OLD | NEW |
1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. | 1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. |
2 // Use of this source code is governed by a BSD-style license that can be | 2 // Use of this source code is governed by a BSD-style license that can be |
3 // found in the LICENSE file. | 3 // found in the LICENSE file. |
4 | 4 |
5 #include "net/cert/multi_threaded_cert_verifier.h" | 5 #include "net/cert/multi_threaded_cert_verifier.h" |
6 | 6 |
7 #include <algorithm> | 7 #include <algorithm> |
8 #include <utility> | 8 #include <utility> |
9 | 9 |
10 #include "base/bind.h" | 10 #include "base/bind.h" |
(...skipping 100 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
111 | 111 |
112 return std::move(results); | 112 return std::move(results); |
113 } | 113 } |
114 | 114 |
115 } // namespace | 115 } // namespace |
116 | 116 |
117 MultiThreadedCertVerifier::CachedResult::CachedResult() : error(ERR_FAILED) {} | 117 MultiThreadedCertVerifier::CachedResult::CachedResult() : error(ERR_FAILED) {} |
118 | 118 |
119 MultiThreadedCertVerifier::CachedResult::~CachedResult() {} | 119 MultiThreadedCertVerifier::CachedResult::~CachedResult() {} |
120 | 120 |
| 121 bool MultiThreadedCertVerifier::CachedResult::Persist( |
| 122 base::Pickle* pickle) const { |
| 123 return pickle->WriteInt(error) && result.Persist(pickle); |
| 124 } |
| 125 |
| 126 // static |
| 127 bool MultiThreadedCertVerifier::CachedResult::CreateFromPickle( |
| 128 base::PickleIterator* iter, |
| 129 CachedResult* cached_result) { |
| 130 return iter->ReadInt(&cached_result->error) && |
| 131 CertVerifyResult::CreateFromPickle(iter, &cached_result->result); |
| 132 } |
| 133 |
121 MultiThreadedCertVerifier::CacheValidityPeriod::CacheValidityPeriod( | 134 MultiThreadedCertVerifier::CacheValidityPeriod::CacheValidityPeriod( |
122 const base::Time& now) | 135 const base::Time& now) |
123 : verification_time(now), | 136 : verification_time(now), |
124 expiration_time(now) { | 137 expiration_time(now) { |
125 } | 138 } |
126 | 139 |
127 MultiThreadedCertVerifier::CacheValidityPeriod::CacheValidityPeriod( | 140 MultiThreadedCertVerifier::CacheValidityPeriod::CacheValidityPeriod( |
128 const base::Time& now, | 141 const base::Time& now, |
129 const base::Time& expiration) | 142 const base::Time& expiration) |
130 : verification_time(now), | 143 : verification_time(now), |
131 expiration_time(expiration) { | 144 expiration_time(expiration) { |
132 } | 145 } |
133 | 146 |
| 147 bool MultiThreadedCertVerifier::CacheValidityPeriod::Persist( |
| 148 base::Pickle* pickle) const { |
| 149 return pickle->WriteInt64(verification_time.ToInternalValue()) && |
| 150 pickle->WriteInt64(expiration_time.ToInternalValue()); |
| 151 } |
| 152 |
| 153 // static |
| 154 bool MultiThreadedCertVerifier::CacheValidityPeriod::CreateFromPickle( |
| 155 base::PickleIterator* iter, |
| 156 CacheValidityPeriod* valid_period) { |
| 157 int64_t verification; |
| 158 int64_t expiration; |
| 159 if ((!iter->ReadInt64(&verification)) || (!iter->ReadInt64(&expiration))) |
| 160 return false; |
| 161 valid_period->verification_time = base::Time::FromInternalValue(verification); |
| 162 valid_period->expiration_time = base::Time::FromInternalValue(expiration); |
| 163 return true; |
| 164 } |
| 165 |
134 bool MultiThreadedCertVerifier::CacheExpirationFunctor::operator()( | 166 bool MultiThreadedCertVerifier::CacheExpirationFunctor::operator()( |
135 const CacheValidityPeriod& now, | 167 const CacheValidityPeriod& now, |
136 const CacheValidityPeriod& expiration) const { | 168 const CacheValidityPeriod& expiration) const { |
137 // Ensure this functor is being used for expiration only, and not strict | 169 // Ensure this functor is being used for expiration only, and not strict |
138 // weak ordering/sorting. |now| should only ever contain a single | 170 // weak ordering/sorting. |now| should only ever contain a single |
139 // base::Time. | 171 // base::Time. |
140 // Note: DCHECK_EQ is not used due to operator<< overloading requirements. | 172 // Note: DCHECK_EQ is not used due to operator<< overloading requirements. |
141 DCHECK(now.verification_time == now.expiration_time); | 173 DCHECK(now.verification_time == now.expiration_time); |
142 | 174 |
143 // |now| contains only a single time (verification_time), while |expiration| | 175 // |now| contains only a single time (verification_time), while |expiration| |
(...skipping 349 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
493 hash_values.push_back(ocsp_hash); | 525 hash_values.push_back(ocsp_hash); |
494 hash_values.push_back(cert_fingerprint_arg); | 526 hash_values.push_back(cert_fingerprint_arg); |
495 hash_values.push_back(ca_fingerprint_arg); | 527 hash_values.push_back(ca_fingerprint_arg); |
496 for (size_t i = 0; i < additional_trust_anchors.size(); ++i) | 528 for (size_t i = 0; i < additional_trust_anchors.size(); ++i) |
497 hash_values.push_back(additional_trust_anchors[i]->fingerprint()); | 529 hash_values.push_back(additional_trust_anchors[i]->fingerprint()); |
498 } | 530 } |
499 | 531 |
500 MultiThreadedCertVerifier::RequestParams::RequestParams( | 532 MultiThreadedCertVerifier::RequestParams::RequestParams( |
501 const RequestParams& other) = default; | 533 const RequestParams& other) = default; |
502 | 534 |
| 535 MultiThreadedCertVerifier::RequestParams::RequestParams() {} |
| 536 |
503 MultiThreadedCertVerifier::RequestParams::~RequestParams() {} | 537 MultiThreadedCertVerifier::RequestParams::~RequestParams() {} |
504 | 538 |
| 539 bool MultiThreadedCertVerifier::RequestParams::Persist( |
| 540 base::Pickle* pickle) const { |
| 541 if (!pickle->WriteString(hostname) || !pickle->WriteInt(flags) || |
| 542 !pickle->WriteInt64(start_time.ToInternalValue()) || |
| 543 !pickle->WriteUInt64(hash_values.size())) { |
| 544 return false; |
| 545 } |
| 546 for (const SHA1HashValue& value : hash_values) { |
| 547 if (!value.Persist(pickle)) |
| 548 return false; |
| 549 } |
| 550 return true; |
| 551 } |
| 552 |
| 553 // static |
| 554 bool MultiThreadedCertVerifier::RequestParams::CreateFromPickle( |
| 555 base::PickleIterator* iter, |
| 556 MultiThreadedCertVerifier::RequestParams* request_param) { |
| 557 int64_t start_time; |
| 558 uint64_t hash_values_size; |
| 559 if (!iter->ReadString(&request_param->hostname) || |
| 560 !iter->ReadInt(&request_param->flags) || !iter->ReadInt64(&start_time) || |
| 561 !iter->ReadUInt64(&hash_values_size)) { |
| 562 return false; |
| 563 } |
| 564 request_param->start_time = base::Time::FromInternalValue(start_time); |
| 565 |
| 566 request_param->hash_values.resize(hash_values_size); |
| 567 for (uint64_t index = 0u; index < hash_values_size; ++index) { |
| 568 if (!SHA1HashValue::CreateFromPickle(iter, |
| 569 &request_param->hash_values[index])) |
| 570 return false; |
| 571 } |
| 572 return true; |
| 573 } |
| 574 |
505 bool MultiThreadedCertVerifier::RequestParams::operator<( | 575 bool MultiThreadedCertVerifier::RequestParams::operator<( |
506 const RequestParams& other) const { | 576 const RequestParams& other) const { |
507 // |flags| is compared before |cert_fingerprint|, |ca_fingerprint|, | 577 // |flags| is compared before |cert_fingerprint|, |ca_fingerprint|, |
508 // |hostname|, and |ocsp_response|, under assumption that integer comparisons | 578 // |hostname|, and |ocsp_response|, under assumption that integer comparisons |
509 // are faster than memory and string comparisons. | 579 // are faster than memory and string comparisons. |
510 if (flags != other.flags) | 580 if (flags != other.flags) |
511 return flags < other.flags; | 581 return flags < other.flags; |
512 if (hostname != other.hostname) | 582 if (hostname != other.hostname) |
513 return hostname < other.hostname; | 583 return hostname < other.hostname; |
514 return std::lexicographical_compare( | 584 return std::lexicographical_compare( |
(...skipping 34 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
549 // was corrected after validation, if the cache validity period was | 619 // was corrected after validation, if the cache validity period was |
550 // computed at the end of validation, it would continue to serve an | 620 // computed at the end of validation, it would continue to serve an |
551 // invalid result for kTTLSecs. | 621 // invalid result for kTTLSecs. |
552 const base::Time start_time = key.start_time; | 622 const base::Time start_time = key.start_time; |
553 cache_.Put( | 623 cache_.Put( |
554 key, result, CacheValidityPeriod(start_time), | 624 key, result, CacheValidityPeriod(start_time), |
555 CacheValidityPeriod(start_time, | 625 CacheValidityPeriod(start_time, |
556 start_time + base::TimeDelta::FromSeconds(kTTLSecs))); | 626 start_time + base::TimeDelta::FromSeconds(kTTLSecs))); |
557 } | 627 } |
558 | 628 |
| 629 bool MultiThreadedCertVerifier::SerializeCache(base::Pickle* pickle) { |
| 630 if (!pickle->WriteUInt64(cache_.size())) |
| 631 return false; |
| 632 for (CertVerifierCache::Iterator it(cache_); it.HasNext(); it.Advance()) { |
| 633 const RequestParams& key = it.key(); |
| 634 const CachedResult& result = it.value(); |
| 635 const CacheValidityPeriod& expiration = it.expiration(); |
| 636 if (!key.Persist(pickle) || !result.Persist(pickle) || |
| 637 !expiration.Persist(pickle)) { |
| 638 return false; |
| 639 } |
| 640 } |
| 641 return true; |
| 642 } |
| 643 |
| 644 // static |
| 645 bool MultiThreadedCertVerifier::CreateFromPickle( |
| 646 base::PickleIterator* iter, |
| 647 MultiThreadedCertVerifier* cert_verifier) { |
| 648 uint64_t cache_size; |
| 649 if (!iter->ReadUInt64(&cache_size) || cache_size > kMaxCacheEntries) |
| 650 return false; |
| 651 for (uint64_t index = 0u; index < cache_size; ++index) { |
| 652 RequestParams key; |
| 653 CachedResult result; |
| 654 CacheValidityPeriod expiration(base::Time::Now()); |
| 655 if ((!MultiThreadedCertVerifier::RequestParams::CreateFromPickle(iter, |
| 656 &key)) || |
| 657 (!MultiThreadedCertVerifier::CachedResult::CreateFromPickle(iter, |
| 658 &result)) || |
| 659 (!MultiThreadedCertVerifier::CacheValidityPeriod::CreateFromPickle( |
| 660 iter, &expiration))) { |
| 661 return false; |
| 662 } |
| 663 cert_verifier->cache_.Put(key, result, CacheValidityPeriod(key.start_time), |
| 664 expiration); |
| 665 } |
| 666 return true; |
| 667 } |
| 668 |
559 scoped_ptr<CertVerifierJob> MultiThreadedCertVerifier::RemoveJob( | 669 scoped_ptr<CertVerifierJob> MultiThreadedCertVerifier::RemoveJob( |
560 CertVerifierJob* job) { | 670 CertVerifierJob* job) { |
561 DCHECK(CalledOnValidThread()); | 671 DCHECK(CalledOnValidThread()); |
562 bool erased_job = inflight_.erase(job) == 1; | 672 bool erased_job = inflight_.erase(job) == 1; |
563 DCHECK(erased_job); | 673 DCHECK(erased_job); |
564 return make_scoped_ptr(job); | 674 return make_scoped_ptr(job); |
565 } | 675 } |
566 | 676 |
567 void MultiThreadedCertVerifier::OnCACertChanged( | 677 void MultiThreadedCertVerifier::OnCACertChanged( |
568 const X509Certificate* cert) { | 678 const X509Certificate* cert) { |
(...skipping 15 matching lines...) Expand all Loading... |
584 // The JobSet is kept in sorted order so items can be found using binary | 694 // The JobSet is kept in sorted order so items can be found using binary |
585 // search. | 695 // search. |
586 auto it = std::lower_bound(inflight_.begin(), inflight_.end(), key, | 696 auto it = std::lower_bound(inflight_.begin(), inflight_.end(), key, |
587 JobToRequestParamsComparator()); | 697 JobToRequestParamsComparator()); |
588 if (it != inflight_.end() && !(key < (*it)->key())) | 698 if (it != inflight_.end() && !(key < (*it)->key())) |
589 return *it; | 699 return *it; |
590 return nullptr; | 700 return nullptr; |
591 } | 701 } |
592 | 702 |
593 } // namespace net | 703 } // namespace net |
594 | |
OLD | NEW |