| OLD | NEW |
|---|
| 1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. | 1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. |
| 2 // Use of this source code is governed by a BSD-style license that can be | 2 // Use of this source code is governed by a BSD-style license that can be |
| 3 // found in the LICENSE file. | 3 // found in the LICENSE file. |
| 4 | 4 |
| 5 #ifndef NET_BASE_MULTI_THREADED_CERT_VERIFIER_H_ | 5 #ifndef NET_BASE_MULTI_THREADED_CERT_VERIFIER_H_ |
| 6 #define NET_BASE_MULTI_THREADED_CERT_VERIFIER_H_ | 6 #define NET_BASE_MULTI_THREADED_CERT_VERIFIER_H_ |
| 7 #pragma once | 7 #pragma once |
| 8 | 8 |
| 9 #include <map> | 9 #include <map> |
| 10 #include <string> | 10 #include <string> |
| (...skipping 90 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 101 | 101 |
| 102 // CachedResult contains the result of a certificate verification. | 102 // CachedResult contains the result of a certificate verification. |
| 103 struct CachedResult { | 103 struct CachedResult { |
| 104 CachedResult(); | 104 CachedResult(); |
| 105 ~CachedResult(); | 105 ~CachedResult(); |
| 106 | 106 |
| 107 int error; // The return value of CertVerifier::Verify. | 107 int error; // The return value of CertVerifier::Verify. |
| 108 CertVerifyResult result; // The output of CertVerifier::Verify. | 108 CertVerifyResult result; // The output of CertVerifier::Verify. |
| 109 }; | 109 }; |
| 110 | 110 |
| 111 // Rather than having a single validity point along a monotonically increasing |
| 112 // timeline, certificate verification is based on falling within a range of |
| 113 // the certificate's NotBefore and NotAfter and based on what the current |
| 114 // system clock says (which may advance forwards or backwards as users correct |
| 115 // clock skew). CacheValidityPeriod and CacheExpirationFunctor are helpers to |
| 116 // ensure that expiration is measured both by the 'general' case (now + cache |
| 117 // TTL) and by whether or not significant enough clock skew was introduced |
| 118 // since the last verification. |
| 119 struct CacheValidityPeriod { |
| 120 explicit CacheValidityPeriod(const base::Time& now); |
| 121 CacheValidityPeriod(const base::Time& now, const base::Time& expiration); |
| 122 |
| 123 base::Time verification_time; |
| 124 base::Time expiration_time; |
| 125 }; |
| 126 |
| 127 struct CacheExpirationFunctor { |
| 128 // Returns true iff |now| is within the validity period of |expiration|. |
| 129 bool operator()(const CacheValidityPeriod& now, |
| 130 const CacheValidityPeriod& expiration) const; |
| 131 }; |
| 132 |
| 133 typedef ExpiringCache<RequestParams, CachedResult, CacheValidityPeriod, |
| 134 CacheExpirationFunctor> CertVerifierCache; |
| 135 |
| 111 void HandleResult(X509Certificate* cert, | 136 void HandleResult(X509Certificate* cert, |
| 112 const std::string& hostname, | 137 const std::string& hostname, |
| 113 int flags, | 138 int flags, |
| 114 int error, | 139 int error, |
| 115 const CertVerifyResult& verify_result); | 140 const CertVerifyResult& verify_result); |
| 116 | 141 |
| 117 // CertDatabase::Observer methods: | 142 // CertDatabase::Observer methods: |
| 118 virtual void OnCertTrustChanged(const X509Certificate* cert) OVERRIDE; | 143 virtual void OnCertTrustChanged(const X509Certificate* cert) OVERRIDE; |
| 119 | 144 |
| 120 // For unit testing. | 145 // For unit testing. |
| 121 void ClearCache() { cache_.Clear(); } | 146 void ClearCache() { cache_.Clear(); } |
| 122 size_t GetCacheSize() const { return cache_.size(); } | 147 size_t GetCacheSize() const { return cache_.size(); } |
| 123 uint64 cache_hits() const { return cache_hits_; } | 148 uint64 cache_hits() const { return cache_hits_; } |
| 124 uint64 requests() const { return requests_; } | 149 uint64 requests() const { return requests_; } |
| 125 uint64 inflight_joins() const { return inflight_joins_; } | 150 uint64 inflight_joins() const { return inflight_joins_; } |
| 126 void SetCertVerifyProc(CertVerifyProc* verify_proc); | 151 void SetCertVerifyProc(CertVerifyProc* verify_proc); |
| 127 | 152 |
| 128 // cache_ maps from a request to a cached result. | 153 // cache_ maps from a request to a cached result. |
| 129 typedef ExpiringCache<RequestParams, CachedResult> CertVerifierCache; | |
| 130 CertVerifierCache cache_; | 154 CertVerifierCache cache_; |
| 131 | 155 |
| 132 // inflight_ maps from a request to an active verification which is taking | 156 // inflight_ maps from a request to an active verification which is taking |
| 133 // place. | 157 // place. |
| 134 std::map<RequestParams, CertVerifierJob*> inflight_; | 158 std::map<RequestParams, CertVerifierJob*> inflight_; |
| 135 | 159 |
| 136 uint64 requests_; | 160 uint64 requests_; |
| 137 uint64 cache_hits_; | 161 uint64 cache_hits_; |
| 138 uint64 inflight_joins_; | 162 uint64 inflight_joins_; |
| 139 | 163 |
| 140 scoped_refptr<CertVerifyProc> verify_proc_; | 164 scoped_refptr<CertVerifyProc> verify_proc_; |
| 141 | 165 |
| 142 DISALLOW_COPY_AND_ASSIGN(MultiThreadedCertVerifier); | 166 DISALLOW_COPY_AND_ASSIGN(MultiThreadedCertVerifier); |
| 143 }; | 167 }; |
| 144 | 168 |
| 145 } // namespace net | 169 } // namespace net |
| 146 | 170 |
| 147 #endif // NET_BASE_MULTI_THREADED_CERT_VERIFIER_H_ | 171 #endif // NET_BASE_MULTI_THREADED_CERT_VERIFIER_H_ |
| OLD | NEW |
|---|
Chromium Code Reviews
Issue 10556022:
Consider the verification time as well as the expiration time when caching certificate verification… (Closed)
Base URL: svn://svn.chromium.org/chrome/trunk/src