OLD | NEW |
---|---|
1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. | 1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. |
2 // Use of this source code is governed by a BSD-style license that can be | 2 // Use of this source code is governed by a BSD-style license that can be |
3 // found in the LICENSE file. | 3 // found in the LICENSE file. |
4 | 4 |
5 #ifndef NET_BASE_CERT_VERIFIER_H_ | 5 #ifndef NET_BASE_CERT_VERIFIER_H_ |
6 #define NET_BASE_CERT_VERIFIER_H_ | 6 #define NET_BASE_CERT_VERIFIER_H_ |
7 #pragma once | 7 #pragma once |
8 | 8 |
9 #include <map> | |
10 #include <string> | 9 #include <string> |
11 | 10 |
12 #include "base/basictypes.h" | 11 #include "base/basictypes.h" |
13 #include "base/gtest_prod_util.h" | |
14 #include "base/memory/scoped_ptr.h" | |
15 #include "base/threading/non_thread_safe.h" | |
16 #include "net/base/cert_database.h" | |
17 #include "net/base/cert_verify_result.h" | |
18 #include "net/base/completion_callback.h" | 12 #include "net/base/completion_callback.h" |
19 #include "net/base/expiring_cache.h" | |
20 #include "net/base/net_export.h" | 13 #include "net/base/net_export.h" |
21 #include "net/base/x509_cert_types.h" | |
22 | 14 |
23 namespace net { | 15 namespace net { |
24 | 16 |
25 class BoundNetLog; | 17 class BoundNetLog; |
26 class CertVerifierJob; | 18 class CertVerifyResult; |
27 class CertVerifierWorker; | |
28 class CRLSet; | 19 class CRLSet; |
29 class X509Certificate; | 20 class X509Certificate; |
30 | 21 |
31 // CertVerifier represents a service for verifying certificates. | 22 // CertVerifier represents a service for verifying certificates. |
32 // | 23 // |
33 // CertVerifier can handle multiple requests at a time, so when canceling a | 24 // CertVerifiers can handle multiple requests at a time. A simpler alternative |
34 // request the RequestHandle that was returned by Verify() needs to be | 25 // for consumers that only have 1 outstanding request at a time is to create a |
35 // given. A simpler alternative for consumers that only have 1 outstanding | 26 // SingleRequestCertVerifier wrapper around CertVerifier (which will |
36 // request at a time is to create a SingleRequestCertVerifier wrapper around | 27 // automatically cancel the single request when it goes out of scope). |
37 // CertVerifier (which will automatically cancel the single request when it | 28 class NET_EXPORT_PRIVATE CertVerifier { |
38 // goes out of scope). | |
39 class NET_EXPORT CertVerifier : NON_EXPORTED_BASE(public base::NonThreadSafe), | |
40 public CertDatabase::Observer { | |
41 public: | 29 public: |
42 // Opaque type used to cancel a request. | 30 // Opaque pointer type, to return a handle to cancel outstanding requests. |
wtc
2012/02/29 20:27:50
Nit: delete "to return"? It sounds like the descr
| |
43 typedef void* RequestHandle; | 31 typedef void* RequestHandle; |
44 | 32 |
45 CertVerifier(); | 33 virtual ~CertVerifier() {} |
46 | 34 |
47 // When the verifier is destroyed, all certificate verifications requests are | 35 // Verifies the given certificate against the given hostname as an SSL server. |
48 // canceled, and their completion callbacks will not be called. | 36 // Returns OK if successful or an error code upon failure. |
wtc
2012/02/29 20:27:50
I think this behavior is required for the destruct
Ryan Sleevi
2012/02/29 21:51:34
Yes, done.
| |
49 virtual ~CertVerifier(); | |
50 | |
51 // Verifies the given certificate against the given hostname. Returns OK if | |
52 // successful or an error code upon failure. | |
53 // | 37 // |
54 // The |*verify_result| structure, including the |verify_result->cert_status| | 38 // The |*verify_result| structure, including the |verify_result->cert_status| |
55 // bitmask, is always filled out regardless of the return value. If the | 39 // bitmask, is always filled out regardless of the return value. If the |
56 // certificate has multiple errors, the corresponding status flags are set in | 40 // certificate has multiple errors, the corresponding status flags are set in |
57 // |verify_result->cert_status|, and the error code for the most serious | 41 // |verify_result->cert_status|, and the error code for the most serious |
58 // error is returned. | 42 // error is returned. |
59 // | 43 // |
60 // |flags| is bitwise OR'd of X509Certificate::VerifyFlags. | 44 // |flags| is bitwise OR'd of X509Certificate::VerifyFlags. |
61 // If VERIFY_REV_CHECKING_ENABLED is set in |flags|, certificate revocation | 45 // If VERIFY_REV_CHECKING_ENABLED is set in |flags|, certificate revocation |
62 // checking is performed. | 46 // checking is performed. |
63 // | 47 // |
64 // If VERIFY_EV_CERT is set in |flags| too, EV certificate verification is | 48 // If VERIFY_EV_CERT is set in |flags| too, EV certificate verification is |
65 // performed. If |flags| is VERIFY_EV_CERT (that is, | 49 // performed. If |flags| is VERIFY_EV_CERT (that is, |
66 // VERIFY_REV_CHECKING_ENABLED is not set), EV certificate verification will | 50 // VERIFY_REV_CHECKING_ENABLED is not set), EV certificate verification will |
67 // not be performed. | 51 // not be performed. |
68 // | 52 // |
69 // |crl_set| points to an optional CRLSet structure which can be used to | 53 // |crl_set| points to an optional CRLSet structure which can be used to |
70 // avoid revocation checks over the network. | 54 // avoid revocation checks over the network. |
71 // | 55 // |
72 // |callback| must not be null. ERR_IO_PENDING is returned if the operation | 56 // |callback| must not be null. ERR_IO_PENDING is returned if the operation |
73 // could not be completed synchronously, in which case the result code will | 57 // could not be completed synchronously, in which case the result code will |
74 // be passed to the callback when available. | 58 // be passed to the callback when available. |
75 // | 59 // |
76 // If |out_req| is non-NULL, then |*out_req| will be filled with a handle to | 60 // If |out_req| is non-NULL, then |*out_req| will be filled with a handle to |
77 // the async request. This handle is not valid after the request has | 61 // the async request. This handle is not valid after the request has |
78 // completed. | 62 // completed. |
79 int Verify(X509Certificate* cert, | 63 // |
80 const std::string& hostname, | 64 // TODO(rsleevi): Move CRLSet* out of the CertVerifier signature. |
wtc
2012/02/29 20:27:50
CertVerifier is also responsible for building the
Ryan Sleevi
2012/02/29 21:51:34
No, that's something that I would want to avoid.
| |
81 int flags, | 65 virtual int Verify(X509Certificate* cert, |
82 CRLSet* crl_set, | 66 const std::string& hostname, |
83 CertVerifyResult* verify_result, | 67 int flags, |
84 const CompletionCallback& callback, | 68 CRLSet* crl_set, |
85 RequestHandle* out_req, | 69 CertVerifyResult* verify_result, |
86 const BoundNetLog& net_log); | 70 const CompletionCallback& callback, |
71 RequestHandle* out_req, | |
72 const BoundNetLog& net_log) = 0; | |
87 | 73 |
88 // Cancels the specified request. |req| is the handle returned by Verify(). | 74 // Cancels the specified request. |req| is the handle returned by Verify(). |
89 // After a request is canceled, its completion callback will not be called. | 75 // After a request is canceled, its completion callback will not be called. |
90 void CancelRequest(RequestHandle req); | 76 virtual void CancelRequest(RequestHandle req) = 0; |
77 | |
78 protected: | |
79 CertVerifier() {} | |
wtc
2012/02/29 20:27:50
Is it necessary to define the default constructor?
Ryan Sleevi
2012/02/29 21:51:34
Since there are pure virtual methods, no. Removed.
| |
91 | 80 |
92 private: | 81 private: |
93 friend class CertVerifierWorker; // Calls HandleResult. | |
94 friend class CertVerifierRequest; | |
95 friend class CertVerifierJob; | |
96 FRIEND_TEST_ALL_PREFIXES(CertVerifierTest, CacheHit); | |
97 FRIEND_TEST_ALL_PREFIXES(CertVerifierTest, DifferentCACerts); | |
98 FRIEND_TEST_ALL_PREFIXES(CertVerifierTest, InflightJoin); | |
99 FRIEND_TEST_ALL_PREFIXES(CertVerifierTest, CancelRequest); | |
100 FRIEND_TEST_ALL_PREFIXES(CertVerifierTest, RequestParamsComparators); | |
101 | |
102 // Input parameters of a certificate verification request. | |
103 struct RequestParams { | |
104 RequestParams(const SHA1Fingerprint& cert_fingerprint_arg, | |
105 const SHA1Fingerprint& ca_fingerprint_arg, | |
106 const std::string& hostname_arg, | |
107 int flags_arg) | |
108 : cert_fingerprint(cert_fingerprint_arg), | |
109 ca_fingerprint(ca_fingerprint_arg), | |
110 hostname(hostname_arg), | |
111 flags(flags_arg) {} | |
112 | |
113 bool operator<(const RequestParams& other) const { | |
114 // |flags| is compared before |cert_fingerprint|, |ca_fingerprint|, and | |
115 // |hostname| under assumption that integer comparisons are faster than | |
116 // memory and string comparisons. | |
117 if (flags != other.flags) | |
118 return flags < other.flags; | |
119 int rv = memcmp(cert_fingerprint.data, other.cert_fingerprint.data, | |
120 sizeof(cert_fingerprint.data)); | |
121 if (rv != 0) | |
122 return rv < 0; | |
123 rv = memcmp(ca_fingerprint.data, other.ca_fingerprint.data, | |
124 sizeof(ca_fingerprint.data)); | |
125 if (rv != 0) | |
126 return rv < 0; | |
127 return hostname < other.hostname; | |
128 } | |
129 | |
130 SHA1Fingerprint cert_fingerprint; | |
131 SHA1Fingerprint ca_fingerprint; | |
132 std::string hostname; | |
133 int flags; | |
134 }; | |
135 | |
136 // CachedResult contains the result of a certificate verification. | |
137 struct CachedResult { | |
138 CachedResult(); | |
139 ~CachedResult(); | |
140 | |
141 int error; // The return value of CertVerifier::Verify. | |
142 CertVerifyResult result; // The output of CertVerifier::Verify. | |
143 }; | |
144 | |
145 void HandleResult(X509Certificate* cert, | |
146 const std::string& hostname, | |
147 int flags, | |
148 int error, | |
149 const CertVerifyResult& verify_result); | |
150 | |
151 // CertDatabase::Observer methods: | |
152 virtual void OnCertTrustChanged(const X509Certificate* cert) OVERRIDE; | |
153 | |
154 // For unit testing. | |
155 void ClearCache() { cache_.Clear(); } | |
156 size_t GetCacheSize() const { return cache_.size(); } | |
157 uint64 cache_hits() const { return cache_hits_; } | |
158 uint64 requests() const { return requests_; } | |
159 uint64 inflight_joins() const { return inflight_joins_; } | |
160 | |
161 // cache_ maps from a request to a cached result. | |
162 typedef ExpiringCache<RequestParams, CachedResult> CertVerifierCache; | |
163 CertVerifierCache cache_; | |
164 | |
165 // inflight_ maps from a request to an active verification which is taking | |
166 // place. | |
167 std::map<RequestParams, CertVerifierJob*> inflight_; | |
168 | |
169 uint64 requests_; | |
170 uint64 cache_hits_; | |
171 uint64 inflight_joins_; | |
172 | |
173 DISALLOW_COPY_AND_ASSIGN(CertVerifier); | 82 DISALLOW_COPY_AND_ASSIGN(CertVerifier); |
174 }; | 83 }; |
175 | 84 |
176 // This class represents the task of verifying a certificate. It wraps | |
177 // CertVerifier to verify only a single certificate at a time and cancels this | |
178 // request when going out of scope. | |
179 class SingleRequestCertVerifier { | |
180 public: | |
181 // |cert_verifier| must remain valid for the lifetime of |this|. | |
182 explicit SingleRequestCertVerifier(CertVerifier* cert_verifier); | |
183 | |
184 // If a completion callback is pending when the verifier is destroyed, the | |
185 // certificate verification is canceled, and the completion callback will | |
186 // not be called. | |
187 ~SingleRequestCertVerifier(); | |
188 | |
189 // Verifies the given certificate, filling out the |verify_result| object | |
190 // upon success. See CertVerifier::Verify() for details. | |
191 int Verify(X509Certificate* cert, | |
192 const std::string& hostname, | |
193 int flags, | |
194 CRLSet* crl_set, | |
195 CertVerifyResult* verify_result, | |
196 const CompletionCallback& callback, | |
197 const BoundNetLog& net_log); | |
198 | |
199 private: | |
200 // Callback for when the request to |cert_verifier_| completes, so we | |
201 // dispatch to the user's callback. | |
202 void OnVerifyCompletion(int result); | |
203 | |
204 // The actual certificate verifier that will handle the request. | |
205 CertVerifier* const cert_verifier_; | |
206 | |
207 // The current request (if any). | |
208 CertVerifier::RequestHandle cur_request_; | |
209 CompletionCallback cur_request_callback_; | |
210 | |
211 DISALLOW_COPY_AND_ASSIGN(SingleRequestCertVerifier); | |
212 }; | |
213 | |
214 } // namespace net | 85 } // namespace net |
215 | 86 |
216 #endif // NET_BASE_CERT_VERIFIER_H_ | 87 #endif // NET_BASE_CERT_VERIFIER_H_ |
OLD | NEW |