Restart the host when the third party auth certificate changes

remoting/host/linux/certificate_watcher.cc

+// Copyright 2016 The Chromium Authors. All rights reserved.
+// Use of this source code is governed by a BSD-style license that can be
+// found in the LICENSE file.
+
+#include "remoting/host/linux/certificate_watcher.h"
+
+#include "base/bind.h"
+#include "base/bind_helpers.h"
+#include "base/location.h"
+#include "base/logging.h"
+#include "base/message_loop/message_loop.h"

[Sergey Ulanov, 2016/04/05 21:12:56]

Don't need this include

[Yuwei, 2016/04/05 22:18:55]

Done.

+#include "base/path_service.h"
+#include "base/thread_task_runner_handle.h"
+
+namespace remoting {
+
+// Delay time to restart the host when a change of certificate is detected.
+// This is to avoid repeating restarts when continuous writes to the database
+// occur.
+const int kRestartDelayInSecond = 2;
+
+// Full Path: $HOME/.pki/nssdb
+const char kCertDirectoryPath[] = ".pki/nssdb";
+
+CertificateWatcher::CertificateWatcher(
+    const base::Closure& restart_action,
+    scoped_refptr<base::SingleThreadTaskRunner> io_task_runner)
+    : restart_action_(restart_action),
+      caller_task_runner_(base::ThreadTaskRunnerHandle::Get()),
+      io_task_runner_(io_task_runner),
+      delay_(base::TimeDelta::FromSeconds(kRestartDelayInSecond)) {
+  if (!base::PathService::Get(base::DIR_HOME, &cert_watch_path_)) {
+    LOG(FATAL) << "Failed to get path of the home directory.";
+  }
+  cert_watch_path_ = cert_watch_path_.AppendASCII(kCertDirectoryPath);
+}
+
+CertificateWatcher::~CertificateWatcher() {
+  Stop();
+}
+
+bool CertificateWatcher::Start() {

[Sergey Ulanov, 2016/04/05 21:12:55]

No longer need to return bool, as it cannot fail anymore.

[Yuwei, 2016/04/05 22:18:55]

Done.

+  DCHECK(caller_task_runner_->BelongsToCurrentThread());
+  DCHECK(!cert_watch_path_.empty());
+
+  file_watcher_.reset(new base::FilePathWatcher());
+  io_task_runner_->PostTask(
+      FROM_HERE,
+      base::Bind(base::IgnoreResult(&base::FilePathWatcher::Watch),
+                 base::Unretained(file_watcher_.get()), cert_watch_path_, true,
+                 base::Bind(&CertificateWatcher::OnCertDirectoryChanged,
+                            caller_task_runner_, this->AsWeakPtr())));
+  restart_timer_.reset(new base::DelayTimer(FROM_HERE, delay_, this,
+                                            &CertificateWatcher::OnTimer));
+
+  VLOG(1) << "Started watching certificate changes.";
+  return true;
+}
+
+void CertificateWatcher::Stop() {
+  DCHECK(caller_task_runner_->BelongsToCurrentThread());
+
+  if (!is_started()) {
+    return;
+  }
+  if (monitor_) {
+    monitor_->RemoveStatusObserver(this);
+  }
+  io_task_runner_->DeleteSoon(FROM_HERE, file_watcher_.release());
+  restart_timer_.reset();
+
+  VLOG(1) << "Stopped watching certificate changes.";
+}
+
+void CertificateWatcher::SetMonitor(base::WeakPtr<HostStatusMonitor> monitor) {
+  DCHECK(is_started());
+  if (monitor_) {
+    monitor_->RemoveStatusObserver(this);
+  }
+  monitor->AddStatusObserver(this);
+  monitor_ = monitor;
+}
+
+void CertificateWatcher::OnClientConnected(const std::string& jid) {
+  DCHECK(is_started());
+  DCHECK(caller_task_runner_->BelongsToCurrentThread());
+  inhibit_mode_ = true;
+}
+
+void CertificateWatcher::OnClientDisconnected(const std::string& jid) {
+  DCHECK(is_started());
+  DCHECK(caller_task_runner_->BelongsToCurrentThread());
+  inhibit_mode_ = false;
+  if (restart_pending_) {
+    restart_pending_ = false;
+    restart_action_.Run();
+  }
+}
+
+void CertificateWatcher::SetDelayForTests(const base::TimeDelta& delay) {
+  DCHECK(!is_started());
+  delay_ = delay;
+}
+
+void CertificateWatcher::SetWatchPathForTests(
+    const base::FilePath& watch_path) {
+  DCHECK(!is_started());
+  cert_watch_path_ = watch_path;
+}
+
+bool CertificateWatcher::is_started() const {
+  return file_watcher_ != nullptr;
+}
+
+// static
+void CertificateWatcher::OnCertDirectoryChanged(
+    scoped_refptr<base::SingleThreadTaskRunner> network_task_runner,
+    base::WeakPtr<CertificateWatcher> watcher_,
+    const base::FilePath& path,
+    bool error) {
+  network_task_runner->PostTask(
+      FROM_HERE,
+      base::Bind(&CertificateWatcher::DirectoryChanged, watcher_, path, error));
+}
+
+void CertificateWatcher::DirectoryChanged(const base::FilePath& path,
+                                          bool error) {
+  DCHECK(caller_task_runner_->BelongsToCurrentThread());
+
+  if (error || path != cert_watch_path_) {

[Sergey Ulanov, 2016/04/05 21:12:55]

The watcher watches a directory, but here |path| may point to a file in that
directory, so I'm not sure that second condition is correct. Why do you need it?
I suggest removing it.

[Yuwei, 2016/04/05 21:27:40]

Looks like |path| will never point to something other than the directory even if
the file being changed is inside it. I guess the path param is useful when
binding multiple file watchers but not very useful in this case. Maybe just
DCHECK it?

+    LOG(WARNING) << "Unexpected file update callback. "
+                 << "Path: " << path.MaybeAsASCII() << "; "
+                 << "Error: " << error;
+    return;
+  }
+
+  restart_timer_->Reset();
+}
+
+void CertificateWatcher::OnTimer() {
+  DCHECK(caller_task_runner_->BelongsToCurrentThread());
+
+  if (inhibit_mode_) {
+    restart_pending_ = true;
+    return;
+  }
+
+  VLOG(1) << "Certificate was updated. Calling restart...";
+  restart_action_.Run();
+}
+
+}  // namespace remoting