Certificate Transparency: Discard entries pending auditing on network change

components/certificate_transparency/single_tree_tracker.h

 // Copyright 2016 The Chromium Authors. All rights reserved.
 // Use of this source code is governed by a BSD-style license that can be
 // found in the LICENSE file.
 
 #ifndef COMPONENTS_CERTIFICATE_TRANSPARENCY_SINGLE_TREE_TRACKER_H_
 #define COMPONENTS_CERTIFICATE_TRANSPARENCY_SINGLE_TREE_TRACKER_H_
 
 #include <map>
 #include <memory>
 #include <string>
 
 #include "base/containers/mru_cache.h"
 #include "base/memory/memory_pressure_monitor.h"
 #include "base/memory/ref_counted.h"
 #include "base/memory/weak_ptr.h"
 #include "net/base/hash_value.h"
+#include "net/base/network_change_notifier.h"
 #include "net/cert/ct_verifier.h"
 #include "net/cert/signed_tree_head.h"
 #include "net/cert/sth_observer.h"
 #include "net/log/net_log_with_source.h"
 
 namespace net {
 
 class CTLogVerifier;
 class X509Certificate;
 
@@ skipping 79 matching lines @@
   // |sct| is not an SCT for |cert| or |sct| is not for this log,
   // SCT_NOT_OBSERVED will be returned.
   SCTInclusionStatus GetLogEntryInclusionStatus(
       net::X509Certificate* cert,
       const net::ct::SignedCertificateTimestamp* sct);
 
  private:
   struct EntryToAudit;
   struct EntryAuditState;
   struct EntryAuditResult {};
+  class NetworkObserver;
+  friend class NetworkObserver;
 
   // Less-than comparator that sorts EntryToAudits based on the SCT timestamp,
   // with smaller (older) SCTs appearing less than larger (newer) SCTs.
   struct OrderByTimestamp {
     bool operator()(const EntryToAudit& lhs, const EntryToAudit& rhs) const;
   };
 
   // Requests an inclusion proof for each of the entries in |pending_entries_|
   // until throttled by the LogDnsClient.
   void ProcessPendingEntries();
 
   // Returns the inclusion status of the given |entry|, similar to
   // GetLogEntryInclusionStatus(). The |entry| is an internal representation of
   // a certificate + SCT combination.
   SCTInclusionStatus GetAuditedEntryInclusionStatus(const EntryToAudit& entry);
 
   // Processes the result of obtaining an audit proof for |entry|.
   // * If an audit proof was successfully obtained and validated,
   //   updates |checked_entries_| so that future calls to
   //   GetLogEntryInclusionStatus() will indicate the entry's
   //   inclusion.
   // * If there was a failure to obtain or validate an inclusion
   //   proof, removes |entry| from the queue of entries to validate.
   //   Future calls to GetLogEntryInclusionStatus() will indicate the entry
   //   has not been observed.
   void OnAuditProofObtained(const EntryToAudit& entry, int net_error);
 
+  // Discards all entries pending inclusion check on network change.
+  // That is done to prevent the client looking up inclusion proofs for
+  // certificates received from one network, on another network, thus
+  // leaking state between networks.
+  void ResetPendingQueue();
+
   // Clears entries to reduce memory overhead.
   void OnMemoryPressure(
       base::MemoryPressureListener::MemoryPressureLevel memory_pressure_level);
 
   void LogAuditResultToNetLog(const EntryToAudit& entry, bool success);
 
   // Holds the latest STH fetched and verified for this log.
   net::ct::SignedTreeHead verified_sth_;
 
   // The log being tracked.
@@ skipping 13 matching lines @@
                  EntryAuditResult,
                  net::SHA256HashValueLessThan>
       checked_entries_;
 
   LogDnsClient* dns_client_;
 
   std::unique_ptr<base::MemoryPressureListener> memory_pressure_listener_;
 
   net::NetLogWithSource net_log_;
 
+  std::unique_ptr<NetworkObserver> network_observer_;
+
   base::WeakPtrFactory<SingleTreeTracker> weak_factory_;
 
   DISALLOW_COPY_AND_ASSIGN(SingleTreeTracker);
 };
 
 }  // namespace certificate_transparency
 
 #endif  // COMPONENTS_CERTIFICATE_TRANSPARENCY_SINGLE_TREE_TRACKER_H_