OLD | NEW |
(Empty) | |
| 1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. |
| 2 // Use of this source code is governed by a BSD-style license that can be |
| 3 // found in the LICENSE file. |
| 4 |
| 5 #ifndef NET_BASE_MULTI_THREADED_CERT_VERIFIER_H_ |
| 6 #define NET_BASE_MULTI_THREADED_CERT_VERIFIER_H_ |
| 7 #pragma once |
| 8 |
| 9 #include <map> |
| 10 #include <string> |
| 11 |
| 12 #include "base/basictypes.h" |
| 13 #include "base/gtest_prod_util.h" |
| 14 #include "base/memory/scoped_ptr.h" |
| 15 #include "base/threading/non_thread_safe.h" |
| 16 #include "net/base/cert_database.h" |
| 17 #include "net/base/cert_verifier.h" |
| 18 #include "net/base/cert_verify_result.h" |
| 19 #include "net/base/completion_callback.h" |
| 20 #include "net/base/expiring_cache.h" |
| 21 #include "net/base/net_export.h" |
| 22 #include "net/base/x509_cert_types.h" |
| 23 |
| 24 namespace net { |
| 25 |
| 26 // MultiThreadedCertVerifier is a CertVerifier implementation that runs |
| 27 // synchronous CertVerifier implementations on worker threads. |
| 28 class NET_EXPORT MultiThreadedCertVerifier : |
| 29 public CertVerifier, |
| 30 NON_EXPORTED_BASE(public base::NonThreadSafe), |
| 31 public CertDatabase::Observer { |
| 32 public: |
| 33 MultiThreadedCertVerifier(); |
| 34 |
| 35 // When the verifier is destroyed, all certificate verifications requests are |
| 36 // canceled, and their completion callbacks will not be called. |
| 37 virtual ~MultiThreadedCertVerifier(); |
| 38 |
| 39 // CertVerifier implementation |
| 40 virtual int Verify(X509Certificate* cert, |
| 41 const std::string& hostname, |
| 42 int flags, |
| 43 CRLSet* crl_set, |
| 44 CertVerifyResult* verify_result, |
| 45 const CompletionCallback& callback, |
| 46 CertVerifier::RequestHandle* out_req, |
| 47 const BoundNetLog& net_log); |
| 48 |
| 49 virtual void CancelRequest(CertVerifier::RequestHandle req); |
| 50 |
| 51 private: |
| 52 friend class CertVerifierWorker; // Calls HandleResult. |
| 53 friend class CertVerifierRequest; |
| 54 friend class CertVerifierJob; |
| 55 FRIEND_TEST_ALL_PREFIXES(MultiThreadedCertVerifierTest, CacheHit); |
| 56 FRIEND_TEST_ALL_PREFIXES(MultiThreadedCertVerifierTest, DifferentCACerts); |
| 57 FRIEND_TEST_ALL_PREFIXES(MultiThreadedCertVerifierTest, InflightJoin); |
| 58 FRIEND_TEST_ALL_PREFIXES(MultiThreadedCertVerifierTest, CancelRequest); |
| 59 FRIEND_TEST_ALL_PREFIXES(MultiThreadedCertVerifierTest, |
| 60 RequestParamsComparators); |
| 61 |
| 62 // Input parameters of a certificate verification request. |
| 63 struct RequestParams { |
| 64 RequestParams(const SHA1Fingerprint& cert_fingerprint_arg, |
| 65 const SHA1Fingerprint& ca_fingerprint_arg, |
| 66 const std::string& hostname_arg, |
| 67 int flags_arg) |
| 68 : cert_fingerprint(cert_fingerprint_arg), |
| 69 ca_fingerprint(ca_fingerprint_arg), |
| 70 hostname(hostname_arg), |
| 71 flags(flags_arg) {} |
| 72 |
| 73 bool operator<(const RequestParams& other) const { |
| 74 // |flags| is compared before |cert_fingerprint|, |ca_fingerprint|, and |
| 75 // |hostname| under assumption that integer comparisons are faster than |
| 76 // memory and string comparisons. |
| 77 if (flags != other.flags) |
| 78 return flags < other.flags; |
| 79 int rv = memcmp(cert_fingerprint.data, other.cert_fingerprint.data, |
| 80 sizeof(cert_fingerprint.data)); |
| 81 if (rv != 0) |
| 82 return rv < 0; |
| 83 rv = memcmp(ca_fingerprint.data, other.ca_fingerprint.data, |
| 84 sizeof(ca_fingerprint.data)); |
| 85 if (rv != 0) |
| 86 return rv < 0; |
| 87 return hostname < other.hostname; |
| 88 } |
| 89 |
| 90 SHA1Fingerprint cert_fingerprint; |
| 91 SHA1Fingerprint ca_fingerprint; |
| 92 std::string hostname; |
| 93 int flags; |
| 94 }; |
| 95 |
| 96 // CachedResult contains the result of a certificate verification. |
| 97 struct CachedResult { |
| 98 CachedResult(); |
| 99 ~CachedResult(); |
| 100 |
| 101 int error; // The return value of CertVerifier::Verify. |
| 102 CertVerifyResult result; // The output of CertVerifier::Verify. |
| 103 }; |
| 104 |
| 105 void HandleResult(X509Certificate* cert, |
| 106 const std::string& hostname, |
| 107 int flags, |
| 108 int error, |
| 109 const CertVerifyResult& verify_result); |
| 110 |
| 111 // CertDatabase::Observer methods: |
| 112 virtual void OnCertTrustChanged(const X509Certificate* cert) OVERRIDE; |
| 113 |
| 114 // For unit testing. |
| 115 void ClearCache() { cache_.Clear(); } |
| 116 size_t GetCacheSize() const { return cache_.size(); } |
| 117 uint64 cache_hits() const { return cache_hits_; } |
| 118 uint64 requests() const { return requests_; } |
| 119 uint64 inflight_joins() const { return inflight_joins_; } |
| 120 |
| 121 // cache_ maps from a request to a cached result. |
| 122 typedef ExpiringCache<RequestParams, CachedResult> CertVerifierCache; |
| 123 CertVerifierCache cache_; |
| 124 |
| 125 // inflight_ maps from a request to an active verification which is taking |
| 126 // place. |
| 127 std::map<RequestParams, CertVerifierJob*> inflight_; |
| 128 |
| 129 uint64 requests_; |
| 130 uint64 cache_hits_; |
| 131 uint64 inflight_joins_; |
| 132 |
| 133 DISALLOW_COPY_AND_ASSIGN(MultiThreadedCertVerifier); |
| 134 }; |
| 135 |
| 136 } // namespace net |
| 137 |
| 138 #endif // NET_BASE_MULTI_THREADED_CERT_VERIFIER_H_ |
OLD | NEW |