| OLD | NEW |
|---|
| 1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. | 1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. |
| 2 // Use of this source code is governed by a BSD-style license that can be | 2 // Use of this source code is governed by a BSD-style license that can be |
| 3 // found in the LICENSE file. | 3 // found in the LICENSE file. |
| 4 | 4 |
| 5 #include "net/cert/multi_threaded_cert_verifier.h" | 5 #include "net/cert/multi_threaded_cert_verifier.h" |
| 6 | 6 |
| 7 #include <algorithm> | 7 #include <algorithm> |
| 8 #include <memory> | 8 #include <memory> |
| 9 #include <utility> | 9 #include <utility> |
| 10 | 10 |
| (...skipping 101 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 112 } | 112 } |
| 113 results->Set("public_key_hashes", std::move(hashes)); | 113 results->Set("public_key_hashes", std::move(hashes)); |
| 114 | 114 |
| 115 return std::move(results); | 115 return std::move(results); |
| 116 } | 116 } |
| 117 | 117 |
| 118 } // namespace | 118 } // namespace |
| 119 | 119 |
| 120 MultiThreadedCertVerifier::CachedResult::CachedResult() : error(ERR_FAILED) {} | 120 MultiThreadedCertVerifier::CachedResult::CachedResult() : error(ERR_FAILED) {} |
| 121 | 121 |
| 122 MultiThreadedCertVerifier::CachedResult::CachedResult( |
| 123 int error_arg, |
| 124 CertVerifyResult result_arg) |
| 125 : error(error_arg) { |
| 126 result.CopyFrom(result_arg); |
| 127 } |
| 128 |
| 122 MultiThreadedCertVerifier::CachedResult::~CachedResult() {} | 129 MultiThreadedCertVerifier::CachedResult::~CachedResult() {} |
| 123 | 130 |
| 124 MultiThreadedCertVerifier::CacheValidityPeriod::CacheValidityPeriod( | 131 MultiThreadedCertVerifier::CacheValidityPeriod::CacheValidityPeriod( |
| 125 const base::Time& now) | 132 const base::Time& now) |
| 126 : verification_time(now), | 133 : verification_time(now), |
| 127 expiration_time(now) { | 134 expiration_time(now) { |
| 128 } | 135 } |
| 129 | 136 |
| 130 MultiThreadedCertVerifier::CacheValidityPeriod::CacheValidityPeriod( | 137 MultiThreadedCertVerifier::CacheValidityPeriod::CacheValidityPeriod( |
| 131 const base::Time& now, | 138 const base::Time& now, |
| (...skipping 344 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 476 std::unique_ptr<CertVerifierRequest> request = | 483 std::unique_ptr<CertVerifierRequest> request = |
| 477 job->CreateRequest(callback, verify_result, net_log); | 484 job->CreateRequest(callback, verify_result, net_log); |
| 478 *out_req = std::move(request); | 485 *out_req = std::move(request); |
| 479 return ERR_IO_PENDING; | 486 return ERR_IO_PENDING; |
| 480 } | 487 } |
| 481 | 488 |
| 482 bool MultiThreadedCertVerifier::SupportsOCSPStapling() { | 489 bool MultiThreadedCertVerifier::SupportsOCSPStapling() { |
| 483 return verify_proc_->SupportsOCSPStapling(); | 490 return verify_proc_->SupportsOCSPStapling(); |
| 484 } | 491 } |
| 485 | 492 |
| 493 bool MultiThreadedCertVerifier::AddCertResult( |
| 494 std::string& hostname, |
| 495 int flags, |
| 496 std::vector<SHA1HashValue>& hash_values, |
| 497 base::Time start_time, |
| 498 int error, |
| 499 const CertVerifyResult& result, |
| 500 base::Time verification_time, |
| 501 base::Time expiration_time) { |
| 502 // If cache is already full, then don't replace the current entries. |
| 503 if (cache_.size() >= kMaxCacheEntries) { |
| 504 DVLOG(1) << "Cache is full"; |
| 505 return false; |
| 506 } |
| 507 base::Time now = base::Time::Now(); |
| 508 if (expiration_time < now) { |
| 509 DVLOG(1) << "Cache entry expired for: " << hostname; |
| 510 return false; |
| 511 } |
| 512 if (verification_time > expiration_time || verification_time > now) { |
| 513 DVLOG(1) << "Invalid verification_time for " << hostname; |
| 514 return false; |
| 515 } |
| 516 |
| 517 // Don't overwrite existing entry. |
| 518 RequestParams key(hostname, flags, hash_values, start_time); |
| 519 CacheValidityPeriod expiration(now); |
| 520 if (cache_.Get(key, expiration)) { |
| 521 DVLOG(1) << "Already exists in the cache for " << key.hostname; |
| 522 return false; |
| 523 } |
| 524 |
| 525 // Add a new entry. |
| 526 CachedResult value(error, result); |
| 527 cache_.Put(key, value, CacheValidityPeriod(verification_time), |
| 528 CacheValidityPeriod(verification_time, expiration_time)); |
| 529 return true; |
| 530 } |
| 531 |
| 486 MultiThreadedCertVerifier::RequestParams::RequestParams( | 532 MultiThreadedCertVerifier::RequestParams::RequestParams( |
| 487 const SHA1HashValue& cert_fingerprint_arg, | 533 const SHA1HashValue& cert_fingerprint_arg, |
| 488 const SHA1HashValue& ca_fingerprint_arg, | 534 const SHA1HashValue& ca_fingerprint_arg, |
| 489 const std::string& hostname_arg, | 535 const std::string& hostname_arg, |
| 490 const std::string& ocsp_response_arg, | 536 const std::string& ocsp_response_arg, |
| 491 int flags_arg, | 537 int flags_arg, |
| 492 const CertificateList& additional_trust_anchors) | 538 const CertificateList& additional_trust_anchors) |
| 493 : hostname(hostname_arg), flags(flags_arg), start_time(base::Time::Now()) { | 539 : hostname(hostname_arg), flags(flags_arg), start_time(base::Time::Now()) { |
| 494 hash_values.reserve(3 + additional_trust_anchors.size()); | 540 hash_values.reserve(3 + additional_trust_anchors.size()); |
| 495 SHA1HashValue ocsp_hash; | 541 SHA1HashValue ocsp_hash; |
| 496 base::SHA1HashBytes( | 542 base::SHA1HashBytes( |
| 497 reinterpret_cast<const unsigned char*>(ocsp_response_arg.data()), | 543 reinterpret_cast<const unsigned char*>(ocsp_response_arg.data()), |
| 498 ocsp_response_arg.size(), ocsp_hash.data); | 544 ocsp_response_arg.size(), ocsp_hash.data); |
| 499 hash_values.push_back(ocsp_hash); | 545 hash_values.push_back(ocsp_hash); |
| 500 hash_values.push_back(cert_fingerprint_arg); | 546 hash_values.push_back(cert_fingerprint_arg); |
| 501 hash_values.push_back(ca_fingerprint_arg); | 547 hash_values.push_back(ca_fingerprint_arg); |
| 502 for (size_t i = 0; i < additional_trust_anchors.size(); ++i) | 548 for (size_t i = 0; i < additional_trust_anchors.size(); ++i) |
| 503 hash_values.push_back(additional_trust_anchors[i]->fingerprint()); | 549 hash_values.push_back(additional_trust_anchors[i]->fingerprint()); |
| 504 } | 550 } |
| 505 | 551 |
| 506 MultiThreadedCertVerifier::RequestParams::RequestParams( | 552 MultiThreadedCertVerifier::RequestParams::RequestParams( |
| 507 const RequestParams& other) = default; | 553 const RequestParams& other) = default; |
| 508 | 554 |
| 555 MultiThreadedCertVerifier::RequestParams::RequestParams( |
| 556 std::string& hostname_arg, |
| 557 int flags_arg, |
| 558 std::vector<SHA1HashValue>& hash_values_arg, |
| 559 base::Time start_time_arg) { |
| 560 hostname = hostname_arg; |
| 561 flags = flags_arg; |
| 562 hash_values.swap(hash_values_arg); |
| 563 start_time = start_time_arg; |
| 564 } |
| 565 |
| 509 MultiThreadedCertVerifier::RequestParams::~RequestParams() {} | 566 MultiThreadedCertVerifier::RequestParams::~RequestParams() {} |
| 510 | 567 |
| 511 bool MultiThreadedCertVerifier::RequestParams::operator<( | 568 bool MultiThreadedCertVerifier::RequestParams::operator<( |
| 512 const RequestParams& other) const { | 569 const RequestParams& other) const { |
| 513 // |flags| is compared before |cert_fingerprint|, |ca_fingerprint|, | 570 // |flags| is compared before |cert_fingerprint|, |ca_fingerprint|, |
| 514 // |hostname|, and |ocsp_response|, under assumption that integer comparisons | 571 // |hostname|, and |ocsp_response|, under assumption that integer comparisons |
| 515 // are faster than memory and string comparisons. | 572 // are faster than memory and string comparisons. |
| 516 if (flags != other.flags) | 573 if (flags != other.flags) |
| 517 return flags < other.flags; | 574 return flags < other.flags; |
| 518 if (hostname != other.hostname) | 575 if (hostname != other.hostname) |
| (...skipping 70 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 589 | 646 |
| 590 // The JobSet is kept in sorted order so items can be found using binary | 647 // The JobSet is kept in sorted order so items can be found using binary |
| 591 // search. | 648 // search. |
| 592 auto it = std::lower_bound(inflight_.begin(), inflight_.end(), key, | 649 auto it = std::lower_bound(inflight_.begin(), inflight_.end(), key, |
| 593 JobToRequestParamsComparator()); | 650 JobToRequestParamsComparator()); |
| 594 if (it != inflight_.end() && !(key < (*it)->key())) | 651 if (it != inflight_.end() && !(key < (*it)->key())) |
| 595 return *it; | 652 return *it; |
| 596 return nullptr; | 653 return nullptr; |
| 597 } | 654 } |
| 598 | 655 |
| 656 CertVerifierCacheIterator::CertVerifierCacheIterator( |
| 657 const MultiThreadedCertVerifier& verifier) |
| 658 : iterator_(verifier.cache_) {} |
| 659 |
| 660 CertVerifierCacheIterator::~CertVerifierCacheIterator() {} |
| 661 |
| 599 } // namespace net | 662 } // namespace net |
| OLD | NEW |
|---|
Chromium Code Reviews
Issue 1892033002:
Cert - protobufs to serialize and deserialize CertVerifierCache. (Closed)
Base URL: https://chromium.googlesource.com/chromium/src.git@master