Chromium Code Reviews Chromium Code Reviews
Issue 9584041:
Create stubs for system certificate validation. (Closed)
Base URL: svn://svn.chromium.org/chrome/trunk/src| OLD | NEW |
|---|---|
| 1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. | 1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. |
| 2 // Use of this source code is governed by a BSD-style license that can be | 2 // Use of this source code is governed by a BSD-style license that can be |
| 3 // found in the LICENSE file. | 3 // found in the LICENSE file. |
| 4 | 4 |
| 5 #ifndef NET_BASE_MULTI_THREADED_CERT_VERIFIER_H_ | 5 #ifndef NET_BASE_MULTI_THREADED_CERT_VERIFIER_H_ |
| 6 #define NET_BASE_MULTI_THREADED_CERT_VERIFIER_H_ | 6 #define NET_BASE_MULTI_THREADED_CERT_VERIFIER_H_ |
| 7 #pragma once | 7 #pragma once |
| 8 | 8 |
| 9 #include <map> | 9 #include <map> |
| 10 #include <string> | 10 #include <string> |
| 11 | 11 |
| 12 #include "base/basictypes.h" | 12 #include "base/basictypes.h" |
| 13 #include "base/gtest_prod_util.h" | 13 #include "base/gtest_prod_util.h" |
| 14 #include "base/memory/ref_counted.h" | |
| 14 #include "base/memory/scoped_ptr.h" | 15 #include "base/memory/scoped_ptr.h" |
| 15 #include "base/threading/non_thread_safe.h" | 16 #include "base/threading/non_thread_safe.h" |
| 16 #include "net/base/cert_database.h" | 17 #include "net/base/cert_database.h" |
| 17 #include "net/base/cert_verifier.h" | 18 #include "net/base/cert_verifier.h" |
| 18 #include "net/base/cert_verify_result.h" | 19 #include "net/base/cert_verify_result.h" |
| 19 #include "net/base/completion_callback.h" | 20 #include "net/base/completion_callback.h" |
| 20 #include "net/base/expiring_cache.h" | 21 #include "net/base/expiring_cache.h" |
| 21 #include "net/base/net_export.h" | 22 #include "net/base/net_export.h" |
| 22 #include "net/base/x509_cert_types.h" | 23 #include "net/base/x509_cert_types.h" |
| 23 | 24 |
| 24 namespace net { | 25 namespace net { |
| 25 | 26 |
| 26 class CertVerifierJob; | 27 class CertVerifierJob; |
| 27 class CertVerifierRequest; | 28 class CertVerifierRequest; |
| 28 class CertVerifierWorker; | 29 class CertVerifierWorker; |
| 30 class CertVerifyProc; | |
| 29 | 31 |
| 30 // MultiThreadedCertVerifier is a CertVerifier implementation that runs | 32 // MultiThreadedCertVerifier is a CertVerifier implementation that runs |
| 31 // synchronous CertVerifier implementations on worker threads. | 33 // synchronous CertVerifier implementations on worker threads. |
| 32 class NET_EXPORT MultiThreadedCertVerifier : | 34 class NET_EXPORT_PRIVATE MultiThreadedCertVerifier : |
| 33 public CertVerifier, | 35 public CertVerifier, |
| 34 NON_EXPORTED_BASE(public base::NonThreadSafe), | 36 NON_EXPORTED_BASE(public base::NonThreadSafe), |
| 35 public CertDatabase::Observer { | 37 public CertDatabase::Observer { |
| 36 public: | 38 public: |
| 37 MultiThreadedCertVerifier(); | 39 MultiThreadedCertVerifier(); |
| 38 | 40 |
| 39 // When the verifier is destroyed, all certificate verifications requests are | 41 // When the verifier is destroyed, all certificate verifications requests are |
| 40 // canceled, and their completion callbacks will not be called. | 42 // canceled, and their completion callbacks will not be called. |
| 41 virtual ~MultiThreadedCertVerifier(); | 43 virtual ~MultiThreadedCertVerifier(); |
| 42 | 44 |
| 43 // CertVerifier implementation | 45 // CertVerifier implementation |
| 44 virtual int Verify(X509Certificate* cert, | 46 virtual int Verify(X509Certificate* cert, |
| 45 const std::string& hostname, | 47 const std::string& hostname, |
| 46 int flags, | 48 int flags, |
| 47 CRLSet* crl_set, | 49 CRLSet* crl_set, |
| 48 CertVerifyResult* verify_result, | 50 CertVerifyResult* verify_result, |
| 49 const CompletionCallback& callback, | 51 const CompletionCallback& callback, |
| 50 CertVerifier::RequestHandle* out_req, | 52 CertVerifier::RequestHandle* out_req, |
| 51 const BoundNetLog& net_log) OVERRIDE; | 53 const BoundNetLog& net_log) OVERRIDE; |
| 52 | 54 |
| 53 virtual void CancelRequest(CertVerifier::RequestHandle req) OVERRIDE; | 55 virtual void CancelRequest(CertVerifier::RequestHandle req) OVERRIDE; |
| 54 | 56 |
| 55 private: | 57 private: |
| 56 friend class CertVerifierWorker; // Calls HandleResult. | 58 friend class CertVerifierWorker; // Calls HandleResult. |
| 57 friend class CertVerifierRequest; | 59 friend class CertVerifierRequest; |
| 58 friend class CertVerifierJob; | 60 friend class CertVerifierJob; |
| 61 friend class MultiThreadedCertVerifierTest; | |
| 59 FRIEND_TEST_ALL_PREFIXES(MultiThreadedCertVerifierTest, CacheHit); | 62 FRIEND_TEST_ALL_PREFIXES(MultiThreadedCertVerifierTest, CacheHit); |
| 60 FRIEND_TEST_ALL_PREFIXES(MultiThreadedCertVerifierTest, DifferentCACerts); | 63 FRIEND_TEST_ALL_PREFIXES(MultiThreadedCertVerifierTest, DifferentCACerts); |
| 61 FRIEND_TEST_ALL_PREFIXES(MultiThreadedCertVerifierTest, InflightJoin); | 64 FRIEND_TEST_ALL_PREFIXES(MultiThreadedCertVerifierTest, InflightJoin); |
| 62 FRIEND_TEST_ALL_PREFIXES(MultiThreadedCertVerifierTest, CancelRequest); | 65 FRIEND_TEST_ALL_PREFIXES(MultiThreadedCertVerifierTest, CancelRequest); |
| 63 FRIEND_TEST_ALL_PREFIXES(MultiThreadedCertVerifierTest, | 66 FRIEND_TEST_ALL_PREFIXES(MultiThreadedCertVerifierTest, |
| 64 RequestParamsComparators); | 67 RequestParamsComparators); |
| 65 | 68 |
| 66 // Input parameters of a certificate verification request. | 69 // Input parameters of a certificate verification request. |
| 67 struct RequestParams { | 70 struct RequestParams { |
| 68 RequestParams(const SHA1Fingerprint& cert_fingerprint_arg, | 71 RequestParams(const SHA1Fingerprint& cert_fingerprint_arg, |
| (...skipping 45 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... | |
| 114 | 117 |
| 115 // CertDatabase::Observer methods: | 118 // CertDatabase::Observer methods: |
| 116 virtual void OnCertTrustChanged(const X509Certificate* cert) OVERRIDE; | 119 virtual void OnCertTrustChanged(const X509Certificate* cert) OVERRIDE; |
| 117 | 120 |
| 118 // For unit testing. | 121 // For unit testing. |
| 119 void ClearCache() { cache_.Clear(); } | 122 void ClearCache() { cache_.Clear(); } |
| 120 size_t GetCacheSize() const { return cache_.size(); } | 123 size_t GetCacheSize() const { return cache_.size(); } |
| 121 uint64 cache_hits() const { return cache_hits_; } | 124 uint64 cache_hits() const { return cache_hits_; } |
| 122 uint64 requests() const { return requests_; } | 125 uint64 requests() const { return requests_; } |
| 123 uint64 inflight_joins() const { return inflight_joins_; } | 126 uint64 inflight_joins() const { return inflight_joins_; } |
| 127 void SetCertVerifyProc(CertVerifyProc* verify_proc); | |
|
wtc
2012/03/13 22:37:57
Nit: this probably can be named set_cert_verify_pr
Ryan Sleevi
2012/03/14 00:58:50
Since this wasn't inlined, I followed the MethodNa
| |
| 124 | 128 |
| 125 // cache_ maps from a request to a cached result. | 129 // cache_ maps from a request to a cached result. |
| 126 typedef ExpiringCache<RequestParams, CachedResult> CertVerifierCache; | 130 typedef ExpiringCache<RequestParams, CachedResult> CertVerifierCache; |
| 127 CertVerifierCache cache_; | 131 CertVerifierCache cache_; |
| 128 | 132 |
| 129 // inflight_ maps from a request to an active verification which is taking | 133 // inflight_ maps from a request to an active verification which is taking |
| 130 // place. | 134 // place. |
| 131 std::map<RequestParams, CertVerifierJob*> inflight_; | 135 std::map<RequestParams, CertVerifierJob*> inflight_; |
| 132 | 136 |
| 133 uint64 requests_; | 137 uint64 requests_; |
| 134 uint64 cache_hits_; | 138 uint64 cache_hits_; |
| 135 uint64 inflight_joins_; | 139 uint64 inflight_joins_; |
| 136 | 140 |
| 141 scoped_refptr<CertVerifyProc> verify_proc_; | |
| 142 | |
| 137 DISALLOW_COPY_AND_ASSIGN(MultiThreadedCertVerifier); | 143 DISALLOW_COPY_AND_ASSIGN(MultiThreadedCertVerifier); |
| 138 }; | 144 }; |
| 139 | 145 |
| 140 } // namespace net | 146 } // namespace net |
| 141 | 147 |
| 142 #endif // NET_BASE_MULTI_THREADED_CERT_VERIFIER_H_ | 148 #endif // NET_BASE_MULTI_THREADED_CERT_VERIFIER_H_ |
| OLD | NEW |
