Certificate Transparency: New component for obtaining fresh STHs.

chrome/browser/chromeos/login/session/user_session_manager.cc

 // Copyright 2014 The Chromium Authors. All rights reserved.
 // Use of this source code is governed by a BSD-style license that can be
 // found in the LICENSE file.
 
 #include "chrome/browser/chromeos/login/session/user_session_manager.h"
 
 #include <stddef.h>
 
 #include <set>
 #include <string>
@@ skipping 42 matching lines @@
 #include "chrome/browser/chromeos/login/ui/input_events_blocker.h"
 #include "chrome/browser/chromeos/login/ui/login_display_host.h"
 #include "chrome/browser/chromeos/login/user_flow.h"
 #include "chrome/browser/chromeos/login/users/chrome_user_manager.h"
 #include "chrome/browser/chromeos/login/users/supervised_user_manager.h"
 #include "chrome/browser/chromeos/login/wizard_controller.h"
 #include "chrome/browser/chromeos/policy/browser_policy_connector_chromeos.h"
 #include "chrome/browser/chromeos/profiles/profile_helper.h"
 #include "chrome/browser/chromeos/settings/cros_settings.h"
 #include "chrome/browser/component_updater/ev_whitelist_component_installer.h"
+#include "chrome/browser/component_updater/sth_set_component_installer.h"
 #include "chrome/browser/first_run/first_run.h"
 #include "chrome/browser/google/google_brand_chromeos.h"
 #include "chrome/browser/lifetime/application_lifetime.h"
 #include "chrome/browser/net/crl_set_fetcher.h"
 #include "chrome/browser/net/nss_context.h"
 #include "chrome/browser/prefs/session_startup_pref.h"
 #include "chrome/browser/profiles/profile.h"
 #include "chrome/browser/profiles/profile_manager.h"
 #include "chrome/browser/signin/account_tracker_service_factory.h"
 #include "chrome/browser/signin/easy_unlock_service.h"
@@ skipping 32 matching lines @@
 #include "components/signin/core/browser/account_tracker_service.h"
 #include "components/signin/core/browser/signin_manager_base.h"
 #include "components/user_manager/known_user.h"
 #include "components/user_manager/user.h"
 #include "components/user_manager/user_manager.h"
 #include "components/user_manager/user_type.h"
 #include "content/public/browser/browser_thread.h"
 #include "content/public/browser/notification_service.h"
 #include "content/public/browser/storage_partition.h"
 #include "content/public/common/content_switches.h"
+#include "net/cert/sth_distributor.h"
 #include "ui/base/ime/chromeos/input_method_descriptor.h"
 #include "ui/base/ime/chromeos/input_method_manager.h"
 #include "url/gurl.h"
 
 #if defined(ENABLE_RLZ)
 #include "chrome/browser/rlz/chrome_rlz_tracker_delegate.h"
 #include "components/rlz/rlz_tracker.h"
 #endif
 
 namespace chromeos {
@@ skipping 1016 matching lines @@
       content::NotificationService::AllSources(),
       content::Details<Profile>(profile));
 
   // Initialize various services only for primary user.
   const user_manager::User* user =
       ProfileHelper::Get()->GetUserByProfile(profile);
   if (user_manager->GetPrimaryUser() == user) {
     InitRlz(profile);
     InitializeCerts(profile);
     InitializeCRLSetFetcher(user);
-    InitializeEVCertificatesWhitelistComponent(user);
+    InitializeCertificateTransparencyComponents(user);
 
     if (arc::ArcBridgeService::GetEnabled(
             base::CommandLine::ForCurrentProcess())) {
       DCHECK(arc::ArcServiceManager::Get());
       arc::ArcServiceManager::Get()->OnPrimaryUserProfilePrepared(
           multi_user_util::GetAccountIdFromProfile(profile));
       arc::ArcAuthService::Get()->OnPrimaryUserProfilePrepared(profile);
     }
   }
 
@@ skipping 246 matching lines @@
     base::FilePath path;
     path = ProfileHelper::GetProfilePathByUserIdHash(username_hash);
     component_updater::ComponentUpdateService* cus =
         g_browser_process->component_updater();
     CRLSetFetcher* crl_set = g_browser_process->crl_set_fetcher();
     if (crl_set && cus)
       crl_set->StartInitialLoad(cus, path);
   }
 }
 
-void UserSessionManager::InitializeEVCertificatesWhitelistComponent(
+void UserSessionManager::InitializeCertificateTransparencyComponents(
     const user_manager::User* user) {
   const std::string username_hash = user->username_hash();
   component_updater::ComponentUpdateService* cus =
       g_browser_process->component_updater();
   if (!username_hash.empty() && cus) {
     const base::FilePath path =
         ProfileHelper::GetProfilePathByUserIdHash(username_hash);
+    // EV whitelist
     RegisterEVWhitelistComponent(cus, path);
+
+    // TODO(eranm): Pass the distributor to the IOThread so CT
+    // TreeStateTracker instances can register for STH updates.

[Ryan Sleevi, 2016/04/06 18:32:50]

Can you file a bug? Mostly because I'm not sure what you're trying to
communicate here.

The bug would capture "Here's what we're doing, here's what we need to do, and
why" and track the "doing the thing we need to do" part. Mostly, I'm not sure
the "why" has enough context here. Plus it helps us track removing TODOs :)

[Eran Messeri, 2016/04/07 11:38:02]

Done - that TODO now lives in sth_set_component_installer.cc, where I linked to
crbug.com/506227 (and the design doc). The follow-up work is in an immediate CL.

+    scoped_ptr<net::ct::STHDistributor> distributor(
+        new net::ct::STHDistributor());
+    // STH set fetcher.
+    RegisterSTHSetComponent(cus, path, std::move(distributor));
   }
 }
 
 void UserSessionManager::OnRestoreActiveSessions(
     const SessionManagerClient::ActiveSessionsMap& sessions,
     bool success) {
   if (!success) {
     LOG(ERROR) << "Could not get list of active user sessions after crash.";
     // If we could not get list of active user sessions it is safer to just
     // sign out so that we don't get in the inconsistent state.
@@ skipping 375 matching lines @@
   token_handle_util_.reset();
   first_run::GoodiesDisplayer::Delete();
 }
 
 void UserSessionManager::CreateTokenUtilIfMissing() {
   if (!token_handle_util_.get())
     token_handle_util_.reset(new TokenHandleUtil());
 }
 
 }  // namespace chromeos