Index: net/cert/multi_threaded_cert_verifier.h |
diff --git a/net/cert/multi_threaded_cert_verifier.h b/net/cert/multi_threaded_cert_verifier.h |
index 62d68075483e675bca1a6b6e6776fe3f54b8bc04..a3eff2023d9bd7bfde990dda980a9ce66e3062ac 100644 |
--- a/net/cert/multi_threaded_cert_verifier.h |
+++ b/net/cert/multi_threaded_cert_verifier.h |
@@ -41,50 +41,6 @@ class NET_EXPORT_PRIVATE MultiThreadedCertVerifier |
NON_EXPORTED_BASE(public base::NonThreadSafe), |
public CertDatabase::Observer { |
public: |
- explicit MultiThreadedCertVerifier(CertVerifyProc* verify_proc); |
- |
- // When the verifier is destroyed, all certificate verifications requests are |
- // canceled, and their completion callbacks will not be called. |
- ~MultiThreadedCertVerifier() override; |
- |
- // Configures a source of additional certificates that should be treated as |
- // trust anchors during verification, provided that the underlying |
- // CertVerifyProc supports additional trust beyond the default implementation. |
- // The CertTrustAnchorProvider will only be accessed on the same |
- // thread that Verify() is called on; that is, it will not be |
- // accessed from worker threads. |
- // It must outlive the MultiThreadedCertVerifier. |
- void SetCertTrustAnchorProvider( |
- CertTrustAnchorProvider* trust_anchor_provider); |
- |
- // CertVerifier implementation |
- int Verify(X509Certificate* cert, |
- const std::string& hostname, |
- const std::string& ocsp_response, |
- int flags, |
- CRLSet* crl_set, |
- CertVerifyResult* verify_result, |
- const CompletionCallback& callback, |
- std::unique_ptr<Request>* out_req, |
- const BoundNetLog& net_log) override; |
- |
- bool SupportsOCSPStapling() override; |
- |
- private: |
- struct JobToRequestParamsComparator; |
- friend class CertVerifierRequest; |
- friend class CertVerifierJob; |
- friend class MultiThreadedCertVerifierTest; |
- FRIEND_TEST_ALL_PREFIXES(MultiThreadedCertVerifierTest, CacheHit); |
- FRIEND_TEST_ALL_PREFIXES(MultiThreadedCertVerifierTest, DifferentCACerts); |
- FRIEND_TEST_ALL_PREFIXES(MultiThreadedCertVerifierTest, InflightJoin); |
- FRIEND_TEST_ALL_PREFIXES(MultiThreadedCertVerifierTest, MultipleInflightJoin); |
- FRIEND_TEST_ALL_PREFIXES(MultiThreadedCertVerifierTest, CancelRequest); |
- FRIEND_TEST_ALL_PREFIXES(MultiThreadedCertVerifierTest, |
- RequestParamsComparators); |
- FRIEND_TEST_ALL_PREFIXES(MultiThreadedCertVerifierTest, |
- CertTrustAnchorProvider); |
- |
// Input parameters of a certificate verification request. |
struct NET_EXPORT_PRIVATE RequestParams { |
RequestParams(const SHA1HashValue& cert_fingerprint_arg, |
@@ -94,6 +50,10 @@ class NET_EXPORT_PRIVATE MultiThreadedCertVerifier |
int flags_arg, |
const CertificateList& additional_trust_anchors); |
RequestParams(const RequestParams& other); |
+ RequestParams(const std::string& hostname_arg, |
+ int flags_arg, |
+ const std::vector<SHA1HashValue>& hash_values_arg, |
+ const base::Time& start_time_arg); |
~RequestParams(); |
bool operator<(const RequestParams& other) const; |
@@ -110,6 +70,7 @@ class NET_EXPORT_PRIVATE MultiThreadedCertVerifier |
// CachedResult contains the result of a certificate verification. |
struct NET_EXPORT_PRIVATE CachedResult { |
CachedResult(); |
+ CachedResult(int error_arg, CertVerifyResult result_arg); |
~CachedResult(); |
int error; // The return value of CertVerifier::Verify. |
@@ -138,6 +99,104 @@ class NET_EXPORT_PRIVATE MultiThreadedCertVerifier |
const CacheValidityPeriod& expiration) const; |
}; |
+ typedef ExpiringCache<RequestParams, |
+ CachedResult, |
+ CacheValidityPeriod, |
+ CacheExpirationFunctor> |
+ CertVerifierCache; |
+ |
+ class NET_EXPORT_PRIVATE Iterator { |
+ public: |
+ explicit Iterator(const MultiThreadedCertVerifier& verifier); |
+ ~Iterator(); |
+ |
+ bool HasNext() const { return iterator_.HasNext(); } |
+ void Advance() { iterator_.Advance(); } |
+ |
+ const std::string& hostname() const { return iterator_.key().hostname; } |
+ int flags() const { return iterator_.key().flags; } |
+ const std::vector<SHA1HashValue>& hash_values() const { |
+ return iterator_.key().hash_values; |
+ } |
+ const base::Time& start_time() const { return iterator_.key().start_time; } |
+ int error() const { return iterator_.value().error; } |
+ const CertVerifyResult& result() const { return iterator_.value().result; } |
+ const base::Time& verification_time() const { |
+ return iterator_.expiration().verification_time; |
+ } |
+ const base::Time& expiration_time() const { |
+ return iterator_.expiration().expiration_time; |
+ } |
+ |
+ private: |
+ CertVerifierCache::Iterator iterator_; |
+ |
+ DISALLOW_COPY_AND_ASSIGN(Iterator); |
+ }; |
+ |
+ explicit MultiThreadedCertVerifier(CertVerifyProc* verify_proc); |
+ |
+ // When the verifier is destroyed, all certificate verifications requests are |
+ // canceled, and their completion callbacks will not be called. |
+ ~MultiThreadedCertVerifier() override; |
+ |
+ // Configures a source of additional certificates that should be treated as |
+ // trust anchors during verification, provided that the underlying |
+ // CertVerifyProc supports additional trust beyond the default implementation. |
+ // The CertTrustAnchorProvider will only be accessed on the same |
+ // thread that Verify() is called on; that is, it will not be |
+ // accessed from worker threads. |
+ // It must outlive the MultiThreadedCertVerifier. |
+ void SetCertTrustAnchorProvider( |
+ CertTrustAnchorProvider* trust_anchor_provider); |
+ |
+ // CertVerifier implementation |
+ int Verify(X509Certificate* cert, |
+ const std::string& hostname, |
+ const std::string& ocsp_response, |
+ int flags, |
+ CRLSet* crl_set, |
+ CertVerifyResult* verify_result, |
+ const CompletionCallback& callback, |
+ std::unique_ptr<Request>* out_req, |
+ const BoundNetLog& net_log) override; |
+ |
+ bool SupportsOCSPStapling() override; |
+ |
+ // Caches |result| as the result for |hostname|, with the error code |
+ // of |error|, which was previously obtained by calling |Verify()| |
+ // with |flags| at |start_time|, for the certificate whose ordered |
+ // chain was |hash_values|, which was completed at |
+ // |verification_time|, and should expire by |expiration_time|. |
+ // If it returns true, subsequent calls to |Verify()| will return this |
+ // result, if it is before |expiration_time| and matches the |
+ // |hostname| and |flags|. |
+ bool AddCertResult(const std::string& hostname, |
+ int flags, |
+ const std::vector<SHA1HashValue>& hash_values, |
+ const base::Time& start_time, |
+ int error, |
+ const CertVerifyResult& result, |
+ const base::Time& verification_time, |
+ const base::Time& expiration_time); |
+ |
+ private: |
+ struct JobToRequestParamsComparator; |
+ friend class CertVerifierRequest; |
+ friend class CertVerifierJob; |
+ friend class MultiThreadedCertVerifierTest; |
+ FRIEND_TEST_ALL_PREFIXES(MultiThreadedCertVerifierTest, CacheHit); |
+ FRIEND_TEST_ALL_PREFIXES(MultiThreadedCertVerifierTest, DifferentCACerts); |
+ FRIEND_TEST_ALL_PREFIXES(MultiThreadedCertVerifierTest, InflightJoin); |
+ FRIEND_TEST_ALL_PREFIXES(MultiThreadedCertVerifierTest, MultipleInflightJoin); |
+ FRIEND_TEST_ALL_PREFIXES(MultiThreadedCertVerifierTest, CancelRequest); |
+ FRIEND_TEST_ALL_PREFIXES(MultiThreadedCertVerifierTest, |
+ RequestParamsComparators); |
+ FRIEND_TEST_ALL_PREFIXES(MultiThreadedCertVerifierTest, |
+ CertTrustAnchorProvider); |
+ FRIEND_TEST_ALL_PREFIXES(MultiThreadedCertVerifierTest, CacheHitIterator); |
+ FRIEND_TEST_ALL_PREFIXES(MultiThreadedCertVerifierTest, AddCertResult); |
+ |
struct JobComparator { |
bool operator()(const CertVerifierJob* job1, |
const CertVerifierJob* job2) const; |
@@ -145,9 +204,6 @@ class NET_EXPORT_PRIVATE MultiThreadedCertVerifier |
using JobSet = std::set<CertVerifierJob*, JobComparator>; |
- typedef ExpiringCache<RequestParams, CachedResult, CacheValidityPeriod, |
- CacheExpirationFunctor> CertVerifierCache; |
- |
// Saves |result| into the cache, keyed by |key|. |
void SaveResultToCache(const RequestParams& key, const CachedResult& result); |