net/base/cert_verifier.cc - Issue 14915: Move certificate verification off the IO thread....

Side by Side Diff: net/base/cert_verifier.cc

Issue 14915: Move certificate verification off the IO thread.... (Closed) Base URL: svn://chrome-svn/chrome/trunk/src/

Patch Set: '' Created 11 years, 10 months ago

Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.

Jump to:

View unified diff | Download patch | Annotate | Revision Log

OLD	NEW
1 // Copyright (c) 2008 The Chromium Authors. All rights reserved.	1 // Copyright (c) 2008 The Chromium Authors. All rights reserved.

2 // Use of this source code is governed by a BSD-style license that can be	2 // Use of this source code is governed by a BSD-style license that can be

3 // found in the LICENSE file.	3 // found in the LICENSE file.

4	4

5 #include "net/base/cert_verifier.h"	5 #include "net/base/cert_verifier.h"

6	6

7 #include "base/message_loop.h"	7 #include "base/message_loop.h"

8 #include "base/worker_pool.h"	8 #include "base/worker_pool.h"

	9 #include "net/base/cert_verify_result.h"

9 #include "net/base/net_errors.h"	10 #include "net/base/net_errors.h"

10 #include "net/base/x509_certificate.h"	11 #include "net/base/x509_certificate.h"

11	12

12 namespace net {	13 namespace net {

13	14

14 class CertVerifier::Request :	15 class CertVerifier::Request :

15 public base::RefCountedThreadSafe<CertVerifier::Request> {	16 public base::RefCountedThreadSafe<CertVerifier::Request> {

16 public:	17 public:

17 Request(CertVerifier* verifier,	18 Request(CertVerifier* verifier,

18 X509Certificate* cert,	19 X509Certificate* cert,

19 const std::string& hostname,	20 const std::string& hostname,

20 bool rev_checking_enabled,	21 bool rev_checking_enabled,

21 int* cert_status,	22 CertVerifyResult* verify_result,

22 CompletionCallback* callback)	23 CompletionCallback* callback)

23 : cert_(cert),	24 : cert_(cert),

24 hostname_(hostname),	25 hostname_(hostname),

25 rev_checking_enabled_(rev_checking_enabled),	26 rev_checking_enabled_(rev_checking_enabled),

26 verifier_(verifier),	27 verifier_(verifier),

27 cert_status_(cert_status),	28 verify_result_(verify_result),

28 callback_(callback),	29 callback_(callback),

29 origin_loop_(MessageLoop::current()),	30 origin_loop_(MessageLoop::current()),

30 error_(OK),	31 error_(OK) {

31 result_(0) {

32 }	32 }

33	33

34 ~Request() {}	34 ~Request() {}

35	35

36 void DoVerify() {	36 void DoVerify() {

37 // Running on the worker thread	37 // Running on the worker thread

38 error_ = cert_->Verify(hostname_, rev_checking_enabled_, &result_);	38 error_ = cert_->Verify(hostname_, rev_checking_enabled_, &result_);

39	39

40 Task* reply = NewRunnableMethod(this, &Request::DoCallback);	40 Task* reply = NewRunnableMethod(this, &Request::DoCallback);

41	41

42 // The origin loop could go away while we are trying to post to it, so we	42 // The origin loop could go away while we are trying to post to it, so we

43 // need to call its PostTask method inside a lock. See ~CertVerifier.	43 // need to call its PostTask method inside a lock. See ~CertVerifier.

44 {	44 {

45 AutoLock locked(origin_loop_lock_);	45 AutoLock locked(origin_loop_lock_);

46 if (origin_loop_) {	46 if (origin_loop_) {

47 origin_loop_->PostTask(FROM_HERE, reply);	47 origin_loop_->PostTask(FROM_HERE, reply);

48 reply = NULL;	48 reply = NULL;

49 }	49 }

50 }	50 }

51	51

52 // Does nothing if it got posted.	52 // Does nothing if it got posted.

53 delete reply;	53 delete reply;

54 }	54 }

55	55

56 void DoCallback() {	56 void DoCallback() {

57 // Running on the origin thread.	57 // Running on the origin thread.

58 DCHECK(error_ \|\| result_);

59	58

60 // We may have been cancelled!	59 // We may have been cancelled!

61 if (!verifier_)	60 if (!verifier_)

62 return;	61 return;

63	62

64 *cert_status_ = result_;	63 *verify_result_ = result_;

65	64

66 // Drop the verifier's reference to us. Do this before running the	65 // Drop the verifier's reference to us. Do this before running the

67 // callback since the callback might result in the verifier being	66 // callback since the callback might result in the verifier being

68 // destroyed.	67 // destroyed.

69 verifier_->request_ = NULL;	68 verifier_->request_ = NULL;

70	69

71 callback_->Run(error_);	70 callback_->Run(error_);

72 }	71 }

73	72

74 void Cancel() {	73 void Cancel() {

75 verifier_ = NULL;	74 verifier_ = NULL;

76	75

77 AutoLock locked(origin_loop_lock_);	76 AutoLock locked(origin_loop_lock_);

78 origin_loop_ = NULL;	77 origin_loop_ = NULL;

79 }	78 }

80	79

81 private:	80 private:

82 // Set on the origin thread, read on the worker thread.	81 // Set on the origin thread, read on the worker thread.

83 scoped_refptr<X509Certificate> cert_;	82 scoped_refptr<X509Certificate> cert_;

84 std::string hostname_;	83 std::string hostname_;

85 bool rev_checking_enabled_;	84 bool rev_checking_enabled_;

86	85

87 // Only used on the origin thread (where Verify was called).	86 // Only used on the origin thread (where Verify was called).

88 CertVerifier* verifier_;	87 CertVerifier* verifier_;

89 int* cert_status_;	88 CertVerifyResult* verify_result_;

90 CompletionCallback* callback_;	89 CompletionCallback* callback_;

91	90

92 // Used to post ourselves onto the origin thread.	91 // Used to post ourselves onto the origin thread.

93 Lock origin_loop_lock_;	92 Lock origin_loop_lock_;

94 MessageLoop* origin_loop_;	93 MessageLoop* origin_loop_;

95	94

96 // Assigned on the worker thread, read on the origin thread.	95 // Assigned on the worker thread, read on the origin thread.

97 int error_;	96 int error_;

98 int result_;	97 CertVerifyResult result_;

99 };	98 };

100	99

101 //-----------------------------------------------------------------------------	100 //-----------------------------------------------------------------------------

102	101

103 CertVerifier::CertVerifier() {	102 CertVerifier::CertVerifier() {

104 }	103 }

105	104

106 CertVerifier::~CertVerifier() {	105 CertVerifier::~CertVerifier() {

107 if (request_)	106 if (request_)

108 request_->Cancel();	107 request_->Cancel();

109 }	108 }

110	109

111 int CertVerifier::Verify(X509Certificate* cert,	110 int CertVerifier::Verify(X509Certificate* cert,

112 const std::string& hostname,	111 const std::string& hostname,

113 bool rev_checking_enabled,	112 bool rev_checking_enabled,

114 int* cert_status,	113 CertVerifyResult* verify_result,

115 CompletionCallback* callback) {	114 CompletionCallback* callback) {

116 DCHECK(!request_) << "verifier already in use";	115 DCHECK(!request_) << "verifier already in use";

117	116

118 // Do a synchronous verification.	117 // Do a synchronous verification.

119 if (!callback) {	118 if (!callback) {

120 int result;	119 CertVerifyResult result;

121 int rv = cert->Verify(hostname, rev_checking_enabled, &result);	120 int rv = cert->Verify(hostname, rev_checking_enabled, &result);

122 *cert_status = result;	121 *verify_result = result;

123 return rv;	122 return rv;

124 }	123 }

125	124

126 request_ = new Request(this, cert, hostname, rev_checking_enabled,	125 request_ = new Request(this, cert, hostname, rev_checking_enabled,

127 cert_status, callback);	126 verify_result, callback);

128	127

129 // Dispatch to worker thread...	128 // Dispatch to worker thread...

130 if (!WorkerPool::PostTask(FROM_HERE,	129 if (!WorkerPool::PostTask(FROM_HERE,

131 NewRunnableMethod(request_.get(), &Request::DoVerify), true)) {	130 NewRunnableMethod(request_.get(), &Request::DoVerify), true)) {

132 NOTREACHED();	131 NOTREACHED();

133 request_ = NULL;	132 request_ = NULL;

134 return ERR_FAILED;	133 return ERR_FAILED;

135 }	134 }

136	135

137 return ERR_IO_PENDING;	136 return ERR_IO_PENDING;

138 }	137 }

139	138

140 } // namespace net	139 } // namespace net

OLD	NEW

« no previous file with comments | « net/base/cert_verifier.h ('k') | net/base/cert_verify_result.h » ('j') | no next file with comments »