| OLD | NEW |
|---|
| (Empty) | |
| 1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. |
| 2 // Use of this source code is governed by a BSD-style license that can be |
| 3 // found in the LICENSE file. |
| 4 |
| 5 #ifndef NET_SOCKET_SSL_HOST_INFO_H_ |
| 6 #define NET_SOCKET_SSL_HOST_INFO_H_ |
| 7 |
| 8 #include <string> |
| 9 #include <vector> |
| 10 |
| 11 #include "base/memory/ref_counted.h" |
| 12 #include "base/memory/weak_ptr.h" |
| 13 #include "base/time/time.h" |
| 14 #include "net/base/completion_callback.h" |
| 15 #include "net/base/net_export.h" |
| 16 #include "net/cert/cert_verifier.h" |
| 17 #include "net/cert/cert_verify_result.h" |
| 18 #include "net/cert/single_request_cert_verifier.h" |
| 19 #include "net/socket/ssl_client_socket.h" |
| 20 |
| 21 namespace net { |
| 22 |
| 23 class X509Certificate; |
| 24 struct SSLConfig; |
| 25 |
| 26 // SSLHostInfo is an interface for fetching information about an SSL server. |
| 27 // This information may be stored on disk so does not include keys or session |
| 28 // information etc. Primarily it's intended for caching the server's |
| 29 // certificates. |
| 30 class NET_EXPORT_PRIVATE SSLHostInfo { |
| 31 public: |
| 32 SSLHostInfo(const std::string& hostname, |
| 33 const SSLConfig& ssl_config, |
| 34 CertVerifier* certVerifier); |
| 35 virtual ~SSLHostInfo(); |
| 36 |
| 37 // Start will commence the lookup. This must be called before any other |
| 38 // methods. By opportunistically calling this early, it may be possible to |
| 39 // overlap this object's lookup and reduce latency. |
| 40 virtual void Start() = 0; |
| 41 |
| 42 // WaitForDataReady returns OK if the fetch of the requested data has |
| 43 // completed. Otherwise it returns ERR_IO_PENDING and will call |callback| on |
| 44 // the current thread when ready. |
| 45 // |
| 46 // Only a single callback can be outstanding at a given time and, in the |
| 47 // event that WaitForDataReady returns OK, it's the caller's responsibility |
| 48 // to delete |callback|. |
| 49 // |
| 50 // |callback| may be NULL, in which case ERR_IO_PENDING may still be returned |
| 51 // but, obviously, a callback will never be made. |
| 52 virtual int WaitForDataReady(const CompletionCallback& callback) = 0; |
| 53 |
| 54 // Persist allows for the host information to be updated for future users. |
| 55 // This is a fire and forget operation: the caller may drop its reference |
| 56 // from this object and the store operation will still complete. This can |
| 57 // only be called once WaitForDataReady has returned OK or called its |
| 58 // callback. |
| 59 virtual void Persist() = 0; |
| 60 |
| 61 struct State { |
| 62 State(); |
| 63 ~State(); |
| 64 |
| 65 void Clear(); |
| 66 |
| 67 // certs is a vector of DER encoded X.509 certificates, as the server |
| 68 // returned them and in the same order. |
| 69 std::vector<std::string> certs; |
| 70 |
| 71 private: |
| 72 DISALLOW_COPY_AND_ASSIGN(State); |
| 73 }; |
| 74 |
| 75 // Once the data is ready, it can be read using the following members. These |
| 76 // members can then be updated before calling |Persist|. |
| 77 const State& state() const; |
| 78 State* mutable_state(); |
| 79 |
| 80 // If WaitForCertVerification reports the certificate verification has |
| 81 // completed, then this contains the result of verifying the certificate. |
| 82 const CertVerifyResult& cert_verify_result() const; |
| 83 |
| 84 // WaitForCertVerification returns ERR_IO_PENDING if the certificate chain in |
| 85 // |state().certs| is still being validated and arranges for the given |
| 86 // callback to be called when the verification completes. If the verification |
| 87 // has already finished then WaitForCertVerification returns the result of |
| 88 // that verification. |
| 89 int WaitForCertVerification(const CompletionCallback& callback); |
| 90 |
| 91 base::TimeTicks verification_start_time() const { |
| 92 return verification_start_time_; |
| 93 } |
| 94 |
| 95 base::TimeTicks verification_end_time() const { |
| 96 return verification_end_time_; |
| 97 } |
| 98 |
| 99 protected: |
| 100 // Parse parses an opaque blob of data and fills out the public member fields |
| 101 // of this object. It returns true iff the parse was successful. The public |
| 102 // member fields will be set to something sane in any case. |
| 103 bool Parse(const std::string& data); |
| 104 std::string Serialize() const; |
| 105 State state_; |
| 106 bool cert_verification_complete_; |
| 107 int cert_verification_error_; |
| 108 |
| 109 private: |
| 110 // This is the callback function which the CertVerifier calls via |callback_|. |
| 111 void VerifyCallback(int rv); |
| 112 |
| 113 // ParseInner is a helper function for Parse. |
| 114 bool ParseInner(const std::string& data); |
| 115 |
| 116 // This is the hostname that we'll validate the certificates against. |
| 117 const std::string hostname_; |
| 118 bool cert_parsing_failed_; |
| 119 CompletionCallback cert_verification_callback_; |
| 120 // These three members are taken from the SSLConfig. |
| 121 bool rev_checking_enabled_; |
| 122 bool verify_ev_cert_; |
| 123 base::TimeTicks verification_start_time_; |
| 124 base::TimeTicks verification_end_time_; |
| 125 CertVerifyResult cert_verify_result_; |
| 126 SingleRequestCertVerifier verifier_; |
| 127 scoped_refptr<X509Certificate> cert_; |
| 128 base::WeakPtrFactory<SSLHostInfo> weak_factory_; |
| 129 base::TimeTicks cert_verification_finished_time_; |
| 130 }; |
| 131 |
| 132 class SSLHostInfoFactory { |
| 133 public: |
| 134 virtual ~SSLHostInfoFactory(); |
| 135 |
| 136 // GetForHost returns a fresh, allocated SSLHostInfo for the given hostname |
| 137 // or NULL on failure. |
| 138 virtual SSLHostInfo* GetForHost(const std::string& hostname, |
| 139 const SSLConfig& ssl_config) = 0; |
| 140 }; |
| 141 |
| 142 } // namespace net |
| 143 |
| 144 #endif // NET_SOCKET_SSL_HOST_INFO_H_ |
| OLD | NEW |
|---|
Chromium Code Reviews
Issue 135373002:
Added SSLHostInfo. Storing of server host info to our standard disk cache. (Closed)
Base URL: svn://svn.chromium.org/chrome/trunk/src