OLD | NEW |
---|---|
1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. | 1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. |
2 // Use of this source code is governed by a BSD-style license that can be | 2 // Use of this source code is governed by a BSD-style license that can be |
3 // found in the LICENSE file. | 3 // found in the LICENSE file. |
4 | 4 |
5 #ifndef NET_BASE_DEFAULT_ORIGIN_BOUND_CERT_STORE_H_ | 5 #ifndef NET_BASE_DEFAULT_ORIGIN_BOUND_CERT_STORE_H_ |
6 #define NET_BASE_DEFAULT_ORIGIN_BOUND_CERT_STORE_H_ | 6 #define NET_BASE_DEFAULT_ORIGIN_BOUND_CERT_STORE_H_ |
7 #pragma once | 7 #pragma once |
8 | 8 |
9 #include <map> | 9 #include <map> |
10 #include <string> | 10 #include <string> |
11 #include <vector> | 11 #include <vector> |
12 | 12 |
13 #include "base/callback_forward.h" | 13 #include "base/callback_forward.h" |
14 #include "base/compiler_specific.h" | 14 #include "base/compiler_specific.h" |
15 #include "base/memory/ref_counted.h" | 15 #include "base/memory/ref_counted.h" |
16 #include "base/synchronization/lock.h" | 16 #include "base/synchronization/lock.h" |
17 #include "net/base/net_export.h" | 17 #include "net/base/net_export.h" |
18 #include "net/base/origin_bound_cert_store.h" | 18 #include "net/base/origin_bound_cert_store.h" |
19 | 19 |
20 class Task; | 20 class Task; |
21 | 21 |
22 namespace net { | 22 namespace net { |
23 | 23 |
24 // This class is the system for storing and retrieving origin bound certs. | 24 // This class is the system for storing and retrieving domain bound certs. |
25 // Modeled after the CookieMonster class, it has an in-memory cert store, | 25 // Modeled after the CookieMonster class, it has an in-memory cert store, |
26 // and synchronizes origin bound certs to an optional permanent storage that | 26 // and synchronizes domain bound certs to an optional permanent storage that |
27 // implements the PersistentStore interface. The use case is described in | 27 // implements the PersistentStore interface. The use case is described in |
28 // http://balfanz.github.com/tls-obc-spec/draft-balfanz-tls-obc-00.html | 28 // http://balfanz.github.com/tls-obc-spec/draft-balfanz-tls-obc-00.html |
29 // | 29 // |
30 // This class can be accessed by multiple threads. For example, it can be used | 30 // This class can be accessed by multiple threads. For example, it can be used |
31 // by IO and origin bound cert management UI. | 31 // by IO and domain bound cert management UI. |
32 // | |
33 // Note: For historical reasons, this class is called | |
34 // DefaultOriginBoundCertStore, but it's really a DefaultDomainBoundCertStore. | |
Mike West
2012/03/07 10:31:47
Are the historical reasons strong enough to not si
| |
32 class NET_EXPORT DefaultOriginBoundCertStore : public OriginBoundCertStore { | 35 class NET_EXPORT DefaultOriginBoundCertStore : public OriginBoundCertStore { |
33 public: | 36 public: |
34 class PersistentStore; | 37 class PersistentStore; |
35 | 38 |
36 // The key for each OriginBoundCert* in OriginBoundCertMap is the | 39 // The key for each OriginBoundCert* in OriginBoundCertMap is the |
37 // corresponding origin. | 40 // corresponding domain. |
38 typedef std::map<std::string, OriginBoundCert*> OriginBoundCertMap; | 41 typedef std::map<std::string, OriginBoundCert*> OriginBoundCertMap; |
39 | 42 |
40 // The store passed in should not have had Init() called on it yet. This | 43 // The store passed in should not have had Init() called on it yet. This |
41 // class will take care of initializing it. The backing store is NOT owned by | 44 // class will take care of initializing it. The backing store is NOT owned by |
42 // this class, but it must remain valid for the duration of the | 45 // this class, but it must remain valid for the duration of the |
43 // DefaultOriginBoundCertStore's existence. If |store| is NULL, then no | 46 // DefaultOriginBoundCertStore's existence. If |store| is NULL, then no |
44 // backing store will be updated. | 47 // backing store will be updated. |
45 explicit DefaultOriginBoundCertStore(PersistentStore* store); | 48 explicit DefaultOriginBoundCertStore(PersistentStore* store); |
46 | 49 |
47 virtual ~DefaultOriginBoundCertStore(); | 50 virtual ~DefaultOriginBoundCertStore(); |
48 | 51 |
49 // Flush the backing store (if any) to disk and post the given task when done. | 52 // Flush the backing store (if any) to disk and post the given task when done. |
50 // WARNING: THE CALLBACK WILL RUN ON A RANDOM THREAD. IT MUST BE THREAD SAFE. | 53 // WARNING: THE CALLBACK WILL RUN ON A RANDOM THREAD. IT MUST BE THREAD SAFE. |
51 // It may be posted to the current thread, or it may run on the thread that | 54 // It may be posted to the current thread, or it may run on the thread that |
52 // actually does the flushing. Your Task should generally post a notification | 55 // actually does the flushing. Your Task should generally post a notification |
53 // to the thread you actually want to be notified on. | 56 // to the thread you actually want to be notified on. |
54 void FlushStore(const base::Closure& completion_task); | 57 void FlushStore(const base::Closure& completion_task); |
55 | 58 |
56 // OriginBoundCertStore implementation. | 59 // OriginBoundCertStore implementation. |
57 virtual bool GetOriginBoundCert( | 60 virtual bool GetOriginBoundCert( |
58 const std::string& origin, | 61 const std::string& domain, |
59 SSLClientCertType* type, | 62 SSLClientCertType* type, |
60 base::Time* creation_time, | 63 base::Time* creation_time, |
61 base::Time* expiration_time, | 64 base::Time* expiration_time, |
62 std::string* private_key_result, | 65 std::string* private_key_result, |
63 std::string* cert_result) OVERRIDE; | 66 std::string* cert_result) OVERRIDE; |
64 virtual void SetOriginBoundCert( | 67 virtual void SetOriginBoundCert( |
65 const std::string& origin, | 68 const std::string& domain, |
66 SSLClientCertType type, | 69 SSLClientCertType type, |
67 base::Time creation_time, | 70 base::Time creation_time, |
68 base::Time expiration_time, | 71 base::Time expiration_time, |
69 const std::string& private_key, | 72 const std::string& private_key, |
70 const std::string& cert) OVERRIDE; | 73 const std::string& cert) OVERRIDE; |
71 virtual void DeleteOriginBoundCert(const std::string& origin) OVERRIDE; | 74 virtual void DeleteOriginBoundCert(const std::string& domain) OVERRIDE; |
72 virtual void DeleteAllCreatedBetween(base::Time delete_begin, | 75 virtual void DeleteAllCreatedBetween(base::Time delete_begin, |
73 base::Time delete_end) OVERRIDE; | 76 base::Time delete_end) OVERRIDE; |
74 virtual void DeleteAll() OVERRIDE; | 77 virtual void DeleteAll() OVERRIDE; |
75 virtual void GetAllOriginBoundCerts( | 78 virtual void GetAllOriginBoundCerts( |
76 std::vector<OriginBoundCert>* origin_bound_certs) OVERRIDE; | 79 std::vector<OriginBoundCert>* origin_bound_certs) OVERRIDE; |
77 virtual int GetCertCount() OVERRIDE; | 80 virtual int GetCertCount() OVERRIDE; |
78 | 81 |
79 private: | 82 private: |
80 static const size_t kMaxCerts; | 83 static const size_t kMaxCerts; |
81 | 84 |
82 // Deletes all of the certs. Does not delete them from |store_|. | 85 // Deletes all of the certs. Does not delete them from |store_|. |
83 void DeleteAllInMemory(); | 86 void DeleteAllInMemory(); |
84 | 87 |
85 // Called by all non-static functions to ensure that the cert store has | 88 // Called by all non-static functions to ensure that the cert store has |
86 // been initialized. This is not done during creating so it doesn't block | 89 // been initialized. This is not done during creating so it doesn't block |
87 // the window showing. | 90 // the window showing. |
88 // Note: this method should always be called with lock_ held. | 91 // Note: this method should always be called with lock_ held. |
89 void InitIfNecessary() { | 92 void InitIfNecessary() { |
90 if (!initialized_) { | 93 if (!initialized_) { |
91 if (store_) | 94 if (store_) |
92 InitStore(); | 95 InitStore(); |
93 initialized_ = true; | 96 initialized_ = true; |
94 } | 97 } |
95 } | 98 } |
96 | 99 |
97 // Initializes the backing store and reads existing certs from it. | 100 // Initializes the backing store and reads existing certs from it. |
98 // Should only be called by InitIfNecessary(). | 101 // Should only be called by InitIfNecessary(). |
99 void InitStore(); | 102 void InitStore(); |
100 | 103 |
101 // Deletes the cert for the specified origin, if such a cert exists, from the | 104 // Deletes the cert for the specified domain, if such a cert exists, from the |
102 // in-memory store. Deletes it from |store_| if |store_| is not NULL. | 105 // in-memory store. Deletes it from |store_| if |store_| is not NULL. |
103 void InternalDeleteOriginBoundCert(const std::string& origin); | 106 void InternalDeleteOriginBoundCert(const std::string& domain); |
104 | 107 |
105 // Takes ownership of *cert. | 108 // Takes ownership of *cert. |
106 // Adds the cert for the specified origin to the in-memory store. Deletes it | 109 // Adds the cert for the specified domain to the in-memory store. Deletes it |
107 // from |store_| if |store_| is not NULL. | 110 // from |store_| if |store_| is not NULL. |
108 void InternalInsertOriginBoundCert(const std::string& origin, | 111 void InternalInsertOriginBoundCert(const std::string& domain, |
109 OriginBoundCert* cert); | 112 OriginBoundCert* cert); |
110 | 113 |
111 // Indicates whether the cert store has been initialized. This happens | 114 // Indicates whether the cert store has been initialized. This happens |
112 // Lazily in InitStoreIfNecessary(). | 115 // Lazily in InitStoreIfNecessary(). |
113 bool initialized_; | 116 bool initialized_; |
114 | 117 |
115 scoped_refptr<PersistentStore> store_; | 118 scoped_refptr<PersistentStore> store_; |
116 | 119 |
117 OriginBoundCertMap origin_bound_certs_; | 120 OriginBoundCertMap origin_bound_certs_; |
118 | 121 |
(...skipping 31 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... | |
150 protected: | 153 protected: |
151 PersistentStore(); | 154 PersistentStore(); |
152 | 155 |
153 private: | 156 private: |
154 DISALLOW_COPY_AND_ASSIGN(PersistentStore); | 157 DISALLOW_COPY_AND_ASSIGN(PersistentStore); |
155 }; | 158 }; |
156 | 159 |
157 } // namespace net | 160 } // namespace net |
158 | 161 |
159 #endif // NET_DEFAULT_ORIGIN_BOUND_CERT_STORE_H_ | 162 #endif // NET_DEFAULT_ORIGIN_BOUND_CERT_STORE_H_ |
OLD | NEW |