LogDnsClient now returns some errors synchronously

components/certificate_transparency/log_dns_client.h

Index: components/certificate_transparency/log_dns_client.h
diff --git a/components/certificate_transparency/log_dns_client.h b/components/certificate_transparency/log_dns_client.h
index 8a2170660b3f785bd15c8ec346408158d269dc68..1ff2745ad0628c116ce7741a8d905ba17dc38a48 100644
--- a/components/certificate_transparency/log_dns_client.h
+++ b/components/certificate_transparency/log_dns_client.h
@@ -6,22 +6,20 @@
 #define COMPONENTS_CERTIFICATE_TRANSPARENCY_LOG_DNS_CLIENT_H_
 
 #include <stdint.h>
 
 #include <list>
-#include <string>
 
 #include "base/callback.h"
 #include "base/macros.h"
 #include "base/strings/string_piece.h"
+#include "net/base/net_errors.h"
 #include "net/base/network_change_notifier.h"
 #include "net/log/net_log.h"
 
 namespace net {
 class DnsClient;
-class DnsResponse;
-class DnsTransaction;
 namespace ct {
 struct MerkleAuditProof;
 }  // namespace ct
 }  // namespace net
 
@@ -64,19 +62,30 @@ class LogDnsClient : public net::NetworkChangeNotifier::DNSObserver {
   // Called by NetworkChangeNotifier when the DNS config is first read.
   // The DnsClient's config will be updated in response.
   void OnInitialDNSConfigRead() override;
 
   // Queries a CT log to retrieve an audit proof for the leaf with |leaf_hash|.
-  // The |leaf_hash| is the SHA-256 Merkle leaf hash (see RFC6962, section 2.1).
-  // The size of the CT log tree must be provided in |tree_size|.
   // The log is identified by |domain_for_log|, which is the DNS name used as a
   // suffix for all queries.
-  // The |callback| is invoked when the query is complete, or an error occurs.
-  void QueryAuditProof(const std::string& domain_for_log,
-                       base::StringPiece leaf_hash,
-                       uint64_t tree_size,
-                       const AuditProofCallback& callback);
+  // The |leaf_hash| is the SHA-256 Merkle leaf hash (see RFC6962, section 2.1).
+  // The size of the CT log tree, for which the proof is requested, must be
+  // provided in |tree_size|.
+  // The |callback| is invoked when the query is complete, or an asynchronous

[Eran Messeri, 2016/09/30 09:26:51]

Nit: Mention that the |callback| is invoked only if net::ERR_IO_PENDING was
returned.

[Rob Percival, 2016/09/30 12:03:21]

Done.

+  // error occurs.
+  // Returns:
+  // - net::ERR_IO_PENDING if the query was successfully started and is
+  //   continuing asynchronously.
+  // - net::ERR_TEMPORARILY_THROTTLED if the maximum number of concurrent

[Eran Messeri, 2016/09/30 09:26:51]

nit: Add a TODO to refer to the mechanism for getting notifications of
un-throttling (entirely optional; as a way of documenting our intent to provide
one)

[Rob Percival, 2016/09/30 12:03:21]

Done.

+  //   queries are already in progress. Try again later.
+  // - net::ERR_NAME_RESOLUTION_FAILED if DNS queries are not possible.
+  //   Check that the DnsConfig returned by NetworkChangeNotifier is valid.
+  // - net::ERR_INVALID_ARGUMENT if an argument is invalid, e.g. |leaf_hash| is
+  //   not a SHA-256 hash.
+  net::Error QueryAuditProof(base::StringPiece domain_for_log,
+                             base::StringPiece leaf_hash,
+                             uint64_t tree_size,
+                             const AuditProofCallback& callback);
 
  private:
   // An audit proof query that is in progress.
   class AuditProofQuery;
 
@@ -84,11 +93,11 @@ class LogDnsClient : public net::NetworkChangeNotifier::DNSObserver {
   // |callback| is the user-provided callback that should be notified.
   // |result| is a net::Error indicating success or failure.
   // |query| is the query that has completed.
   // The query is removed from |audit_proof_queries_| by this method.
   void QueryAuditProofComplete(const AuditProofCallback& callback,
-                               int result,
+                               net::Error result,
                                AuditProofQuery* query);
 
   // Returns true if the maximum number of queries are currently in flight.
   // If the maximum number of concurrency queries is set to 0, this will always
   // return false.
@@ -99,11 +108,13 @@ class LogDnsClient : public net::NetworkChangeNotifier::DNSObserver {
 
   // Used to perform DNS queries.
   std::unique_ptr<net::DnsClient> dns_client_;
   // Passed to the DNS client for logging.
   net::NetLogWithSource net_log_;
-  // Audit proof queries that haven't completed yet.
+  // A FIFO queue of ongoing queries. Since entries will always be appended to
+  // the end and lookups will typically yield entries at the beginning,
+  // std::list is an efficient choice.
   std::list<std::unique_ptr<AuditProofQuery>> audit_proof_queries_;
   // The maximum number of queries that can be in flight at one time.
   size_t max_concurrent_queries_;
   // Creates weak_ptrs to this, for callback purposes.
   base::WeakPtrFactory<LogDnsClient> weak_ptr_factory_;