OLD | NEW |
---|---|
1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. | 1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. |
2 // Use of this source code is governed by a BSD-style license that can be | 2 // Use of this source code is governed by a BSD-style license that can be |
3 // found in the LICENSE file. | 3 // found in the LICENSE file. |
4 | 4 |
5 #ifndef NET_BASE_CERT_VERIFIER_H_ | 5 #ifndef NET_BASE_CERT_VERIFIER_H_ |
6 #define NET_BASE_CERT_VERIFIER_H_ | 6 #define NET_BASE_CERT_VERIFIER_H_ |
7 #pragma once | 7 #pragma once |
8 | 8 |
9 #include <map> | |
10 #include <string> | 9 #include <string> |
11 | 10 |
12 #include "base/basictypes.h" | 11 #include "base/basictypes.h" |
13 #include "base/gtest_prod_util.h" | |
14 #include "base/memory/scoped_ptr.h" | |
15 #include "base/threading/non_thread_safe.h" | |
16 #include "net/base/cert_database.h" | |
17 #include "net/base/cert_verify_result.h" | |
18 #include "net/base/completion_callback.h" | 12 #include "net/base/completion_callback.h" |
19 #include "net/base/expiring_cache.h" | |
20 #include "net/base/net_export.h" | 13 #include "net/base/net_export.h" |
21 #include "net/base/x509_cert_types.h" | |
22 | 14 |
23 namespace net { | 15 namespace net { |
24 | 16 |
25 class BoundNetLog; | 17 class BoundNetLog; |
26 class CertVerifierJob; | 18 class CertVerifyResult; |
27 class CertVerifierWorker; | |
28 class CRLSet; | 19 class CRLSet; |
29 class X509Certificate; | 20 class X509Certificate; |
30 | 21 |
31 // CertVerifier represents a service for verifying certificates. | 22 // CertVerifier represents a service for verifying certificates. |
32 // | 23 // |
33 // CertVerifier can handle multiple requests at a time, so when canceling a | 24 // CertVerifiers can handle multiple requests at a time. A simpler alternative |
34 // request the RequestHandle that was returned by Verify() needs to be | 25 // for consumers that only have 1 outstanding request at a time is to create a |
35 // given. A simpler alternative for consumers that only have 1 outstanding | 26 // SingleRequestCertVerifier wrapper around CertVerifier (which will |
36 // request at a time is to create a SingleRequestCertVerifier wrapper around | 27 // automatically cancel the single request when it goes out of scope). |
37 // CertVerifier (which will automatically cancel the single request when it | 28 class NET_EXPORT_PRIVATE CertVerifier { |
38 // goes out of scope). | |
39 class NET_EXPORT CertVerifier : NON_EXPORTED_BASE(public base::NonThreadSafe), | |
40 public CertDatabase::Observer { | |
41 public: | 29 public: |
42 // Opaque type used to cancel a request. | 30 // Opaque pointer type used cancel outstanding requests. |
wtc
2012/03/02 23:51:52
Nit: add "to" after "used".
| |
43 typedef void* RequestHandle; | 31 typedef void* RequestHandle; |
44 | 32 |
45 CertVerifier(); | 33 // When the verifier is destroyed, all certificate verification requests are |
34 // canceled, and their completion callbacks will not be called. | |
35 virtual ~CertVerifier() {} | |
46 | 36 |
47 // When the verifier is destroyed, all certificate verifications requests are | 37 // Verifies the given certificate against the given hostname as an SSL server. |
48 // canceled, and their completion callbacks will not be called. | 38 // Returns OK if successful or an error code upon failure. |
49 virtual ~CertVerifier(); | |
50 | |
51 // Verifies the given certificate against the given hostname. Returns OK if | |
52 // successful or an error code upon failure. | |
53 // | 39 // |
54 // The |*verify_result| structure, including the |verify_result->cert_status| | 40 // The |*verify_result| structure, including the |verify_result->cert_status| |
55 // bitmask, is always filled out regardless of the return value. If the | 41 // bitmask, is always filled out regardless of the return value. If the |
56 // certificate has multiple errors, the corresponding status flags are set in | 42 // certificate has multiple errors, the corresponding status flags are set in |
57 // |verify_result->cert_status|, and the error code for the most serious | 43 // |verify_result->cert_status|, and the error code for the most serious |
58 // error is returned. | 44 // error is returned. |
59 // | 45 // |
60 // |flags| is bitwise OR'd of X509Certificate::VerifyFlags. | 46 // |flags| is bitwise OR'd of X509Certificate::VerifyFlags. |
61 // If VERIFY_REV_CHECKING_ENABLED is set in |flags|, certificate revocation | 47 // If VERIFY_REV_CHECKING_ENABLED is set in |flags|, certificate revocation |
62 // checking is performed. | 48 // checking is performed. |
63 // | 49 // |
64 // If VERIFY_EV_CERT is set in |flags| too, EV certificate verification is | 50 // If VERIFY_EV_CERT is set in |flags| too, EV certificate verification is |
65 // performed. If |flags| is VERIFY_EV_CERT (that is, | 51 // performed. If |flags| is VERIFY_EV_CERT (that is, |
66 // VERIFY_REV_CHECKING_ENABLED is not set), EV certificate verification will | 52 // VERIFY_REV_CHECKING_ENABLED is not set), EV certificate verification will |
67 // not be performed. | 53 // not be performed. |
68 // | 54 // |
69 // |crl_set| points to an optional CRLSet structure which can be used to | 55 // |crl_set| points to an optional CRLSet structure which can be used to |
70 // avoid revocation checks over the network. | 56 // avoid revocation checks over the network. |
71 // | 57 // |
72 // |callback| must not be null. ERR_IO_PENDING is returned if the operation | 58 // |callback| must not be null. ERR_IO_PENDING is returned if the operation |
73 // could not be completed synchronously, in which case the result code will | 59 // could not be completed synchronously, in which case the result code will |
74 // be passed to the callback when available. | 60 // be passed to the callback when available. |
75 // | 61 // |
76 // If |out_req| is non-NULL, then |*out_req| will be filled with a handle to | 62 // If |out_req| is non-NULL, then |*out_req| will be filled with a handle to |
77 // the async request. This handle is not valid after the request has | 63 // the async request. This handle is not valid after the request has |
78 // completed. | 64 // completed. |
79 int Verify(X509Certificate* cert, | 65 // |
80 const std::string& hostname, | 66 // TODO(rsleevi): Move CRLSet* out of the CertVerifier signature. |
81 int flags, | 67 virtual int Verify(X509Certificate* cert, |
82 CRLSet* crl_set, | 68 const std::string& hostname, |
83 CertVerifyResult* verify_result, | 69 int flags, |
84 const CompletionCallback& callback, | 70 CRLSet* crl_set, |
85 RequestHandle* out_req, | 71 CertVerifyResult* verify_result, |
86 const BoundNetLog& net_log); | 72 const CompletionCallback& callback, |
73 RequestHandle* out_req, | |
74 const BoundNetLog& net_log) = 0; | |
87 | 75 |
88 // Cancels the specified request. |req| is the handle returned by Verify(). | 76 // Cancels the specified request. |req| is the handle returned by Verify(). |
89 // After a request is canceled, its completion callback will not be called. | 77 // After a request is canceled, its completion callback will not be called. |
90 void CancelRequest(RequestHandle req); | 78 virtual void CancelRequest(RequestHandle req) = 0; |
79 | |
80 // Creates a CertVerifier implementation that verifies certificates against | |
wtc
2012/03/02 23:51:52
Nit: against => "using" or "with".
You told me Ce
| |
81 // the preferred underlying cryptographic libraries. | |
82 static NET_EXPORT CertVerifier* CreateDefaultCertVerifier(); | |
wtc
2012/03/02 23:51:52
Nit: It seems self-contradictory for CertVerifier
| |
83 | |
84 protected: | |
85 CertVerifier() { } | |
wtc
2012/03/02 23:51:52
The default constructor should be removed, right?
| |
91 | 86 |
92 private: | 87 private: |
93 friend class CertVerifierWorker; // Calls HandleResult. | |
94 friend class CertVerifierRequest; | |
95 friend class CertVerifierJob; | |
96 FRIEND_TEST_ALL_PREFIXES(CertVerifierTest, CacheHit); | |
97 FRIEND_TEST_ALL_PREFIXES(CertVerifierTest, DifferentCACerts); | |
98 FRIEND_TEST_ALL_PREFIXES(CertVerifierTest, InflightJoin); | |
99 FRIEND_TEST_ALL_PREFIXES(CertVerifierTest, CancelRequest); | |
100 FRIEND_TEST_ALL_PREFIXES(CertVerifierTest, RequestParamsComparators); | |
101 | |
102 // Input parameters of a certificate verification request. | |
103 struct RequestParams { | |
104 RequestParams(const SHA1Fingerprint& cert_fingerprint_arg, | |
105 const SHA1Fingerprint& ca_fingerprint_arg, | |
106 const std::string& hostname_arg, | |
107 int flags_arg) | |
108 : cert_fingerprint(cert_fingerprint_arg), | |
109 ca_fingerprint(ca_fingerprint_arg), | |
110 hostname(hostname_arg), | |
111 flags(flags_arg) {} | |
112 | |
113 bool operator<(const RequestParams& other) const { | |
114 // |flags| is compared before |cert_fingerprint|, |ca_fingerprint|, and | |
115 // |hostname| under assumption that integer comparisons are faster than | |
116 // memory and string comparisons. | |
117 if (flags != other.flags) | |
118 return flags < other.flags; | |
119 int rv = memcmp(cert_fingerprint.data, other.cert_fingerprint.data, | |
120 sizeof(cert_fingerprint.data)); | |
121 if (rv != 0) | |
122 return rv < 0; | |
123 rv = memcmp(ca_fingerprint.data, other.ca_fingerprint.data, | |
124 sizeof(ca_fingerprint.data)); | |
125 if (rv != 0) | |
126 return rv < 0; | |
127 return hostname < other.hostname; | |
128 } | |
129 | |
130 SHA1Fingerprint cert_fingerprint; | |
131 SHA1Fingerprint ca_fingerprint; | |
132 std::string hostname; | |
133 int flags; | |
134 }; | |
135 | |
136 // CachedResult contains the result of a certificate verification. | |
137 struct CachedResult { | |
138 CachedResult(); | |
139 ~CachedResult(); | |
140 | |
141 int error; // The return value of CertVerifier::Verify. | |
142 CertVerifyResult result; // The output of CertVerifier::Verify. | |
143 }; | |
144 | |
145 void HandleResult(X509Certificate* cert, | |
146 const std::string& hostname, | |
147 int flags, | |
148 int error, | |
149 const CertVerifyResult& verify_result); | |
150 | |
151 // CertDatabase::Observer methods: | |
152 virtual void OnCertTrustChanged(const X509Certificate* cert) OVERRIDE; | |
153 | |
154 // For unit testing. | |
155 void ClearCache() { cache_.Clear(); } | |
156 size_t GetCacheSize() const { return cache_.size(); } | |
157 uint64 cache_hits() const { return cache_hits_; } | |
158 uint64 requests() const { return requests_; } | |
159 uint64 inflight_joins() const { return inflight_joins_; } | |
160 | |
161 // cache_ maps from a request to a cached result. | |
162 typedef ExpiringCache<RequestParams, CachedResult> CertVerifierCache; | |
163 CertVerifierCache cache_; | |
164 | |
165 // inflight_ maps from a request to an active verification which is taking | |
166 // place. | |
167 std::map<RequestParams, CertVerifierJob*> inflight_; | |
168 | |
169 uint64 requests_; | |
170 uint64 cache_hits_; | |
171 uint64 inflight_joins_; | |
172 | |
173 DISALLOW_COPY_AND_ASSIGN(CertVerifier); | 88 DISALLOW_COPY_AND_ASSIGN(CertVerifier); |
174 }; | 89 }; |
175 | 90 |
176 // This class represents the task of verifying a certificate. It wraps | |
177 // CertVerifier to verify only a single certificate at a time and cancels this | |
178 // request when going out of scope. | |
179 class SingleRequestCertVerifier { | |
180 public: | |
181 // |cert_verifier| must remain valid for the lifetime of |this|. | |
182 explicit SingleRequestCertVerifier(CertVerifier* cert_verifier); | |
183 | |
184 // If a completion callback is pending when the verifier is destroyed, the | |
185 // certificate verification is canceled, and the completion callback will | |
186 // not be called. | |
187 ~SingleRequestCertVerifier(); | |
188 | |
189 // Verifies the given certificate, filling out the |verify_result| object | |
190 // upon success. See CertVerifier::Verify() for details. | |
191 int Verify(X509Certificate* cert, | |
192 const std::string& hostname, | |
193 int flags, | |
194 CRLSet* crl_set, | |
195 CertVerifyResult* verify_result, | |
196 const CompletionCallback& callback, | |
197 const BoundNetLog& net_log); | |
198 | |
199 private: | |
200 // Callback for when the request to |cert_verifier_| completes, so we | |
201 // dispatch to the user's callback. | |
202 void OnVerifyCompletion(int result); | |
203 | |
204 // The actual certificate verifier that will handle the request. | |
205 CertVerifier* const cert_verifier_; | |
206 | |
207 // The current request (if any). | |
208 CertVerifier::RequestHandle cur_request_; | |
209 CompletionCallback cur_request_callback_; | |
210 | |
211 DISALLOW_COPY_AND_ASSIGN(SingleRequestCertVerifier); | |
212 }; | |
213 | |
214 } // namespace net | 91 } // namespace net |
215 | 92 |
216 #endif // NET_BASE_CERT_VERIFIER_H_ | 93 #endif // NET_BASE_CERT_VERIFIER_H_ |
OLD | NEW |