Wire up CertificateReportingService to handle report uploads

chrome/browser/safe_browsing/certificate_reporting_service.cc

 // Copyright 2016 The Chromium Authors. All rights reserved.
 // Use of this source code is governed by a BSD-style license that can be
 // found in the LICENSE file.
 
 #include "base/bind_helpers.h"
+#include "base/metrics/histogram_macros.h"
+#include "base/metrics/sparse_histogram.h"
 #include "base/time/clock.h"
-#include "base/time/default_clock.h"
+#include "chrome/browser/profiles/profile.h"
 #include "chrome/browser/safe_browsing/certificate_reporting_service.h"
+#include "chrome/browser/safe_browsing/safe_browsing_service.h"
+#include "components/prefs/pref_service.h"
+#include "components/safe_browsing_db/safe_browsing_prefs.h"
 #include "content/public/browser/browser_thread.h"
 
 namespace {
 
 // URL to upload invalid certificate chain reports. An HTTP URL is used because
 // a client seeing an invalid cert might not be able to make an HTTPS connection
 // to report it.
 const char kExtendedReportingUploadUrl[] =
     "http://safebrowsing.googleusercontent.com/safebrowsing/clientreport/";
 
 // Compare function that orders Reports in reverse chronological order (i.e.
 // oldest item is last).
 bool ReportCompareFunc(const CertificateReportingService::Report& item1,
                        const CertificateReportingService::Report& item2) {
   return item1.creation_time > item2.creation_time;
 }
 
+// Records an UMA histogram of the net errors when certificate reports
+// fail to send.
+void RecordUMAOnFailure(int net_error) {
+  UMA_HISTOGRAM_SPARSE_SLOWLY("SSL.CertificateErrorReportFailure", -net_error);
+}
+
+// Observes SafeBrowsing preferences and notifies CertificateReportingService
+// when preferences change. There is one instance of this class per
+// CertificateReportingService and each instance is owned by the
+// CertificateReportingService it notifies.
+class SafeBrowsingPreferenceObserver
+    : public CertificateReportingService::PreferenceObserver {
+ public:
+  SafeBrowsingPreferenceObserver(
+      const PrefService& prefs,
+      safe_browsing::SafeBrowsingService* safe_browsing_service,
+      CertificateReportingService* certificate_reporting_service)
+      : safe_browsing_service_(safe_browsing_service),
+        prefs_(prefs),
+        certificate_reporting_service_(certificate_reporting_service),
+        safe_browsing_state_subscription_(
+            safe_browsing_service->RegisterStateCallback(
+                base::Bind(&SafeBrowsingPreferenceObserver::OnPreferenceChanged,
+                           base::Unretained(this)))) {}
+
+  ~SafeBrowsingPreferenceObserver() override {}
+
+  // CertificateReportingService::PreferenceObserver implementation:
+  void OnPreferenceChanged() override {
+    const bool enabled = safe_browsing_service_ &&
+                         safe_browsing_service_->enabled_by_prefs() &&
+                         safe_browsing::IsExtendedReportingEnabled(prefs_);

[Jialiu Lin, 2016/12/16 01:55:24]

You probably want to check kSafeBrowsingExtendedReportingOptInAllowed as well in
case enterprise setting  overrides extended reporting preference.

[meacer, 2016/12/16 20:26:35]

Would it make sense to add kSafeBrowsingExtendedReportingOptInAllowed check to
IsExtendedReportingEnabled instead of here? Or do we want to keep them separate?

[Jialiu Lin, 2016/12/17 01:14:21]

Agree. I'll sync up with lpz@ to make the change. 

+    certificate_reporting_service_->SetEnabled(enabled);
+  }
+
+ private:
+  const safe_browsing::SafeBrowsingService* safe_browsing_service_;
+  const PrefService& prefs_;
+  CertificateReportingService* certificate_reporting_service_;
+  std::unique_ptr<safe_browsing::SafeBrowsingService::StateSubscription>
+      safe_browsing_state_subscription_;
+};
+
 }  // namespace
 
 CertificateReportingService::BoundedReportList::BoundedReportList(
     size_t max_size)
     : max_size_(max_size) {
   CHECK(max_size <= 20)
       << "Current implementation is not efficient for a large list.";
   DCHECK(thread_checker_.CalledOnValidThread());
 }
 
@@ skipping 85 matching lines @@
       base::Bind(&CertificateReportingService::Reporter::SuccessCallback,
                  weak_factory_.GetWeakPtr(), report.report_id),
       base::Bind(&CertificateReportingService::Reporter::ErrorCallback,
                  weak_factory_.GetWeakPtr(), report.report_id));
 }
 
 void CertificateReportingService::Reporter::ErrorCallback(int report_id,
                                                           const GURL& url,
                                                           int error) {
   DCHECK_CURRENTLY_ON(content::BrowserThread::IO);
+  RecordUMAOnFailure(error);
   if (retries_enabled_) {
     auto it = inflight_reports_.find(report_id);
     DCHECK(it != inflight_reports_.end());
     retry_list_->Add(it->second);
   }
   CHECK_GT(inflight_reports_.erase(report_id), 0u);
 }
 
 void CertificateReportingService::Reporter::SuccessCallback(int report_id) {
   DCHECK_CURRENTLY_ON(content::BrowserThread::IO);
   CHECK_GT(inflight_reports_.erase(report_id), 0u);
 }
 
 CertificateReportingService::CertificateReportingService(
+    safe_browsing::SafeBrowsingService* safe_browsing_service,
     scoped_refptr<net::URLRequestContextGetter> url_request_context_getter,
+    Profile* profile,
     uint8_t server_public_key[/* 32 */],
     uint32_t server_public_key_version,
     size_t max_queued_report_count,
     base::TimeDelta max_report_age,
-    std::unique_ptr<base::Clock> clock)
+    base::Clock* clock)
     : enabled_(true),
       url_request_context_(nullptr),
       max_queued_report_count_(max_queued_report_count),
       max_report_age_(max_report_age),
-      clock_(std::move(clock)),
-      made_send_attempt_(false),
+      clock_(clock),
       server_public_key_(server_public_key),
       server_public_key_version_(server_public_key_version) {
   DCHECK_CURRENTLY_ON(content::BrowserThread::UI);
+  DCHECK(clock_);
+  // Observe changes in SafeBrowsing preferences.
+  preference_observer_.reset(new SafeBrowsingPreferenceObserver(
+      *profile->GetPrefs(), safe_browsing_service, this));
+
+  // Subscribe to SafeBrowsing shutdown notifications.
+  safe_browsing_service_shutdown_subscription_ =
+      safe_browsing_service->RegisterShutdownCallback(base::Bind(
+          &CertificateReportingService::Shutdown, base::Unretained(this)));
+
   content::BrowserThread::PostTask(
       content::BrowserThread::IO, FROM_HERE,
       base::Bind(&CertificateReportingService::InitializeOnIOThread,
                  base::Unretained(this), enabled_, url_request_context_getter,
-                 max_queued_report_count_, max_report_age_, clock_.get(),
+                 max_queued_report_count_, max_report_age_, clock_,
                  server_public_key_, server_public_key_version_));
 }
 
 CertificateReportingService::~CertificateReportingService() {
   DCHECK(!reporter_);
 }
 
 void CertificateReportingService::Shutdown() {
   // Shutdown will be called twice: Once after SafeBrowsing shuts down, and once
   // when all KeyedServices shut down. All calls after the first one are no-op.
   enabled_ = false;
   Reset();
 }
 
 void CertificateReportingService::Send(const std::string& serialized_report) {
   DCHECK_CURRENTLY_ON(content::BrowserThread::UI);
-  made_send_attempt_ = true;
   if (!reporter_) {
     return;
   }
   content::BrowserThread::PostTask(
       content::BrowserThread::IO, FROM_HERE,
       base::Bind(&CertificateReportingService::Reporter::Send,
                  base::Unretained(reporter_.get()), serialized_report));
 }
 
 void CertificateReportingService::SendPending() {
   DCHECK_CURRENTLY_ON(content::BrowserThread::UI);
-  made_send_attempt_ = true;
   if (!reporter_) {
     return;
   }
   content::BrowserThread::PostTask(
       content::BrowserThread::IO, FROM_HERE,
       base::Bind(&CertificateReportingService::Reporter::SendPending,
                  base::Unretained(reporter_.get())));
 }
 
 void CertificateReportingService::InitializeOnIOThread(
@@ skipping 16 matching lines @@
   DCHECK_CURRENTLY_ON(content::BrowserThread::UI);
   enabled_ = enabled;
   Reset();
 }
 
 CertificateReportingService::Reporter*
 CertificateReportingService::GetReporterForTesting() const {
   return reporter_.get();
 }
 
-void CertificateReportingService::SetMaxQueuedReportCountForTesting(
-    size_t count) {
-  DCHECK(!made_send_attempt_);
-  max_queued_report_count_ = count;
-  Reset();
-}
-
-void CertificateReportingService::SetClockForTesting(
-    std::unique_ptr<base::Clock> clock) {
-  DCHECK(!made_send_attempt_);
-  clock_ = std::move(clock);
-  Reset();
-}
-
-void CertificateReportingService::SetMaxReportAgeForTesting(
-    base::TimeDelta max_report_age) {
-  DCHECK(!made_send_attempt_);
-  max_report_age_ = max_report_age;
-  Reset();
-}
-
 // static
 GURL CertificateReportingService::GetReportingURLForTesting() {
   return GURL(kExtendedReportingUploadUrl);
 }
 
 void CertificateReportingService::Reset() {
   content::BrowserThread::PostTask(
       content::BrowserThread::IO, FROM_HERE,
       base::Bind(&CertificateReportingService::ResetOnIOThread,
                  base::Unretained(this), enabled_, url_request_context_,
-                 max_queued_report_count_, max_report_age_, clock_.get(),
+                 max_queued_report_count_, max_report_age_, clock_,
                  server_public_key_, server_public_key_version_));
 }
 
 void CertificateReportingService::ResetOnIOThread(
     bool enabled,
     net::URLRequestContext* url_request_context,
     size_t max_queued_report_count,
     base::TimeDelta max_report_age,
     base::Clock* clock,
     uint8_t* const server_public_key,
@@ skipping 17 matching lines @@
         url_request_context, GURL(kExtendedReportingUploadUrl),
         net::ReportSender::DO_NOT_SEND_COOKIES));
   }
 
   reporter_.reset(
       new Reporter(std::move(error_reporter),
                    std::unique_ptr<BoundedReportList>(
                        new BoundedReportList(max_queued_report_count)),
                    clock, max_report_age, true /* retries_enabled */));
 }