| OLD | NEW |
|---|
| 1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. | 1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. |
| 2 // Use of this source code is governed by a BSD-style license that can be | 2 // Use of this source code is governed by a BSD-style license that can be |
| 3 // found in the LICENSE file. | 3 // found in the LICENSE file. |
| 4 | 4 |
| 5 #include "net/cert/multi_threaded_cert_verifier.h" | 5 #include "net/cert/multi_threaded_cert_verifier.h" |
| 6 | 6 |
| 7 #include <algorithm> | 7 #include <algorithm> |
| 8 #include <utility> | 8 #include <utility> |
| 9 | 9 |
| 10 #include "base/bind.h" | 10 #include "base/bind.h" |
| (...skipping 100 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 111 | 111 |
| 112 return std::move(results); | 112 return std::move(results); |
| 113 } | 113 } |
| 114 | 114 |
| 115 } // namespace | 115 } // namespace |
| 116 | 116 |
| 117 MultiThreadedCertVerifier::CachedResult::CachedResult() : error(ERR_FAILED) {} | 117 MultiThreadedCertVerifier::CachedResult::CachedResult() : error(ERR_FAILED) {} |
| 118 | 118 |
| 119 MultiThreadedCertVerifier::CachedResult::~CachedResult() {} | 119 MultiThreadedCertVerifier::CachedResult::~CachedResult() {} |
| 120 | 120 |
| 121 bool MultiThreadedCertVerifier::CachedResult::Persist( |
| 122 base::Pickle* pickle) const { |
| 123 return pickle->WriteInt(error) && result.Persist(pickle); |
| 124 } |
| 125 |
| 126 // static |
| 127 bool MultiThreadedCertVerifier::CachedResult::CreateFromPickle( |
| 128 base::PickleIterator* iter, |
| 129 CachedResult* cached_result) { |
| 130 return iter->ReadInt(&cached_result->error) && |
| 131 CertVerifyResult::CreateFromPickle(iter, &cached_result->result); |
| 132 } |
| 133 |
| 121 MultiThreadedCertVerifier::CacheValidityPeriod::CacheValidityPeriod( | 134 MultiThreadedCertVerifier::CacheValidityPeriod::CacheValidityPeriod( |
| 122 const base::Time& now) | 135 const base::Time& now) |
| 123 : verification_time(now), | 136 : verification_time(now), |
| 124 expiration_time(now) { | 137 expiration_time(now) { |
| 125 } | 138 } |
| 126 | 139 |
| 127 MultiThreadedCertVerifier::CacheValidityPeriod::CacheValidityPeriod( | 140 MultiThreadedCertVerifier::CacheValidityPeriod::CacheValidityPeriod( |
| 128 const base::Time& now, | 141 const base::Time& now, |
| 129 const base::Time& expiration) | 142 const base::Time& expiration) |
| 130 : verification_time(now), | 143 : verification_time(now), |
| 131 expiration_time(expiration) { | 144 expiration_time(expiration) { |
| 132 } | 145 } |
| 133 | 146 |
| 147 bool MultiThreadedCertVerifier::CacheValidityPeriod::Persist( |
| 148 base::Pickle* pickle) const { |
| 149 return pickle->WriteInt64(verification_time.ToInternalValue()) && |
| 150 pickle->WriteInt64(expiration_time.ToInternalValue()); |
| 151 } |
| 152 |
| 153 // static |
| 154 bool MultiThreadedCertVerifier::CacheValidityPeriod::CreateFromPickle( |
| 155 base::PickleIterator* iter, |
| 156 CacheValidityPeriod* valid_period) { |
| 157 int64_t verification; |
| 158 int64_t expiration; |
| 159 if ((!iter->ReadInt64(&verification)) || (!iter->ReadInt64(&expiration))) |
| 160 return false; |
| 161 valid_period->verification_time = base::Time::FromInternalValue(verification); |
| 162 valid_period->expiration_time = base::Time::FromInternalValue(expiration); |
| 163 return true; |
| 164 } |
| 165 |
| 134 bool MultiThreadedCertVerifier::CacheExpirationFunctor::operator()( | 166 bool MultiThreadedCertVerifier::CacheExpirationFunctor::operator()( |
| 135 const CacheValidityPeriod& now, | 167 const CacheValidityPeriod& now, |
| 136 const CacheValidityPeriod& expiration) const { | 168 const CacheValidityPeriod& expiration) const { |
| 137 // Ensure this functor is being used for expiration only, and not strict | 169 // Ensure this functor is being used for expiration only, and not strict |
| 138 // weak ordering/sorting. |now| should only ever contain a single | 170 // weak ordering/sorting. |now| should only ever contain a single |
| 139 // base::Time. | 171 // base::Time. |
| 140 // Note: DCHECK_EQ is not used due to operator<< overloading requirements. | 172 // Note: DCHECK_EQ is not used due to operator<< overloading requirements. |
| 141 DCHECK(now.verification_time == now.expiration_time); | 173 DCHECK(now.verification_time == now.expiration_time); |
| 142 | 174 |
| 143 // |now| contains only a single time (verification_time), while |expiration| | 175 // |now| contains only a single time (verification_time), while |expiration| |
| (...skipping 349 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 493 hash_values.push_back(ocsp_hash); | 525 hash_values.push_back(ocsp_hash); |
| 494 hash_values.push_back(cert_fingerprint_arg); | 526 hash_values.push_back(cert_fingerprint_arg); |
| 495 hash_values.push_back(ca_fingerprint_arg); | 527 hash_values.push_back(ca_fingerprint_arg); |
| 496 for (size_t i = 0; i < additional_trust_anchors.size(); ++i) | 528 for (size_t i = 0; i < additional_trust_anchors.size(); ++i) |
| 497 hash_values.push_back(additional_trust_anchors[i]->fingerprint()); | 529 hash_values.push_back(additional_trust_anchors[i]->fingerprint()); |
| 498 } | 530 } |
| 499 | 531 |
| 500 MultiThreadedCertVerifier::RequestParams::RequestParams( | 532 MultiThreadedCertVerifier::RequestParams::RequestParams( |
| 501 const RequestParams& other) = default; | 533 const RequestParams& other) = default; |
| 502 | 534 |
| 535 MultiThreadedCertVerifier::RequestParams::RequestParams() {} |
| 536 |
| 503 MultiThreadedCertVerifier::RequestParams::~RequestParams() {} | 537 MultiThreadedCertVerifier::RequestParams::~RequestParams() {} |
| 504 | 538 |
| 539 bool MultiThreadedCertVerifier::RequestParams::Persist( |
| 540 base::Pickle* pickle) const { |
| 541 if (!pickle->WriteString(hostname) || !pickle->WriteInt(flags) || |
| 542 !pickle->WriteInt64(start_time.ToInternalValue()) || |
| 543 !pickle->WriteUInt64(hash_values.size())) { |
| 544 return false; |
| 545 } |
| 546 for (const SHA1HashValue& value : hash_values) { |
| 547 if (!value.Persist(pickle)) |
| 548 return false; |
| 549 } |
| 550 return true; |
| 551 } |
| 552 |
| 553 // static |
| 554 bool MultiThreadedCertVerifier::RequestParams::CreateFromPickle( |
| 555 base::PickleIterator* iter, |
| 556 MultiThreadedCertVerifier::RequestParams* request_param) { |
| 557 int64_t start_time; |
| 558 uint64_t hash_values_size; |
| 559 if (!iter->ReadString(&request_param->hostname) || |
| 560 !iter->ReadInt(&request_param->flags) || !iter->ReadInt64(&start_time) || |
| 561 !iter->ReadUInt64(&hash_values_size)) { |
| 562 return false; |
| 563 } |
| 564 request_param->start_time = base::Time::FromInternalValue(start_time); |
| 565 |
| 566 request_param->hash_values.resize(hash_values_size); |
| 567 for (uint64_t index = 0u; index < hash_values_size; ++index) { |
| 568 if (!SHA1HashValue::CreateFromPickle(iter, |
| 569 &request_param->hash_values[index])) |
| 570 return false; |
| 571 } |
| 572 return true; |
| 573 } |
| 574 |
| 505 bool MultiThreadedCertVerifier::RequestParams::operator<( | 575 bool MultiThreadedCertVerifier::RequestParams::operator<( |
| 506 const RequestParams& other) const { | 576 const RequestParams& other) const { |
| 507 // |flags| is compared before |cert_fingerprint|, |ca_fingerprint|, | 577 // |flags| is compared before |cert_fingerprint|, |ca_fingerprint|, |
| 508 // |hostname|, and |ocsp_response|, under assumption that integer comparisons | 578 // |hostname|, and |ocsp_response|, under assumption that integer comparisons |
| 509 // are faster than memory and string comparisons. | 579 // are faster than memory and string comparisons. |
| 510 if (flags != other.flags) | 580 if (flags != other.flags) |
| 511 return flags < other.flags; | 581 return flags < other.flags; |
| 512 if (hostname != other.hostname) | 582 if (hostname != other.hostname) |
| 513 return hostname < other.hostname; | 583 return hostname < other.hostname; |
| 514 return std::lexicographical_compare( | 584 return std::lexicographical_compare( |
| (...skipping 34 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 549 // was corrected after validation, if the cache validity period was | 619 // was corrected after validation, if the cache validity period was |
| 550 // computed at the end of validation, it would continue to serve an | 620 // computed at the end of validation, it would continue to serve an |
| 551 // invalid result for kTTLSecs. | 621 // invalid result for kTTLSecs. |
| 552 const base::Time start_time = key.start_time; | 622 const base::Time start_time = key.start_time; |
| 553 cache_.Put( | 623 cache_.Put( |
| 554 key, result, CacheValidityPeriod(start_time), | 624 key, result, CacheValidityPeriod(start_time), |
| 555 CacheValidityPeriod(start_time, | 625 CacheValidityPeriod(start_time, |
| 556 start_time + base::TimeDelta::FromSeconds(kTTLSecs))); | 626 start_time + base::TimeDelta::FromSeconds(kTTLSecs))); |
| 557 } | 627 } |
| 558 | 628 |
| 629 bool MultiThreadedCertVerifier::SerializeCache(base::Pickle* pickle) { |
| 630 if (!pickle->WriteUInt64(cache_.size())) |
| 631 return false; |
| 632 for (CertVerifierCache::Iterator it(cache_); it.HasNext(); it.Advance()) { |
| 633 const RequestParams& key = it.key(); |
| 634 const CachedResult& result = it.value(); |
| 635 const CacheValidityPeriod& expiration = it.expiration(); |
| 636 if (!key.Persist(pickle) || !result.Persist(pickle) || |
| 637 !expiration.Persist(pickle)) { |
| 638 return false; |
| 639 } |
| 640 } |
| 641 return true; |
| 642 } |
| 643 |
| 644 // static |
| 645 bool MultiThreadedCertVerifier::CreateFromPickle( |
| 646 base::PickleIterator* iter, |
| 647 MultiThreadedCertVerifier* cert_verifier) { |
| 648 uint64_t cache_size; |
| 649 if (!iter->ReadUInt64(&cache_size) || cache_size > kMaxCacheEntries) |
| 650 return false; |
| 651 for (uint64_t index = 0u; index < cache_size; ++index) { |
| 652 RequestParams key; |
| 653 CachedResult result; |
| 654 CacheValidityPeriod expiration(base::Time::Now()); |
| 655 if ((!MultiThreadedCertVerifier::RequestParams::CreateFromPickle(iter, |
| 656 &key)) || |
| 657 (!MultiThreadedCertVerifier::CachedResult::CreateFromPickle(iter, |
| 658 &result)) || |
| 659 (!MultiThreadedCertVerifier::CacheValidityPeriod::CreateFromPickle( |
| 660 iter, &expiration))) { |
| 661 return false; |
| 662 } |
| 663 cert_verifier->cache_.Put(key, result, CacheValidityPeriod(key.start_time), |
| 664 expiration); |
| 665 } |
| 666 return true; |
| 667 } |
| 668 |
| 559 scoped_ptr<CertVerifierJob> MultiThreadedCertVerifier::RemoveJob( | 669 scoped_ptr<CertVerifierJob> MultiThreadedCertVerifier::RemoveJob( |
| 560 CertVerifierJob* job) { | 670 CertVerifierJob* job) { |
| 561 DCHECK(CalledOnValidThread()); | 671 DCHECK(CalledOnValidThread()); |
| 562 bool erased_job = inflight_.erase(job) == 1; | 672 bool erased_job = inflight_.erase(job) == 1; |
| 563 DCHECK(erased_job); | 673 DCHECK(erased_job); |
| 564 return make_scoped_ptr(job); | 674 return make_scoped_ptr(job); |
| 565 } | 675 } |
| 566 | 676 |
| 567 void MultiThreadedCertVerifier::OnCACertChanged( | 677 void MultiThreadedCertVerifier::OnCACertChanged( |
| 568 const X509Certificate* cert) { | 678 const X509Certificate* cert) { |
| (...skipping 15 matching lines...) Expand all Loading... |
| 584 // The JobSet is kept in sorted order so items can be found using binary | 694 // The JobSet is kept in sorted order so items can be found using binary |
| 585 // search. | 695 // search. |
| 586 auto it = std::lower_bound(inflight_.begin(), inflight_.end(), key, | 696 auto it = std::lower_bound(inflight_.begin(), inflight_.end(), key, |
| 587 JobToRequestParamsComparator()); | 697 JobToRequestParamsComparator()); |
| 588 if (it != inflight_.end() && !(key < (*it)->key())) | 698 if (it != inflight_.end() && !(key < (*it)->key())) |
| 589 return *it; | 699 return *it; |
| 590 return nullptr; | 700 return nullptr; |
| 591 } | 701 } |
| 592 | 702 |
| 593 } // namespace net | 703 } // namespace net |
| 594 | |
| OLD | NEW |
|---|
Chromium Code Reviews
Issue 1745283002:
Pickle (serialize and deserialize) MultiThreadedCertVerifier's |cache_| (Closed)
Base URL: https://chromium.googlesource.com/chromium/src.git@master