| OLD | NEW |
|---|
| 1 // Copyright 2016 The Chromium Authors. All rights reserved. | 1 // Copyright 2016 The Chromium Authors. All rights reserved. |
| 2 // Use of this source code is governed by a BSD-style license that can be | 2 // Use of this source code is governed by a BSD-style license that can be |
| 3 // found in the LICENSE file. | 3 // found in the LICENSE file. |
| 4 | 4 |
| 5 #include "components/certificate_transparency/single_tree_tracker.h" | 5 #include "components/certificate_transparency/single_tree_tracker.h" |
| 6 | 6 |
| 7 #include <algorithm> | 7 #include <algorithm> |
| 8 #include <iterator> | 8 #include <iterator> |
| 9 #include <list> | 9 #include <list> |
| 10 #include <utility> | 10 #include <utility> |
| (...skipping 200 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 211 // tree size in the proof). | 211 // tree size in the proof). |
| 212 // To avoid having to re-fetch the inclusion proof if a newer STH is provided | 212 // To avoid having to re-fetch the inclusion proof if a newer STH is provided |
| 213 // to the SingleTreeTracker, the size of the original tree for which the | 213 // to the SingleTreeTracker, the size of the original tree for which the |
| 214 // inclusion proof was requested is stored in |proof| and the root hash | 214 // inclusion proof was requested is stored in |proof| and the root hash |
| 215 // in |root_hash|. | 215 // in |root_hash|. |
| 216 std::string root_hash; | 216 std::string root_hash; |
| 217 | 217 |
| 218 explicit EntryAuditState(AuditState state) : state(state) {} | 218 explicit EntryAuditState(AuditState state) : state(state) {} |
| 219 }; | 219 }; |
| 220 | 220 |
| 221 class SingleTreeTracker::NetworkObserver |
| 222 : public net::NetworkChangeNotifier::NetworkChangeObserver { |
| 223 public: |
| 224 explicit NetworkObserver(SingleTreeTracker* parent) : parent_(parent) { |
| 225 net::NetworkChangeNotifier::AddNetworkChangeObserver(this); |
| 226 } |
| 227 |
| 228 ~NetworkObserver() override { |
| 229 net::NetworkChangeNotifier::RemoveNetworkChangeObserver(this); |
| 230 } |
| 231 |
| 232 // net::NetworkChangeNotifier::NetworkChangeObserver implementation. |
| 233 void OnNetworkChanged( |
| 234 net::NetworkChangeNotifier::ConnectionType type) override { |
| 235 parent_->ResetPendingQueue(); |
| 236 } |
| 237 |
| 238 private: |
| 239 SingleTreeTracker* parent_; |
| 240 }; |
| 241 |
| 221 // Orders entries by the SCT timestamp. In case of tie, which is very unlikely | 242 // Orders entries by the SCT timestamp. In case of tie, which is very unlikely |
| 222 // as it requires two SCTs issued from a log at exactly the same time, order | 243 // as it requires two SCTs issued from a log at exactly the same time, order |
| 223 // by leaf hash. | 244 // by leaf hash. |
| 224 bool SingleTreeTracker::OrderByTimestamp::operator()( | 245 bool SingleTreeTracker::OrderByTimestamp::operator()( |
| 225 const EntryToAudit& lhs, | 246 const EntryToAudit& lhs, |
| 226 const EntryToAudit& rhs) const { | 247 const EntryToAudit& rhs) const { |
| 227 if (lhs.sct_timestamp != rhs.sct_timestamp) | 248 if (lhs.sct_timestamp != rhs.sct_timestamp) |
| 228 return lhs.sct_timestamp < rhs.sct_timestamp; | 249 return lhs.sct_timestamp < rhs.sct_timestamp; |
| 229 | 250 |
| 230 return net::SHA256HashValueLessThan()(lhs.leaf_hash, rhs.leaf_hash); | 251 return net::SHA256HashValueLessThan()(lhs.leaf_hash, rhs.leaf_hash); |
| 231 } | 252 } |
| 232 | 253 |
| 233 SingleTreeTracker::SingleTreeTracker( | 254 SingleTreeTracker::SingleTreeTracker( |
| 234 scoped_refptr<const net::CTLogVerifier> ct_log, | 255 scoped_refptr<const net::CTLogVerifier> ct_log, |
| 235 LogDnsClient* dns_client, | 256 LogDnsClient* dns_client, |
| 236 net::NetLog* net_log) | 257 net::NetLog* net_log) |
| 237 : ct_log_(std::move(ct_log)), | 258 : ct_log_(std::move(ct_log)), |
| 238 checked_entries_(kCheckedEntriesCacheSize), | 259 checked_entries_(kCheckedEntriesCacheSize), |
| 239 dns_client_(dns_client), | 260 dns_client_(dns_client), |
| 240 net_log_(net::NetLogWithSource::Make( | 261 net_log_(net::NetLogWithSource::Make( |
| 241 net_log, | 262 net_log, |
| 242 net::NetLogSourceType::CT_TREE_STATE_TRACKER)), | 263 net::NetLogSourceType::CT_TREE_STATE_TRACKER)), |
| 264 network_observer_(new NetworkObserver(this)), |
| 243 weak_factory_(this) { | 265 weak_factory_(this) { |
| 244 memory_pressure_listener_.reset(new base::MemoryPressureListener(base::Bind( | 266 memory_pressure_listener_.reset(new base::MemoryPressureListener(base::Bind( |
| 245 &SingleTreeTracker::OnMemoryPressure, base::Unretained(this)))); | 267 &SingleTreeTracker::OnMemoryPressure, base::Unretained(this)))); |
| 246 } | 268 } |
| 247 | 269 |
| 248 SingleTreeTracker::~SingleTreeTracker() {} | 270 SingleTreeTracker::~SingleTreeTracker() = default; |
| 249 | 271 |
| 250 void SingleTreeTracker::OnSCTVerified(net::X509Certificate* cert, | 272 void SingleTreeTracker::OnSCTVerified(net::X509Certificate* cert, |
| 251 const SignedCertificateTimestamp* sct) { | 273 const SignedCertificateTimestamp* sct) { |
| 252 DCHECK_EQ(ct_log_->key_id(), sct->log_id); | 274 DCHECK_EQ(ct_log_->key_id(), sct->log_id); |
| 253 | 275 |
| 254 EntryToAudit entry(sct->timestamp); | 276 EntryToAudit entry(sct->timestamp); |
| 255 if (!GetLogEntryLeafHash(cert, sct, &entry.leaf_hash)) | 277 if (!GetLogEntryLeafHash(cert, sct, &entry.leaf_hash)) |
| 256 return; | 278 return; |
| 257 | 279 |
| 258 // Avoid queueing multiple instances of the same entry. | 280 // Avoid queueing multiple instances of the same entry. |
| (...skipping 82 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 341 DCHECK_EQ(curr_entry->second.state, PENDING_NEWER_STH); | 363 DCHECK_EQ(curr_entry->second.state, PENDING_NEWER_STH); |
| 342 curr_entry->second.state = PENDING_INCLUSION_PROOF_REQUEST; | 364 curr_entry->second.state = PENDING_INCLUSION_PROOF_REQUEST; |
| 343 } | 365 } |
| 344 | 366 |
| 345 if (auditable_entries_begin == auditable_entries_end) | 367 if (auditable_entries_begin == auditable_entries_end) |
| 346 return; | 368 return; |
| 347 | 369 |
| 348 ProcessPendingEntries(); | 370 ProcessPendingEntries(); |
| 349 } | 371 } |
| 350 | 372 |
| 373 void SingleTreeTracker::ResetPendingQueue() { |
| 374 pending_entries_.clear(); |
| 375 } |
| 376 |
| 351 SingleTreeTracker::SCTInclusionStatus | 377 SingleTreeTracker::SCTInclusionStatus |
| 352 SingleTreeTracker::GetLogEntryInclusionStatus( | 378 SingleTreeTracker::GetLogEntryInclusionStatus( |
| 353 net::X509Certificate* cert, | 379 net::X509Certificate* cert, |
| 354 const SignedCertificateTimestamp* sct) { | 380 const SignedCertificateTimestamp* sct) { |
| 355 EntryToAudit entry(sct->timestamp); | 381 EntryToAudit entry(sct->timestamp); |
| 356 if (!GetLogEntryLeafHash(cert, sct, &entry.leaf_hash)) | 382 if (!GetLogEntryLeafHash(cert, sct, &entry.leaf_hash)) |
| 357 return SCT_NOT_OBSERVED; | 383 return SCT_NOT_OBSERVED; |
| 358 return GetAuditedEntryInclusionStatus(entry); | 384 return GetAuditedEntryInclusionStatus(entry); |
| 359 } | 385 } |
| 360 | 386 |
| (...skipping 123 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 484 bool success) { | 510 bool success) { |
| 485 net::NetLogParametersCallback net_log_callback = | 511 net::NetLogParametersCallback net_log_callback = |
| 486 base::Bind(&NetLogEntryAuditingEventCallback, &entry.leaf_hash, | 512 base::Bind(&NetLogEntryAuditingEventCallback, &entry.leaf_hash, |
| 487 ct_log_->key_id(), success); | 513 ct_log_->key_id(), success); |
| 488 | 514 |
| 489 net_log_.AddEvent(net::NetLogEventType::CT_LOG_ENTRY_AUDITED, | 515 net_log_.AddEvent(net::NetLogEventType::CT_LOG_ENTRY_AUDITED, |
| 490 net_log_callback); | 516 net_log_callback); |
| 491 } | 517 } |
| 492 | 518 |
| 493 } // namespace certificate_transparency | 519 } // namespace certificate_transparency |
| OLD | NEW |
|---|
Chromium Code Reviews
Issue 2668803004:
Certificate Transparency: Discard entries pending auditing on network change (Closed)
