Chromium Code Reviews Chromium Code Reviews
Issue 2650803004:
Wire NetLog into the TreeStateTracker (Closed)
| Index: components/certificate_transparency/single_tree_tracker.cc |
| diff --git a/components/certificate_transparency/single_tree_tracker.cc b/components/certificate_transparency/single_tree_tracker.cc |
| index 281231690f6a3257b61ed084a75ed8d45635d57b..d9122f5431d896c391d3139663eb1a51e465c3e1 100644 |
| --- a/components/certificate_transparency/single_tree_tracker.cc |
| +++ b/components/certificate_transparency/single_tree_tracker.cc |
| @@ -11,6 +11,8 @@ |
| #include "base/bind.h" |
| #include "base/metrics/histogram_macros.h" |
| +#include "base/strings/string_number_conversions.h" |
| +#include "base/values.h" |
| #include "components/certificate_transparency/log_dns_client.h" |
| #include "crypto/sha2.h" |
| #include "net/base/hash_value.h" |
| @@ -20,6 +22,7 @@ |
| #include "net/cert/merkle_tree_leaf.h" |
| #include "net/cert/signed_certificate_timestamp.h" |
| #include "net/cert/x509_certificate.h" |
| +#include "net/log/net_log.h" |
| using net::SHA256HashValue; |
| using net::ct::LogEntry; |
| @@ -166,6 +169,21 @@ bool IsSCTReadyForAudit(base::Time sth_timestamp, base::Time sct_timestamp) { |
| return sct_timestamp + kMaximumMergeDelay < sth_timestamp; |
| } |
| +std::unique_ptr<base::Value> NetLogEntryAuditingEventCallback( |
| + const SHA256HashValue* log_entry, |
| + base::StringPiece log_id, |
| + bool success, |
| + net::NetLogCaptureMode capture_mode) { |
| + std::unique_ptr<base::DictionaryValue> dict(new base::DictionaryValue()); |
| + |
| + dict->SetString("log_entry", |
| + base::HexEncode(log_entry->data, crypto::kSHA256Length)); |
| + dict->SetString("log_id", base::HexEncode(log_id.data(), log_id.size())); |
| + dict->SetBoolean("success", success); |
| + |
| + return std::move(dict); |
| +} |
| + |
| } // namespace |
| // The entry that is being audited. |
| @@ -214,10 +232,14 @@ bool SingleTreeTracker::OrderByTimestamp::operator()( |
| SingleTreeTracker::SingleTreeTracker( |
| scoped_refptr<const net::CTLogVerifier> ct_log, |
| - LogDnsClient* dns_client) |
| + LogDnsClient* dns_client, |
| + net::NetLog* net_log) |
| : ct_log_(std::move(ct_log)), |
| checked_entries_(kCheckedEntriesCacheSize), |
| dns_client_(dns_client), |
| + net_log_(net::NetLogWithSource::Make( |
| + net_log, |
| + net::NetLogSourceType::CT_TREE_STATE_TRACKER)), |
| weak_factory_(this) { |
| memory_pressure_listener_.reset(new base::MemoryPressureListener(base::Bind( |
| &SingleTreeTracker::OnMemoryPressure, base::Unretained(this)))); |
| @@ -368,6 +390,7 @@ void SingleTreeTracker::ProcessPendingEntries() { |
| break; |
| } else if (result == net::ERR_NAME_RESOLUTION_FAILED) { |
| LogInclusionCheckResult(DNS_QUERY_NOT_POSSIBLE); |
| + LogAuditResultToNetLog(it->first, false); |
| // Lookup failed due to bad DNS configuration, erase the entry and |
| // continue to the next one. |
| it = pending_entries_.erase(it); |
| @@ -421,6 +444,7 @@ void SingleTreeTracker::OnAuditProofObtained(const EntryToAudit& entry, |
| if (net_error != net::OK) { |
| // XXX(eranm): Should failures be cached? For now, they are not. |
|
eroman
2017/01/31 19:24:25
Can you update this to TODO(eranm) ?
Eran Messeri
2017/01/31 21:18:25
Done.
|
| LogInclusionCheckResult(FAILED_GETTING_INCLUSION_PROOF); |
| + LogAuditResultToNetLog(entry, false); |
| pending_entries_.erase(it); |
| return; |
| } |
| @@ -430,6 +454,7 @@ void SingleTreeTracker::OnAuditProofObtained(const EntryToAudit& entry, |
| bool verified = ct_log_->VerifyAuditProof(it->second.proof, |
| it->second.root_hash, leaf_hash); |
| + LogAuditResultToNetLog(entry, verified); |
| if (!verified) { |
| LogInclusionCheckResult(GOT_INVALID_INCLUSION_PROOF); |
| @@ -455,4 +480,14 @@ void SingleTreeTracker::OnMemoryPressure( |
| } |
| } |
| +void SingleTreeTracker::LogAuditResultToNetLog(const EntryToAudit& entry, |
| + bool success) { |
| + net::NetLogParametersCallback net_log_callback = |
| + base::Bind(&NetLogEntryAuditingEventCallback, &entry.leaf_hash, |
| + ct_log_->key_id(), success); |
| + |
| + net_log_.AddEvent(net::NetLogEventType::CT_LOG_ENTRY_AUDITED, |
| + net_log_callback); |
| +} |
| + |
| } // namespace certificate_transparency |
