| Index: net/cert/multi_threaded_cert_verifier.h
|
| diff --git a/net/cert/multi_threaded_cert_verifier.h b/net/cert/multi_threaded_cert_verifier.h
|
| index 62d68075483e675bca1a6b6e6776fe3f54b8bc04..a3eff2023d9bd7bfde990dda980a9ce66e3062ac 100644
|
| --- a/net/cert/multi_threaded_cert_verifier.h
|
| +++ b/net/cert/multi_threaded_cert_verifier.h
|
| @@ -41,50 +41,6 @@ class NET_EXPORT_PRIVATE MultiThreadedCertVerifier
|
| NON_EXPORTED_BASE(public base::NonThreadSafe),
|
| public CertDatabase::Observer {
|
| public:
|
| - explicit MultiThreadedCertVerifier(CertVerifyProc* verify_proc);
|
| -
|
| - // When the verifier is destroyed, all certificate verifications requests are
|
| - // canceled, and their completion callbacks will not be called.
|
| - ~MultiThreadedCertVerifier() override;
|
| -
|
| - // Configures a source of additional certificates that should be treated as
|
| - // trust anchors during verification, provided that the underlying
|
| - // CertVerifyProc supports additional trust beyond the default implementation.
|
| - // The CertTrustAnchorProvider will only be accessed on the same
|
| - // thread that Verify() is called on; that is, it will not be
|
| - // accessed from worker threads.
|
| - // It must outlive the MultiThreadedCertVerifier.
|
| - void SetCertTrustAnchorProvider(
|
| - CertTrustAnchorProvider* trust_anchor_provider);
|
| -
|
| - // CertVerifier implementation
|
| - int Verify(X509Certificate* cert,
|
| - const std::string& hostname,
|
| - const std::string& ocsp_response,
|
| - int flags,
|
| - CRLSet* crl_set,
|
| - CertVerifyResult* verify_result,
|
| - const CompletionCallback& callback,
|
| - std::unique_ptr<Request>* out_req,
|
| - const BoundNetLog& net_log) override;
|
| -
|
| - bool SupportsOCSPStapling() override;
|
| -
|
| - private:
|
| - struct JobToRequestParamsComparator;
|
| - friend class CertVerifierRequest;
|
| - friend class CertVerifierJob;
|
| - friend class MultiThreadedCertVerifierTest;
|
| - FRIEND_TEST_ALL_PREFIXES(MultiThreadedCertVerifierTest, CacheHit);
|
| - FRIEND_TEST_ALL_PREFIXES(MultiThreadedCertVerifierTest, DifferentCACerts);
|
| - FRIEND_TEST_ALL_PREFIXES(MultiThreadedCertVerifierTest, InflightJoin);
|
| - FRIEND_TEST_ALL_PREFIXES(MultiThreadedCertVerifierTest, MultipleInflightJoin);
|
| - FRIEND_TEST_ALL_PREFIXES(MultiThreadedCertVerifierTest, CancelRequest);
|
| - FRIEND_TEST_ALL_PREFIXES(MultiThreadedCertVerifierTest,
|
| - RequestParamsComparators);
|
| - FRIEND_TEST_ALL_PREFIXES(MultiThreadedCertVerifierTest,
|
| - CertTrustAnchorProvider);
|
| -
|
| // Input parameters of a certificate verification request.
|
| struct NET_EXPORT_PRIVATE RequestParams {
|
| RequestParams(const SHA1HashValue& cert_fingerprint_arg,
|
| @@ -94,6 +50,10 @@ class NET_EXPORT_PRIVATE MultiThreadedCertVerifier
|
| int flags_arg,
|
| const CertificateList& additional_trust_anchors);
|
| RequestParams(const RequestParams& other);
|
| + RequestParams(const std::string& hostname_arg,
|
| + int flags_arg,
|
| + const std::vector<SHA1HashValue>& hash_values_arg,
|
| + const base::Time& start_time_arg);
|
| ~RequestParams();
|
|
|
| bool operator<(const RequestParams& other) const;
|
| @@ -110,6 +70,7 @@ class NET_EXPORT_PRIVATE MultiThreadedCertVerifier
|
| // CachedResult contains the result of a certificate verification.
|
| struct NET_EXPORT_PRIVATE CachedResult {
|
| CachedResult();
|
| + CachedResult(int error_arg, CertVerifyResult result_arg);
|
| ~CachedResult();
|
|
|
| int error; // The return value of CertVerifier::Verify.
|
| @@ -138,6 +99,104 @@ class NET_EXPORT_PRIVATE MultiThreadedCertVerifier
|
| const CacheValidityPeriod& expiration) const;
|
| };
|
|
|
| + typedef ExpiringCache<RequestParams,
|
| + CachedResult,
|
| + CacheValidityPeriod,
|
| + CacheExpirationFunctor>
|
| + CertVerifierCache;
|
| +
|
| + class NET_EXPORT_PRIVATE Iterator {
|
| + public:
|
| + explicit Iterator(const MultiThreadedCertVerifier& verifier);
|
| + ~Iterator();
|
| +
|
| + bool HasNext() const { return iterator_.HasNext(); }
|
| + void Advance() { iterator_.Advance(); }
|
| +
|
| + const std::string& hostname() const { return iterator_.key().hostname; }
|
| + int flags() const { return iterator_.key().flags; }
|
| + const std::vector<SHA1HashValue>& hash_values() const {
|
| + return iterator_.key().hash_values;
|
| + }
|
| + const base::Time& start_time() const { return iterator_.key().start_time; }
|
| + int error() const { return iterator_.value().error; }
|
| + const CertVerifyResult& result() const { return iterator_.value().result; }
|
| + const base::Time& verification_time() const {
|
| + return iterator_.expiration().verification_time;
|
| + }
|
| + const base::Time& expiration_time() const {
|
| + return iterator_.expiration().expiration_time;
|
| + }
|
| +
|
| + private:
|
| + CertVerifierCache::Iterator iterator_;
|
| +
|
| + DISALLOW_COPY_AND_ASSIGN(Iterator);
|
| + };
|
| +
|
| + explicit MultiThreadedCertVerifier(CertVerifyProc* verify_proc);
|
| +
|
| + // When the verifier is destroyed, all certificate verifications requests are
|
| + // canceled, and their completion callbacks will not be called.
|
| + ~MultiThreadedCertVerifier() override;
|
| +
|
| + // Configures a source of additional certificates that should be treated as
|
| + // trust anchors during verification, provided that the underlying
|
| + // CertVerifyProc supports additional trust beyond the default implementation.
|
| + // The CertTrustAnchorProvider will only be accessed on the same
|
| + // thread that Verify() is called on; that is, it will not be
|
| + // accessed from worker threads.
|
| + // It must outlive the MultiThreadedCertVerifier.
|
| + void SetCertTrustAnchorProvider(
|
| + CertTrustAnchorProvider* trust_anchor_provider);
|
| +
|
| + // CertVerifier implementation
|
| + int Verify(X509Certificate* cert,
|
| + const std::string& hostname,
|
| + const std::string& ocsp_response,
|
| + int flags,
|
| + CRLSet* crl_set,
|
| + CertVerifyResult* verify_result,
|
| + const CompletionCallback& callback,
|
| + std::unique_ptr<Request>* out_req,
|
| + const BoundNetLog& net_log) override;
|
| +
|
| + bool SupportsOCSPStapling() override;
|
| +
|
| + // Caches |result| as the result for |hostname|, with the error code
|
| + // of |error|, which was previously obtained by calling |Verify()|
|
| + // with |flags| at |start_time|, for the certificate whose ordered
|
| + // chain was |hash_values|, which was completed at
|
| + // |verification_time|, and should expire by |expiration_time|.
|
| + // If it returns true, subsequent calls to |Verify()| will return this
|
| + // result, if it is before |expiration_time| and matches the
|
| + // |hostname| and |flags|.
|
| + bool AddCertResult(const std::string& hostname,
|
| + int flags,
|
| + const std::vector<SHA1HashValue>& hash_values,
|
| + const base::Time& start_time,
|
| + int error,
|
| + const CertVerifyResult& result,
|
| + const base::Time& verification_time,
|
| + const base::Time& expiration_time);
|
| +
|
| + private:
|
| + struct JobToRequestParamsComparator;
|
| + friend class CertVerifierRequest;
|
| + friend class CertVerifierJob;
|
| + friend class MultiThreadedCertVerifierTest;
|
| + FRIEND_TEST_ALL_PREFIXES(MultiThreadedCertVerifierTest, CacheHit);
|
| + FRIEND_TEST_ALL_PREFIXES(MultiThreadedCertVerifierTest, DifferentCACerts);
|
| + FRIEND_TEST_ALL_PREFIXES(MultiThreadedCertVerifierTest, InflightJoin);
|
| + FRIEND_TEST_ALL_PREFIXES(MultiThreadedCertVerifierTest, MultipleInflightJoin);
|
| + FRIEND_TEST_ALL_PREFIXES(MultiThreadedCertVerifierTest, CancelRequest);
|
| + FRIEND_TEST_ALL_PREFIXES(MultiThreadedCertVerifierTest,
|
| + RequestParamsComparators);
|
| + FRIEND_TEST_ALL_PREFIXES(MultiThreadedCertVerifierTest,
|
| + CertTrustAnchorProvider);
|
| + FRIEND_TEST_ALL_PREFIXES(MultiThreadedCertVerifierTest, CacheHitIterator);
|
| + FRIEND_TEST_ALL_PREFIXES(MultiThreadedCertVerifierTest, AddCertResult);
|
| +
|
| struct JobComparator {
|
| bool operator()(const CertVerifierJob* job1,
|
| const CertVerifierJob* job2) const;
|
| @@ -145,9 +204,6 @@ class NET_EXPORT_PRIVATE MultiThreadedCertVerifier
|
|
|
| using JobSet = std::set<CertVerifierJob*, JobComparator>;
|
|
|
| - typedef ExpiringCache<RequestParams, CachedResult, CacheValidityPeriod,
|
| - CacheExpirationFunctor> CertVerifierCache;
|
| -
|
| // Saves |result| into the cache, keyed by |key|.
|
| void SaveResultToCache(const RequestParams& key, const CachedResult& result);
|
|
|
|
|
Chromium Code Reviews
Issue 1892033002:
Cert - protobufs to serialize and deserialize CertVerifierCache. (Closed)
Base URL: https://chromium.googlesource.com/chromium/src.git@master