1 // Copyright 2014 The Chromium Authors. All rights reserved.
2 // Use of this source code is governed by a BSD-style license that can be
3 // found in the LICENSE file.
5 #include "net/ssl/channel_id_service.h"
10 #include "base/bind.h"
11 #include "base/bind_helpers.h"
12 #include "base/callback_helpers.h"
13 #include "base/compiler_specific.h"
14 #include "base/location.h"
15 #include "base/logging.h"
16 #include "base/memory/ref_counted.h"
17 #include "base/memory/scoped_ptr.h"
18 #include "base/message_loop/message_loop_proxy.h"
19 #include "base/metrics/histogram.h"
20 #include "base/rand_util.h"
21 #include "base/stl_util.h"
22 #include "base/task_runner.h"
23 #include "crypto/ec_private_key.h"
24 #include "net/base/net_errors.h"
25 #include "net/base/registry_controlled_domains/registry_controlled_domain.h"
26 #include "net/cert/x509_certificate.h"
27 #include "net/cert/x509_util.h"
30 #if !defined(USE_OPENSSL)
31 #include <private/pprthred.h> // PR_DetachThread
38 // Used by the GetDomainBoundCertResult histogram to record the final
39 // outcome of each GetChannelID or GetOrCreateChannelID call.
40 // Do not re-use values.
41 enum GetChannelIDResult
{
42 // Synchronously found and returned an existing domain bound cert.
44 // Retrieved or generated and returned a domain bound cert asynchronously.
46 // Retrieval/generation request was cancelled before the cert generation
49 // Cert generation failed.
50 ASYNC_FAILURE_KEYGEN
= 3,
51 // Result code 4 was removed (ASYNC_FAILURE_CREATE_CERT)
52 ASYNC_FAILURE_EXPORT_KEY
= 5,
53 ASYNC_FAILURE_UNKNOWN
= 6,
54 // GetChannelID or GetOrCreateChannelID was called with
57 // We don't support any of the cert types the server requested.
59 // Server asked for a different type of certs while we were generating one.
61 // Couldn't start a worker to generate a cert.
63 GET_CHANNEL_ID_RESULT_MAX
66 void RecordGetChannelIDResult(GetChannelIDResult result
) {
67 UMA_HISTOGRAM_ENUMERATION("DomainBoundCerts.GetDomainBoundCertResult", result
,
68 GET_CHANNEL_ID_RESULT_MAX
);
71 void RecordGetChannelIDTime(base::TimeDelta request_time
) {
72 UMA_HISTOGRAM_CUSTOM_TIMES("DomainBoundCerts.GetCertTime",
74 base::TimeDelta::FromMilliseconds(1),
75 base::TimeDelta::FromMinutes(5),
79 // On success, returns a ChannelID object and sets |*error| to OK.
80 // Otherwise, returns NULL, and |*error| will be set to a net error code.
81 // |serial_number| is passed in because base::RandInt cannot be called from an
82 // unjoined thread, due to relying on a non-leaked LazyInstance
83 scoped_ptr
<ChannelIDStore::ChannelID
> GenerateChannelID(
84 const std::string
& server_identifier
,
86 scoped_ptr
<ChannelIDStore::ChannelID
> result
;
88 base::TimeTicks start
= base::TimeTicks::Now();
89 base::Time creation_time
= base::Time::Now();
90 scoped_ptr
<crypto::ECPrivateKey
> key(crypto::ECPrivateKey::Create());
93 DLOG(ERROR
) << "Unable to create channel ID key pair";
94 *error
= ERR_KEY_GENERATION_FAILED
;
98 result
.reset(new ChannelIDStore::ChannelID(server_identifier
, creation_time
,
100 UMA_HISTOGRAM_CUSTOM_TIMES("DomainBoundCerts.GenerateCertTime",
101 base::TimeTicks::Now() - start
,
102 base::TimeDelta::FromMilliseconds(1),
103 base::TimeDelta::FromMinutes(5),
106 return result
.Pass();
111 // Represents the output and result callback of a request.
112 class ChannelIDServiceRequest
{
114 ChannelIDServiceRequest(base::TimeTicks request_start
,
115 const CompletionCallback
& callback
,
116 scoped_ptr
<crypto::ECPrivateKey
>* key
)
117 : request_start_(request_start
), callback_(callback
), key_(key
) {}
119 // Ensures that the result callback will never be made.
121 RecordGetChannelIDResult(ASYNC_CANCELLED
);
125 // Copies the contents of |key| to the caller's output argument and calls the
127 void Post(int error
, scoped_ptr
<crypto::ECPrivateKey
> key
) {
130 base::TimeDelta request_time
= base::TimeTicks::Now() - request_start_
;
131 UMA_HISTOGRAM_CUSTOM_TIMES("DomainBoundCerts.GetCertTimeAsync",
133 base::TimeDelta::FromMilliseconds(1),
134 base::TimeDelta::FromMinutes(5),
136 RecordGetChannelIDTime(request_time
);
137 RecordGetChannelIDResult(ASYNC_SUCCESS
);
140 case ERR_KEY_GENERATION_FAILED
:
141 RecordGetChannelIDResult(ASYNC_FAILURE_KEYGEN
);
143 case ERR_PRIVATE_KEY_EXPORT_FAILED
:
144 RecordGetChannelIDResult(ASYNC_FAILURE_EXPORT_KEY
);
146 case ERR_INSUFFICIENT_RESOURCES
:
147 RecordGetChannelIDResult(WORKER_FAILURE
);
150 RecordGetChannelIDResult(ASYNC_FAILURE_UNKNOWN
);
153 if (!callback_
.is_null()) {
156 callback_
.Run(error
);
161 bool canceled() const { return callback_
.is_null(); }
164 base::TimeTicks request_start_
;
165 CompletionCallback callback_
;
166 scoped_ptr
<crypto::ECPrivateKey
>* key_
;
169 // ChannelIDServiceWorker runs on a worker thread and takes care of the
170 // blocking process of performing key generation. Will take care of deleting
171 // itself once Start() is called.
172 class ChannelIDServiceWorker
{
174 typedef base::Callback
<void(
177 scoped_ptr
<ChannelIDStore::ChannelID
>)> WorkerDoneCallback
;
179 ChannelIDServiceWorker(
180 const std::string
& server_identifier
,
181 const WorkerDoneCallback
& callback
)
182 : server_identifier_(server_identifier
),
183 origin_loop_(base::MessageLoopProxy::current()),
184 callback_(callback
) {
187 // Starts the worker on |task_runner|. If the worker fails to start, such as
188 // if the task runner is shutting down, then it will take care of deleting
190 bool Start(const scoped_refptr
<base::TaskRunner
>& task_runner
) {
191 DCHECK(origin_loop_
->RunsTasksOnCurrentThread());
193 return task_runner
->PostTask(
195 base::Bind(&ChannelIDServiceWorker::Run
, base::Owned(this)));
200 // Runs on a worker thread.
201 int error
= ERR_FAILED
;
202 scoped_ptr
<ChannelIDStore::ChannelID
> channel_id
=
203 GenerateChannelID(server_identifier_
, &error
);
204 #if !defined(USE_OPENSSL)
205 // Detach the thread from NSPR.
206 // Calling NSS functions attaches the thread to NSPR, which stores
207 // the NSPR thread ID in thread-specific data.
208 // The threads in our thread pool terminate after we have called
209 // PR_Cleanup. Unless we detach them from NSPR, net_unittests gets
210 // segfaults on shutdown when the threads' thread-specific data
214 origin_loop_
->PostTask(FROM_HERE
,
215 base::Bind(callback_
, server_identifier_
, error
,
216 base::Passed(&channel_id
)));
219 const std::string server_identifier_
;
220 scoped_refptr
<base::SequencedTaskRunner
> origin_loop_
;
221 WorkerDoneCallback callback_
;
223 DISALLOW_COPY_AND_ASSIGN(ChannelIDServiceWorker
);
226 // A ChannelIDServiceJob is a one-to-one counterpart of an
227 // ChannelIDServiceWorker. It lives only on the ChannelIDService's
228 // origin message loop.
229 class ChannelIDServiceJob
{
231 ChannelIDServiceJob(bool create_if_missing
)
232 : create_if_missing_(create_if_missing
) {
235 ~ChannelIDServiceJob() {
236 if (!requests_
.empty())
240 void AddRequest(ChannelIDServiceRequest
* request
,
241 bool create_if_missing
= false) {
242 create_if_missing_
|= create_if_missing
;
243 requests_
.push_back(request
);
246 void HandleResult(int error
, scoped_ptr
<crypto::ECPrivateKey
> key
) {
247 PostAll(error
, key
.Pass());
250 bool CreateIfMissing() const { return create_if_missing_
; }
253 void PostAll(int error
, scoped_ptr
<crypto::ECPrivateKey
> key
) {
254 std::vector
<ChannelIDServiceRequest
*> requests
;
255 requests_
.swap(requests
);
257 for (std::vector
<ChannelIDServiceRequest
*>::iterator
258 i
= requests
.begin(); i
!= requests
.end(); i
++) {
259 scoped_ptr
<crypto::ECPrivateKey
> key_copy
;
261 key_copy
.reset(key
->Copy());
262 (*i
)->Post(error
, key_copy
.Pass());
263 // Post() causes the ChannelIDServiceRequest to delete itself.
267 void DeleteAllCanceled() {
268 for (std::vector
<ChannelIDServiceRequest
*>::iterator
269 i
= requests_
.begin(); i
!= requests_
.end(); i
++) {
270 if ((*i
)->canceled()) {
273 LOG(DFATAL
) << "ChannelIDServiceRequest leaked!";
278 std::vector
<ChannelIDServiceRequest
*> requests_
;
279 bool create_if_missing_
;
283 const char ChannelIDService::kEPKIPassword
[] = "";
285 ChannelIDService::RequestHandle::RequestHandle()
289 ChannelIDService::RequestHandle::~RequestHandle() {
293 void ChannelIDService::RequestHandle::Cancel() {
295 service_
->CancelRequest(request_
);
301 void ChannelIDService::RequestHandle::RequestStarted(
302 ChannelIDService
* service
,
303 ChannelIDServiceRequest
* request
,
304 const CompletionCallback
& callback
) {
305 DCHECK(request_
== NULL
);
308 callback_
= callback
;
311 void ChannelIDService::RequestHandle::OnRequestComplete(int result
) {
313 // Running the callback might delete |this|, so we can't touch any of our
314 // members afterwards. Reset callback_ first.
315 base::ResetAndReturn(&callback_
).Run(result
);
318 ChannelIDService::ChannelIDService(
319 ChannelIDStore
* channel_id_store
,
320 const scoped_refptr
<base::TaskRunner
>& task_runner
)
321 : channel_id_store_(channel_id_store
),
322 task_runner_(task_runner
),
327 weak_ptr_factory_(this) {
330 ChannelIDService::~ChannelIDService() {
331 STLDeleteValues(&inflight_
);
335 std::string
ChannelIDService::GetDomainForHost(const std::string
& host
) {
337 registry_controlled_domains::GetDomainAndRegistry(
338 host
, registry_controlled_domains::INCLUDE_PRIVATE_REGISTRIES
);
344 int ChannelIDService::GetOrCreateChannelID(
345 const std::string
& host
,
346 scoped_ptr
<crypto::ECPrivateKey
>* key
,
347 const CompletionCallback
& callback
,
348 RequestHandle
* out_req
) {
349 DVLOG(1) << __FUNCTION__
<< " " << host
;
350 DCHECK(CalledOnValidThread());
351 base::TimeTicks request_start
= base::TimeTicks::Now();
353 if (callback
.is_null() || !key
|| host
.empty()) {
354 RecordGetChannelIDResult(INVALID_ARGUMENT
);
355 return ERR_INVALID_ARGUMENT
;
358 std::string domain
= GetDomainForHost(host
);
359 if (domain
.empty()) {
360 RecordGetChannelIDResult(INVALID_ARGUMENT
);
361 return ERR_INVALID_ARGUMENT
;
366 // See if a request for the same domain is currently in flight.
367 bool create_if_missing
= true;
368 if (JoinToInFlightRequest(request_start
, domain
, key
, create_if_missing
,
369 callback
, out_req
)) {
370 return ERR_IO_PENDING
;
373 int err
= LookupChannelID(request_start
, domain
, key
, create_if_missing
,
375 if (err
== ERR_FILE_NOT_FOUND
) {
376 // Sync lookup did not find a valid channel ID. Start generating a new one.
378 ChannelIDServiceWorker
* worker
= new ChannelIDServiceWorker(
380 base::Bind(&ChannelIDService::GeneratedChannelID
,
381 weak_ptr_factory_
.GetWeakPtr()));
382 if (!worker
->Start(task_runner_
)) {
383 // TODO(rkn): Log to the NetLog.
384 LOG(ERROR
) << "ChannelIDServiceWorker couldn't be started.";
385 RecordGetChannelIDResult(WORKER_FAILURE
);
386 return ERR_INSUFFICIENT_RESOURCES
;
388 // We are waiting for key generation. Create a job & request to track it.
389 ChannelIDServiceJob
* job
= new ChannelIDServiceJob(create_if_missing
);
390 inflight_
[domain
] = job
;
392 ChannelIDServiceRequest
* request
= new ChannelIDServiceRequest(
393 request_start
, base::Bind(&RequestHandle::OnRequestComplete
,
394 base::Unretained(out_req
)),
396 job
->AddRequest(request
);
397 out_req
->RequestStarted(this, request
, callback
);
398 return ERR_IO_PENDING
;
404 int ChannelIDService::GetChannelID(const std::string
& host
,
405 scoped_ptr
<crypto::ECPrivateKey
>* key
,
406 const CompletionCallback
& callback
,
407 RequestHandle
* out_req
) {
408 DVLOG(1) << __FUNCTION__
<< " " << host
;
409 DCHECK(CalledOnValidThread());
410 base::TimeTicks request_start
= base::TimeTicks::Now();
412 if (callback
.is_null() || !key
|| host
.empty()) {
413 RecordGetChannelIDResult(INVALID_ARGUMENT
);
414 return ERR_INVALID_ARGUMENT
;
417 std::string domain
= GetDomainForHost(host
);
418 if (domain
.empty()) {
419 RecordGetChannelIDResult(INVALID_ARGUMENT
);
420 return ERR_INVALID_ARGUMENT
;
425 // See if a request for the same domain currently in flight.
426 bool create_if_missing
= false;
427 if (JoinToInFlightRequest(request_start
, domain
, key
, create_if_missing
,
428 callback
, out_req
)) {
429 return ERR_IO_PENDING
;
432 int err
= LookupChannelID(request_start
, domain
, key
, create_if_missing
,
437 void ChannelIDService::GotChannelID(int err
,
438 const std::string
& server_identifier
,
439 scoped_ptr
<crypto::ECPrivateKey
> key
) {
440 DCHECK(CalledOnValidThread());
442 std::map
<std::string
, ChannelIDServiceJob
*>::iterator j
;
443 j
= inflight_
.find(server_identifier
);
444 if (j
== inflight_
.end()) {
450 // Async DB lookup found a valid channel ID.
452 // ChannelIDServiceRequest::Post will do the histograms and stuff.
453 HandleResult(OK
, server_identifier
, key
.Pass());
456 // Async lookup failed or the channel ID was missing. Return the error
457 // directly, unless the channel ID was missing and a request asked to create
459 if (err
!= ERR_FILE_NOT_FOUND
|| !j
->second
->CreateIfMissing()) {
460 HandleResult(err
, server_identifier
, key
.Pass());
463 // At least one request asked to create a channel ID => start generating a new
466 ChannelIDServiceWorker
* worker
= new ChannelIDServiceWorker(
468 base::Bind(&ChannelIDService::GeneratedChannelID
,
469 weak_ptr_factory_
.GetWeakPtr()));
470 if (!worker
->Start(task_runner_
)) {
471 // TODO(rkn): Log to the NetLog.
472 LOG(ERROR
) << "ChannelIDServiceWorker couldn't be started.";
473 HandleResult(ERR_INSUFFICIENT_RESOURCES
, server_identifier
, nullptr);
477 ChannelIDStore
* ChannelIDService::GetChannelIDStore() {
478 return channel_id_store_
.get();
481 void ChannelIDService::CancelRequest(ChannelIDServiceRequest
* req
) {
482 DCHECK(CalledOnValidThread());
486 void ChannelIDService::GeneratedChannelID(
487 const std::string
& server_identifier
,
489 scoped_ptr
<ChannelIDStore::ChannelID
> channel_id
) {
490 DCHECK(CalledOnValidThread());
492 scoped_ptr
<crypto::ECPrivateKey
> key
;
494 key
.reset(channel_id
->key()->Copy());
495 channel_id_store_
->SetChannelID(channel_id
.Pass());
497 HandleResult(error
, server_identifier
, key
.Pass());
500 void ChannelIDService::HandleResult(int error
,
501 const std::string
& server_identifier
,
502 scoped_ptr
<crypto::ECPrivateKey
> key
) {
503 DCHECK(CalledOnValidThread());
505 std::map
<std::string
, ChannelIDServiceJob
*>::iterator j
;
506 j
= inflight_
.find(server_identifier
);
507 if (j
== inflight_
.end()) {
511 ChannelIDServiceJob
* job
= j
->second
;
514 job
->HandleResult(error
, key
.Pass());
518 bool ChannelIDService::JoinToInFlightRequest(
519 const base::TimeTicks
& request_start
,
520 const std::string
& domain
,
521 scoped_ptr
<crypto::ECPrivateKey
>* key
,
522 bool create_if_missing
,
523 const CompletionCallback
& callback
,
524 RequestHandle
* out_req
) {
525 ChannelIDServiceJob
* job
= NULL
;
526 std::map
<std::string
, ChannelIDServiceJob
*>::const_iterator j
=
527 inflight_
.find(domain
);
528 if (j
!= inflight_
.end()) {
529 // A request for the same domain is in flight already. We'll attach our
530 // callback, but we'll also mark it as requiring a channel ID if one's
535 ChannelIDServiceRequest
* request
= new ChannelIDServiceRequest(
536 request_start
, base::Bind(&RequestHandle::OnRequestComplete
,
537 base::Unretained(out_req
)),
539 job
->AddRequest(request
, create_if_missing
);
540 out_req
->RequestStarted(this, request
, callback
);
546 int ChannelIDService::LookupChannelID(const base::TimeTicks
& request_start
,
547 const std::string
& domain
,
548 scoped_ptr
<crypto::ECPrivateKey
>* key
,
549 bool create_if_missing
,
550 const CompletionCallback
& callback
,
551 RequestHandle
* out_req
) {
552 // Check if a channel ID key already exists for this domain.
553 int err
= channel_id_store_
->GetChannelID(
554 domain
, key
, base::Bind(&ChannelIDService::GotChannelID
,
555 weak_ptr_factory_
.GetWeakPtr()));
558 // Sync lookup found a valid channel ID.
559 DVLOG(1) << "Channel ID store had valid key for " << domain
;
561 RecordGetChannelIDResult(SYNC_SUCCESS
);
562 base::TimeDelta request_time
= base::TimeTicks::Now() - request_start
;
563 UMA_HISTOGRAM_TIMES("DomainBoundCerts.GetCertTimeSync", request_time
);
564 RecordGetChannelIDTime(request_time
);
568 if (err
== ERR_IO_PENDING
) {
569 // We are waiting for async DB lookup. Create a job & request to track it.
570 ChannelIDServiceJob
* job
= new ChannelIDServiceJob(create_if_missing
);
571 inflight_
[domain
] = job
;
573 ChannelIDServiceRequest
* request
= new ChannelIDServiceRequest(
574 request_start
, base::Bind(&RequestHandle::OnRequestComplete
,
575 base::Unretained(out_req
)),
577 job
->AddRequest(request
);
578 out_req
->RequestStarted(this, request
, callback
);
579 return ERR_IO_PENDING
;
585 int ChannelIDService::channel_id_count() {
586 return channel_id_store_
->GetChannelIDCount();