components/certificate_transparency/log_proof_fetcher.cc

   1 // Copyright 2015 The Chromium Authors. All rights reserved.
   2 // Use of this source code is governed by a BSD-style license that can be
   3 // found in the LICENSE file.
   4
   5 #include "components/certificate_transparency/log_proof_fetcher.h"
   6
   7 #include <iterator>
   8
   9 #include "base/logging.h"
  10 #include "base/memory/ref_counted.h"
  11 #include "base/stl_util.h"
  12 #include "base/values.h"
  13 #include "components/safe_json/safe_json_parser.h"
  14 #include "net/base/io_buffer.h"
  15 #include "net/base/load_flags.h"
  16 #include "net/base/net_errors.h"
  17 #include "net/base/request_priority.h"
  18 #include "net/cert/ct_log_response_parser.h"
  19 #include "net/cert/signed_tree_head.h"
  20 #include "net/http/http_status_code.h"
  21 #include "net/url_request/url_request_context.h"
  22 #include "url/gurl.h"
  23
  24 namespace certificate_transparency {
  25
  26 namespace {
  27
  28 // Shamelessly copied from domain_reliability/util.cc
  29 int GetNetErrorFromURLRequestStatus(const net::URLRequestStatus& status) {
  30   switch (status.status()) {
  31     case net::URLRequestStatus::SUCCESS:
  32       return net::OK;
  33     case net::URLRequestStatus::CANCELED:
  34       return net::ERR_ABORTED;
  35     case net::URLRequestStatus::FAILED:
  36       return status.error();
  37     default:
  38       NOTREACHED();
  39       return net::ERR_FAILED;
  40   }
  41 }
  42
  43 }  // namespace
  44
  45 struct LogProofFetcher::FetchState {
  46   FetchState(const std::string& log_id,
  47              const SignedTreeHeadFetchedCallback& fetched_callback,
  48              const FetchFailedCallback& failed_callback);
  49   ~FetchState();
  50
  51   std::string log_id;
  52   SignedTreeHeadFetchedCallback fetched_callback;
  53   FetchFailedCallback failed_callback;
  54   scoped_refptr<net::IOBufferWithSize> response_buffer;
  55   std::string assembled_response;
  56 };
  57
  58 LogProofFetcher::FetchState::FetchState(
  59     const std::string& log_id,
  60     const SignedTreeHeadFetchedCallback& fetched_callback,
  61     const FetchFailedCallback& failed_callback)
  62     : log_id(log_id),
  63       fetched_callback(fetched_callback),
  64       failed_callback(failed_callback),
  65       response_buffer(new net::IOBufferWithSize(kMaxLogResponseSizeInBytes)) {}
  66
  67 LogProofFetcher::FetchState::~FetchState() {}
  68
  69 LogProofFetcher::LogProofFetcher(net::URLRequestContext* request_context)
  70     : request_context_(request_context), weak_factory_(this) {
  71   DCHECK(request_context);
  72 }
  73
  74 LogProofFetcher::~LogProofFetcher() {
  75   STLDeleteContainerPairPointers(inflight_requests_.begin(),
  76                                  inflight_requests_.end());
  77 }
  78
  79 void LogProofFetcher::FetchSignedTreeHead(
  80     const GURL& base_log_url,
  81     const std::string& log_id,
  82     const SignedTreeHeadFetchedCallback& fetched_callback,
  83     const FetchFailedCallback& failed_callback) {
  84   DCHECK(base_log_url.SchemeIsHTTPOrHTTPS());
  85   GURL fetch_url(base_log_url.Resolve("ct/v1/get-sth"));
  86   scoped_ptr<net::URLRequest> request =
  87       request_context_->CreateRequest(fetch_url, net::DEFAULT_PRIORITY, this);
  88   request->SetLoadFlags(net::LOAD_DO_NOT_SEND_COOKIES |
  89                         net::LOAD_DO_NOT_SAVE_COOKIES |
  90                         net::LOAD_DO_NOT_SEND_AUTH_DATA);
  91
  92   FetchState* fetch_state =
  93       new FetchState(log_id, fetched_callback, failed_callback);
  94   request->Start();
  95   inflight_requests_.insert(std::make_pair(request.release(), fetch_state));
  96 }
  97
  98 void LogProofFetcher::OnResponseStarted(net::URLRequest* request) {
  99   net::URLRequestStatus status(request->status());
 100   DCHECK(inflight_requests_.count(request));
 101   FetchState* fetch_state = inflight_requests_.find(request)->second;
 102
 103   if (!status.is_success() || request->GetResponseCode() != net::HTTP_OK) {
 104     int net_error = net::OK;
 105     int http_response_code = request->GetResponseCode();
 106
 107     DVLOG(1) << "Fetching STH from " << request->original_url()
 108              << " failed. status:" << status.status()
 109              << " error:" << status.error()
 110              << " http response code: " << http_response_code;
 111     if (!status.is_success())
 112       net_error = GetNetErrorFromURLRequestStatus(status);
 113
 114     InvokeFailureCallback(request, net_error, http_response_code);
 115     return;
 116   }
 117
 118   StartNextRead(request, fetch_state);
 119 }
 120
 121 void LogProofFetcher::OnReadCompleted(net::URLRequest* request,
 122                                       int bytes_read) {
 123   DCHECK(inflight_requests_.count(request));
 124   FetchState* fetch_state = inflight_requests_.find(request)->second;
 125
 126   if (HandleReadResult(request, fetch_state, bytes_read))
 127     StartNextRead(request, fetch_state);
 128 }
 129
 130 bool LogProofFetcher::HandleReadResult(net::URLRequest* request,
 131                                        FetchState* fetch_state,
 132                                        int bytes_read) {
 133   // Start by checking for an error condition.
 134   // If there are errors, invoke the failure callback and clean up the
 135   // request.
 136   if (bytes_read == -1 || !request->status().is_success()) {
 137     net::URLRequestStatus status(request->status());
 138     DVLOG(1) << "Read error: " << status.status() << " " << status.error();
 139     InvokeFailureCallback(request, GetNetErrorFromURLRequestStatus(status),
 140                           net::OK);
 141
 142     return false;
 143   }
 144
 145   // Not an error, but no data available, so wait for OnReadCompleted
 146   // callback.
 147   if (request->status().is_io_pending())
 148     return false;
 149
 150   // Nothing more to read from the stream - finish handling the response.
 151   if (bytes_read == 0) {
 152     RequestComplete(request);
 153     return false;
 154   }
 155
 156   // We have data, collect it and indicate another read is needed.
 157   DVLOG(1) << "Have " << bytes_read << " bytes to assemble.";
 158   DCHECK_GE(bytes_read, 0);
 159   fetch_state->assembled_response.append(fetch_state->response_buffer->data(),
 160                                          bytes_read);
 161   if (fetch_state->assembled_response.size() > kMaxLogResponseSizeInBytes) {
 162     // Log response is too big, invoke the failure callback.
 163     InvokeFailureCallback(request, net::ERR_FILE_TOO_BIG, net::HTTP_OK);
 164     return false;
 165   }
 166
 167   return true;
 168 }
 169
 170 void LogProofFetcher::StartNextRead(net::URLRequest* request,
 171                                     FetchState* fetch_state) {
 172   bool continue_reading = true;
 173   while (continue_reading) {
 174     int read_bytes = 0;
 175     request->Read(fetch_state->response_buffer.get(),
 176                   fetch_state->response_buffer->size(), &read_bytes);
 177     continue_reading = HandleReadResult(request, fetch_state, read_bytes);
 178   }
 179 }
 180
 181 void LogProofFetcher::RequestComplete(net::URLRequest* request) {
 182   DCHECK(inflight_requests_.count(request));
 183
 184   FetchState* fetch_state = inflight_requests_.find(request)->second;
 185
 186   // Get rid of the buffer as it really isn't necessary.
 187   fetch_state->response_buffer = nullptr;
 188   safe_json::SafeJsonParser::Parse(
 189       fetch_state->assembled_response,
 190       base::Bind(&LogProofFetcher::OnSTHJsonParseSuccess,
 191                  weak_factory_.GetWeakPtr(), request),
 192       base::Bind(&LogProofFetcher::OnSTHJsonParseError,
 193                  weak_factory_.GetWeakPtr(), request));
 194 }
 195
 196 void LogProofFetcher::CleanupRequest(net::URLRequest* request) {
 197   DVLOG(1) << "Cleaning up request to " << request->original_url();
 198   auto it = inflight_requests_.find(request);
 199   DCHECK(it != inflight_requests_.end());
 200   auto next_it = it;
 201   std::advance(next_it, 1);
 202
 203   // Delete FetchState and URLRequest, then the entry from inflight_requests_.
 204   STLDeleteContainerPairPointers(it, next_it);
 205   inflight_requests_.erase(it);
 206 }
 207
 208 void LogProofFetcher::InvokeFailureCallback(net::URLRequest* request,
 209                                             int net_error,
 210                                             int http_response_code) {
 211   DCHECK(inflight_requests_.count(request));
 212   auto it = inflight_requests_.find(request);
 213   FetchState* fetch_state = it->second;
 214
 215   fetch_state->failed_callback.Run(fetch_state->log_id, net_error,
 216                                    http_response_code);
 217   CleanupRequest(request);
 218 }
 219
 220 void LogProofFetcher::OnSTHJsonParseSuccess(
 221     net::URLRequest* request,
 222     scoped_ptr<base::Value> parsed_json) {
 223   DCHECK(inflight_requests_.count(request));
 224
 225   FetchState* fetch_state = inflight_requests_.find(request)->second;
 226   net::ct::SignedTreeHead signed_tree_head;
 227   if (net::ct::FillSignedTreeHead(*parsed_json.get(), &signed_tree_head)) {
 228     fetch_state->fetched_callback.Run(fetch_state->log_id, signed_tree_head);
 229   } else {
 230     fetch_state->failed_callback.Run(fetch_state->log_id,
 231                                      net::ERR_CT_STH_INCOMPLETE, net::HTTP_OK);
 232   }
 233
 234   CleanupRequest(request);
 235 }
 236
 237 void LogProofFetcher::OnSTHJsonParseError(net::URLRequest* request,
 238                                           const std::string& error) {
 239   InvokeFailureCallback(request, net::ERR_CT_STH_PARSING_FAILED, net::HTTP_OK);
 240 }
 241
 242 }  // namespace certificate_transparency