Certificate Transparency: New component for obtaining fresh STHs.

chrome/browser/component_updater/sth_set_component_installer.cc

+// Copyright 2016 The Chromium Authors. All rights reserved.
+// Use of this source code is governed by a BSD-style license that can be
+// found in the LICENSE file.
+
+#include "chrome/browser/component_updater/sth_set_component_installer.h"
+
+#include <string>
+#include <utility>
+#include <vector>
+
+#include "base/bind.h"
+#include "base/files/file_enumerator.h"
+#include "base/files/file_path.h"
+#include "base/files/file_util.h"
+#include "base/logging.h"
+#include "base/macros.h"
+#include "base/path_service.h"
+#include "base/strings/string_number_conversions.h"
+#include "base/values.h"
+#include "base/version.h"
+#include "components/component_updater/component_updater_paths.h"
+#include "components/safe_json/safe_json_parser.h"
+#include "content/public/browser/browser_thread.h"
+#include "crypto/sha2.h"
+#include "net/cert/ct_known_logs_static.h"
+#include "net/cert/ct_log_response_parser.h"
+#include "net/cert/signed_tree_head.h"
+
+using component_updater::ComponentUpdateService;
+
+namespace {
+const base::FilePath::CharType kSTHsDirName[] = FILE_PATH_LITERAL("sths");
+}  // namespace
+
+namespace component_updater {
+
+// The SHA256 of the SubjectPublicKeyInfo used to sign the extension.
+// The extension id is: aplidfpohcjpojgnkjpkibbkcghkogef

[waffles, 2016/04/01 17:01:55]

We will use ojjgnpkioondelmggbekfhllhdaimnho

[Eran Messeri, 2016/04/04 13:10:02]

Done.

+const uint8_t kPublicKeySHA256[32] = {
+    0x0f, 0xb8, 0x35, 0xfe, 0x72, 0x9f, 0xe9, 0x6d, 0xa9, 0xfa, 0x81,
+    0x1a, 0x26, 0x7a, 0xe6, 0x45, 0x22, 0x50, 0xc4, 0xd4, 0x01, 0xcc,
+    0x33, 0x90, 0x1c, 0xe9, 0x44, 0x37, 0xc4, 0xa0, 0x2e, 0x02};

[waffles, 2016/04/01 17:01:55]

We will use e996dfa8eed34bc6614a57bb7308cd7e519bcc690841e1969f7cb173ef16800a.
For your convenience:

{0xe9, 0x96, 0xdf, 0xa8, 0xee, 0xd3, 0x4b, 0xc6, 0x61, 0x4a, 0x57, 0xbb, 0x73,
0x08, 0xcd, 0x7e, 0x51, 0x9b, 0xcc, 0x69, 0x08, 0x41, 0xe1, 0x96, 0x9f, 0x7c,
0xb1, 0x73, 0xef, 0x16, 0x80, 0x0a};

[Eran Messeri, 2016/04/04 13:10:02]

Done, thanks.

+
+const char kSTHSetFetcherManifestName[] = "Signed Tree Heads";
+
+STHSetComponentInstallerTraits::STHSetComponentInstallerTraits(
+    scoped_ptr<net::ct::STHObserver> sth_observer)
+    : sth_observer_(std::move(sth_observer)) {
+  VLOG(1) << "XXX: STHSetComponentInstallerTraits::c'tor";

[waffles, 2016/04/01 17:01:55]

These logging statements should be cleaned up prior to check-in. (I know you
said you were just looking for early feedback, but I have trouble not writing
the note.)

[Eran Messeri, 2016/04/04 13:10:02]

Done - removed debugging statements, I did leave some VLOG statements behind
that could be used for troubleshooting.

+}
+
+STHSetComponentInstallerTraits::~STHSetComponentInstallerTraits() {
+  VLOG(1) << "XXX: STHSetComponentInstallerTraits::d'tor";
+}
+
+bool STHSetComponentInstallerTraits::CanAutoUpdate() const {
+  return true;
+}
+
+bool STHSetComponentInstallerTraits::OnCustomInstall(
+    const base::DictionaryValue& manifest,
+    const base::FilePath& install_dir) {
+  VLOG(1) << "Entering STHSetComponentInstallerTraits::OnCustomInstall.";
+
+  return true;  // Nothing custom here.
+}
+
+base::FilePath STHSetComponentInstallerTraits::GetInstalledPath(
+    const base::FilePath& base) {
+  return base.Append(FILE_PATH_LITERAL("_platform_specific"))
+      .Append(FILE_PATH_LITERAL("all"))
+      .Append(kSTHsDirName);
+}
+
+void STHSetComponentInstallerTraits::ComponentReady(
+    const base::Version& version,
+    const base::FilePath& install_dir,
+    scoped_ptr<base::DictionaryValue> manifest) {
+  VLOG(1) << "Component ready, version " << version.GetString() << " in "
+          << install_dir.value();
+
+  if (!content::BrowserThread::PostBlockingPoolTask(
+          FROM_HERE,
+          base::Bind(&STHSetComponentInstallerTraits::LoadSTHsFromDisk,
+                     base::Unretained(this), GetInstalledPath(install_dir),
+                     version))) {
+    NOTREACHED();

[waffles, 2016/04/01 17:01:55]

Not sure about this.

[Eran Messeri, 2016/04/04 13:10:02]

That's a pattern used in other components - will be happy to change though,
should I just ignore the return value?

+  }
+}
+
+// Called during startup and installation before ComponentReady().
+bool STHSetComponentInstallerTraits::VerifyInstallation(
+    const base::DictionaryValue& manifest,
+    const base::FilePath& install_dir) const {
+  return base::PathExists(GetInstalledPath(install_dir));
+}
+
+base::FilePath STHSetComponentInstallerTraits::GetBaseDirectory() const {
+  base::FilePath result;
+  PathService::Get(DIR_CERT_TRANS_TREE_STATES, &result);
+  return result;
+}
+
+void STHSetComponentInstallerTraits::GetHash(std::vector<uint8_t>* hash) const {
+  hash->assign(kPublicKeySHA256,
+               kPublicKeySHA256 + arraysize(kPublicKeySHA256));
+}
+
+std::string STHSetComponentInstallerTraits::GetName() const {
+  return kSTHSetFetcherManifestName;
+}
+
+void STHSetComponentInstallerTraits::LoadSTHsFromDisk(
+    const base::FilePath& sths_path,
+    const base::Version& version) {
+  if (sths_path.empty())
+    return;
+
+  base::FileEnumerator sth_file_enumerator(sths_path, false,
+                                           base::FileEnumerator::FILES,
+                                           FILE_PATH_LITERAL("*.sth"));
+  base::FilePath sth_file_path;
+
+  while (!(sth_file_path = sth_file_enumerator.Next()).empty()) {
+    VLOG(1) << "Reading STH from file: " << sth_file_path.value();
+
+    std::string log_id_hex =
+        sth_file_path.BaseName().RemoveExtension().MaybeAsASCII();
+    if (log_id_hex.empty()) {
+      DVLOG(1) << "Error extracting log_id from: "
+               << sth_file_path.BaseName().LossyDisplayName();
+      continue;
+    }
+
+    std::vector<uint8_t> decoding_output;
+    if (!base::HexStringToBytes(log_id_hex, &decoding_output)) {
+      DVLOG(1) << "Failed to decode Log ID: " << log_id_hex;
+      continue;
+    }
+
+    std::string log_id;
+    log_id.assign(reinterpret_cast<const char*>(&decoding_output[0]),
+                  decoding_output.size());
+
+    std::string json_sth;
+    if (!base::ReadFileToString(sth_file_path, &json_sth)) {
+      VLOG(1) << "Failed reading from " << sth_file_path.value();
+      continue;
+    }
+
+    VLOG(1) << "STH: Successfully read: " << json_sth;
+    safe_json::SafeJsonParser::Parse(

[waffles, 2016/04/01 17:01:55]

Hm, I wonder if it is a good idea to do this kind of parsing in
VerifyInstallation. The benefit there is that if we do get some JSON file that
doesn't parse (e.g. in the case of disk corruption), the component updater won't
load that version of the component and will instead try to re-download it. The
drawback (in addition to parsing twice) is that if we ever ship something that
doesn't parse, the component updater will repeatedly try to update the
component. Thoughts?

[Eran Messeri, 2016/04/03 05:24:10]

Good point - do you have any metrics on how many clients see corrupt component
downloads?
Can you suggest a way to do the parsing in VerifyInstallation that would still
use the SafeJsonParser? As you can see the parser invokes the success/failure
callbacks asynchronously, I'm not sure blocking VerifyInstallation until these
callbacks get called is a good idea.
(I'm also not too concerned about it since we plan to push components fairly
frequently, so a corrupted download should be remedied within 24 hours). 

+        json_sth,
+        base::Bind(&STHSetComponentInstallerTraits::OnJsonParseSuccess,
+                   base::Unretained(this), log_id),
+        base::Bind(&STHSetComponentInstallerTraits::OnJsonParseError,
+                   base::Unretained(this), log_id));
+  }
+}
+
+void STHSetComponentInstallerTraits::OnJsonParseSuccess(
+    std::string log_id,
+    scoped_ptr<base::Value> parsed_json) {
+  net::ct::SignedTreeHead signed_tree_head;
+  VLOG(0) << "STH parsing success for log: "
+          << base::HexEncode(log_id.data(), log_id.length());
+  if (!net::ct::FillSignedTreeHead(*(parsed_json.get()), &signed_tree_head)) {
+    LOG(WARNING) << "Failed to fill in signed tree head.";
+    return;
+  }
+
+  // The log id is not a part of the response, fill in manually.
+  signed_tree_head.log_id = log_id;
+  content::BrowserThread::PostTask(
+      content::BrowserThread::IO, FROM_HERE,
+      base::Bind(&net::ct::STHObserver::NewSTHObserved,
+                 base::Unretained(sth_observer_.get()), signed_tree_head));
+}
+
+void STHSetComponentInstallerTraits::OnJsonParseError(
+    std::string log_id,
+    const std::string& error) {
+  VLOG(0) << "STH loading failed: " << error
+          << " for log: " << base::HexEncode(log_id.data(), log_id.length());
+}
+
+void RegisterSTHSetComponent(
+    ComponentUpdateService* cus,
+    const base::FilePath& user_data_dir,
+    scoped_ptr<net::ct::STHObserver> sth_observer) {
+  VLOG(1) << "Registering STH Set fetcher component.";
+
+  scoped_ptr<ComponentInstallerTraits> traits(
+      new STHSetComponentInstallerTraits(std::move(sth_observer)));
+  // |cus| will take ownership of |installer| during installer->Register(cus).
+  DefaultComponentInstaller* installer =
+      new DefaultComponentInstaller(std::move(traits));
+  installer->Register(cus, base::Closure());
+}
+
+}  // namespace component_updater