Index: chromeos/printing/ppd_cache.cc |
diff --git a/chromeos/printing/ppd_cache.cc b/chromeos/printing/ppd_cache.cc |
new file mode 100644 |
index 0000000000000000000000000000000000000000..667d5dbc2c221a82663246884fda648e5e920c2d |
--- /dev/null |
+++ b/chromeos/printing/ppd_cache.cc |
@@ -0,0 +1,174 @@ |
+// Copyright 2016 The Chromium Authors. All rights reserved. |
+// Use of this source code is governed by a BSD-style license that can be |
+// found in the LICENSE file. |
+ |
+#include <vector> |
+ |
+#include "base/files/file_util.h" |
+#include "base/memory/ptr_util.h" |
+#include "base/path_service.h" |
+#include "base/strings/string_util.h" |
+#include "chromeos/printing/ppd_cache.h" |
+#include "crypto/sha2.h" |
+#include "net/base/io_buffer.h" |
+#include "net/filter/filter.h" |
+#include "net/filter/gzip_header.h" |
+ |
+using base::File; |
+using base::FilePath; |
+using base::Optional; |
+using net::Filter; |
+using std::string; |
+using std::unique_ptr; |
+using std::vector; |
+ |
+namespace chromeos { |
+namespace printing { |
+namespace { |
+ |
+// Return the ASCII character representing the given nibble, in hex. |
+char HexifyNibble(int nibble) { |
skau
2016/10/14 23:51:49
Is this equivalent to HexEncode?
https://cs.chromi
Carlson
2016/10/17 16:43:20
I spent seriously like 15 minutes looking for that
|
+ DCHECK(nibble >= 0 && nibble <= 0xf); |
+ if (nibble <= 9) { |
+ return '0' + nibble; |
+ } |
+ return 'a' + (nibble - 10); |
+} |
+ |
+// Return a ascii-hex version of the data in data, interpreted as a list of |
+// bytes. Leading zeros are not removed. For example, a 3-byte string |
+// containing the bytes {0x0a, 0x3f, 0xff} would be converted to the 6-byte |
+// string "0a3fff" |
+string Hexify(const string& data) { |
+ string ret; |
+ // Each nibble gets a char, so 2 output bytes per input raw byte. |
+ ret.resize(data.size() * 2); |
+ int out_idx = 0; |
+ for (char c : data) { |
+ ret[out_idx++] = HexifyNibble((c >> 4) & 0xf); |
+ ret[out_idx++] = HexifyNibble(c & 0xf); |
+ } |
+ DCHECK_EQ(static_cast<size_t>(out_idx), ret.size()); |
+ return ret; |
+} |
+ |
+// Return true if it looks like contents is already gzipped, false otherwise. |
+bool IsGZipped(const string& contents) { |
+ const char* ignored; |
+ net::GZipHeader header; |
+ return header.ReadMore(contents.data(), contents.size(), &ignored) == |
+ net::GZipHeader::COMPLETE_HEADER; |
+} |
+ |
+class PpdCacheImpl : public PpdCache { |
+ public: |
+ explicit PpdCacheImpl(const FilePath& cache_base_dir, |
+ const PpdCache::Options& options) |
+ : cache_base_dir_(cache_base_dir) {} |
+ ~PpdCacheImpl() override {} |
+ |
+ // Public API functions. |
+ Optional<FilePath> Find( |
+ const Printer::PpdReference& reference) const override { |
+ Optional<FilePath> ret; |
+ |
+ // We can't know here if we have a gzipped or un-gzipped version, so just |
+ // look for both. |
+ FilePath contents_path_base = GetCachePathBase(reference); |
+ for (const string& extension : {".ppd", ".ppd.gz"}) { |
+ FilePath contents_path = contents_path_base.AddExtension(extension); |
+ if (base::PathExists(contents_path)) { |
+ ret = contents_path; |
+ break; |
+ } |
+ } |
+ return ret; |
+ } |
+ |
+ Optional<FilePath> Store(const Printer::PpdReference& reference, |
+ const string& ppd_contents) override { |
+ Optional<FilePath> ret; |
+ FilePath contents_path; |
+ contents_path = GetCachePathBase(reference).AddExtension(".ppd"); |
+ if (IsGZipped(ppd_contents)) { |
+ contents_path = contents_path.AddExtension(".gz"); |
+ } |
+ if (base::WriteFile(contents_path, ppd_contents.data(), |
+ ppd_contents.size()) == |
+ static_cast<int>(ppd_contents.size())) { |
+ ret = contents_path; |
+ } else { |
+ LOG(ERROR) << "Failed to write " << contents_path.LossyDisplayName(); |
+ // Try to clean up the file, as it may have partial contents. Note |
+ // that DeleteFile(nonexistant file) should return true, so failure here |
+ // means something is exceptionally hosed. |
+ if (!base::DeleteFile(contents_path, false)) { |
+ LOG(ERROR) << "Failed to cleanup partially-written file " |
+ << contents_path.LossyDisplayName(); |
+ return ret; |
+ } |
+ } |
+ return ret; |
+ } |
+ |
+ private: |
+ // Get the file path at which we expect to find a PPD if it's cached. |
+ // |
+ // This is, ultimately, just a hash function. It's extremely infrequently |
+ // used (called once when trying to look up information on a printer or store |
+ // a PPD), and should be stable, as changing the function will make previously |
+ // cached entries unfindable, causing resolve logic to be reinvoked |
+ // unnecessarily. |
+ // |
+ // There's also a faint possibility that a bad actor might try to do something |
+ // nefarious by intentionally causing a cache collision that makes the wrong |
+ // PPD be used for a printer. There's no obvious attack vector, but |
+ // there's also no real cost to being paranoid here, so we use SHA-256 as the |
+ // underlying hash function, and inject fixed field prefixes to prevent |
+ // field-substitution spoofing. This also buys us hash function stability at |
+ // the same time. |
+ // |
+ // Also, care should be taken to preserve the existing hash values if new |
+ // fields are added to PpdReference -- that is, if a new field F is added |
+ // to PpdReference, a PpdReference with a default F value should hash to |
+ // the same thing as a PpdReference that predates the addition of F to the |
+ // structure. |
+ // |
+ // Note this function expects that the caller will append ".ppd", or ".ppd.gz" |
+ // to the output as needed. |
+ FilePath GetCachePathBase(const Printer::PpdReference& ref) const { |
skau
2016/10/14 23:51:49
Is it desirable that { "user_supplied_ppd_url": "f
Carlson
2016/10/17 16:43:20
I *think* so, but could be convinced otherwise. M
skau
2016/10/17 17:16:26
Please change it. While we will need to make sure
Carlson
2016/10/18 19:05:00
Done.
|
+ vector<string> pieces; |
+ if (!ref.user_supplied_ppd_url.empty()) { |
+ pieces.push_back("user_supplied_ppd_url:"); |
+ pieces.push_back(ref.user_supplied_ppd_url); |
+ } |
+ if (!ref.effective_manufacturer.empty()) { |
+ pieces.push_back("manufacturer:"); |
+ pieces.push_back(ref.effective_manufacturer); |
+ } |
+ if (!ref.effective_model.empty()) { |
+ pieces.push_back("model:"); |
+ pieces.push_back(ref.effective_model); |
+ } |
+ // The separator here is not needed, but makes debug output more readable. |
+ string full_key = base::JoinString(pieces, "|"); |
+ string ascii_hash = Hexify(crypto::SHA256HashString(full_key)); |
+ VLOG(3) << "PPD Cache key is " << full_key << " which hashes to " |
+ << ascii_hash; |
+ |
+ return cache_base_dir_.Append(ascii_hash); |
+ } |
+ |
+ const FilePath cache_base_dir_; |
+}; |
Lei Zhang
2016/10/17 17:54:06
Add DISALLOW_COPY_AND_ASSIGN(...);
Carlson
2016/10/18 19:05:01
Done.
|
+ |
+} // namespace |
+ |
+// static |
+unique_ptr<PpdCache> PpdCache::Create(const FilePath& cache_base_dir, |
+ const PpdCache::Options& options) { |
+ return ::base::MakeUnique<PpdCacheImpl>(cache_base_dir, options); |
+} |
+ |
+} // namespace printing |
+} // namespace chromeos |