Chromium Code Reviews
chromiumcodereview-hr@appspot.gserviceaccount.com (chromiumcodereview-hr) | Please choose your nickname with Settings | Help | Chromium Project | Gerrit Changes | Sign out
(344)

Issues Search
    My Issues | Starred     Open | Closed | All

Side by Side Diff: net/cert/multi_threaded_cert_verifier.h

Issue 1081913003: Route OCSP stapling through CertVerifier. (Closed) Base URL: https://chromium.googlesource.com/chromium/src.git@boringnss
Patch Set: Created 5 years, 8 months ago
Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.
Jump to:
View unified diff | Download patch
« net/cert/cert_verify_proc_win.cc ('K') | « net/cert/mock_cert_verifier.cc ('k') | net/cert/multi_threaded_cert_verifier.cc » ('j') | no next file with comments »
Toggle Intra-line Diffs ('i') | Expand Comments ('e') | Collapse Comments ('c') | Show Comments Hide Comments ('s')
OLDNEW
1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. 1 // Copyright (c) 2012 The Chromium Authors. All rights reserved.
2 // Use of this source code is governed by a BSD-style license that can be 2 // Use of this source code is governed by a BSD-style license that can be
3 // found in the LICENSE file. 3 // found in the LICENSE file.
4 4
5 #ifndef NET_CERT_MULTI_THREADED_CERT_VERIFIER_H_ 5 #ifndef NET_CERT_MULTI_THREADED_CERT_VERIFIER_H_
6 #define NET_CERT_MULTI_THREADED_CERT_VERIFIER_H_ 6 #define NET_CERT_MULTI_THREADED_CERT_VERIFIER_H_
7 7
8 #include <map> 8 #include <map>
9 #include <string> 9 #include <string>
10 #include <vector> 10 #include <vector>
(...skipping 38 matching lines...) Expand 10 before | Expand all | Expand 10 after
49 // The CertTrustAnchorProvider will only be accessed on the same 49 // The CertTrustAnchorProvider will only be accessed on the same
50 // thread that Verify() is called on; that is, it will not be 50 // thread that Verify() is called on; that is, it will not be
51 // accessed from worker threads. 51 // accessed from worker threads.
52 // It must outlive the MultiThreadedCertVerifier. 52 // It must outlive the MultiThreadedCertVerifier.
53 void SetCertTrustAnchorProvider( 53 void SetCertTrustAnchorProvider(
54 CertTrustAnchorProvider* trust_anchor_provider); 54 CertTrustAnchorProvider* trust_anchor_provider);
55 55
56 // CertVerifier implementation 56 // CertVerifier implementation
57 int Verify(X509Certificate* cert, 57 int Verify(X509Certificate* cert,
58 const std::string& hostname, 58 const std::string& hostname,
59 const std::string& ocsp_response,
59 int flags, 60 int flags,
60 CRLSet* crl_set, 61 CRLSet* crl_set,
61 CertVerifyResult* verify_result, 62 CertVerifyResult* verify_result,
62 const CompletionCallback& callback, 63 const CompletionCallback& callback,
63 CertVerifier::RequestHandle* out_req, 64 CertVerifier::RequestHandle* out_req,
64 const BoundNetLog& net_log) override; 65 const BoundNetLog& net_log) override;
65 66
66 void CancelRequest(CertVerifier::RequestHandle req) override; 67 void CancelRequest(CertVerifier::RequestHandle req) override;
67 68
69 bool SupportsOCSPStapling() override;
70
68 private: 71 private:
69 friend class CertVerifierWorker; // Calls HandleResult. 72 friend class CertVerifierWorker; // Calls HandleResult.
70 friend class CertVerifierRequest; 73 friend class CertVerifierRequest;
71 friend class CertVerifierJob; 74 friend class CertVerifierJob;
72 friend class MultiThreadedCertVerifierTest; 75 friend class MultiThreadedCertVerifierTest;
73 FRIEND_TEST_ALL_PREFIXES(MultiThreadedCertVerifierTest, CacheHit); 76 FRIEND_TEST_ALL_PREFIXES(MultiThreadedCertVerifierTest, CacheHit);
74 FRIEND_TEST_ALL_PREFIXES(MultiThreadedCertVerifierTest, DifferentCACerts); 77 FRIEND_TEST_ALL_PREFIXES(MultiThreadedCertVerifierTest, DifferentCACerts);
75 FRIEND_TEST_ALL_PREFIXES(MultiThreadedCertVerifierTest, InflightJoin); 78 FRIEND_TEST_ALL_PREFIXES(MultiThreadedCertVerifierTest, InflightJoin);
76 FRIEND_TEST_ALL_PREFIXES(MultiThreadedCertVerifierTest, CancelRequest); 79 FRIEND_TEST_ALL_PREFIXES(MultiThreadedCertVerifierTest, CancelRequest);
77 FRIEND_TEST_ALL_PREFIXES(MultiThreadedCertVerifierTest, 80 FRIEND_TEST_ALL_PREFIXES(MultiThreadedCertVerifierTest,
78 RequestParamsComparators); 81 RequestParamsComparators);
79 FRIEND_TEST_ALL_PREFIXES(MultiThreadedCertVerifierTest, 82 FRIEND_TEST_ALL_PREFIXES(MultiThreadedCertVerifierTest,
80 CertTrustAnchorProvider); 83 CertTrustAnchorProvider);
81 84
82 // Input parameters of a certificate verification request. 85 // Input parameters of a certificate verification request.
83 struct NET_EXPORT_PRIVATE RequestParams { 86 struct NET_EXPORT_PRIVATE RequestParams {
84 RequestParams(const SHA1HashValue& cert_fingerprint_arg, 87 RequestParams(const SHA1HashValue& cert_fingerprint_arg,
85 const SHA1HashValue& ca_fingerprint_arg, 88 const SHA1HashValue& ca_fingerprint_arg,
86 const std::string& hostname_arg, 89 const std::string& hostname_arg,
90 const std::string& ocsp_response_arg,
87 int flags_arg, 91 int flags_arg,
88 const CertificateList& additional_trust_anchors); 92 const CertificateList& additional_trust_anchors);
89 ~RequestParams(); 93 ~RequestParams();
90 94
91 bool operator<(const RequestParams& other) const; 95 bool operator<(const RequestParams& other) const;
92 96
93 std::string hostname; 97 std::string hostname;
94 int flags; 98 int flags;
95 std::vector<SHA1HashValue> hash_values; 99 std::vector<SHA1HashValue> hash_values;
96 }; 100 };
(...skipping 27 matching lines...) Expand all
124 // Returns true iff |now| is within the validity period of |expiration|. 128 // Returns true iff |now| is within the validity period of |expiration|.
125 bool operator()(const CacheValidityPeriod& now, 129 bool operator()(const CacheValidityPeriod& now,
126 const CacheValidityPeriod& expiration) const; 130 const CacheValidityPeriod& expiration) const;
127 }; 131 };
128 132
129 typedef ExpiringCache<RequestParams, CachedResult, CacheValidityPeriod, 133 typedef ExpiringCache<RequestParams, CachedResult, CacheValidityPeriod,
130 CacheExpirationFunctor> CertVerifierCache; 134 CacheExpirationFunctor> CertVerifierCache;
131 135
132 void HandleResult(X509Certificate* cert, 136 void HandleResult(X509Certificate* cert,
133 const std::string& hostname, 137 const std::string& hostname,
138 const std::string& ocsp_response,
134 int flags, 139 int flags,
135 const CertificateList& additional_trust_anchors, 140 const CertificateList& additional_trust_anchors,
136 int error, 141 int error,
137 const CertVerifyResult& verify_result); 142 const CertVerifyResult& verify_result);
138 143
139 // CertDatabase::Observer methods: 144 // CertDatabase::Observer methods:
140 void OnCACertChanged(const X509Certificate* cert) override; 145 void OnCACertChanged(const X509Certificate* cert) override;
141 146
142 // For unit testing. 147 // For unit testing.
143 void ClearCache() { cache_.Clear(); } 148 void ClearCache() { cache_.Clear(); }
(...skipping 19 matching lines...) Expand all
163 scoped_refptr<CertVerifyProc> verify_proc_; 168 scoped_refptr<CertVerifyProc> verify_proc_;
164 169
165 CertTrustAnchorProvider* trust_anchor_provider_; 170 CertTrustAnchorProvider* trust_anchor_provider_;
166 171
167 DISALLOW_COPY_AND_ASSIGN(MultiThreadedCertVerifier); 172 DISALLOW_COPY_AND_ASSIGN(MultiThreadedCertVerifier);
168 }; 173 };
169 174
170 } // namespace net 175 } // namespace net
171 176
172 #endif // NET_CERT_MULTI_THREADED_CERT_VERIFIER_H_ 177 #endif // NET_CERT_MULTI_THREADED_CERT_VERIFIER_H_
OLDNEW
« net/cert/cert_verify_proc_win.cc ('K') | « net/cert/mock_cert_verifier.cc ('k') | net/cert/multi_threaded_cert_verifier.cc » ('j') | no next file with comments »

Powered by Google App Engine
This is Rietveld 408576698