Make ServerBoundCertStore interface async, move SQLiteServerBoundCertStore load onto DB thread.

net/base/server_bound_cert_service.cc

 // Copyright (c) 2012 The Chromium Authors. All rights reserved.

[erikwright (departed), 2013/01/04 19:20:10]

Any reason why the changes in this file are lumped in this CL?

[mattm, 2013/01/08 04:53:21]

The interface to the ServerBoundCertStore is changed, so this file needs to be
updated to the new way of using it.

 // Use of this source code is governed by a BSD-style license that can be
 // found in the LICENSE file.
 
 #include "net/base/server_bound_cert_service.h"
 
 #include <algorithm>
 #include <limits>
 
 #include "base/bind.h"
 #include "base/bind_helpers.h"
@@ skipping 26 matching lines @@
 const int kValidityPeriodInDays = 365;
 // When we check the system time, we add this many days to the end of the check
 // so the result will still hold even after chrome has been running for a
 // while.
 const int kSystemTimeValidityBufferInDays = 90;
 
 bool IsSupportedCertType(uint8 type) {
   switch(type) {
     case CLIENT_CERT_ECDSA_SIGN:
       return true;
+    // If we add any more supported types, CertIsValid will need to be updated
+    // to check that the returned type matches one of the requested types.
     default:
       return false;
   }
 }
 
+bool CertIsValid(const std::string& domain,
+                 SSLClientCertType type,
+                 base::Time expiration_time) {
+  if (expiration_time < base::Time::Now()) {
+    DVLOG(1) << "Cert store had expired cert for " << domain;
+    return false;
+  } else if (!IsSupportedCertType(type)) {
+    DVLOG(1) << "Cert store had cert of wrong type " << type << " for "
+             << domain;
+    return false;
+  }
+  return true;
+}
+
 // Used by the GetDomainBoundCertResult histogram to record the final
 // outcome of each GetDomainBoundCert call.  Do not re-use values.
 enum GetCertResult {
   // Synchronously found and returned an existing domain bound cert.
   SYNC_SUCCESS = 0,
-  // Generated and returned a domain bound cert asynchronously.
+  // Retrieved or generated and returned a domain bound cert asynchronously.
   ASYNC_SUCCESS = 1,
-  // Generation request was cancelled before the cert generation completed.
+  // Retrieval/generation request was cancelled before the cert generation
+  // completed.
   ASYNC_CANCELLED = 2,
   // Cert generation failed.
   ASYNC_FAILURE_KEYGEN = 3,
   ASYNC_FAILURE_CREATE_CERT = 4,
   ASYNC_FAILURE_EXPORT_KEY = 5,
   ASYNC_FAILURE_UNKNOWN = 6,
   // GetDomainBoundCert was called with invalid arguments.
   INVALID_ARGUMENT = 7,
   // We don't support any of the cert types the server requested.
   UNSUPPORTED_TYPE = 8,
@@ skipping 126 matching lines @@
       }
       case ERR_KEY_GENERATION_FAILED:
         RecordGetDomainBoundCertResult(ASYNC_FAILURE_KEYGEN);
         break;
       case ERR_ORIGIN_BOUND_CERT_GENERATION_FAILED:
         RecordGetDomainBoundCertResult(ASYNC_FAILURE_CREATE_CERT);
         break;
       case ERR_PRIVATE_KEY_EXPORT_FAILED:
         RecordGetDomainBoundCertResult(ASYNC_FAILURE_EXPORT_KEY);
         break;
+      case ERR_INSUFFICIENT_RESOURCES:
+        RecordGetDomainBoundCertResult(WORKER_FAILURE);
+        break;
       default:
         RecordGetDomainBoundCertResult(ASYNC_FAILURE_UNKNOWN);
         break;
     }
     if (!callback_.is_null()) {
       *type_ = type;
       *private_key_ = private_key;
       *cert_ = cert;
       callback_.Run(error);
     }
@@ skipping 71 matching lines @@
   WorkerDoneCallback callback_;
 
   DISALLOW_COPY_AND_ASSIGN(ServerBoundCertServiceWorker);
 };
 
 // A ServerBoundCertServiceJob is a one-to-one counterpart of an
 // ServerBoundCertServiceWorker. It lives only on the ServerBoundCertService's
 // origin message loop.
 class ServerBoundCertServiceJob {
  public:
-  ServerBoundCertServiceJob(SSLClientCertType type) : type_(type) {
+  ServerBoundCertServiceJob(SSLClientCertType type)
+      : type_(type) {
   }
 
   ~ServerBoundCertServiceJob() {
     if (!requests_.empty())
       DeleteAllCanceled();
   }
 
   SSLClientCertType type() const { return type_; }
 
   void AddRequest(ServerBoundCertServiceRequest* request) {
@@ skipping 104 matching lines @@
     }
   }
   if (preferred_type == CLIENT_CERT_INVALID_TYPE) {
     RecordGetDomainBoundCertResult(UNSUPPORTED_TYPE);
     // None of the requested types are supported.
     return ERR_CLIENT_AUTH_CERT_TYPE_UNSUPPORTED;
   }
 
   requests_++;
 
-  // Check if a domain bound cert of an acceptable type already exists for this
-  // domain, and that it has not expired.
-  base::Time now = base::Time::Now();
-  base::Time creation_time;
-  base::Time expiration_time;
-  if (server_bound_cert_store_->GetServerBoundCert(domain,
-                                                   type,
-                                                   &creation_time,
-                                                   &expiration_time,
-                                                   private_key,
-                                                   cert)) {
-    if (expiration_time < now) {
-      DVLOG(1) << "Cert store had expired cert for " << domain;
-    } else if (!IsSupportedCertType(*type) ||
-               std::find(requested_types.begin(), requested_types.end(),
-                         *type) == requested_types.end()) {
-      DVLOG(1) << "Cert store had cert of wrong type " << *type << " for "
-               << domain;
-    } else {
-      DVLOG(1) << "Cert store had valid cert for " << domain
-               << " of type " << *type;
-      cert_store_hits_++;
-      RecordGetDomainBoundCertResult(SYNC_SUCCESS);
-      base::TimeDelta request_time = base::TimeTicks::Now() - request_start;
-      UMA_HISTOGRAM_TIMES("DomainBoundCerts.GetCertTimeSync", request_time);
-      RecordGetCertTime(request_time);
-      return OK;
-    }
-  }
-
-  // |server_bound_cert_store_| has no cert for this domain. See if an
-  // identical request is currently in flight.
+  // See if an identical request is currently in flight.
   ServerBoundCertServiceJob* job = NULL;
   std::map<std::string, ServerBoundCertServiceJob*>::const_iterator j;
   j = inflight_.find(domain);
   if (j != inflight_.end()) {
     // An identical request is in flight already. We'll just attach our
     // callback.
     job = j->second;
     // Check that the job is for an acceptable type of cert.
     if (std::find(requested_types.begin(), requested_types.end(), job->type())
         == requested_types.end()) {
       DVLOG(1) << "Found inflight job of wrong type " << job->type()
                << " for " << domain;
       // If we get here, the server is asking for different types of certs in
       // short succession.  This probably means the server is broken or
       // misconfigured.  Since we only store one type of cert per domain, we
       // are unable to handle this well.  Just return an error and let the first
       // job finish.
       RecordGetDomainBoundCertResult(TYPE_MISMATCH);
       return ERR_ORIGIN_BOUND_CERT_GENERATION_TYPE_MISMATCH;
     }
     inflight_joins_++;
-  } else {
-    // Need to make a new request.
+
+    ServerBoundCertServiceRequest* request = new ServerBoundCertServiceRequest(
+        request_start, callback, type, private_key, cert);
+    job->AddRequest(request);
+    *out_req = request;
+    return ERR_IO_PENDING;
+  }
+
+  // Check if a domain bound cert of an acceptable type already exists for this
+  // domain, and that it has not expired.
+  base::Time expiration_time;
+  if (server_bound_cert_store_->GetServerBoundCert(
+      domain,
+      type,
+      &expiration_time,
+      private_key,
+      cert,
+      base::Bind(&ServerBoundCertService::GotServerBoundCert,
+                 weak_ptr_factory_.GetWeakPtr()))) {
+    if (*type != CLIENT_CERT_INVALID_TYPE) {
+      // Sync lookup found a cert.
+      if (CertIsValid(domain, *type, expiration_time)) {
+        DVLOG(1) << "Cert store had valid cert for " << domain
+                 << " of type " << *type;
+        cert_store_hits_++;
+        RecordGetDomainBoundCertResult(SYNC_SUCCESS);
+        base::TimeDelta request_time = base::TimeTicks::Now() - request_start;
+        UMA_HISTOGRAM_TIMES("DomainBoundCerts.GetCertTimeSync", request_time);
+        RecordGetCertTime(request_time);
+        return OK;
+      }
+    }
+
+    // Sync lookup did not find a cert, or it found an expired one.  Start
+    // generating a new one.
     ServerBoundCertServiceWorker* worker = new ServerBoundCertServiceWorker(
-            domain,
-            preferred_type,
-            base::Bind(&ServerBoundCertService::HandleResult,
-                       weak_ptr_factory_.GetWeakPtr()));
+        domain,
+        preferred_type,
+        base::Bind(&ServerBoundCertService::GeneratedServerBoundCert,
+                   weak_ptr_factory_.GetWeakPtr()));
     if (!worker->Start(task_runner_)) {
+      delete worker;
       // TODO(rkn): Log to the NetLog.
       LOG(ERROR) << "ServerBoundCertServiceWorker couldn't be started.";
       RecordGetDomainBoundCertResult(WORKER_FAILURE);
-      return ERR_INSUFFICIENT_RESOURCES;  // Just a guess.
+      return ERR_INSUFFICIENT_RESOURCES;
     }
-    job = new ServerBoundCertServiceJob(preferred_type);
-    inflight_[domain] = job;
   }
 
+  // We are either waiting for async DB lookup, or waiting for cert generation.
+  // Create a job & request to track it.
+  job = new ServerBoundCertServiceJob(preferred_type);
+  inflight_[domain] = job;
+
   ServerBoundCertServiceRequest* request = new ServerBoundCertServiceRequest(
       request_start, callback, type, private_key, cert);
   job->AddRequest(request);
   *out_req = request;
   return ERR_IO_PENDING;
 }
 
+void ServerBoundCertService::GotServerBoundCert(
+    const std::string& server_identifier,
+    SSLClientCertType type,
+    base::Time expiration_time,
+    const std::string& key,
+    const std::string& cert) {
+  DCHECK(CalledOnValidThread());
+
+  std::map<std::string, ServerBoundCertServiceJob*>::iterator j;
+  j = inflight_.find(server_identifier);
+  if (j == inflight_.end()) {
+    NOTREACHED();
+    return;
+  }
+  ServerBoundCertServiceJob* job = j->second;
+
+  if (type != CLIENT_CERT_INVALID_TYPE) {
+    // Async DB lookup found a cert.
+    if (CertIsValid(server_identifier, type, expiration_time)) {
+      DVLOG(1) << "Cert store had valid cert for " << server_identifier
+               << " of type " << type;
+      cert_store_hits_++;
+      // ServerBoundCertServiceRequest::Post will do the histograms and stuff.
+      HandleResult(OK, server_identifier, type, key, cert);
+      return;
+    }
+  }
+
+  // Async lookup did not find a cert, or it found an expired one.  Start
+  // generating a new one.
+  ServerBoundCertServiceWorker* worker = new ServerBoundCertServiceWorker(
+      server_identifier,
+      job->type(),
+      base::Bind(&ServerBoundCertService::GeneratedServerBoundCert,
+                 weak_ptr_factory_.GetWeakPtr()));
+  if (!worker->Start(task_runner_)) {
+    delete worker;
+    // TODO(rkn): Log to the NetLog.
+    LOG(ERROR) << "ServerBoundCertServiceWorker couldn't be started.";
+    HandleResult(ERR_INSUFFICIENT_RESOURCES, server_identifier,
+                 CLIENT_CERT_INVALID_TYPE, "", "");
+    return;
+  }
+}
+
 ServerBoundCertStore* ServerBoundCertService::GetCertStore() {
   return server_bound_cert_store_.get();
 }
 
 void ServerBoundCertService::CancelRequest(RequestHandle req) {
   DCHECK(CalledOnValidThread());
   ServerBoundCertServiceRequest* request =
       reinterpret_cast<ServerBoundCertServiceRequest*>(req);
   request->Cancel();
 }
 
-// HandleResult is called by ServerBoundCertServiceWorker on the origin message
-// loop. It deletes ServerBoundCertServiceJob.
-void ServerBoundCertService::HandleResult(
+void ServerBoundCertService::GeneratedServerBoundCert(
     const std::string& server_identifier,
     int error,
     scoped_ptr<ServerBoundCertStore::ServerBoundCert> cert) {
   DCHECK(CalledOnValidThread());
 
   if (error == OK) {
     // TODO(mattm): we should just Pass() the cert object to
     // SetServerBoundCert().
     server_bound_cert_store_->SetServerBoundCert(
         cert->server_identifier(), cert->type(), cert->creation_time(),
         cert->expiration_time(), cert->private_key(), cert->cert());
+
+    HandleResult(error, server_identifier, cert->type(), cert->private_key(),
+                 cert->cert());
+  } else {
+    HandleResult(error, server_identifier, CLIENT_CERT_INVALID_TYPE, "", "");
   }
+}
+
+void ServerBoundCertService::HandleResult(
+    int error,
+    const std::string& server_identifier,
+    SSLClientCertType type,
+    const std::string& private_key,
+    const std::string& cert) {
+  DCHECK(CalledOnValidThread());
 
   std::map<std::string, ServerBoundCertServiceJob*>::iterator j;
   j = inflight_.find(server_identifier);
   if (j == inflight_.end()) {
     NOTREACHED();
     return;
   }
   ServerBoundCertServiceJob* job = j->second;
   inflight_.erase(j);
 
-  if (cert)
-    job->HandleResult(error, cert->type(), cert->private_key(), cert->cert());
-  else
-    job->HandleResult(error, CLIENT_CERT_INVALID_TYPE, "", "");
+  job->HandleResult(error, type, private_key, cert);
   delete job;
 }
 
 int ServerBoundCertService::cert_count() {
   return server_bound_cert_store_->GetCertCount();
 }
 
 }  // namespace net