Certificate Transparency: Collect metrics on age of SCT vs STH

components/certificate_transparency/single_tree_tracker.cc

 // Copyright 2016 The Chromium Authors. All rights reserved.
 // Use of this source code is governed by a BSD-style license that can be
 // found in the LICENSE file.
 
 #include "components/certificate_transparency/single_tree_tracker.h"
 
 #include <utility>
 
+#include "base/metrics/histogram_macros.h"
 #include "net/cert/ct_log_verifier.h"
 #include "net/cert/signed_certificate_timestamp.h"
 #include "net/cert/x509_certificate.h"
 
 using net::ct::SignedTreeHead;
 
+namespace {
+
+// Enum indicating whether an SCT can be checked for inclusion and if not,
+// the reason it cannot.
+//
+// Note: The numeric values are used within a histogram and should not change
+// or be re-assigned.
+enum SCTCanBeCheckedForInclusion {
+  // If the SingleTreeTracker does not have a valid STH, then a valid STH is
+  // first required to evaluate whether the SCT can be checked for inclusion
+  // or not.
+  VALID_STH_REQUIRED = 0,
+  // If the STH does not cover the SCT (the timestamp in the SCT is greater than
+  // MMD + timestamp in the STH), then a newer STH is needed.
+  NEWER_STH_REQUIRED = 1,
+  // When an SCT is observed, if the SingleTreeTracker instance has a valid STH
+  // and the STH covers the SCT (the timestamp in the SCT is less than MMD +
+  // timestamp in the STH), then it can be checked for inclusion.
+  CAN_BE_CHECKED = 2,
+  SCT_CAN_BE_CHECKED_MAX
+};
+
+// Measure how often clients encounter very new SCTs, by measuring whether an
+// SCT can be checked for inclusion upon first observation.
+void LogCanBeCheckedForInclusionToUMA(
+    SCTCanBeCheckedForInclusion can_be_checked) {
+  UMA_HISTOGRAM_ENUMERATION("Net.CertificateTransparency.CanInclusionCheckSCT",
+                            can_be_checked, SCT_CAN_BE_CHECKED_MAX);
+}
+
+}  // namespace
+
 namespace certificate_transparency {
 
 SingleTreeTracker::SingleTreeTracker(
     scoped_refptr<const net::CTLogVerifier> ct_log)
     : ct_log_(std::move(ct_log)) {}
 
 SingleTreeTracker::~SingleTreeTracker() {}
 
 void SingleTreeTracker::OnSCTVerified(
     net::X509Certificate* cert,
     const net::ct::SignedCertificateTimestamp* sct) {
   DCHECK_EQ(ct_log_->key_id(), sct->log_id);
 
   // SCT was previously observed, so its status should not be changed.
   if (entries_status_.find(sct->timestamp) != entries_status_.end())
     return;
 
   // If there isn't a valid STH or the STH is not fresh enough to check
   // inclusion against, store the SCT for future checking and return.
   if (verified_sth_.timestamp.is_null() ||
       (verified_sth_.timestamp <
        (sct->timestamp + base::TimeDelta::FromHours(24)))) {
-    // TODO(eranm): UMA - how often SCTs have to wait for a newer STH for
-    // inclusion check.
     entries_status_.insert(
         std::make_pair(sct->timestamp, SCT_PENDING_NEWER_STH));
+
+    if (!verified_sth_.timestamp.is_null()) {
+      LogCanBeCheckedForInclusionToUMA(NEWER_STH_REQUIRED);
+    } else {
+      LogCanBeCheckedForInclusionToUMA(VALID_STH_REQUIRED);
+    }
+
     return;
   }
 
+  LogCanBeCheckedForInclusionToUMA(CAN_BE_CHECKED);
   // TODO(eranm): Check inclusion here.
-  // TODO(eranm): UMA - how often inclusion can be checked immediately.
   entries_status_.insert(
       std::make_pair(sct->timestamp, SCT_PENDING_INCLUSION_CHECK));
 }
 
 void SingleTreeTracker::NewSTHObserved(const SignedTreeHead& sth) {
   DCHECK_EQ(ct_log_->key_id(), sth.log_id);
 
   if (!ct_log_->VerifySignedTreeHead(sth)) {
     // Sanity check the STH; the caller should have done this
     // already, but being paranoid here.
@@ skipping 35 matching lines @@
 SingleTreeTracker::SCTInclusionStatus
 SingleTreeTracker::GetLogEntryInclusionStatus(
     net::X509Certificate* cert,
     const net::ct::SignedCertificateTimestamp* sct) {
   auto it = entries_status_.find(sct->timestamp);
 
   return it == entries_status_.end() ? SCT_NOT_OBSERVED : it->second;
 }
 
 }  // namespace certificate_transparency