net/base/origin_bound_cert_service.h - Issue 8890073: Handle Origin Bound Certificate expiration.

Side by Side Diff: net/base/origin_bound_cert_service.h

Issue 8890073: Handle Origin Bound Certificate expiration. (Closed) Base URL: svn://svn.chromium.org/chrome/trunk/src

Patch Set: Created 9 years ago

Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.

Jump to:

View unified diff | Download patch | Annotate | Revision Log

« chrome/browser/net/sqlite_origin_bound_cert_store_unittest.cc ('K') | « net/base/default_origin_bound_cert_store_unittest.cc ('k') | net/base/origin_bound_cert_service.cc » ('j') | net/base/origin_bound_cert_service.cc » ('J')
Toggle Intra-line Diffs ('i') | Expand Comments ('e') | Collapse Comments ('c') | Hide Comments ('s')

OLD	NEW
1 // Copyright (c) 2011 The Chromium Authors. All rights reserved.	1 // Copyright (c) 2011 The Chromium Authors. All rights reserved.

2 // Use of this source code is governed by a BSD-style license that can be	2 // Use of this source code is governed by a BSD-style license that can be

3 // found in the LICENSE file.	3 // found in the LICENSE file.

4	4

5 #ifndef NET_BASE_ORIGIN_BOUND_CERT_SERVICE_H_	5 #ifndef NET_BASE_ORIGIN_BOUND_CERT_SERVICE_H_

6 #define NET_BASE_ORIGIN_BOUND_CERT_SERVICE_H_	6 #define NET_BASE_ORIGIN_BOUND_CERT_SERVICE_H_

7 #pragma once	7 #pragma once

8	8

9 #include <map>	9 #include <map>

10 #include <string>	10 #include <string>

11 #include <vector>	11 #include <vector>

12	12

13 #include "base/basictypes.h"	13 #include "base/basictypes.h"

14 #include "base/memory/scoped_ptr.h"	14 #include "base/memory/scoped_ptr.h"

	15 #include "base/time.h"

15 #include "base/threading/non_thread_safe.h"	16 #include "base/threading/non_thread_safe.h"

16 #include "net/base/completion_callback.h"	17 #include "net/base/completion_callback.h"

17 #include "net/base/net_export.h"	18 #include "net/base/net_export.h"

18 #include "net/base/ssl_client_cert_type.h"	19 #include "net/base/ssl_client_cert_type.h"

19	20

20 namespace net {	21 namespace net {

21	22

22 class OriginBoundCertServiceJob;	23 class OriginBoundCertServiceJob;

23 class OriginBoundCertServiceWorker;	24 class OriginBoundCertServiceWorker;

24 class OriginBoundCertStore;	25 class OriginBoundCertStore;

(...skipping 62 matching lines...) Expand 10 before \| Expand all \| Expand 10 after Loading...
87	88

88 // On success, \|private_key\| stores a DER-encoded PrivateKeyInfo	89 // On success, \|private_key\| stores a DER-encoded PrivateKeyInfo

89 // struct, and \|cert\| stores a DER-encoded certificate. Returns	90 // struct, and \|cert\| stores a DER-encoded certificate. Returns

90 // OK if successful and an error code otherwise.	91 // OK if successful and an error code otherwise.

91 // \|serial_number\| is passed in because it is created with the function	92 // \|serial_number\| is passed in because it is created with the function

92 // base::RandInt, which opens the file /dev/urandom. /dev/urandom is opened	93 // base::RandInt, which opens the file /dev/urandom. /dev/urandom is opened

93 // with a LazyInstance, which is not allowed on a worker thread.	94 // with a LazyInstance, which is not allowed on a worker thread.

94 static int GenerateCert(const std::string& origin,	95 static int GenerateCert(const std::string& origin,

95 SSLClientCertType type,	96 SSLClientCertType type,

96 uint32 serial_number,	97 uint32 serial_number,

	98 base::Time not_valid_after,
	wtc 2011/12/14 02:03:39 Please document the \|type\| and \|not_valid_after\| i Please document the \|type\| and \|not_valid_after\| input parameters. For the GenerateCert() method, it may be better to take a base::TimeDelta validity_period input parameter instead. mattm 2011/12/20 00:28:38 I documented the expiration_time return value. I Show quoted text On 2011/12/14 02:03:39, wtc wrote: > > Please document the \|type\| and \|not_valid_after\| input > parameters. > > For the GenerateCert() method, it may be better to take > a base::TimeDelta validity_period input parameter instead. I documented the expiration_time return value. I think that like origin, the type input is pretty self-explanitory.
97 std::string* private_key,	99 std::string* private_key,

98 std::string* cert);	100 std::string* cert);

99	101

100 void HandleResult(const std::string& origin,	102 void HandleResult(const std::string& origin,

101 int error,	103 int error,

102 SSLClientCertType type,	104 SSLClientCertType type,

	105 base::Time not_valid_after,

103 const std::string& private_key,	106 const std::string& private_key,

104 const std::string& cert);	107 const std::string& cert);

105	108

106 scoped_ptr<OriginBoundCertStore> origin_bound_cert_store_;	109 scoped_ptr<OriginBoundCertStore> origin_bound_cert_store_;

107	110

108 // inflight_ maps from an origin to an active generation which is taking	111 // inflight_ maps from an origin to an active generation which is taking

109 // place.	112 // place.

110 std::map<std::string, OriginBoundCertServiceJob*> inflight_;	113 std::map<std::string, OriginBoundCertServiceJob*> inflight_;

111	114

112 uint64 requests_;	115 uint64 requests_;

113 uint64 cert_store_hits_;	116 uint64 cert_store_hits_;

114 uint64 inflight_joins_;	117 uint64 inflight_joins_;

115	118

116 DISALLOW_COPY_AND_ASSIGN(OriginBoundCertService);	119 DISALLOW_COPY_AND_ASSIGN(OriginBoundCertService);

117 };	120 };

118	121

119 } // namespace net	122 } // namespace net

120	123

121 #endif // NET_BASE_ORIGIN_BOUND_CERT_SERVICE_H_	124 #endif // NET_BASE_ORIGIN_BOUND_CERT_SERVICE_H_

OLD	NEW