Index: net/cert/multi_threaded_cert_verifier.cc |
diff --git a/net/cert/multi_threaded_cert_verifier.cc b/net/cert/multi_threaded_cert_verifier.cc |
index 2d650253ddaebabafe7f47c04436253a3212cfc1..7b9276db8d60a1f0ee1e395ccf86ca783b8b1f47 100644 |
--- a/net/cert/multi_threaded_cert_verifier.cc |
+++ b/net/cert/multi_threaded_cert_verifier.cc |
@@ -117,8 +117,65 @@ std::unique_ptr<base::Value> CertVerifyResultCallback( |
} // namespace |
+MultiThreadedCertVerifier::RequestParams::RequestParams( |
+ const SHA1HashValue& cert_fingerprint_arg, |
+ const SHA1HashValue& ca_fingerprint_arg, |
+ const std::string& hostname_arg, |
+ const std::string& ocsp_response_arg, |
+ int flags_arg, |
+ const CertificateList& additional_trust_anchors) |
+ : hostname(hostname_arg), flags(flags_arg), start_time(base::Time::Now()) { |
+ hash_values.reserve(3 + additional_trust_anchors.size()); |
+ SHA1HashValue ocsp_hash; |
+ base::SHA1HashBytes( |
+ reinterpret_cast<const unsigned char*>(ocsp_response_arg.data()), |
+ ocsp_response_arg.size(), ocsp_hash.data); |
+ hash_values.push_back(ocsp_hash); |
+ hash_values.push_back(cert_fingerprint_arg); |
+ hash_values.push_back(ca_fingerprint_arg); |
+ for (size_t i = 0; i < additional_trust_anchors.size(); ++i) |
+ hash_values.push_back(additional_trust_anchors[i]->fingerprint()); |
+} |
+ |
+MultiThreadedCertVerifier::RequestParams::RequestParams( |
+ const RequestParams& other) = default; |
+ |
+MultiThreadedCertVerifier::RequestParams::RequestParams( |
+ const std::string& hostname_arg, |
+ int flags_arg, |
+ const std::vector<SHA1HashValue>& hash_values_arg, |
+ const base::Time& start_time_arg) { |
+ hostname = hostname_arg; |
+ flags = flags_arg; |
+ hash_values = std::move(hash_values_arg); |
+ start_time = start_time_arg; |
+} |
+ |
+MultiThreadedCertVerifier::RequestParams::~RequestParams() {} |
+ |
+bool MultiThreadedCertVerifier::RequestParams::operator<( |
+ const RequestParams& other) const { |
+ // |flags| is compared before |cert_fingerprint|, |ca_fingerprint|, |
+ // |hostname|, and |ocsp_response|, under assumption that integer comparisons |
+ // are faster than memory and string comparisons. |
+ if (flags != other.flags) |
+ return flags < other.flags; |
+ if (hostname != other.hostname) |
+ return hostname < other.hostname; |
+ return std::lexicographical_compare( |
+ hash_values.begin(), hash_values.end(), other.hash_values.begin(), |
+ other.hash_values.end(), SHA1HashValueLessThan()); |
+} |
+ |
MultiThreadedCertVerifier::CachedResult::CachedResult() : error(ERR_FAILED) {} |
+MultiThreadedCertVerifier::CachedResult::CachedResult( |
+ int error_arg, |
+ CertVerifyResult result_arg) |
+ : error(error_arg) { |
+ result.CopyFrom(result_arg); |
+} |
+ |
MultiThreadedCertVerifier::CachedResult::~CachedResult() {} |
MultiThreadedCertVerifier::CacheValidityPeriod::CacheValidityPeriod( |
@@ -169,6 +226,12 @@ bool MultiThreadedCertVerifier::CacheExpirationFunctor::operator()( |
now.verification_time < expiration.expiration_time; |
}; |
+MultiThreadedCertVerifier::Iterator::Iterator( |
+ const MultiThreadedCertVerifier& verifier) |
+ : iterator_(verifier.cache_) {} |
+ |
+MultiThreadedCertVerifier::Iterator::~Iterator() {} |
+ |
// Represents the output and result callback of a request. The |
// CertVerifierRequest is owned by the caller that initiated the call to |
// CertVerifier::Verify(). |
@@ -483,43 +546,44 @@ bool MultiThreadedCertVerifier::SupportsOCSPStapling() { |
return verify_proc_->SupportsOCSPStapling(); |
} |
-MultiThreadedCertVerifier::RequestParams::RequestParams( |
- const SHA1HashValue& cert_fingerprint_arg, |
- const SHA1HashValue& ca_fingerprint_arg, |
- const std::string& hostname_arg, |
- const std::string& ocsp_response_arg, |
- int flags_arg, |
- const CertificateList& additional_trust_anchors) |
- : hostname(hostname_arg), flags(flags_arg), start_time(base::Time::Now()) { |
- hash_values.reserve(3 + additional_trust_anchors.size()); |
- SHA1HashValue ocsp_hash; |
- base::SHA1HashBytes( |
- reinterpret_cast<const unsigned char*>(ocsp_response_arg.data()), |
- ocsp_response_arg.size(), ocsp_hash.data); |
- hash_values.push_back(ocsp_hash); |
- hash_values.push_back(cert_fingerprint_arg); |
- hash_values.push_back(ca_fingerprint_arg); |
- for (size_t i = 0; i < additional_trust_anchors.size(); ++i) |
- hash_values.push_back(additional_trust_anchors[i]->fingerprint()); |
-} |
+bool MultiThreadedCertVerifier::AddCertResult( |
+ const std::string& hostname, |
+ int flags, |
+ const std::vector<SHA1HashValue>& hash_values, |
+ const base::Time& start_time, |
+ int error, |
+ const CertVerifyResult& result, |
+ const base::Time& verification_time, |
+ const base::Time& expiration_time) { |
+ base::Time now = base::Time::Now(); |
+ if (hostname.empty() || hash_values.size() == 0 || |
Ryan Sleevi
2016/05/13 20:18:12
.empty()
|
+ start_time != verification_time || start_time >= now || |
+ expiration_time <= now || |
+ (expiration_time != |
+ start_time + base::TimeDelta::FromSeconds(kTTLSecs))) { |
+ DVLOG(1) << "Invalid data for: " << hostname; |
Ryan Sleevi
2016/05/13 20:18:13
Why DVLOG? Is it a programmer error? If so, why no
|
+ return false; |
+ } |
-MultiThreadedCertVerifier::RequestParams::RequestParams( |
- const RequestParams& other) = default; |
+ // If cache is already full, then don't replace the current entries. |
+ if (cache_.size() >= kMaxCacheEntries) { |
+ DVLOG(1) << "Cache is full"; |
Ryan Sleevi
2016/05/13 20:18:12
Necessary?
|
+ return false; |
+ } |
-MultiThreadedCertVerifier::RequestParams::~RequestParams() {} |
+ // Don't overwrite existing entry. |
+ RequestParams key(hostname, flags, hash_values, start_time); |
+ CacheValidityPeriod expiration(now); |
+ if (cache_.Get(key, expiration)) { |
+ DVLOG(1) << "Already exists in the cache for " << key.hostname; |
Ryan Sleevi
2016/05/13 20:18:13
Necessary?
|
+ return false; |
+ } |
-bool MultiThreadedCertVerifier::RequestParams::operator<( |
- const RequestParams& other) const { |
- // |flags| is compared before |cert_fingerprint|, |ca_fingerprint|, |
- // |hostname|, and |ocsp_response|, under assumption that integer comparisons |
- // are faster than memory and string comparisons. |
- if (flags != other.flags) |
- return flags < other.flags; |
- if (hostname != other.hostname) |
- return hostname < other.hostname; |
- return std::lexicographical_compare( |
- hash_values.begin(), hash_values.end(), other.hash_values.begin(), |
- other.hash_values.end(), SHA1HashValueLessThan()); |
+ // Add a new entry. |
+ CachedResult value(error, result); |
+ cache_.Put(key, value, CacheValidityPeriod(verification_time), |
+ CacheValidityPeriod(verification_time, expiration_time)); |
+ return true; |
} |
bool MultiThreadedCertVerifier::JobComparator::operator()( |