Index: components/certificate_transparency/single_tree_tracker.cc |
diff --git a/components/certificate_transparency/single_tree_tracker.cc b/components/certificate_transparency/single_tree_tracker.cc |
index 281231690f6a3257b61ed084a75ed8d45635d57b..547ac5885d1a7c992cf147f42d32dc73511e958e 100644 |
--- a/components/certificate_transparency/single_tree_tracker.cc |
+++ b/components/certificate_transparency/single_tree_tracker.cc |
@@ -11,6 +11,8 @@ |
#include "base/bind.h" |
#include "base/metrics/histogram_macros.h" |
+#include "base/strings/string_number_conversions.h" |
+#include "base/values.h" |
#include "components/certificate_transparency/log_dns_client.h" |
#include "crypto/sha2.h" |
#include "net/base/hash_value.h" |
@@ -20,6 +22,7 @@ |
#include "net/cert/merkle_tree_leaf.h" |
#include "net/cert/signed_certificate_timestamp.h" |
#include "net/cert/x509_certificate.h" |
+#include "net/log/net_log.h" |
using net::SHA256HashValue; |
using net::ct::LogEntry; |
@@ -166,6 +169,21 @@ bool IsSCTReadyForAudit(base::Time sth_timestamp, base::Time sct_timestamp) { |
return sct_timestamp + kMaximumMergeDelay < sth_timestamp; |
} |
+std::unique_ptr<base::Value> NetLogEntryAuditingEventCallback( |
+ const SHA256HashValue* log_entry, |
+ base::StringPiece log_id, |
+ bool success, |
+ net::NetLogCaptureMode capture_mode) { |
+ std::unique_ptr<base::DictionaryValue> dict(new base::DictionaryValue()); |
+ |
+ dict->SetString("log_entry", |
+ base::HexEncode(log_entry->data, crypto::kSHA256Length)); |
+ dict->SetString("log_id", base::HexEncode(log_id.data(), log_id.size())); |
+ dict->SetBoolean("success", success); |
+ |
+ return std::move(dict); |
+} |
+ |
} // namespace |
// The entry that is being audited. |
@@ -214,10 +232,14 @@ bool SingleTreeTracker::OrderByTimestamp::operator()( |
SingleTreeTracker::SingleTreeTracker( |
scoped_refptr<const net::CTLogVerifier> ct_log, |
- LogDnsClient* dns_client) |
+ LogDnsClient* dns_client, |
+ net::NetLog* net_log) |
: ct_log_(std::move(ct_log)), |
checked_entries_(kCheckedEntriesCacheSize), |
dns_client_(dns_client), |
+ net_log_(net::NetLogWithSource::Make( |
+ net_log, |
+ net::NetLogSourceType::CT_TREE_STATE_TRACKER)), |
weak_factory_(this) { |
memory_pressure_listener_.reset(new base::MemoryPressureListener(base::Bind( |
&SingleTreeTracker::OnMemoryPressure, base::Unretained(this)))); |
@@ -368,6 +390,7 @@ void SingleTreeTracker::ProcessPendingEntries() { |
break; |
} else if (result == net::ERR_NAME_RESOLUTION_FAILED) { |
LogInclusionCheckResult(DNS_QUERY_NOT_POSSIBLE); |
+ LogAuditResultToNetLog(it->first, false); |
// Lookup failed due to bad DNS configuration, erase the entry and |
// continue to the next one. |
it = pending_entries_.erase(it); |
@@ -419,8 +442,9 @@ void SingleTreeTracker::OnAuditProofObtained(const EntryToAudit& entry, |
DCHECK_EQ(it->second.state, INCLUSION_PROOF_REQUESTED); |
if (net_error != net::OK) { |
- // XXX(eranm): Should failures be cached? For now, they are not. |
+ // TODO(eranm): Should failures be cached? For now, they are not. |
LogInclusionCheckResult(FAILED_GETTING_INCLUSION_PROOF); |
+ LogAuditResultToNetLog(entry, false); |
pending_entries_.erase(it); |
return; |
} |
@@ -430,6 +454,7 @@ void SingleTreeTracker::OnAuditProofObtained(const EntryToAudit& entry, |
bool verified = ct_log_->VerifyAuditProof(it->second.proof, |
it->second.root_hash, leaf_hash); |
+ LogAuditResultToNetLog(entry, verified); |
if (!verified) { |
LogInclusionCheckResult(GOT_INVALID_INCLUSION_PROOF); |
@@ -455,4 +480,14 @@ void SingleTreeTracker::OnMemoryPressure( |
} |
} |
+void SingleTreeTracker::LogAuditResultToNetLog(const EntryToAudit& entry, |
+ bool success) { |
+ net::NetLogParametersCallback net_log_callback = |
+ base::Bind(&NetLogEntryAuditingEventCallback, &entry.leaf_hash, |
+ ct_log_->key_id(), success); |
+ |
+ net_log_.AddEvent(net::NetLogEventType::CT_LOG_ENTRY_AUDITED, |
+ net_log_callback); |
+} |
+ |
} // namespace certificate_transparency |