Chromium Code Reviews Chromium Code Reviews
Issue 1892033002:
Cert - protobufs to serialize and deserialize CertVerifierCache. (Closed)
Base URL: https://chromium.googlesource.com/chromium/src.git@master| OLD | NEW |
|---|---|
| 1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. | 1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. |
| 2 // Use of this source code is governed by a BSD-style license that can be | 2 // Use of this source code is governed by a BSD-style license that can be |
| 3 // found in the LICENSE file. | 3 // found in the LICENSE file. |
| 4 | 4 |
| 5 #ifndef NET_CERT_MULTI_THREADED_CERT_VERIFIER_H_ | 5 #ifndef NET_CERT_MULTI_THREADED_CERT_VERIFIER_H_ |
| 6 #define NET_CERT_MULTI_THREADED_CERT_VERIFIER_H_ | 6 #define NET_CERT_MULTI_THREADED_CERT_VERIFIER_H_ |
| 7 | 7 |
| 8 #include <stddef.h> | 8 #include <stddef.h> |
| 9 #include <stdint.h> | 9 #include <stdint.h> |
| 10 | 10 |
| (...skipping 53 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... | |
| 64 CRLSet* crl_set, | 64 CRLSet* crl_set, |
| 65 CertVerifyResult* verify_result, | 65 CertVerifyResult* verify_result, |
| 66 const CompletionCallback& callback, | 66 const CompletionCallback& callback, |
| 67 scoped_ptr<Request>* out_req, | 67 scoped_ptr<Request>* out_req, |
| 68 const BoundNetLog& net_log) override; | 68 const BoundNetLog& net_log) override; |
| 69 | 69 |
| 70 bool SupportsOCSPStapling() override; | 70 bool SupportsOCSPStapling() override; |
| 71 | 71 |
| 72 private: | 72 private: |
| 73 struct JobToRequestParamsComparator; | 73 struct JobToRequestParamsComparator; |
| 74 friend class CertVerifierCachePersister; | |
|
Ryan Sleevi
2016/04/16 00:36:15
The design I suggested was so we could explicitly
ramant (doing other things)
2016/04/21 16:41:54
Done.
| |
| 75 friend class CertVerifierCachePersisterTest; | |
| 74 friend class CertVerifierRequest; | 76 friend class CertVerifierRequest; |
| 75 friend class CertVerifierJob; | 77 friend class CertVerifierJob; |
| 76 friend class MultiThreadedCertVerifierTest; | 78 friend class MultiThreadedCertVerifierTest; |
| 77 FRIEND_TEST_ALL_PREFIXES(MultiThreadedCertVerifierTest, CacheHit); | 79 FRIEND_TEST_ALL_PREFIXES(MultiThreadedCertVerifierTest, CacheHit); |
| 78 FRIEND_TEST_ALL_PREFIXES(MultiThreadedCertVerifierTest, DifferentCACerts); | 80 FRIEND_TEST_ALL_PREFIXES(MultiThreadedCertVerifierTest, DifferentCACerts); |
| 79 FRIEND_TEST_ALL_PREFIXES(MultiThreadedCertVerifierTest, InflightJoin); | 81 FRIEND_TEST_ALL_PREFIXES(MultiThreadedCertVerifierTest, InflightJoin); |
| 80 FRIEND_TEST_ALL_PREFIXES(MultiThreadedCertVerifierTest, MultipleInflightJoin); | 82 FRIEND_TEST_ALL_PREFIXES(MultiThreadedCertVerifierTest, MultipleInflightJoin); |
| 81 FRIEND_TEST_ALL_PREFIXES(MultiThreadedCertVerifierTest, CancelRequest); | 83 FRIEND_TEST_ALL_PREFIXES(MultiThreadedCertVerifierTest, CancelRequest); |
| 82 FRIEND_TEST_ALL_PREFIXES(MultiThreadedCertVerifierTest, | 84 FRIEND_TEST_ALL_PREFIXES(MultiThreadedCertVerifierTest, |
| 83 RequestParamsComparators); | 85 RequestParamsComparators); |
| 84 FRIEND_TEST_ALL_PREFIXES(MultiThreadedCertVerifierTest, | 86 FRIEND_TEST_ALL_PREFIXES(MultiThreadedCertVerifierTest, |
| 85 CertTrustAnchorProvider); | 87 CertTrustAnchorProvider); |
| 88 FRIEND_TEST_ALL_PREFIXES(CertVerifierCachePersisterTest, PersistCache); | |
| 89 FRIEND_TEST_ALL_PREFIXES(CertVerifierCachePersisterTest, | |
| 90 PersistCacheExpiredEntry); | |
| 86 | 91 |
| 87 // Input parameters of a certificate verification request. | 92 // Input parameters of a certificate verification request. |
| 88 struct NET_EXPORT_PRIVATE RequestParams { | 93 struct NET_EXPORT_PRIVATE RequestParams { |
| 89 RequestParams(const SHA1HashValue& cert_fingerprint_arg, | 94 RequestParams(const SHA1HashValue& cert_fingerprint_arg, |
| 90 const SHA1HashValue& ca_fingerprint_arg, | 95 const SHA1HashValue& ca_fingerprint_arg, |
| 91 const std::string& hostname_arg, | 96 const std::string& hostname_arg, |
| 92 const std::string& ocsp_response_arg, | 97 const std::string& ocsp_response_arg, |
| 93 int flags_arg, | 98 int flags_arg, |
| 94 const CertificateList& additional_trust_anchors); | 99 const CertificateList& additional_trust_anchors); |
| 95 RequestParams(const RequestParams& other); | 100 RequestParams(const RequestParams& other); |
| 101 RequestParams(); | |
|
Ryan Sleevi
2016/04/16 00:36:15
I'd like to avoid this, because it leaves RequestP
ramant (doing other things)
2016/04/21 16:41:54
Done.
| |
| 96 ~RequestParams(); | 102 ~RequestParams(); |
| 97 | 103 |
| 98 bool operator<(const RequestParams& other) const; | 104 bool operator<(const RequestParams& other) const; |
| 99 | 105 |
| 100 std::string hostname; | 106 std::string hostname; |
| 101 int flags; | 107 int flags; |
| 102 std::vector<SHA1HashValue> hash_values; | 108 std::vector<SHA1HashValue> hash_values; |
| 103 // The time when verification started. | 109 // The time when verification started. |
| 104 // Note: This uses base::Time, rather than base::TimeTicks, to | 110 // Note: This uses base::Time, rather than base::TimeTicks, to |
| 105 // account for system clock changes. | 111 // account for system clock changes. |
| (...skipping 10 matching lines...) Expand all Loading... | |
| 116 }; | 122 }; |
| 117 | 123 |
| 118 // Rather than having a single validity point along a monotonically increasing | 124 // Rather than having a single validity point along a monotonically increasing |
| 119 // timeline, certificate verification is based on falling within a range of | 125 // timeline, certificate verification is based on falling within a range of |
| 120 // the certificate's NotBefore and NotAfter and based on what the current | 126 // the certificate's NotBefore and NotAfter and based on what the current |
| 121 // system clock says (which may advance forwards or backwards as users correct | 127 // system clock says (which may advance forwards or backwards as users correct |
| 122 // clock skew). CacheValidityPeriod and CacheExpirationFunctor are helpers to | 128 // clock skew). CacheValidityPeriod and CacheExpirationFunctor are helpers to |
| 123 // ensure that expiration is measured both by the 'general' case (now + cache | 129 // ensure that expiration is measured both by the 'general' case (now + cache |
| 124 // TTL) and by whether or not significant enough clock skew was introduced | 130 // TTL) and by whether or not significant enough clock skew was introduced |
| 125 // since the last verification. | 131 // since the last verification. |
| 126 struct CacheValidityPeriod { | 132 struct NET_EXPORT_PRIVATE CacheValidityPeriod { |
| 127 explicit CacheValidityPeriod(const base::Time& now); | 133 explicit CacheValidityPeriod(const base::Time& now); |
| 128 CacheValidityPeriod(const base::Time& now, const base::Time& expiration); | 134 CacheValidityPeriod(const base::Time& now, const base::Time& expiration); |
| 129 | 135 |
| 130 base::Time verification_time; | 136 base::Time verification_time; |
| 131 base::Time expiration_time; | 137 base::Time expiration_time; |
| 132 }; | 138 }; |
| 133 | 139 |
| 134 struct CacheExpirationFunctor { | 140 struct NET_EXPORT_PRIVATE CacheExpirationFunctor { |
| 135 // Returns true iff |now| is within the validity period of |expiration|. | 141 // Returns true iff |now| is within the validity period of |expiration|. |
| 136 bool operator()(const CacheValidityPeriod& now, | 142 bool operator()(const CacheValidityPeriod& now, |
| 137 const CacheValidityPeriod& expiration) const; | 143 const CacheValidityPeriod& expiration) const; |
| 138 }; | 144 }; |
| 139 | 145 |
| 140 struct JobComparator { | 146 struct JobComparator { |
| 141 bool operator()(const CertVerifierJob* job1, | 147 bool operator()(const CertVerifierJob* job1, |
| 142 const CertVerifierJob* job2) const; | 148 const CertVerifierJob* job2) const; |
| 143 }; | 149 }; |
| 144 | 150 |
| 145 using JobSet = std::set<CertVerifierJob*, JobComparator>; | 151 using JobSet = std::set<CertVerifierJob*, JobComparator>; |
| 146 | 152 |
| 147 typedef ExpiringCache<RequestParams, CachedResult, CacheValidityPeriod, | 153 typedef ExpiringCache<RequestParams, CachedResult, CacheValidityPeriod, |
| 148 CacheExpirationFunctor> CertVerifierCache; | 154 CacheExpirationFunctor> CertVerifierCache; |
| 149 | 155 |
| 156 class NET_EXPORT CertVerifierCacheIterator { | |
|
Ryan Sleevi
2016/04/16 00:36:15
NAMING: This is highly redundant naming; just Iter
ramant (doing other things)
2016/04/21 16:41:54
Done.
| |
| 157 public: | |
| 158 explicit CertVerifierCacheIterator( | |
| 159 const MultiThreadedCertVerifier& verifier); | |
| 160 ~CertVerifierCacheIterator(); | |
| 161 | |
| 162 bool HasNext() const { return iterator_.HasNext(); } | |
| 163 void Advance() { iterator_.Advance(); } | |
| 164 | |
| 165 const std::string& hostname() const { | |
| 166 const RequestParams& key = iterator_.key(); | |
| 167 return key.hostname; | |
| 168 } | |
| 169 int flags() const { | |
| 170 const RequestParams& key = iterator_.key(); | |
| 171 return key.flags; | |
| 172 } | |
| 173 const std::vector<SHA1HashValue>& hash_values() const { | |
| 174 const RequestParams& key = iterator_.key(); | |
| 175 return key.hash_values; | |
| 176 } | |
| 177 const base::Time& start_time() const { | |
| 178 const RequestParams& key = iterator_.key(); | |
| 179 return key.start_time; | |
| 180 } | |
| 181 int error() const { | |
| 182 const CachedResult& value = iterator_.value(); | |
| 183 return value.error; | |
| 184 } | |
| 185 const CertVerifyResult& result() const { | |
| 186 const CachedResult& value = iterator_.value(); | |
| 187 return value.result; | |
| 188 } | |
| 189 const base::Time& verification_time() const { | |
| 190 const CacheValidityPeriod& expiration = iterator_.expiration(); | |
| 191 return expiration.verification_time; | |
| 192 } | |
| 193 const base::Time& expiration_time() const { | |
| 194 const CacheValidityPeriod& expiration = iterator_.expiration(); | |
| 195 return expiration.expiration_time; | |
| 196 } | |
| 197 | |
| 198 private: | |
| 199 CertVerifierCache::Iterator iterator_; | |
| 200 }; | |
| 201 | |
| 150 // Saves |result| into the cache, keyed by |key|. | 202 // Saves |result| into the cache, keyed by |key|. |
| 151 void SaveResultToCache(const RequestParams& key, const CachedResult& result); | 203 void SaveResultToCache(const RequestParams& key, const CachedResult& result); |
| 152 | 204 |
| 153 // CertDatabase::Observer methods: | 205 // CertDatabase::Observer methods: |
| 154 void OnCACertChanged(const X509Certificate* cert) override; | 206 void OnCACertChanged(const X509Certificate* cert) override; |
| 155 | 207 |
| 156 // Returns an inflight job for |key|. If there is no such job then returns | 208 // Returns an inflight job for |key|. If there is no such job then returns |
| 157 // null. | 209 // null. |
| 158 CertVerifierJob* FindJob(const RequestParams& key); | 210 CertVerifierJob* FindJob(const RequestParams& key); |
| 159 | 211 |
| (...skipping 21 matching lines...) Expand all Loading... | |
| 181 scoped_refptr<CertVerifyProc> verify_proc_; | 233 scoped_refptr<CertVerifyProc> verify_proc_; |
| 182 | 234 |
| 183 CertTrustAnchorProvider* trust_anchor_provider_; | 235 CertTrustAnchorProvider* trust_anchor_provider_; |
| 184 | 236 |
| 185 DISALLOW_COPY_AND_ASSIGN(MultiThreadedCertVerifier); | 237 DISALLOW_COPY_AND_ASSIGN(MultiThreadedCertVerifier); |
| 186 }; | 238 }; |
| 187 | 239 |
| 188 } // namespace net | 240 } // namespace net |
| 189 | 241 |
| 190 #endif // NET_CERT_MULTI_THREADED_CERT_VERIFIER_H_ | 242 #endif // NET_CERT_MULTI_THREADED_CERT_VERIFIER_H_ |
| OLD | NEW |
