net/base/crl_filter.h - Issue 6965015: net: add CRL filter infrastructure.

Side by Side Diff: net/base/crl_filter.h

Issue 6965015: net: add CRL filter infrastructure. (Closed) Base URL: svn://svn.chromium.org/chrome/trunk/src

Patch Set: Created 9 years, 6 months ago

Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.

Jump to:

View unified diff | Download patch | Annotate | Revision Log

OLD	NEW
(Empty)
	1 // Copyright (c) 2011 The Chromium Authors. All rights reserved.

	2 // Use of this source code is governed by a BSD-style license that can be

	3 // found in the LICENSE file.

	4

	5 #ifndef NET_BASE_CRL_FILTER_H_

	6 #define NET_BASE_CRL_FILTER_H_

	7 #pragma once

	8

	9 #include <set>

	10 #include <string>

	11 #include <utility>

	12 #include <vector>

	13

	14 #include <base/memory/ref_counted.h>

	15 #include <base/memory/scoped_ptr.h>

	16 #include <base/string_piece.h>

	17 #include <base/synchronization/lock.h>

	18

	19 class DictionaryValue;

	20

	21 namespace net {

	22

	23 class GolombCompressedSet;

	24

	25 // A CRLFilter is a probabilistic data structure for eliminating certificate

	26 // revocation checks. A CRL filter contains information about some number of

	27 // globally well known CRLs. Those CRLs are said to be `covered' by the filter.

	28 //

	29 // If a certificate specifies a CRL that is covered then the CRLFilter can give

	30 // a firm "not revoked" answer or a probabilistic "revoked" answer.

	31 // Additionally, a CRLFilter can contain a list of blocked public keys and, in

	32 // that case, it can give a firm "revoked" answer.

	33 class CRLFilter : public base::RefCounted<CRLFilter> {

	34 public:

	35 enum Result {

	36 REVOKED, // the certificate should be rejected.

	37 PROBABLY_REVOKED, // the certificate should be checked.

	38 NOT_REVOKED, // the certificate is acceptable.

	39 UNKNOWN, // no information available.

	40 };

	41
	Ryan Sleevi 2011/06/02 22:01:54 BUG: No constructors defined, so an implicit (publ BUG: No constructors defined, so an implicit (public) constructor will be created. Given the static method Parse(), I would think the ctor was meant to be private (and explicitly specified)
	42 ~CRLFilter();
	Ryan Sleevi 2011/06/02 22:01:54 If it is RefCounted, shouldn't this be private:, w If it is RefCounted, shouldn't this be private:, with the Refcounted<CRLFilter> friend'ed, to prevent both stack allocations and delete's?
	43

	44 static CRLFilter* Parse(base::StringPiece data);

	45

	46 // CheckCertificate returns the information contained in the filter for a

	47 // given certificate:

	48 // cert_spki: the SubjectPublicKeyInfo for the certificate

	49 // serial_number: the serial number of the certificate

	50 // crl_urls: the URLs for the CRL for the certificate

	51 // parent_spki: the SubjectPublicKeyInfo of the CRL signer

	52 //

	53 // This does not check that the CRLFilter is timely. See \|not_before\| and

	54 // \|not_after\|.

	55 Result CheckCertificate(

	56 base::StringPiece cert_spki,

	57 const std::string& serial_number,

	58 std::vector<base::StringPiece> crl_urls,

	59 base::StringPiece parent_spki);
	Ryan Sleevi 2011/06/02 22:01:54 nit?: Result CheckCertificate(...) const nit?: b nit?: Result CheckCertificate(...) const nit?: base::StringPiece -> const base::StringPiece& Admittedly, there's no copying of the underlying data going on, but I thought passing objects by value was something discouraged? Also throughout the .cc file
	60

	61 // ApplyDelta returns a new CRLFilter that is the result of updating the

	62 // current filter with the delta information in \|delta_bytes\|.

	63 CRLFilter* ApplyDelta(base::StringPiece delta_bytes);
	Ryan Sleevi 2011/06/02 22:01:54 suggestion: CRLFilter* ApplyDelta(...) const ? Sin suggestion: CRLFilter* ApplyDelta(...) const ? Since it returns a new CRLFilter?
	64

	65 // not_before and not_after return the validity timespan of this filter.

	66 // \|CheckCertificate\| does not check the current time so it's up to the

	67 // caller to ensure that the CRLFilter is timely.

	68 int64 not_before() const;

	69 int64 not_after() const;

	70

	71 // DebugValues return all GCS values, in order. This should only be used
	Ryan Sleevi 2011/06/02 22:01:54 nit: First appearance of "GCS" in the header, with nit: First appearance of "GCS" in the header, without comment that it's a GolombCompressedSet. See also http://google-styleguide.googlecode.com/svn/trunk/cppguide.xml?showone=Genera...
	72 // for testing.

	73 std::vector<uint64> DebugValues();

	74 // num_entries returns the number of GCS values in the filter. This should

	75 // only be used for testing.

	76 unsigned num_entries() const;

	77 // max_range returns size of the hash range. This should only be used for

	78 // testing.

	79 uint64 max_range() const;

	80 // SHA256 returns a hash over the header and GCS bytes of the filter. This

	81 // should only be used for testing.

	82 std::string SHA256() const;

	83
	Ryan Sleevi 2011/06/02 22:01:54 nit: For these "Should only be used for testing", nit: For these "Should only be used for testing", would it be better to make them private and friended to the test? That is the dominant pattern in the net/ code Or even just friend the test, so it can access the data members directly, and move these helpers into the test file.
	84 private:

	85 // These are the range coder symbols used in delta updates.

	86 enum {

	87 SYMBOL_SAME = 0,

	88 SYMBOL_INSERT = 1,

	89 SYMBOL_DELETE = 2,

	90 };
	Ryan Sleevi 2011/06/02 22:01:54 nit: Private, unnamed enum can be moved wholly int nit: Private, unnamed enum can be moved wholly into the implementation file - no need for inclusion in the header.
	91

	92 static CRLFilter* CRLFilterFromHeader(base::StringPiece header);
	Ryan Sleevi 2011/06/02 22:01:54 nit: Static private function can be moved wholly i nit: Static private function can be moved wholly into the implementation file - no need for inclusion in the header.
	93 bool CRLIsCovered(std::vector<base::StringPiece> crl_urls,

	94 const std::string& parent_spki_sha256);
	Ryan Sleevi 2011/06/02 22:01:54 nit?: bool CRLIsCovered(...) const nit: std::vecto nit?: bool CRLIsCovered(...) const nit: std::vector<base::StringPiece> crl_urls -> const std::vector<base::StringPiece>& crl_urls
	95

	96 int64 not_before_, not_after_;
	Ryan Sleevi 2011/06/02 22:01:54 super-minor nit?: I thought the style guide prohib super-minor nit?: I thought the style guide prohibited multiple variables from being declared in the same statement, but I'm having trouble finding where. Still, it seems uncommon in the code that I've seen.
	97 uint64 max_range_;

	98 unsigned sequence_;
	Ryan Sleevi 2011/06/02 22:01:54 nit: Explicitly sized integer (presumably, int64 b nit: Explicitly sized integer (presumably, int64 based on the JSON implementation) http://google-styleguide.googlecode.com/svn/trunk/cppguide.xml#Integer_Types http://www.chromium.org/developers/coding-style#TOC-Types
	99 unsigned num_entries_;
	Ryan Sleevi 2011/06/02 22:01:54 nit: size_t nit: size_t
	100

	101 std::string header_bytes_;

	102

	103 std::set<std::pair<std::string, std::string> > crls_included_;

	104 std::string gcs_bytes_;

	105 scoped_ptr<GolombCompressedSet> gcs_;
	Ryan Sleevi 2011/06/02 22:01:54 DISALLOW_COPY_AND_ASSIGN(CRLFilter) DISALLOW_COPY_AND_ASSIGN(CRLFilter)
	106 };

	107

	108 } // namespace net

	109

	110 #endif // NET_BASE_CRL_FILTER_H_

OLD	NEW

« no previous file with comments | « no previous file | net/base/crl_filter.cc » ('j') | net/base/crl_filter.cc » ('J')