, Ryan Sleevi wrote: > DESIGN: While this is only one level, I find myself frequently discouraging > people from this pattern, because it makes it difficult to follow the code flow > and execution state machine, and makes it easy to introduce bugs later on, as > time has repeatedly borne out. > > Our encouragement from //net is to consider explicit state machines to make this > clear - but this is up to you and your team, who will ultimately maintain this. Ack.
	129 } else {

	130 callback.Run(*assignment);

	131 }

73 }	132 }

74	133

75 } // namespace client	134 } // namespace client

76 } // namespace blimp	135 } // namespace blimp

OLD	NEW