Chromium Code Reviews
chromiumcodereview-hr@appspot.gserviceaccount.com (chromiumcodereview-hr) | Please choose your nickname with Settings | Help | Chromium Project | Gerrit Changes | Sign out
(805)

Issues Search
    My Issues | Starred     Open | Closed | All

Unified Diff: net/cert/multi_threaded_cert_verifier.cc

Issue 1892033002: Cert - protobufs to serialize and deserialize CertVerifierCache. (Closed) Base URL: https://chromium.googlesource.com/chromium/src.git@master
Patch Set: Created 4 years, 8 months ago
Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.
Jump to:
View side-by-side diff with in-line comments
Download patch
« net/cert/cert_verifier_cache_persister_unittest.cc ('K') | « net/cert/multi_threaded_cert_verifier.h ('k') | net/cert/multi_threaded_cert_verifier_unittest.cc » ('j') | net/cert/multi_threaded_cert_verifier_unittest.cc » ('J')
Expand Comments ('e') | Collapse Comments ('c') | Show Comments Hide Comments ('s')
Index: net/cert/multi_threaded_cert_verifier.cc
diff --git a/net/cert/multi_threaded_cert_verifier.cc b/net/cert/multi_threaded_cert_verifier.cc
index 2d650253ddaebabafe7f47c04436253a3212cfc1..7b9276db8d60a1f0ee1e395ccf86ca783b8b1f47 100644
--- a/net/cert/multi_threaded_cert_verifier.cc
+++ b/net/cert/multi_threaded_cert_verifier.cc
@@ -117,8 +117,65 @@ std::unique_ptr<base::Value> CertVerifyResultCallback(
} // namespace
+MultiThreadedCertVerifier::RequestParams::RequestParams(
+ const SHA1HashValue& cert_fingerprint_arg,
+ const SHA1HashValue& ca_fingerprint_arg,
+ const std::string& hostname_arg,
+ const std::string& ocsp_response_arg,
+ int flags_arg,
+ const CertificateList& additional_trust_anchors)
+ : hostname(hostname_arg), flags(flags_arg), start_time(base::Time::Now()) {
+ hash_values.reserve(3 + additional_trust_anchors.size());
+ SHA1HashValue ocsp_hash;
+ base::SHA1HashBytes(
+ reinterpret_cast<const unsigned char*>(ocsp_response_arg.data()),
+ ocsp_response_arg.size(), ocsp_hash.data);
+ hash_values.push_back(ocsp_hash);
+ hash_values.push_back(cert_fingerprint_arg);
+ hash_values.push_back(ca_fingerprint_arg);
+ for (size_t i = 0; i < additional_trust_anchors.size(); ++i)
+ hash_values.push_back(additional_trust_anchors[i]->fingerprint());
+}
+
+MultiThreadedCertVerifier::RequestParams::RequestParams(
+ const RequestParams& other) = default;
+
+MultiThreadedCertVerifier::RequestParams::RequestParams(
+ const std::string& hostname_arg,
+ int flags_arg,
+ const std::vector<SHA1HashValue>& hash_values_arg,
+ const base::Time& start_time_arg) {
+ hostname = hostname_arg;
+ flags = flags_arg;
+ hash_values = std::move(hash_values_arg);
+ start_time = start_time_arg;
+}
+
+MultiThreadedCertVerifier::RequestParams::~RequestParams() {}
+
+bool MultiThreadedCertVerifier::RequestParams::operator<(
+ const RequestParams& other) const {
+ // |flags| is compared before |cert_fingerprint|, |ca_fingerprint|,
+ // |hostname|, and |ocsp_response|, under assumption that integer comparisons
+ // are faster than memory and string comparisons.
+ if (flags != other.flags)
+ return flags < other.flags;
+ if (hostname != other.hostname)
+ return hostname < other.hostname;
+ return std::lexicographical_compare(
+ hash_values.begin(), hash_values.end(), other.hash_values.begin(),
+ other.hash_values.end(), SHA1HashValueLessThan());
+}
+
MultiThreadedCertVerifier::CachedResult::CachedResult() : error(ERR_FAILED) {}
+MultiThreadedCertVerifier::CachedResult::CachedResult(
+ int error_arg,
+ CertVerifyResult result_arg)
+ : error(error_arg) {
+ result.CopyFrom(result_arg);
+}
+
MultiThreadedCertVerifier::CachedResult::~CachedResult() {}
MultiThreadedCertVerifier::CacheValidityPeriod::CacheValidityPeriod(
@@ -169,6 +226,12 @@ bool MultiThreadedCertVerifier::CacheExpirationFunctor::operator()(
now.verification_time < expiration.expiration_time;
};
+MultiThreadedCertVerifier::Iterator::Iterator(
+ const MultiThreadedCertVerifier& verifier)
+ : iterator_(verifier.cache_) {}
+
+MultiThreadedCertVerifier::Iterator::~Iterator() {}
+
// Represents the output and result callback of a request. The
// CertVerifierRequest is owned by the caller that initiated the call to
// CertVerifier::Verify().
@@ -483,43 +546,44 @@ bool MultiThreadedCertVerifier::SupportsOCSPStapling() {
return verify_proc_->SupportsOCSPStapling();
}
-MultiThreadedCertVerifier::RequestParams::RequestParams(
- const SHA1HashValue& cert_fingerprint_arg,
- const SHA1HashValue& ca_fingerprint_arg,
- const std::string& hostname_arg,
- const std::string& ocsp_response_arg,
- int flags_arg,
- const CertificateList& additional_trust_anchors)
- : hostname(hostname_arg), flags(flags_arg), start_time(base::Time::Now()) {
- hash_values.reserve(3 + additional_trust_anchors.size());
- SHA1HashValue ocsp_hash;
- base::SHA1HashBytes(
- reinterpret_cast<const unsigned char*>(ocsp_response_arg.data()),
- ocsp_response_arg.size(), ocsp_hash.data);
- hash_values.push_back(ocsp_hash);
- hash_values.push_back(cert_fingerprint_arg);
- hash_values.push_back(ca_fingerprint_arg);
- for (size_t i = 0; i < additional_trust_anchors.size(); ++i)
- hash_values.push_back(additional_trust_anchors[i]->fingerprint());
-}
+bool MultiThreadedCertVerifier::AddCertResult(
+ const std::string& hostname,
+ int flags,
+ const std::vector<SHA1HashValue>& hash_values,
+ const base::Time& start_time,
+ int error,
+ const CertVerifyResult& result,
+ const base::Time& verification_time,
+ const base::Time& expiration_time) {
+ base::Time now = base::Time::Now();
+ if (hostname.empty() || hash_values.size() == 0 ||
Ryan Sleevi 2016/05/13 20:18:12 .empty()
+ start_time != verification_time || start_time >= now ||
+ expiration_time <= now ||
+ (expiration_time !=
+ start_time + base::TimeDelta::FromSeconds(kTTLSecs))) {
+ DVLOG(1) << "Invalid data for: " << hostname;
Ryan Sleevi 2016/05/13 20:18:13 Why DVLOG? Is it a programmer error? If so, why no
+ return false;
+ }
-MultiThreadedCertVerifier::RequestParams::RequestParams(
- const RequestParams& other) = default;
+ // If cache is already full, then don't replace the current entries.
+ if (cache_.size() >= kMaxCacheEntries) {
+ DVLOG(1) << "Cache is full";
Ryan Sleevi 2016/05/13 20:18:12 Necessary?
+ return false;
+ }
-MultiThreadedCertVerifier::RequestParams::~RequestParams() {}
+ // Don't overwrite existing entry.
+ RequestParams key(hostname, flags, hash_values, start_time);
+ CacheValidityPeriod expiration(now);
+ if (cache_.Get(key, expiration)) {
+ DVLOG(1) << "Already exists in the cache for " << key.hostname;
Ryan Sleevi 2016/05/13 20:18:13 Necessary?
+ return false;
+ }
-bool MultiThreadedCertVerifier::RequestParams::operator<(
- const RequestParams& other) const {
- // |flags| is compared before |cert_fingerprint|, |ca_fingerprint|,
- // |hostname|, and |ocsp_response|, under assumption that integer comparisons
- // are faster than memory and string comparisons.
- if (flags != other.flags)
- return flags < other.flags;
- if (hostname != other.hostname)
- return hostname < other.hostname;
- return std::lexicographical_compare(
- hash_values.begin(), hash_values.end(), other.hash_values.begin(),
- other.hash_values.end(), SHA1HashValueLessThan());
+ // Add a new entry.
+ CachedResult value(error, result);
+ cache_.Put(key, value, CacheValidityPeriod(verification_time),
+ CacheValidityPeriod(verification_time, expiration_time));
+ return true;
}
bool MultiThreadedCertVerifier::JobComparator::operator()(
« net/cert/cert_verifier_cache_persister_unittest.cc ('K') | « net/cert/multi_threaded_cert_verifier.h ('k') | net/cert/multi_threaded_cert_verifier_unittest.cc » ('j') | net/cert/multi_threaded_cert_verifier_unittest.cc » ('J')

Powered by Google App Engine
This is Rietveld 408576698