network_time_tracker: add temporary time protocol.

components/network_time/network_time_tracker.cc

 // Copyright 2014 The Chromium Authors. All rights reserved.
 // Use of this source code is governed by a BSD-style license that can be
 // found in the LICENSE file.
 
 #include "components/network_time/network_time_tracker.h"
 
 #include <stdint.h>
 #include <utility>
 
 #include "base/i18n/time_formatting.h"
+#include "base/json/json_reader.h"
 #include "base/logging.h"
 #include "base/strings/utf_string_conversions.h"
 #include "base/time/tick_clock.h"
 #include "build/build_config.h"
+#include "components/client_update_protocol/ecdsa.h"
 #include "components/network_time/network_time_pref_names.h"
 #include "components/prefs/pref_registry_simple.h"
 #include "components/prefs/pref_service.h"
+#include "net/base/load_flags.h"
+#include "net/http/http_response_headers.h"
+#include "net/url_request/url_fetcher.h"
+#include "url/gurl.h"
 
 namespace network_time {
 
 namespace {
 
 // Number of time measurements performed in a given network time calculation.
 const uint32_t kNumTimeMeasurements = 7;
 
 // Amount of divergence allowed between wall clock and tick clock.
 const uint32_t kClockDivergenceSeconds = 60;
 
 // Maximum time lapse before deserialized data are considered stale.
 const uint32_t kSerializedDataMaxAgeDays = 7;
 
 // Name of a pref that stores the wall clock time, via |ToJsTime|.
 const char kPrefTime[] = "local";
 
 // Name of a pref that stores the tick clock time, via |ToInternalValue|.
 const char kPrefTicks[] = "ticks";
 
 // Name of a pref that stores the time uncertainty, via |ToInternalValue|.
 const char kPrefUncertainty[] = "uncertainty";
 
 // Name of a pref that stores the network time via |ToJsTime|.
 const char kPrefNetworkTime[] = "network";
 
+const char kTimeServiceURL[] = "http://clients2.google.com/time/1/current";
+
+// This is an ECDSA prime256v1 named-curve key.
+const int kKeyVersion = 1;
+const uint8_t kKeyPubBytes[] = {
+    0x30, 0x59, 0x30, 0x13, 0x06, 0x07, 0x2a, 0x86, 0x48, 0xce, 0x3d, 0x02,
+    0x01, 0x06, 0x08, 0x2a, 0x86, 0x48, 0xce, 0x3d, 0x03, 0x01, 0x07, 0x03,
+    0x42, 0x00, 0x04, 0xeb, 0xd8, 0xad, 0x0b, 0x8f, 0x75, 0xe8, 0x84, 0x36,
+    0x23, 0x48, 0x14, 0x24, 0xd3, 0x93, 0x42, 0x25, 0x43, 0xc1, 0xde, 0x36,
+    0x29, 0xc6, 0x95, 0xca, 0xeb, 0x28, 0x85, 0xff, 0x09, 0xdc, 0x08, 0xec,
+    0x45, 0x74, 0x6e, 0x4b, 0xc3, 0xa5, 0xfd, 0x8a, 0x2f, 0x02, 0xa0, 0x4b,
+    0xc3, 0xc6, 0xa4, 0x7b, 0xa4, 0x41, 0xfc, 0xa7, 0x02, 0x54, 0xab, 0xe3,
+    0xe4, 0xb1, 0x00, 0xf5, 0xd5, 0x09, 0x11};
+
+static std::string GetServerProof(const net::URLFetcher* source) {
+  const net::HttpResponseHeaders* response_headers =
+      source->GetResponseHeaders();
+  if (response_headers == nullptr) {
+    return std::string();
+  }
+  std::string proof;
+  return response_headers->EnumerateHeader(nullptr, "x-cup-server-proof",

[waffles, 2016/04/26 21:16:46]

Hm, filed crbug/606958 for this, but this is fine to check in as-is.

+                                           &proof)
+             ? proof
+             : std::string();
+}
+
 }  // namespace
 
 // static
 void NetworkTimeTracker::RegisterPrefs(PrefRegistrySimple* registry) {
   registry->RegisterDictionaryPref(prefs::kNetworkTimeMapping,
                                    new base::DictionaryValue());
 }
 
 NetworkTimeTracker::NetworkTimeTracker(scoped_ptr<base::Clock> clock,
                                        scoped_ptr<base::TickClock> tick_clock,
-                                       PrefService* pref_service)
-    : clock_(std::move(clock)),
+                                       PrefService* pref_service,
+                                       net::URLRequestContextGetter* getter)
+    : getter_(getter),
+      time_fetcher_(nullptr),

[Nicolas Zea, 2016/04/27 18:58:22]

nit: both time_fetcher_ and query_signer_ are scoped_ptrs, so don't need to be
initialized to nullptr (they're default initialized).

[mab, 2016/04/27 20:00:37]

Done.

+      query_signer_(nullptr),
+      clock_(std::move(clock)),
       tick_clock_(std::move(tick_clock)),
       pref_service_(pref_service) {
   const base::DictionaryValue* time_mapping =
       pref_service_->GetDictionary(prefs::kNetworkTimeMapping);
   double time_js = 0;
   double ticks_js = 0;
   double network_time_js = 0;
   double uncertainty_js = 0;
   if (time_mapping->GetDouble(kPrefTime, &time_js) &&
       time_mapping->GetDouble(kPrefTicks, &ticks_js) &&
       time_mapping->GetDouble(kPrefUncertainty, &uncertainty_js) &&
       time_mapping->GetDouble(kPrefNetworkTime, &network_time_js)) {
     time_at_last_measurement_ = base::Time::FromJsTime(time_js);
     ticks_at_last_measurement_ = base::TimeTicks::FromInternalValue(
         static_cast<int64_t>(ticks_js));
     network_time_uncertainty_ = base::TimeDelta::FromInternalValue(
         static_cast<int64_t>(uncertainty_js));
     network_time_at_last_measurement_ = base::Time::FromJsTime(network_time_js);
   }
   base::Time now = clock_->Now();
   if (ticks_at_last_measurement_ > tick_clock_->NowTicks() ||
       time_at_last_measurement_ > now ||
       now - time_at_last_measurement_ >
           base::TimeDelta::FromDays(kSerializedDataMaxAgeDays)) {
     // Drop saved mapping if either clock has run backward, or the data are too
     // old.
     pref_service_->ClearPref(prefs::kNetworkTimeMapping);
     network_time_at_last_measurement_ = base::Time();  // Reset.
   }
+  if (getter != nullptr) {
+    query_signer_ = client_update_protocol::Ecdsa::Create(
+        kKeyVersion,
+        {reinterpret_cast<const char*>(kKeyPubBytes), sizeof(kKeyPubBytes)});
+    base::TimeDelta period = base::TimeDelta::FromMinutes(60);

[Nicolas Zea, 2016/04/27 18:58:22]

nit: although this is only used here, might be good to pull this constant out
into the anon namespace at the top of file, so they can all be found easily.

[mab, 2016/04/27 20:00:37]

Done.

+    query_timer_.Start(FROM_HERE, period, this,
+                       &NetworkTimeTracker::QueryTimeService);
+  }
 }
 
 NetworkTimeTracker::~NetworkTimeTracker() {
   DCHECK(thread_checker_.CalledOnValidThread());
 }
 
+void NetworkTimeTracker::QueryTimeService() {
+  DCHECK(thread_checker_.CalledOnValidThread());
+
+  // If GetNetworkTime() returns true, the NetworkTimeTracker thinks
+  // it is in sync, so there is no need to query.
+  base::Time network_time;
+  if (GetNetworkTime(&network_time, nullptr)) {
+    return;
+  }
+
+  std::string query_string;
+  query_signer_->SignRequest({"", 0}, &query_string);
+  GURL url(kTimeServiceURL);
+  GURL::Replacements replacements;
+  replacements.SetQueryStr(query_string);
+  url = url.ReplaceComponents(replacements);
+
+  // This cancels any outstanding fetch.
+  time_fetcher_ = net::URLFetcher::Create(url, net::URLFetcher::GET, this);
+  if (time_fetcher_ == nullptr) {
+    VLOG(1) << "tried to make fetch happen; failed";

[Nicolas Zea, 2016/04/27 18:58:22]

Why VLOG vs DVLOG (here and elsewhere)? Unless there's strong reason not to,
DVLOG is preferred to avoid executable bloat.

[mab, 2016/04/27 20:00:36]

Done.

+    return;
+  }
+  time_fetcher_->SetRequestContext(getter_);
+  // Not expecting any cookies, but just in case.
+  time_fetcher_->SetLoadFlags(
+      net::LOAD_DISABLE_CACHE | net::LOAD_DO_NOT_SEND_COOKIES |
+      net::LOAD_DO_NOT_SAVE_COOKIES | net::LOAD_BYPASS_CACHE |
+      net::LOAD_DO_NOT_SEND_AUTH_DATA);
+  time_fetcher_->Start();
+  fetch_started_ = tick_clock_->NowTicks();
+}
+
+void NetworkTimeTracker::OnURLFetchComplete(const net::URLFetcher* source) {
+  DCHECK(thread_checker_.CalledOnValidThread());
+  DCHECK(source);
+  if (source->GetStatus().status() != net::URLRequestStatus::SUCCESS &&
+      source->GetResponseCode() != 200) {
+    VLOG(1) << "fetch failed, status=" << source->GetStatus().status()
+            << ",code=" << source->GetResponseCode();
+    return;
+  }
+
+  std::string response_body;
+  if (!source->GetResponseAsString(&response_body)) {
+    VLOG(1) << "failed to get response";
+    return;
+  }
+  DCHECK(query_signer_.get());
+  if (!query_signer_->ValidateResponse(response_body, GetServerProof(source))) {
+    VLOG(1) << "invalid signature";
+    return;
+  }
+  response_body = response_body.substr(5);  // Skips leading )]}'\n
+  base::JSONReader reader;
+  scoped_ptr<base::Value> value = reader.Read(response_body);
+  if (value == nullptr) {
+    VLOG(1) << "bad JSON";
+    return;
+  }
+  const base::DictionaryValue* dict;
+  if (!value->GetAsDictionary(&dict)) {
+    VLOG(1) << "not a dictionary";
+    return;
+  }
+  double current_time_millis;
+  if (!dict->GetDouble("current_time_millis", &current_time_millis)) {
+    VLOG(1) << "no current_time_millis";
+    return;
+  }
+  // There's also a "server_nonce" key, which we can ignore.
+  base::Time current_time = base::Time::FromJsTime(current_time_millis);
+  // The extra 10 seconds comes from a property of the time server that we
+  // happen to know, which its maximum allowable clock skew.  It's unlikely that

[Nicolas Zea, 2016/04/27 18:58:22]

nit: which its -> which is its

[mab, 2016/04/27 20:00:37]

Done.

+  // it would ever be that badly wrong, but all the same it's included here to
+  // document the very rough nature of the time service provided by this class.
+  base::TimeDelta resolution =
+      base::TimeDelta::FromMilliseconds(1) + base::TimeDelta::FromSeconds(10);
+  base::TimeDelta latency = tick_clock_->NowTicks() - fetch_started_;
+  UpdateNetworkTime(current_time, resolution, latency, tick_clock_->NowTicks());
+}
+
 void NetworkTimeTracker::UpdateNetworkTime(base::Time network_time,
                                            base::TimeDelta resolution,
                                            base::TimeDelta latency,
                                            base::TimeTicks post_time) {

[waffles, 2016/04/26 21:16:46]

IIRC, this is called by a number of services, do we trust those services to call
it correctly? (i.e. do we trust HTTPS?)

[mab, 2016/04/27 18:07:41]

We do, but I also think it makes sense to move away from updates from other
sources, if only to make it easier to audit where time can come from.

   DCHECK(thread_checker_.CalledOnValidThread());
   DVLOG(1) << "Network time updating to "
            << base::UTF16ToUTF8(
                   base::TimeFormatFriendlyDateAndTime(network_time));
   // Update network time on every request to limit dependency on ticks lag.
   // TODO(mad): Find a heuristic to avoid augmenting the
   // network_time_uncertainty_ too much by a particularly long latency.
   // Maybe only update when the the new time either improves in accuracy or
   // drifts too far from |network_time_at_last_measurement_|.
   network_time_at_last_measurement_ = network_time;
@@ skipping 19 matching lines @@
 
   base::DictionaryValue time_mapping;
   time_mapping.SetDouble(kPrefTime, time_at_last_measurement_.ToJsTime());
   time_mapping.SetDouble(kPrefTicks, static_cast<double>(
       ticks_at_last_measurement_.ToInternalValue()));
   time_mapping.SetDouble(kPrefUncertainty, static_cast<double>(
       network_time_uncertainty_.ToInternalValue()));
   time_mapping.SetDouble(kPrefNetworkTime,
       network_time_at_last_measurement_.ToJsTime());
   pref_service_->Set(prefs::kNetworkTimeMapping, time_mapping);
+
+  query_timer_.Reset();
 }
 
 bool NetworkTimeTracker::GetNetworkTime(base::Time* network_time,
                                         base::TimeDelta* uncertainty) const {
   DCHECK(thread_checker_.CalledOnValidThread());
   DCHECK(network_time);
   if (network_time_at_last_measurement_.is_null()) {
     return false;
   }
   DCHECK(!ticks_at_last_measurement_.is_null());
@@ skipping 16 matching lines @@
     return false;
   }
   *network_time = network_time_at_last_measurement_ + tick_delta;
   if (uncertainty) {
     *uncertainty = network_time_uncertainty_ + divergence;
   }
   return true;
 }
 
 }  // namespace network_time