| OLD | NEW |
|---|
| (Empty) |
| 1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. | |
| 2 // Use of this source code is governed by a BSD-style license that can be | |
| 3 // found in the LICENSE file. | |
| 4 | |
| 5 #include "net/base/default_server_bound_cert_store.h" | |
| 6 | |
| 7 #include "base/bind.h" | |
| 8 #include "base/message_loop.h" | |
| 9 #include "base/metrics/histogram.h" | |
| 10 | |
| 11 namespace net { | |
| 12 | |
| 13 // -------------------------------------------------------------------------- | |
| 14 // Task | |
| 15 class DefaultServerBoundCertStore::Task { | |
| 16 public: | |
| 17 virtual ~Task(); | |
| 18 | |
| 19 // Runs the task and invokes the client callback on the thread that | |
| 20 // originally constructed the task. | |
| 21 virtual void Run(DefaultServerBoundCertStore* store) = 0; | |
| 22 | |
| 23 protected: | |
| 24 void InvokeCallback(base::Closure callback) const; | |
| 25 }; | |
| 26 | |
| 27 DefaultServerBoundCertStore::Task::~Task() { | |
| 28 } | |
| 29 | |
| 30 void DefaultServerBoundCertStore::Task::InvokeCallback( | |
| 31 base::Closure callback) const { | |
| 32 if (!callback.is_null()) | |
| 33 callback.Run(); | |
| 34 } | |
| 35 | |
| 36 // -------------------------------------------------------------------------- | |
| 37 // GetServerBoundCertTask | |
| 38 class DefaultServerBoundCertStore::GetServerBoundCertTask | |
| 39 : public DefaultServerBoundCertStore::Task { | |
| 40 public: | |
| 41 GetServerBoundCertTask(const std::string& server_identifier, | |
| 42 const GetCertCallback& callback); | |
| 43 virtual ~GetServerBoundCertTask(); | |
| 44 virtual void Run(DefaultServerBoundCertStore* store) OVERRIDE; | |
| 45 | |
| 46 private: | |
| 47 std::string server_identifier_; | |
| 48 GetCertCallback callback_; | |
| 49 }; | |
| 50 | |
| 51 DefaultServerBoundCertStore::GetServerBoundCertTask::GetServerBoundCertTask( | |
| 52 const std::string& server_identifier, | |
| 53 const GetCertCallback& callback) | |
| 54 : server_identifier_(server_identifier), | |
| 55 callback_(callback) { | |
| 56 } | |
| 57 | |
| 58 DefaultServerBoundCertStore::GetServerBoundCertTask::~GetServerBoundCertTask() { | |
| 59 } | |
| 60 | |
| 61 void DefaultServerBoundCertStore::GetServerBoundCertTask::Run( | |
| 62 DefaultServerBoundCertStore* store) { | |
| 63 SSLClientCertType type = CLIENT_CERT_INVALID_TYPE; | |
| 64 base::Time expiration_time; | |
| 65 std::string private_key_result; | |
| 66 std::string cert_result; | |
| 67 bool was_sync = store->GetServerBoundCert( | |
| 68 server_identifier_, &type, &expiration_time, &private_key_result, | |
| 69 &cert_result, GetCertCallback()); | |
| 70 DCHECK(was_sync); | |
| 71 | |
| 72 InvokeCallback(base::Bind(callback_, server_identifier_, type, | |
| 73 expiration_time, private_key_result, cert_result)); | |
| 74 } | |
| 75 | |
| 76 // -------------------------------------------------------------------------- | |
| 77 // SetServerBoundCertTask | |
| 78 class DefaultServerBoundCertStore::SetServerBoundCertTask | |
| 79 : public DefaultServerBoundCertStore::Task { | |
| 80 public: | |
| 81 SetServerBoundCertTask(const std::string& server_identifier, | |
| 82 SSLClientCertType type, | |
| 83 base::Time creation_time, | |
| 84 base::Time expiration_time, | |
| 85 const std::string& private_key, | |
| 86 const std::string& cert); | |
| 87 virtual ~SetServerBoundCertTask(); | |
| 88 virtual void Run(DefaultServerBoundCertStore* store) OVERRIDE; | |
| 89 | |
| 90 private: | |
| 91 std::string server_identifier_; | |
| 92 SSLClientCertType type_; | |
| 93 base::Time creation_time_; | |
| 94 base::Time expiration_time_; | |
| 95 std::string private_key_; | |
| 96 std::string cert_; | |
| 97 }; | |
| 98 | |
| 99 DefaultServerBoundCertStore::SetServerBoundCertTask::SetServerBoundCertTask( | |
| 100 const std::string& server_identifier, | |
| 101 SSLClientCertType type, | |
| 102 base::Time creation_time, | |
| 103 base::Time expiration_time, | |
| 104 const std::string& private_key, | |
| 105 const std::string& cert) | |
| 106 : server_identifier_(server_identifier), | |
| 107 type_(type), | |
| 108 creation_time_(creation_time), | |
| 109 expiration_time_(expiration_time), | |
| 110 private_key_(private_key), | |
| 111 cert_(cert) { | |
| 112 } | |
| 113 | |
| 114 DefaultServerBoundCertStore::SetServerBoundCertTask::~SetServerBoundCertTask() { | |
| 115 } | |
| 116 | |
| 117 void DefaultServerBoundCertStore::SetServerBoundCertTask::Run( | |
| 118 DefaultServerBoundCertStore* store) { | |
| 119 store->SyncSetServerBoundCert(server_identifier_, type_, creation_time_, | |
| 120 expiration_time_, private_key_, cert_); | |
| 121 } | |
| 122 | |
| 123 // -------------------------------------------------------------------------- | |
| 124 // DeleteServerBoundCertTask | |
| 125 class DefaultServerBoundCertStore::DeleteServerBoundCertTask | |
| 126 : public DefaultServerBoundCertStore::Task { | |
| 127 public: | |
| 128 DeleteServerBoundCertTask(const std::string& server_identifier, | |
| 129 const base::Closure& callback); | |
| 130 virtual ~DeleteServerBoundCertTask(); | |
| 131 virtual void Run(DefaultServerBoundCertStore* store) OVERRIDE; | |
| 132 | |
| 133 private: | |
| 134 std::string server_identifier_; | |
| 135 base::Closure callback_; | |
| 136 }; | |
| 137 | |
| 138 DefaultServerBoundCertStore::DeleteServerBoundCertTask:: | |
| 139 DeleteServerBoundCertTask( | |
| 140 const std::string& server_identifier, | |
| 141 const base::Closure& callback) | |
| 142 : server_identifier_(server_identifier), | |
| 143 callback_(callback) { | |
| 144 } | |
| 145 | |
| 146 DefaultServerBoundCertStore::DeleteServerBoundCertTask:: | |
| 147 ~DeleteServerBoundCertTask() { | |
| 148 } | |
| 149 | |
| 150 void DefaultServerBoundCertStore::DeleteServerBoundCertTask::Run( | |
| 151 DefaultServerBoundCertStore* store) { | |
| 152 store->SyncDeleteServerBoundCert(server_identifier_); | |
| 153 | |
| 154 InvokeCallback(callback_); | |
| 155 } | |
| 156 | |
| 157 // -------------------------------------------------------------------------- | |
| 158 // DeleteAllCreatedBetweenTask | |
| 159 class DefaultServerBoundCertStore::DeleteAllCreatedBetweenTask | |
| 160 : public DefaultServerBoundCertStore::Task { | |
| 161 public: | |
| 162 DeleteAllCreatedBetweenTask(base::Time delete_begin, | |
| 163 base::Time delete_end, | |
| 164 const base::Closure& callback); | |
| 165 virtual ~DeleteAllCreatedBetweenTask(); | |
| 166 virtual void Run(DefaultServerBoundCertStore* store) OVERRIDE; | |
| 167 | |
| 168 private: | |
| 169 base::Time delete_begin_; | |
| 170 base::Time delete_end_; | |
| 171 base::Closure callback_; | |
| 172 }; | |
| 173 | |
| 174 DefaultServerBoundCertStore::DeleteAllCreatedBetweenTask:: | |
| 175 DeleteAllCreatedBetweenTask( | |
| 176 base::Time delete_begin, | |
| 177 base::Time delete_end, | |
| 178 const base::Closure& callback) | |
| 179 : delete_begin_(delete_begin), | |
| 180 delete_end_(delete_end), | |
| 181 callback_(callback) { | |
| 182 } | |
| 183 | |
| 184 DefaultServerBoundCertStore::DeleteAllCreatedBetweenTask:: | |
| 185 ~DeleteAllCreatedBetweenTask() { | |
| 186 } | |
| 187 | |
| 188 void DefaultServerBoundCertStore::DeleteAllCreatedBetweenTask::Run( | |
| 189 DefaultServerBoundCertStore* store) { | |
| 190 store->SyncDeleteAllCreatedBetween(delete_begin_, delete_end_); | |
| 191 | |
| 192 InvokeCallback(callback_); | |
| 193 } | |
| 194 | |
| 195 // -------------------------------------------------------------------------- | |
| 196 // GetAllServerBoundCertsTask | |
| 197 class DefaultServerBoundCertStore::GetAllServerBoundCertsTask | |
| 198 : public DefaultServerBoundCertStore::Task { | |
| 199 public: | |
| 200 explicit GetAllServerBoundCertsTask(const GetCertListCallback& callback); | |
| 201 virtual ~GetAllServerBoundCertsTask(); | |
| 202 virtual void Run(DefaultServerBoundCertStore* store) OVERRIDE; | |
| 203 | |
| 204 private: | |
| 205 std::string server_identifier_; | |
| 206 GetCertListCallback callback_; | |
| 207 }; | |
| 208 | |
| 209 DefaultServerBoundCertStore::GetAllServerBoundCertsTask:: | |
| 210 GetAllServerBoundCertsTask(const GetCertListCallback& callback) | |
| 211 : callback_(callback) { | |
| 212 } | |
| 213 | |
| 214 DefaultServerBoundCertStore::GetAllServerBoundCertsTask:: | |
| 215 ~GetAllServerBoundCertsTask() { | |
| 216 } | |
| 217 | |
| 218 void DefaultServerBoundCertStore::GetAllServerBoundCertsTask::Run( | |
| 219 DefaultServerBoundCertStore* store) { | |
| 220 ServerBoundCertList cert_list; | |
| 221 store->SyncGetAllServerBoundCerts(&cert_list); | |
| 222 | |
| 223 InvokeCallback(base::Bind(callback_, cert_list)); | |
| 224 } | |
| 225 | |
| 226 // -------------------------------------------------------------------------- | |
| 227 // DefaultServerBoundCertStore | |
| 228 | |
| 229 // static | |
| 230 const size_t DefaultServerBoundCertStore::kMaxCerts = 3300; | |
| 231 | |
| 232 DefaultServerBoundCertStore::DefaultServerBoundCertStore( | |
| 233 PersistentStore* store) | |
| 234 : initialized_(false), | |
| 235 loaded_(false), | |
| 236 store_(store), | |
| 237 ALLOW_THIS_IN_INITIALIZER_LIST(weak_ptr_factory_(this)) {} | |
| 238 | |
| 239 void DefaultServerBoundCertStore::FlushStore( | |
| 240 const base::Closure& completion_task) { | |
| 241 DCHECK(CalledOnValidThread()); | |
| 242 | |
| 243 if (initialized_ && store_) | |
| 244 store_->Flush(completion_task); | |
| 245 else if (!completion_task.is_null()) | |
| 246 MessageLoop::current()->PostTask(FROM_HERE, completion_task); | |
| 247 } | |
| 248 | |
| 249 bool DefaultServerBoundCertStore::GetServerBoundCert( | |
| 250 const std::string& server_identifier, | |
| 251 SSLClientCertType* type, | |
| 252 base::Time* expiration_time, | |
| 253 std::string* private_key_result, | |
| 254 std::string* cert_result, | |
| 255 const GetCertCallback& callback) { | |
| 256 DCHECK(CalledOnValidThread()); | |
| 257 InitIfNecessary(); | |
| 258 | |
| 259 if (!loaded_) { | |
| 260 EnqueueTask(scoped_ptr<Task>( | |
| 261 new GetServerBoundCertTask(server_identifier, callback))); | |
| 262 return false; | |
| 263 } | |
| 264 | |
| 265 ServerBoundCertMap::iterator it = server_bound_certs_.find(server_identifier); | |
| 266 | |
| 267 if (it == server_bound_certs_.end()) { | |
| 268 *type = CLIENT_CERT_INVALID_TYPE; | |
| 269 return true; | |
| 270 } | |
| 271 | |
| 272 ServerBoundCert* cert = it->second; | |
| 273 *type = cert->type(); | |
| 274 *expiration_time = cert->expiration_time(); | |
| 275 *private_key_result = cert->private_key(); | |
| 276 *cert_result = cert->cert(); | |
| 277 | |
| 278 return true; | |
| 279 } | |
| 280 | |
| 281 void DefaultServerBoundCertStore::SetServerBoundCert( | |
| 282 const std::string& server_identifier, | |
| 283 SSLClientCertType type, | |
| 284 base::Time creation_time, | |
| 285 base::Time expiration_time, | |
| 286 const std::string& private_key, | |
| 287 const std::string& cert) { | |
| 288 RunOrEnqueueTask(scoped_ptr<Task>(new SetServerBoundCertTask( | |
| 289 server_identifier, type, creation_time, expiration_time, private_key, | |
| 290 cert))); | |
| 291 } | |
| 292 | |
| 293 void DefaultServerBoundCertStore::DeleteServerBoundCert( | |
| 294 const std::string& server_identifier, | |
| 295 const base::Closure& callback) { | |
| 296 RunOrEnqueueTask(scoped_ptr<Task>( | |
| 297 new DeleteServerBoundCertTask(server_identifier, callback))); | |
| 298 } | |
| 299 | |
| 300 void DefaultServerBoundCertStore::DeleteAllCreatedBetween( | |
| 301 base::Time delete_begin, | |
| 302 base::Time delete_end, | |
| 303 const base::Closure& callback) { | |
| 304 RunOrEnqueueTask(scoped_ptr<Task>( | |
| 305 new DeleteAllCreatedBetweenTask(delete_begin, delete_end, callback))); | |
| 306 } | |
| 307 | |
| 308 void DefaultServerBoundCertStore::DeleteAll( | |
| 309 const base::Closure& callback) { | |
| 310 DeleteAllCreatedBetween(base::Time(), base::Time(), callback); | |
| 311 } | |
| 312 | |
| 313 void DefaultServerBoundCertStore::GetAllServerBoundCerts( | |
| 314 const GetCertListCallback& callback) { | |
| 315 RunOrEnqueueTask(scoped_ptr<Task>(new GetAllServerBoundCertsTask(callback))); | |
| 316 } | |
| 317 | |
| 318 int DefaultServerBoundCertStore::GetCertCount() { | |
| 319 DCHECK(CalledOnValidThread()); | |
| 320 | |
| 321 return server_bound_certs_.size(); | |
| 322 } | |
| 323 | |
| 324 void DefaultServerBoundCertStore::SetForceKeepSessionState() { | |
| 325 DCHECK(CalledOnValidThread()); | |
| 326 InitIfNecessary(); | |
| 327 | |
| 328 if (store_) | |
| 329 store_->SetForceKeepSessionState(); | |
| 330 } | |
| 331 | |
| 332 DefaultServerBoundCertStore::~DefaultServerBoundCertStore() { | |
| 333 DeleteAllInMemory(); | |
| 334 } | |
| 335 | |
| 336 void DefaultServerBoundCertStore::DeleteAllInMemory() { | |
| 337 DCHECK(CalledOnValidThread()); | |
| 338 | |
| 339 for (ServerBoundCertMap::iterator it = server_bound_certs_.begin(); | |
| 340 it != server_bound_certs_.end(); ++it) { | |
| 341 delete it->second; | |
| 342 } | |
| 343 server_bound_certs_.clear(); | |
| 344 } | |
| 345 | |
| 346 void DefaultServerBoundCertStore::InitStore() { | |
| 347 DCHECK(CalledOnValidThread()); | |
| 348 DCHECK(store_) << "Store must exist to initialize"; | |
| 349 DCHECK(!loaded_); | |
| 350 | |
| 351 store_->Load(base::Bind(&DefaultServerBoundCertStore::OnLoaded, | |
| 352 weak_ptr_factory_.GetWeakPtr())); | |
| 353 } | |
| 354 | |
| 355 void DefaultServerBoundCertStore::OnLoaded( | |
| 356 scoped_ptr<ScopedVector<ServerBoundCert> > certs) { | |
| 357 DCHECK(CalledOnValidThread()); | |
| 358 | |
| 359 for (std::vector<ServerBoundCert*>::const_iterator it = certs->begin(); | |
| 360 it != certs->end(); ++it) { | |
| 361 DCHECK(server_bound_certs_.find((*it)->server_identifier()) == | |
| 362 server_bound_certs_.end()); | |
| 363 server_bound_certs_[(*it)->server_identifier()] = *it; | |
| 364 } | |
| 365 certs->weak_clear(); | |
| 366 | |
| 367 loaded_ = true; | |
| 368 | |
| 369 base::TimeDelta wait_time; | |
| 370 if (!waiting_tasks_.empty()) | |
| 371 wait_time = base::TimeTicks::Now() - waiting_tasks_start_time_; | |
| 372 DVLOG(1) << "Task delay " << wait_time.InMilliseconds(); | |
| 373 UMA_HISTOGRAM_CUSTOM_TIMES("DomainBoundCerts.TaskMaxWaitTime", | |
| 374 wait_time, | |
| 375 base::TimeDelta::FromMilliseconds(1), | |
| 376 base::TimeDelta::FromMinutes(1), | |
| 377 50); | |
| 378 UMA_HISTOGRAM_COUNTS_100("DomainBoundCerts.TaskWaitCount", | |
| 379 waiting_tasks_.size()); | |
| 380 | |
| 381 | |
| 382 for (ScopedVector<Task>::iterator i = waiting_tasks_.begin(); | |
| 383 i != waiting_tasks_.end(); ++i) | |
| 384 (*i)->Run(this); | |
| 385 waiting_tasks_.clear(); | |
| 386 } | |
| 387 | |
| 388 void DefaultServerBoundCertStore::SyncSetServerBoundCert( | |
| 389 const std::string& server_identifier, | |
| 390 SSLClientCertType type, | |
| 391 base::Time creation_time, | |
| 392 base::Time expiration_time, | |
| 393 const std::string& private_key, | |
| 394 const std::string& cert) { | |
| 395 DCHECK(CalledOnValidThread()); | |
| 396 DCHECK(loaded_); | |
| 397 | |
| 398 InternalDeleteServerBoundCert(server_identifier); | |
| 399 InternalInsertServerBoundCert( | |
| 400 server_identifier, | |
| 401 new ServerBoundCert( | |
| 402 server_identifier, type, creation_time, expiration_time, private_key, | |
| 403 cert)); | |
| 404 } | |
| 405 | |
| 406 void DefaultServerBoundCertStore::SyncDeleteServerBoundCert( | |
| 407 const std::string& server_identifier) { | |
| 408 DCHECK(CalledOnValidThread()); | |
| 409 DCHECK(loaded_); | |
| 410 InternalDeleteServerBoundCert(server_identifier); | |
| 411 } | |
| 412 | |
| 413 void DefaultServerBoundCertStore::SyncDeleteAllCreatedBetween( | |
| 414 base::Time delete_begin, | |
| 415 base::Time delete_end) { | |
| 416 DCHECK(CalledOnValidThread()); | |
| 417 DCHECK(loaded_); | |
| 418 for (ServerBoundCertMap::iterator it = server_bound_certs_.begin(); | |
| 419 it != server_bound_certs_.end();) { | |
| 420 ServerBoundCertMap::iterator cur = it; | |
| 421 ++it; | |
| 422 ServerBoundCert* cert = cur->second; | |
| 423 if ((delete_begin.is_null() || cert->creation_time() >= delete_begin) && | |
| 424 (delete_end.is_null() || cert->creation_time() < delete_end)) { | |
| 425 if (store_) | |
| 426 store_->DeleteServerBoundCert(*cert); | |
| 427 delete cert; | |
| 428 server_bound_certs_.erase(cur); | |
| 429 } | |
| 430 } | |
| 431 } | |
| 432 | |
| 433 void DefaultServerBoundCertStore::SyncGetAllServerBoundCerts( | |
| 434 ServerBoundCertList* cert_list) { | |
| 435 DCHECK(CalledOnValidThread()); | |
| 436 DCHECK(loaded_); | |
| 437 for (ServerBoundCertMap::iterator it = server_bound_certs_.begin(); | |
| 438 it != server_bound_certs_.end(); ++it) | |
| 439 cert_list->push_back(*it->second); | |
| 440 } | |
| 441 | |
| 442 void DefaultServerBoundCertStore::EnqueueTask(scoped_ptr<Task> task) { | |
| 443 DCHECK(CalledOnValidThread()); | |
| 444 DCHECK(!loaded_); | |
| 445 if (waiting_tasks_.empty()) | |
| 446 waiting_tasks_start_time_ = base::TimeTicks::Now(); | |
| 447 waiting_tasks_.push_back(task.release()); | |
| 448 } | |
| 449 | |
| 450 void DefaultServerBoundCertStore::RunOrEnqueueTask(scoped_ptr<Task> task) { | |
| 451 DCHECK(CalledOnValidThread()); | |
| 452 InitIfNecessary(); | |
| 453 | |
| 454 if (!loaded_) { | |
| 455 EnqueueTask(task.Pass()); | |
| 456 return; | |
| 457 } | |
| 458 | |
| 459 task->Run(this); | |
| 460 } | |
| 461 | |
| 462 void DefaultServerBoundCertStore::InternalDeleteServerBoundCert( | |
| 463 const std::string& server_identifier) { | |
| 464 DCHECK(CalledOnValidThread()); | |
| 465 DCHECK(loaded_); | |
| 466 | |
| 467 ServerBoundCertMap::iterator it = server_bound_certs_.find(server_identifier); | |
| 468 if (it == server_bound_certs_.end()) | |
| 469 return; // There is nothing to delete. | |
| 470 | |
| 471 ServerBoundCert* cert = it->second; | |
| 472 if (store_) | |
| 473 store_->DeleteServerBoundCert(*cert); | |
| 474 server_bound_certs_.erase(it); | |
| 475 delete cert; | |
| 476 } | |
| 477 | |
| 478 void DefaultServerBoundCertStore::InternalInsertServerBoundCert( | |
| 479 const std::string& server_identifier, | |
| 480 ServerBoundCert* cert) { | |
| 481 DCHECK(CalledOnValidThread()); | |
| 482 DCHECK(loaded_); | |
| 483 | |
| 484 if (store_) | |
| 485 store_->AddServerBoundCert(*cert); | |
| 486 server_bound_certs_[server_identifier] = cert; | |
| 487 } | |
| 488 | |
| 489 DefaultServerBoundCertStore::PersistentStore::PersistentStore() {} | |
| 490 | |
| 491 DefaultServerBoundCertStore::PersistentStore::~PersistentStore() {} | |
| 492 | |
| 493 } // namespace net | |
| OLD | NEW |
|---|
Chromium Code Reviews
Issue 12680003:
net: split net/ssl out of net/base (Closed)
Base URL: svn://svn.chromium.org/chrome/trunk/src