| OLD | NEW |
|---|
| 1 // Copyright (c) 2008 The Chromium Authors. All rights reserved. | 1 // Copyright (c) 2008 The Chromium Authors. All rights reserved. |
| 2 // Use of this source code is governed by a BSD-style license that can be | 2 // Use of this source code is governed by a BSD-style license that can be |
| 3 // found in the LICENSE file. | 3 // found in the LICENSE file. |
| 4 | 4 |
| 5 #include "net/base/cert_verifier.h" | 5 #include "net/base/cert_verifier.h" |
| 6 | 6 |
| 7 #if defined(OS_LINUX) | 7 #if defined(OS_LINUX) |
| 8 #include <private/pprthred.h> // PR_DetatchThread | 8 #include <private/pprthred.h> // PR_DetatchThread |
| 9 #endif | 9 #endif |
| 10 | 10 |
| 11 #include "base/message_loop.h" | 11 #include "base/message_loop.h" |
| 12 #include "base/worker_pool.h" | 12 #include "base/worker_pool.h" |
| 13 #include "net/base/cert_verify_result.h" | 13 #include "net/base/cert_verify_result.h" |
| 14 #include "net/base/net_errors.h" | 14 #include "net/base/net_errors.h" |
| 15 #include "net/base/x509_certificate.h" | 15 #include "net/base/x509_certificate.h" |
| 16 | 16 |
| 17 namespace net { | 17 namespace net { |
| 18 | 18 |
| 19 class CertVerifier::Request : | 19 class CertVerifier::Request : |
| 20 public base::RefCountedThreadSafe<CertVerifier::Request> { | 20 public base::RefCountedThreadSafe<CertVerifier::Request> { |
| 21 public: | 21 public: |
| 22 Request(CertVerifier* verifier, | 22 Request(CertVerifier* verifier, |
| 23 X509Certificate* cert, | 23 X509Certificate* cert, |
| 24 const std::string& hostname, | 24 const std::string& hostname, |
| 25 bool rev_checking_enabled, | 25 int flags, |
| 26 CertVerifyResult* verify_result, | 26 CertVerifyResult* verify_result, |
| 27 CompletionCallback* callback) | 27 CompletionCallback* callback) |
| 28 : cert_(cert), | 28 : cert_(cert), |
| 29 hostname_(hostname), | 29 hostname_(hostname), |
| 30 rev_checking_enabled_(rev_checking_enabled), | 30 flags_(flags), |
| 31 verifier_(verifier), | 31 verifier_(verifier), |
| 32 verify_result_(verify_result), | 32 verify_result_(verify_result), |
| 33 callback_(callback), | 33 callback_(callback), |
| 34 origin_loop_(MessageLoop::current()), | 34 origin_loop_(MessageLoop::current()), |
| 35 error_(OK) { | 35 error_(OK) { |
| 36 } | 36 } |
| 37 | 37 |
| 38 ~Request() {} | 38 ~Request() {} |
| 39 | 39 |
| 40 void DoVerify() { | 40 void DoVerify() { |
| 41 // Running on the worker thread | 41 // Running on the worker thread |
| 42 error_ = cert_->Verify(hostname_, rev_checking_enabled_, &result_); | 42 error_ = cert_->Verify(hostname_, flags_, &result_); |
| 43 #if defined(OS_LINUX) | 43 #if defined(OS_LINUX) |
| 44 // Detach the thread from NSPR. | 44 // Detach the thread from NSPR. |
| 45 // Calling NSS functions attaches the thread to NSPR, which stores | 45 // Calling NSS functions attaches the thread to NSPR, which stores |
| 46 // the NSPR thread ID in thread-specific data. | 46 // the NSPR thread ID in thread-specific data. |
| 47 // The threads in our thread pool terminate after we have called | 47 // The threads in our thread pool terminate after we have called |
| 48 // PR_Cleanup. Unless we detach them from NSPR, net_unittests gets | 48 // PR_Cleanup. Unless we detach them from NSPR, net_unittests gets |
| 49 // segfaults on shutdown when the threads' thread-specific data | 49 // segfaults on shutdown when the threads' thread-specific data |
| 50 // destructors run. | 50 // destructors run. |
| 51 PR_DetachThread(); | 51 PR_DetachThread(); |
| 52 #endif | 52 #endif |
| (...skipping 35 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 88 verifier_ = NULL; | 88 verifier_ = NULL; |
| 89 | 89 |
| 90 AutoLock locked(origin_loop_lock_); | 90 AutoLock locked(origin_loop_lock_); |
| 91 origin_loop_ = NULL; | 91 origin_loop_ = NULL; |
| 92 } | 92 } |
| 93 | 93 |
| 94 private: | 94 private: |
| 95 // Set on the origin thread, read on the worker thread. | 95 // Set on the origin thread, read on the worker thread. |
| 96 scoped_refptr<X509Certificate> cert_; | 96 scoped_refptr<X509Certificate> cert_; |
| 97 std::string hostname_; | 97 std::string hostname_; |
| 98 bool rev_checking_enabled_; | 98 // bitwise OR'd of X509Certificate::VerifyFlags. |
| 99 int flags_; |
| 99 | 100 |
| 100 // Only used on the origin thread (where Verify was called). | 101 // Only used on the origin thread (where Verify was called). |
| 101 CertVerifier* verifier_; | 102 CertVerifier* verifier_; |
| 102 CertVerifyResult* verify_result_; | 103 CertVerifyResult* verify_result_; |
| 103 CompletionCallback* callback_; | 104 CompletionCallback* callback_; |
| 104 | 105 |
| 105 // Used to post ourselves onto the origin thread. | 106 // Used to post ourselves onto the origin thread. |
| 106 Lock origin_loop_lock_; | 107 Lock origin_loop_lock_; |
| 107 MessageLoop* origin_loop_; | 108 MessageLoop* origin_loop_; |
| 108 | 109 |
| 109 // Assigned on the worker thread, read on the origin thread. | 110 // Assigned on the worker thread, read on the origin thread. |
| 110 int error_; | 111 int error_; |
| 111 CertVerifyResult result_; | 112 CertVerifyResult result_; |
| 112 }; | 113 }; |
| 113 | 114 |
| 114 //----------------------------------------------------------------------------- | 115 //----------------------------------------------------------------------------- |
| 115 | 116 |
| 116 CertVerifier::CertVerifier() { | 117 CertVerifier::CertVerifier() { |
| 117 } | 118 } |
| 118 | 119 |
| 119 CertVerifier::~CertVerifier() { | 120 CertVerifier::~CertVerifier() { |
| 120 if (request_) | 121 if (request_) |
| 121 request_->Cancel(); | 122 request_->Cancel(); |
| 122 } | 123 } |
| 123 | 124 |
| 124 int CertVerifier::Verify(X509Certificate* cert, | 125 int CertVerifier::Verify(X509Certificate* cert, |
| 125 const std::string& hostname, | 126 const std::string& hostname, |
| 126 bool rev_checking_enabled, | 127 int flags, |
| 127 CertVerifyResult* verify_result, | 128 CertVerifyResult* verify_result, |
| 128 CompletionCallback* callback) { | 129 CompletionCallback* callback) { |
| 129 DCHECK(!request_) << "verifier already in use"; | 130 DCHECK(!request_) << "verifier already in use"; |
| 130 | 131 |
| 131 // Do a synchronous verification. | 132 // Do a synchronous verification. |
| 132 if (!callback) { | 133 if (!callback) { |
| 133 CertVerifyResult result; | 134 CertVerifyResult result; |
| 134 int rv = cert->Verify(hostname, rev_checking_enabled, &result); | 135 int rv = cert->Verify(hostname, flags, &result); |
| 135 *verify_result = result; | 136 *verify_result = result; |
| 136 return rv; | 137 return rv; |
| 137 } | 138 } |
| 138 | 139 |
| 139 request_ = new Request(this, cert, hostname, rev_checking_enabled, | 140 request_ = new Request(this, cert, hostname, flags, verify_result, callback); |
| 140 verify_result, callback); | |
| 141 | 141 |
| 142 // Dispatch to worker thread... | 142 // Dispatch to worker thread... |
| 143 if (!WorkerPool::PostTask(FROM_HERE, | 143 if (!WorkerPool::PostTask(FROM_HERE, |
| 144 NewRunnableMethod(request_.get(), &Request::DoVerify), true)) { | 144 NewRunnableMethod(request_.get(), &Request::DoVerify), true)) { |
| 145 NOTREACHED(); | 145 NOTREACHED(); |
| 146 request_ = NULL; | 146 request_ = NULL; |
| 147 return ERR_FAILED; | 147 return ERR_FAILED; |
| 148 } | 148 } |
| 149 | 149 |
| 150 return ERR_IO_PENDING; | 150 return ERR_IO_PENDING; |
| 151 } | 151 } |
| 152 | 152 |
| 153 } // namespace net | 153 } // namespace net |
| OLD | NEW |
|---|
Chromium Code Reviews
Issue 125120:
Use LOAD_VERIFY_EV_CERT to verify EV-ness in Verify().... (Closed)
Base URL: svn://chrome-svn/chrome/trunk/src/