Chromium Code Reviews Chromium Code Reviews
Issue 7565023:
Gave the GetOriginBoundCertificate an asynchronous interface because certificate (Closed)
Base URL: svn://svn.chromium.org/chrome/trunk/src/| Index: net/base/origin_bound_cert_service.h |
| =================================================================== |
| --- net/base/origin_bound_cert_service.h (revision 94628) |
| +++ net/base/origin_bound_cert_service.h (working copy) |
| @@ -6,20 +6,32 @@ |
| #define NET_BASE_ORIGIN_BOUND_CERT_SERVICE_H_ |
| #pragma once |
| +#include <map> |
| #include <string> |
| +#include "base/basictypes.h" |
| #include "base/memory/ref_counted.h" |
| #include "base/memory/scoped_ptr.h" |
| +#include "base/threading/non_thread_safe.h" |
| +#include "net/base/completion_callback.h" |
| #include "net/base/net_api.h" |
| namespace net { |
| +class OriginBoundCertServiceJob; |
| +class OriginBoundCertServiceWorker; |
|
wtc
2011/08/05 01:48:21
I wonder if these two types should be Job and Work
|
| class OriginBoundCertStore; |
| // A class for creating and fetching origin bound certs. |
| +// Inherits from NonThreadSafe in order to use the function |
| +// |CalledOnValidThread|. |
| class NET_API OriginBoundCertService |
| - : public base::RefCountedThreadSafe<OriginBoundCertService> { |
| + : public base::RefCountedThreadSafe<OriginBoundCertService>, |
| + NON_EXPORTED_BASE(public base::NonThreadSafe) { |
| public: |
| + // Opaque type used to cancel a request. |
| + typedef void* RequestHandle; |
| + |
| // This object owns origin_bound_cert_store. |
| explicit OriginBoundCertService( |
| OriginBoundCertStore* origin_bound_cert_store); |
| @@ -27,21 +39,56 @@ |
| ~OriginBoundCertService(); |
| // TODO(rkn): Specify certificate type (RSA or DSA). |
| - // TODO(rkn): Key generation can be time consuming, so this should have an |
| - // asynchronous interface. |
| // Fetches the origin bound cert for the specified origin if one exists |
| // and creates one otherwise. On success, |private_key_result| stores a |
| // DER-encoded PrivateKeyInfo struct, and |cert_result| stores a DER-encoded |
| // certificate. |
|
wtc
2011/08/05 01:48:21
Add comments to describe the async behavior, out_r
|
| - bool GetOriginBoundCert(const std::string& origin, |
| - std::string* private_key_result, |
| - std::string* cert_result); |
| + int GetOriginBoundCert(const std::string& origin, |
| + std::string* private_key, |
| + std::string* cert, |
| + CompletionCallback* callback, |
| + RequestHandle* out_req); |
| + // Cancels the specified request. |req| is the handle returned by Verify(). |
|
wtc
2011/08/05 01:48:21
Verify => GetOriginBoundCert
|
| + // After a request is canceled, its completion callback will not be called. |
| + void CancelRequest(RequestHandle req); |
| + |
| // Public only for unit testing. |
| int GetCertCount(); |
| + uint64 requests() const { return requests_; } |
| + uint64 cache_hits() const {return cache_hits_; } |
| + uint64 inflight_joins() const {return inflight_joins_; } |
| private: |
| + friend class OriginBoundCertServiceWorker; // Calls HandleResult. |
| + |
| + // On success, |private_key_result| stores a DER-encoded PrivateKeyInfo |
| + // struct, and |cert_result| stores a DER-encoded certificate. Returns |
| + // OK if successful and ERR_FAILED otherwise. |
|
wtc
2011/08/05 01:48:21
If the only possible return values are OK and ERR_
|
| + // |serial_number| is passed in because it is created with the function |
| + // base::RandInt, which opens the file /dev/urandom, which cannot be done on |
| + // a worker thread. |
| + int GenerateCert(const std::string& origin, |
| + uint32 serial_number, |
| + std::string* private_key, |
| + std::string* cert); |
| + |
| + void HandleResult(const std::string& origin, |
| + int error, |
| + const std::string& private_key, |
| + const std::string& cert); |
| + |
| scoped_ptr<OriginBoundCertStore> origin_bound_cert_store_; |
| + |
| + // inflight_ maps from an origin to an active generation which is taking |
| + // place. |
| + std::map<std::string, OriginBoundCertServiceJob*> inflight_; |
| + |
| + uint64 requests_; |
| + uint64 cache_hits_; |
| + uint64 inflight_joins_; |
| + |
| + DISALLOW_COPY_AND_ASSIGN(OriginBoundCertService); |
| }; |
| } // namespace net |
