Chromium Code Reviews
chromiumcodereview-hr@appspot.gserviceaccount.com (chromiumcodereview-hr) | Please choose your nickname with Settings | Help | Chromium Project | Gerrit Changes | Sign out
(137)

Unified Diff: net/base/origin_bound_cert_service.h

Issue 7565023: Gave the GetOriginBoundCertificate an asynchronous interface because certificate (Closed) Base URL: svn://svn.chromium.org/chrome/trunk/src/
Patch Set: '' Created 9 years, 4 months ago
Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.
Jump to:
View side-by-side diff with in-line comments
Download patch
« no previous file with comments | « net/base/net_error_list.h ('k') | net/base/origin_bound_cert_service.cc » ('j') | no next file with comments »
Expand Comments ('e') | Collapse Comments ('c') | Show Comments Hide Comments ('s')
Index: net/base/origin_bound_cert_service.h
===================================================================
--- net/base/origin_bound_cert_service.h (revision 94628)
+++ net/base/origin_bound_cert_service.h (working copy)
@@ -6,20 +6,30 @@
#define NET_BASE_ORIGIN_BOUND_CERT_SERVICE_H_
#pragma once
+#include <map>
#include <string>
-#include "base/memory/ref_counted.h"
+#include "base/basictypes.h"
#include "base/memory/scoped_ptr.h"
+#include "base/threading/non_thread_safe.h"
+#include "net/base/completion_callback.h"
#include "net/base/net_api.h"
namespace net {
+class OriginBoundCertServiceJob;
+class OriginBoundCertServiceWorker;
class OriginBoundCertStore;
// A class for creating and fetching origin bound certs.
+// Inherits from NonThreadSafe in order to use the function
+// |CalledOnValidThread|.
class NET_API OriginBoundCertService
- : public base::RefCountedThreadSafe<OriginBoundCertService> {
+ : NON_EXPORTED_BASE(public base::NonThreadSafe) {
public:
+ // Opaque type used to cancel a request.
+ typedef void* RequestHandle;
+
// This object owns origin_bound_cert_store.
explicit OriginBoundCertService(
OriginBoundCertStore* origin_bound_cert_store);
@@ -27,21 +37,68 @@
~OriginBoundCertService();
// TODO(rkn): Specify certificate type (RSA or DSA).
- // TODO(rkn): Key generation can be time consuming, so this should have an
- // asynchronous interface.
+ //
// Fetches the origin bound cert for the specified origin if one exists
- // and creates one otherwise. On success, |private_key_result| stores a
- // DER-encoded PrivateKeyInfo struct, and |cert_result| stores a DER-encoded
- // certificate.
- bool GetOriginBoundCert(const std::string& origin,
- std::string* private_key_result,
- std::string* cert_result);
+ // and creates one otherwise. Returns OK if successful or an error code upon
+ // failure.
+ //
+ // On successful completion, |private_key| stores a DER-encoded
+ // PrivateKeyInfo struct, and |cert| stores a DER-encoded certificate.
+ //
+ // |callback| must not be null. ERR_IO_PENDING is returned if the operation
+ // could not be completed immediately, in which case the result code will
+ // be passed to the callback when available.
+ //
+ // If |out_req| is non-NULL, then |*out_req| will be filled with a handle to
+ // the async request. This handle is not valid after the request has
+ // completed.
+ int GetOriginBoundCert(const std::string& origin,
+ std::string* private_key,
+ std::string* cert,
+ CompletionCallback* callback,
+ RequestHandle* out_req);
+ // Cancels the specified request. |req| is the handle returned by
+ // GetOriginBoundCert(). After a request is canceled, its completion
+ // callback will not be called.
+ void CancelRequest(RequestHandle req);
+
// Public only for unit testing.
- int GetCertCount();
+ int cert_count();
+ uint64 requests() const { return requests_; }
+ uint64 synchronous_completions() const { return synchronous_completions_; }
+ uint64 inflight_joins() const { return inflight_joins_; }
private:
+ friend class OriginBoundCertServiceWorker; // Calls HandleResult.
+
+ // On success, |private_key| stores a DER-encoded PrivateKeyInfo
+ // struct, and |cert| stores a DER-encoded certificate. Returns
+ // OK if successful and an error code otherwise.
+ // |serial_number| is passed in because it is created with the function
+ // base::RandInt, which opens the file /dev/urandom. /dev/urandom is opened
+ // with a LazyInstance, which is not allowed on a worker thread.
+ static int GenerateCert(const std::string& origin,
+ uint32 serial_number,
+ std::string* private_key,
+ std::string* cert);
+
+ void HandleResult(const std::string& origin,
+ int error,
+ const std::string& private_key,
+ const std::string& cert);
+
scoped_ptr<OriginBoundCertStore> origin_bound_cert_store_;
+
+ // inflight_ maps from an origin to an active generation which is taking
+ // place.
+ std::map<std::string, OriginBoundCertServiceJob*> inflight_;
+
+ uint64 requests_;
+ uint64 synchronous_completions_;
wtc 2011/08/09 18:09:47 Let's call this member cert_store_hits_. "synchro
+ uint64 inflight_joins_;
+
+ DISALLOW_COPY_AND_ASSIGN(OriginBoundCertService);
};
} // namespace net
« no previous file with comments | « net/base/net_error_list.h ('k') | net/base/origin_bound_cert_service.cc » ('j') | no next file with comments »

Powered by Google App Engine
This is Rietveld 408576698