Chromium Code Reviews Chromium Code Reviews
Issue 7565023:
Gave the GetOriginBoundCertificate an asynchronous interface because certificate (Closed)
Base URL: svn://svn.chromium.org/chrome/trunk/src/| OLD | NEW |
|---|---|
| 1 // Copyright (c) 2011 The Chromium Authors. All rights reserved. | 1 // Copyright (c) 2011 The Chromium Authors. All rights reserved. |
| 2 // Use of this source code is governed by a BSD-style license that can be | 2 // Use of this source code is governed by a BSD-style license that can be |
| 3 // found in the LICENSE file. | 3 // found in the LICENSE file. |
| 4 | 4 |
| 5 #ifndef NET_BASE_ORIGIN_BOUND_CERT_SERVICE_H_ | 5 #ifndef NET_BASE_ORIGIN_BOUND_CERT_SERVICE_H_ |
| 6 #define NET_BASE_ORIGIN_BOUND_CERT_SERVICE_H_ | 6 #define NET_BASE_ORIGIN_BOUND_CERT_SERVICE_H_ |
| 7 #pragma once | 7 #pragma once |
| 8 | 8 |
| 9 #include <map> | |
| 9 #include <string> | 10 #include <string> |
| 10 | 11 |
| 12 #include "base/basictypes.h" | |
| 11 #include "base/memory/ref_counted.h" | 13 #include "base/memory/ref_counted.h" |
| 12 #include "base/memory/scoped_ptr.h" | 14 #include "base/memory/scoped_ptr.h" |
| 15 #include "base/threading/non_thread_safe.h" | |
| 16 #include "net/base/completion_callback.h" | |
| 13 #include "net/base/net_api.h" | 17 #include "net/base/net_api.h" |
| 14 | 18 |
| 15 namespace net { | 19 namespace net { |
| 16 | 20 |
| 21 class OriginBoundCertServiceJob; | |
| 22 class OriginBoundCertServiceWorker; | |
|
wtc
2011/08/05 01:48:21
I wonder if these two types should be Job and Work
| |
| 17 class OriginBoundCertStore; | 23 class OriginBoundCertStore; |
| 18 | 24 |
| 19 // A class for creating and fetching origin bound certs. | 25 // A class for creating and fetching origin bound certs. |
| 26 // Inherits from NonThreadSafe in order to use the function | |
| 27 // |CalledOnValidThread|. | |
| 20 class NET_API OriginBoundCertService | 28 class NET_API OriginBoundCertService |
| 21 : public base::RefCountedThreadSafe<OriginBoundCertService> { | 29 : public base::RefCountedThreadSafe<OriginBoundCertService>, |
| 30 NON_EXPORTED_BASE(public base::NonThreadSafe) { | |
| 22 public: | 31 public: |
| 32 // Opaque type used to cancel a request. | |
| 33 typedef void* RequestHandle; | |
| 34 | |
| 23 // This object owns origin_bound_cert_store. | 35 // This object owns origin_bound_cert_store. |
| 24 explicit OriginBoundCertService( | 36 explicit OriginBoundCertService( |
| 25 OriginBoundCertStore* origin_bound_cert_store); | 37 OriginBoundCertStore* origin_bound_cert_store); |
| 26 | 38 |
| 27 ~OriginBoundCertService(); | 39 ~OriginBoundCertService(); |
| 28 | 40 |
| 29 // TODO(rkn): Specify certificate type (RSA or DSA). | 41 // TODO(rkn): Specify certificate type (RSA or DSA). |
| 30 // TODO(rkn): Key generation can be time consuming, so this should have an | |
| 31 // asynchronous interface. | |
| 32 // Fetches the origin bound cert for the specified origin if one exists | 42 // Fetches the origin bound cert for the specified origin if one exists |
| 33 // and creates one otherwise. On success, |private_key_result| stores a | 43 // and creates one otherwise. On success, |private_key_result| stores a |
| 34 // DER-encoded PrivateKeyInfo struct, and |cert_result| stores a DER-encoded | 44 // DER-encoded PrivateKeyInfo struct, and |cert_result| stores a DER-encoded |
| 35 // certificate. | 45 // certificate. |
|
wtc
2011/08/05 01:48:21
Add comments to describe the async behavior, out_r
| |
| 36 bool GetOriginBoundCert(const std::string& origin, | 46 int GetOriginBoundCert(const std::string& origin, |
| 37 std::string* private_key_result, | 47 std::string* private_key, |
| 38 std::string* cert_result); | 48 std::string* cert, |
| 49 CompletionCallback* callback, | |
| 50 RequestHandle* out_req); | |
| 51 | |
| 52 // Cancels the specified request. |req| is the handle returned by Verify(). | |
|
wtc
2011/08/05 01:48:21
Verify => GetOriginBoundCert
| |
| 53 // After a request is canceled, its completion callback will not be called. | |
| 54 void CancelRequest(RequestHandle req); | |
| 39 | 55 |
| 40 // Public only for unit testing. | 56 // Public only for unit testing. |
| 41 int GetCertCount(); | 57 int GetCertCount(); |
| 58 uint64 requests() const { return requests_; } | |
| 59 uint64 cache_hits() const {return cache_hits_; } | |
| 60 uint64 inflight_joins() const {return inflight_joins_; } | |
| 42 | 61 |
| 43 private: | 62 private: |
| 63 friend class OriginBoundCertServiceWorker; // Calls HandleResult. | |
| 64 | |
| 65 // On success, |private_key_result| stores a DER-encoded PrivateKeyInfo | |
| 66 // struct, and |cert_result| stores a DER-encoded certificate. Returns | |
| 67 // OK if successful and ERR_FAILED otherwise. | |
|
wtc
2011/08/05 01:48:21
If the only possible return values are OK and ERR_
| |
| 68 // |serial_number| is passed in because it is created with the function | |
| 69 // base::RandInt, which opens the file /dev/urandom, which cannot be done on | |
| 70 // a worker thread. | |
| 71 int GenerateCert(const std::string& origin, | |
| 72 uint32 serial_number, | |
| 73 std::string* private_key, | |
| 74 std::string* cert); | |
| 75 | |
| 76 void HandleResult(const std::string& origin, | |
| 77 int error, | |
| 78 const std::string& private_key, | |
| 79 const std::string& cert); | |
| 80 | |
| 44 scoped_ptr<OriginBoundCertStore> origin_bound_cert_store_; | 81 scoped_ptr<OriginBoundCertStore> origin_bound_cert_store_; |
| 82 | |
| 83 // inflight_ maps from an origin to an active generation which is taking | |
| 84 // place. | |
| 85 std::map<std::string, OriginBoundCertServiceJob*> inflight_; | |
| 86 | |
| 87 uint64 requests_; | |
| 88 uint64 cache_hits_; | |
| 89 uint64 inflight_joins_; | |
| 90 | |
| 91 DISALLOW_COPY_AND_ASSIGN(OriginBoundCertService); | |
| 45 }; | 92 }; |
| 46 | 93 |
| 47 } // namespace net | 94 } // namespace net |
| 48 | 95 |
| 49 #endif // NET_BASE_ORIGIN_BOUND_CERT_SERVICE_H_ | 96 #endif // NET_BASE_ORIGIN_BOUND_CERT_SERVICE_H_ |
| OLD | NEW |
