Pickle (serialize and deserialize) MultiThreadedCertVerifier's |cache_|

net/cert/multi_threaded_cert_verifier.h

 // Copyright (c) 2012 The Chromium Authors. All rights reserved.
 // Use of this source code is governed by a BSD-style license that can be
 // found in the LICENSE file.
 
 #ifndef NET_CERT_MULTI_THREADED_CERT_VERIFIER_H_
 #define NET_CERT_MULTI_THREADED_CERT_VERIFIER_H_
 
 #include <stddef.h>
 #include <stdint.h>
 
 #include <set>
 #include <string>
 #include <vector>
 
 #include "base/gtest_prod_util.h"
 #include "base/macros.h"
 #include "base/memory/ref_counted.h"
+#include "base/pickle.h"
 #include "base/threading/non_thread_safe.h"
 #include "net/base/completion_callback.h"
 #include "net/base/expiring_cache.h"
 #include "net/base/hash_value.h"
 #include "net/base/net_export.h"
 #include "net/cert/cert_database.h"
 #include "net/cert/cert_verifier.h"
 #include "net/cert/cert_verify_result.h"
 #include "net/cert/x509_cert_types.h"
 
@@ skipping 46 matching lines @@
   friend class CertVerifierRequest;
   friend class CertVerifierJob;
   friend class MultiThreadedCertVerifierTest;
   FRIEND_TEST_ALL_PREFIXES(MultiThreadedCertVerifierTest, CacheHit);
   FRIEND_TEST_ALL_PREFIXES(MultiThreadedCertVerifierTest, DifferentCACerts);
   FRIEND_TEST_ALL_PREFIXES(MultiThreadedCertVerifierTest, InflightJoin);
   FRIEND_TEST_ALL_PREFIXES(MultiThreadedCertVerifierTest, MultipleInflightJoin);
   FRIEND_TEST_ALL_PREFIXES(MultiThreadedCertVerifierTest, CancelRequest);
   FRIEND_TEST_ALL_PREFIXES(MultiThreadedCertVerifierTest,
                            RequestParamsComparators);
+  FRIEND_TEST_ALL_PREFIXES(MultiThreadedCertVerifierTest, PersistRequestParams);
   FRIEND_TEST_ALL_PREFIXES(MultiThreadedCertVerifierTest,
                            CertTrustAnchorProvider);
+  FRIEND_TEST_ALL_PREFIXES(MultiThreadedCertVerifierTest, PersistCache);
+  FRIEND_TEST_ALL_PREFIXES(MultiThreadedCertVerifierTest,
+                           PersistCacheExpiredEntry);
 
   // Input parameters of a certificate verification request.
   struct NET_EXPORT_PRIVATE RequestParams {
     RequestParams(const SHA1HashValue& cert_fingerprint_arg,
                   const SHA1HashValue& ca_fingerprint_arg,
                   const std::string& hostname_arg,
                   const std::string& ocsp_response_arg,
                   int flags_arg,
                   const CertificateList& additional_trust_anchors);
     RequestParams(const RequestParams& other);
+    RequestParams();
     ~RequestParams();
 
+    // Appends a representation of this object to the given pickle.
+    bool Persist(base::Pickle* pickle) const;
+
+    // Create an RequestParams from the representation stored in the given
+    // pickle. The data for this object is found relative to the given
+    // pickle_iter, which should be passed to the pickle's various Read*
+    // methods.
+    // Returns false on failure.
+    static bool CreateFromPickle(base::PickleIterator* iter,
+                                 RequestParams* param);

[Ryan Sleevi, 2016/02/29 23:28:41]

Same remarks

+
     bool operator<(const RequestParams& other) const;
 
     std::string hostname;
     int flags;
     std::vector<SHA1HashValue> hash_values;
     // The time when verification started.
     // Note: This uses base::Time, rather than base::TimeTicks, to
     // account for system clock changes.
     base::Time start_time;
   };
 
   // CachedResult contains the result of a certificate verification.
   struct NET_EXPORT_PRIVATE CachedResult {
     CachedResult();
     ~CachedResult();
 
+    // Appends a representation of this object to the given pickle.
+    bool Persist(base::Pickle* pickle) const;
+
+    // Create an CachedResult from the representation stored in the given
+    // pickle. The data for this object is found relative to the given
+    // pickle_iter, which should be passed to the pickle's various Read*
+    // methods.
+    // Returns false on failure.
+    static bool CreateFromPickle(base::PickleIterator* iter,
+                                 CachedResult* result);
+
     int error;  // The return value of CertVerifier::Verify.
     CertVerifyResult result;  // The output of CertVerifier::Verify.
   };
 
   // Rather than having a single validity point along a monotonically increasing
   // timeline, certificate verification is based on falling within a range of
   // the certificate's NotBefore and NotAfter and based on what the current
   // system clock says (which may advance forwards or backwards as users correct
   // clock skew). CacheValidityPeriod and CacheExpirationFunctor are helpers to
   // ensure that expiration is measured both by the 'general' case (now + cache
   // TTL) and by whether or not significant enough clock skew was introduced
   // since the last verification.
-  struct CacheValidityPeriod {
+  struct NET_EXPORT_PRIVATE CacheValidityPeriod {
     explicit CacheValidityPeriod(const base::Time& now);
     CacheValidityPeriod(const base::Time& now, const base::Time& expiration);
 
+    // Appends a representation of this object to the given pickle.
+    bool Persist(base::Pickle* pickle) const;
+
+    // Create an CacheValidityPeriod from the representation stored in the given
+    // pickle. The data for this object is found relative to the given
+    // pickle_iter, which should be passed to the pickle's various Read*
+    // methods.
+    // Returns false on failure.
+    static bool CreateFromPickle(base::PickleIterator* iter,
+                                 CacheValidityPeriod* valid_period);
+
     base::Time verification_time;
     base::Time expiration_time;
   };
 
-  struct CacheExpirationFunctor {
+  struct NET_EXPORT_PRIVATE CacheExpirationFunctor {
     // Returns true iff |now| is within the validity period of |expiration|.
     bool operator()(const CacheValidityPeriod& now,
                     const CacheValidityPeriod& expiration) const;
   };
 
   struct JobComparator {
     bool operator()(const CertVerifierJob* job1,
                     const CertVerifierJob* job2) const;
   };
 
   using JobSet = std::set<CertVerifierJob*, JobComparator>;
 
   typedef ExpiringCache<RequestParams, CachedResult, CacheValidityPeriod,
                         CacheExpirationFunctor> CertVerifierCache;
 
   // Saves |result| into the cache, keyed by |key|.
   void SaveResultToCache(const RequestParams& key, const CachedResult& result);
 
+  // Appends a representation of |cache_| to the given pickle.
+  bool SerializeCache(base::Pickle* pickle);
+
+  // Populates |cache_| from the representation stored in the given pickle. The
+  // data for this object is found relative to the given pickle_iter, which
+  // should be passed to the pickle's various Read* methods.
+  // Returns false on failure.
+  static bool CreateFromPickle(base::PickleIterator* iter,
+                               MultiThreadedCertVerifier* cert_verifier);
+
   // CertDatabase::Observer methods:
   void OnCACertChanged(const X509Certificate* cert) override;
 
   // Returns an inflight job for |key|. If there is no such job then returns
   // null.
   CertVerifierJob* FindJob(const RequestParams& key);
 
   // Removes |job| from the inflight set, and passes ownership back to the
   // caller. |job| must already be |inflight_|.
   scoped_ptr<CertVerifierJob> RemoveJob(CertVerifierJob* job);
@@ skipping 18 matching lines @@
   scoped_refptr<CertVerifyProc> verify_proc_;
 
   CertTrustAnchorProvider* trust_anchor_provider_;
 
   DISALLOW_COPY_AND_ASSIGN(MultiThreadedCertVerifier);
 };
 
 }  // namespace net
 
 #endif  // NET_CERT_MULTI_THREADED_CERT_VERIFIER_H_