net: Implement ChannelIDSourceChromium, which is based on Chromium's

net/quic/crypto/channel_id_chromium.cc

+// Copyright 2014 The Chromium Authors. All rights reserved.
+// Use of this source code is governed by a BSD-style license that can be
+// found in the LICENSE file.
+
+#include "net/quic/crypto/channel_id_chromium.h"
+
+#include <string>
+
+#include "base/stl_util.h"
+#include "base/strings/string_util.h"
+#include "crypto/ec_private_key.h"
+#include "crypto/ec_signature_creator.h"
+#include "net/base/net_errors.h"
+#include "net/cert/asn1_util.h"
+#include "net/ssl/server_bound_cert_service.h"
+
+namespace net {
+
+ChannelIDKeyChromium::ChannelIDKeyChromium(
+    crypto::ECPrivateKey* ec_private_key)
+    : ec_private_key_(ec_private_key) {}
+
+ChannelIDKeyChromium::~ChannelIDKeyChromium() {}
+
+bool ChannelIDKeyChromium::Sign(base::StringPiece signed_data,
+                                std::string* out_signature) const {
+  scoped_ptr<crypto::ECSignatureCreator> sig_creator(
+      crypto::ECSignatureCreator::Create(ec_private_key_.get()));
+  if (!sig_creator) {
+    return false;
+  }
+  const size_t len1 = strlen(ChannelIDVerifier::kContextStr) + 1;
+  const size_t len2 = strlen(ChannelIDVerifier::kClientToServerStr) + 1;
+  std::vector<uint8> data(len1 + len2 + signed_data.size());
+  memcpy(&data[0], ChannelIDVerifier::kContextStr, len1);
+  memcpy(&data[len1], ChannelIDVerifier::kClientToServerStr, len2);
+  memcpy(&data[len1 + len2], signed_data.data(), signed_data.size());
+  std::vector<uint8> der_signature;
+  if (!sig_creator->Sign(&data[0], data.size(), &der_signature)) {
+    return false;
+  }
+  std::vector<uint8> raw_signature;
+  if (!sig_creator->DecodeSignature(der_signature, &raw_signature)) {
+    return false;
+  }
+  memcpy(WriteInto(out_signature, raw_signature.size() + 1),
+         &raw_signature[0], raw_signature.size());
+  return true;
+}
+
+std::string ChannelIDKeyChromium::SerializeKey() const {
+  std::string out_key;
+  if (!ec_private_key_->ExportRawPublicKey(&out_key)) {
+    return std::string();
+  }
+  return out_key;
+}
+
+// A Job handles the lookup of a single channel ID.  It is owned by the
+// ChannelIDSource. If the operation can not complete synchronously, it will
+// notify the ChannelIDSource upon completion.
+class ChannelIDSourceChromium::Job {
+ public:
+  Job(ChannelIDSourceChromium* channel_id_source,
+      ServerBoundCertService* server_bound_cert_service);
+
+  // Starts the channel ID lookup.  If |QUIC_PENDING| is returned, then
+  // |callback| will be invoked asynchronously when the operation completes.
+  QuicAsyncStatus GetChannelIDKey(const std::string& hostname,
+                                  scoped_ptr<ChannelIDKey>* channel_id_key,
+                                  ChannelIDSourceCallback* callback);
+
+ private:
+  enum State {
+    STATE_NONE,
+    STATE_GET_CHANNEL_ID_KEY,
+    STATE_GET_CHANNEL_ID_KEY_COMPLETE,
+  };
+
+  int DoLoop(int last_io_result);
+  void OnIOComplete(int result);
+  int DoGetChannelIDKey(int result);
+  int DoGetChannelIDKeyComplete(int result);
+
+  // Channel ID source to notify when this jobs completes.
+  ChannelIDSourceChromium* const channel_id_source_;
+
+  ServerBoundCertService* const server_bound_cert_service_;
+
+  std::string channel_id_private_key_;
+  std::string channel_id_cert_;
+  ServerBoundCertService::RequestHandle channel_id_request_handle_;
+
+  // |hostname| specifies the hostname for which we need a channel ID.
+  std::string hostname_;
+
+  scoped_ptr<ChannelIDSourceCallback> callback_;
+
+  scoped_ptr<ChannelIDKey> channel_id_key_;
+
+  State next_state_;
+
+  DISALLOW_COPY_AND_ASSIGN(Job);
+};
+
+ChannelIDSourceChromium::Job::Job(
+    ChannelIDSourceChromium* channel_id_source,
+    ServerBoundCertService* server_bound_cert_service)
+    : channel_id_source_(channel_id_source),
+      server_bound_cert_service_(server_bound_cert_service),
+      next_state_(STATE_NONE) {
+}
+
+QuicAsyncStatus ChannelIDSourceChromium::Job::GetChannelIDKey(
+    const std::string& hostname,
+    scoped_ptr<ChannelIDKey>* channel_id_key,
+    ChannelIDSourceCallback* callback) {
+  DCHECK(channel_id_key);
+  DCHECK(callback);
+
+  if (STATE_NONE != next_state_) {
+    DLOG(DFATAL) << "GetChannelIDKey has begun";
+    return QUIC_FAILURE;
+  }
+
+  channel_id_key_.reset();
+
+  hostname_ = hostname;
+
+  next_state_ = STATE_GET_CHANNEL_ID_KEY;
+  switch (DoLoop(OK)) {
+    case OK:
+      channel_id_key->reset(channel_id_key_.release());
+      return QUIC_SUCCESS;
+    case ERR_IO_PENDING:
+      callback_.reset(callback);
+      return QUIC_PENDING;
+    default:
+      channel_id_key->reset();
+      return QUIC_FAILURE;
+  }
+}
+
+int ChannelIDSourceChromium::Job::DoLoop(int last_result) {
+  int rv = last_result;
+  do {
+    State state = next_state_;
+    next_state_ = STATE_NONE;
+    switch (state) {
+      case STATE_GET_CHANNEL_ID_KEY:
+        DCHECK(rv == OK);
+        rv = DoGetChannelIDKey(rv);
+        break;
+      case STATE_GET_CHANNEL_ID_KEY_COMPLETE:
+        rv = DoGetChannelIDKeyComplete(rv);
+        break;
+      case STATE_NONE:
+      default:
+        rv = ERR_UNEXPECTED;
+        LOG(DFATAL) << "unexpected state " << state;
+        break;
+    }
+  } while (rv != ERR_IO_PENDING && next_state_ != STATE_NONE);
+  return rv;
+}
+
+void ChannelIDSourceChromium::Job::OnIOComplete(int result) {
+  int rv = DoLoop(result);
+  if (rv != ERR_IO_PENDING) {
+    scoped_ptr<ChannelIDSourceCallback> callback(callback_.release());
+    callback->Run(&channel_id_key_);
+    // Will delete |this|.
+    channel_id_source_->OnJobComplete(this);
+  }
+}
+
+int ChannelIDSourceChromium::Job::DoGetChannelIDKey(int result) {
+  next_state_ = STATE_GET_CHANNEL_ID_KEY_COMPLETE;
+
+  return server_bound_cert_service_->GetOrCreateDomainBoundCert(
+      hostname_,
+      &channel_id_private_key_,
+      &channel_id_cert_,
+      base::Bind(&ChannelIDSourceChromium::Job::OnIOComplete,
+                 base::Unretained(this)),
+      &channel_id_request_handle_);
+}
+
+int ChannelIDSourceChromium::Job::DoGetChannelIDKeyComplete(int result) {
+  DCHECK_EQ(STATE_NONE, next_state_);
+  if (result != OK) {
+    DLOG(WARNING) << "Failed to look up channel ID: " << ErrorToString(result);
+    return result;
+  }
+
+  std::vector<uint8> encrypted_private_key_info(
+      channel_id_private_key_.size());
+  memcpy(&encrypted_private_key_info[0], channel_id_private_key_.data(),
+         channel_id_private_key_.size());
+
+  base::StringPiece spki_piece;
+  if (!asn1::ExtractSPKIFromDERCert(channel_id_cert_, &spki_piece)) {
+    return ERR_UNEXPECTED;
+  }
+  std::vector<uint8> subject_public_key_info(spki_piece.size());
+  memcpy(&subject_public_key_info[0], spki_piece.data(), spki_piece.size());
+
+  crypto::ECPrivateKey* ec_private_key =
+      crypto::ECPrivateKey::CreateFromEncryptedPrivateKeyInfo(
+          ServerBoundCertService::kEPKIPassword, encrypted_private_key_info,
+          subject_public_key_info);
+  if (!ec_private_key) {
+    // TODO(wtc): use the new error code ERR_CHANNEL_ID_IMPORT_FAILED to be
+    // added in https://codereview.chromium.org/338093012/.
+    return ERR_UNEXPECTED;
+  }
+  channel_id_key_.reset(new ChannelIDKeyChromium(ec_private_key));
+
+  return result;
+}
+
+ChannelIDSourceChromium::ChannelIDSourceChromium(
+    ServerBoundCertService* server_bound_cert_service)
+    : server_bound_cert_service_(server_bound_cert_service) {
+}
+
+ChannelIDSourceChromium::~ChannelIDSourceChromium() {
+  STLDeleteElements(&active_jobs_);
+}
+
+QuicAsyncStatus ChannelIDSourceChromium::GetChannelIDKey(
+    const std::string& hostname,
+    scoped_ptr<ChannelIDKey>* channel_id_key,
+    ChannelIDSourceCallback* callback) {
+  scoped_ptr<Job> job(new Job(this, server_bound_cert_service_));
+  QuicAsyncStatus status = job->GetChannelIDKey(hostname, channel_id_key,
+                                                callback);
+  if (status == QUIC_PENDING) {
+    active_jobs_.insert(job.release());
+  }
+  return status;
+}
+
+void ChannelIDSourceChromium::OnJobComplete(Job* job) {
+  active_jobs_.erase(job);
+  delete job;
+}
+
+}  // namespace net