net/base/multi_threaded_cert_verifier.h - Issue 9584041: Create stubs for system certificate validation.

Unified Diff: net/base/multi_threaded_cert_verifier.h

Issue 9584041: Create stubs for system certificate validation. (Closed) Base URL: svn://svn.chromium.org/chrome/trunk/src

Patch Set: Exclude CertVerifyProcNSS for non-NSS-only systems, for now Created 8 years, 9 months ago

Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.

Jump to:

View side-by-side diff with in-line comments

Download patch

« net/base/cert_verify_proc_win.h ('K') | « net/base/cert_verify_proc_win.cc ('k') | net/base/multi_threaded_cert_verifier.cc » ('j') | net/base/multi_threaded_cert_verifier_unittest.cc » ('J')
Expand Comments ('e') | Collapse Comments ('c') | Hide Comments ('s')

Index: net/base/multi_threaded_cert_verifier.h

diff --git a/net/base/multi_threaded_cert_verifier.h b/net/base/multi_threaded_cert_verifier.h

index 78f372ea34a5267eaddd9c8feb1f56000e7c0098..fbd385892a9057988d71d68be024477e213b2b9f 100644

--- a/net/base/multi_threaded_cert_verifier.h

+++ b/net/base/multi_threaded_cert_verifier.h

@@ -11,6 +11,7 @@

#include "base/basictypes.h"

#include "base/gtest_prod_util.h"

+#include "base/memory/ref_counted.h"

#include "base/memory/scoped_ptr.h"

#include "base/threading/non_thread_safe.h"

#include "net/base/cert_database.h"

@@ -25,12 +26,38 @@ namespace net {

// MultiThreadedCertVerifier is a CertVerifier implementation that runs

// synchronous CertVerifier implementations on worker threads.

-class NET_EXPORT MultiThreadedCertVerifier :

+class MultiThreadedCertVerifier :

public CertVerifier,

NON_EXPORTED_BASE(public base::NonThreadSafe),

wtc 2012/03/06 23:10:14 Maybe NON_EXPORTED_BASE can be removed now?

Ryan Sleevi 2012/03/10 03:09:12 The removal of NET_EXPORT was a mistake. It should

public CertDatabase::Observer {

public:

- MultiThreadedCertVerifier();

+ // Class to perform the actual certificate validation on a worker thread.

+ // This class MUST be thread-safe, as it will be called concurrently on

+ // multiple worker threads.

+ // Note: Because these worker threads run within a worker pool, VerifyProc

+ // implementations must be careful about using other objects, such as

+ // MessageLoops, Singletons, etc, as these objects may no longer exist

+ // during shutdown.

+ class VerifyProc : public base::RefCountedThreadSafe<VerifyProc> {

wtc 2012/03/06 23:10:14 Why does VerifyProc need to be a class? Isn't it

Ryan Sleevi 2012/03/10 03:09:12 Using function pointers outside of PPAPI and unitt

+ public:

+ // Performs a synchronous verification of |cert| for the specified

+ // |hostname|.

+ // The arguments mirror those of CertVerifier::Verify().

+ // Note: Multiple calls to Verify() may be running in parallel, so

+ // any state inside of |this| should not mutate.

+ virtual int Verify(X509Certificate* cert,

+ const std::string& hostname,

+ int flags,

+ CRLSet* crl_set,

+ CertVerifyResult* verify_result) = 0;

+ protected:

+ friend class base::RefCountedThreadSafe<VerifyProc>;

+ virtual ~VerifyProc() {}

+ };

+ explicit MultiThreadedCertVerifier(VerifyProc* verifier);

// When the verifier is destroyed, all certificate verifications requests are

// canceled, and their completion callbacks will not be called.

@@ -126,6 +153,8 @@ class NET_EXPORT MultiThreadedCertVerifier :

// place.

std::map<RequestParams, CertVerifierJob*> inflight_;

+ scoped_refptr<VerifyProc> verifier_;

wtc 2012/03/06 23:10:14 Please name this member verify_proc_. verifier_ s

uint64 requests_;

uint64 cache_hits_;

uint64 inflight_joins_;

« net/base/cert_verify_proc_win.h ('K') | « net/base/cert_verify_proc_win.cc ('k') | net/base/multi_threaded_cert_verifier.cc » ('j') | net/base/multi_threaded_cert_verifier_unittest.cc » ('J')