| Index: net/cert/cert_verifier_cache_persister.cc
|
| diff --git a/net/cert/cert_verifier_cache_persister.cc b/net/cert/cert_verifier_cache_persister.cc
|
| new file mode 100644
|
| index 0000000000000000000000000000000000000000..2ef7ae76536e968566d16c589b750ec433ea679a
|
| --- /dev/null
|
| +++ b/net/cert/cert_verifier_cache_persister.cc
|
| @@ -0,0 +1,263 @@
|
| +// Copyright (c) 2016 The Chromium Authors. All rights reserved.
|
| +// Use of this source code is governed by a BSD-style license that can be
|
| +// found in the LICENSE file.
|
| +
|
| +#include "net/cert/cert_verifier_cache_persister.h"
|
| +
|
| +#include "base/logging.h"
|
| +#include "base/metrics/histogram_macros.h"
|
| +#include "base/pickle.h"
|
| +#include "base/time/time.h"
|
| +#include "net/base/hash_value.h"
|
| +#include "net/cert/cert_verify_result.h"
|
| +#include "net/cert/proto/cert_verification.pb.h"
|
| +#include "net/cert/x509_certificate.h"
|
| +
|
| +namespace net {
|
| +
|
| +CertVerifierCachePersister::CertVerifierCachePersister(
|
| + MultiThreadedCertVerifier* verifier)
|
| + : verifier_(verifier) {}
|
| +
|
| +CertVerifierCachePersister::~CertVerifierCachePersister() {}
|
| +
|
| +void CertVerifierCachePersister::SerializeCache(std::string* data) {
|
| + base::TimeTicks start_time(base::TimeTicks::Now());
|
| + CertVerificationCache proto_cert_cache;
|
| +
|
| + MultiThreadedCertVerifier::CertVerifierCacheIterator cache_iterator(
|
| + *verifier_);
|
| + for (; cache_iterator.HasNext(); cache_iterator.Advance()) {
|
| + CertVerificationCacheEntry* proto_cache_entry =
|
| + proto_cert_cache.add_cache_entry();
|
| +
|
| + CertVerificationRequestParams* proto_request_param =
|
| + proto_cache_entry->mutable_request_params();
|
| + SerializeRequestParams(cache_iterator, proto_request_param);
|
| +
|
| + CertVerificationCachedResult* proto_cached_result =
|
| + proto_cache_entry->mutable_cached_result();
|
| + SerializeCachedResult(cache_iterator, proto_cached_result);
|
| +
|
| + CertVerificationCacheValidityPeriod* proto_cache_validity_period =
|
| + proto_cache_entry->mutable_cache_validity_period();
|
| + SerializeValidityPeriod(cache_iterator, proto_cache_validity_period);
|
| + }
|
| +
|
| + proto_cert_cache.SerializeToString(data);
|
| + UMA_HISTOGRAM_TIMES("Net.CertVerifierCachePersister.SerializeTime",
|
| + base::TimeTicks::Now() - start_time);
|
| +}
|
| +
|
| +bool CertVerifierCachePersister::LoadCache(const std::string& data) {
|
| + base::TimeTicks start_time(base::TimeTicks::Now());
|
| +
|
| + CertVerificationCache proto;
|
| + if (!proto.ParseFromString(data)) {
|
| + DVLOG(1) << "Protobug ParseFromString failure";
|
| + return false;
|
| + }
|
| + for (int i = 0; i < proto.cache_entry_size(); ++i) {
|
| + const CertVerificationCacheEntry& cache_entry = proto.cache_entry(i);
|
| + if (!cache_entry.has_request_params() ||
|
| + !cache_entry.has_cache_validity_period() ||
|
| + !cache_entry.has_cached_result()) {
|
| + DVLOG(1) << "Invalid CertVerificationCacheEntry";
|
| + continue;
|
| + }
|
| +
|
| + const CertVerificationRequestParams& proto_request_params =
|
| + cache_entry.request_params();
|
| + MultiThreadedCertVerifier::RequestParams key;
|
| + if (!DeserializeRequestParams(proto_request_params, &key))
|
| + continue;
|
| +
|
| + MultiThreadedCertVerifier::CacheValidityPeriod expiration(
|
| + base::Time::Now());
|
| + const MultiThreadedCertVerifier::CertVerifierCache::value_type*
|
| + cached_entry = verifier_->cache_.Get(key, expiration);
|
| + if (cached_entry) {
|
| + DVLOG(1) << "Already exists in the cache for " << key.hostname;
|
| + continue;
|
| + }
|
| +
|
| + const CertVerificationCacheValidityPeriod& proto_cache_validity_period =
|
| + cache_entry.cache_validity_period();
|
| + if (!DeserializeValidityPeriod(proto_cache_validity_period, key.hostname,
|
| + &expiration)) {
|
| + continue;
|
| + }
|
| +
|
| + const CertVerificationCachedResult& proto_cached_result =
|
| + cache_entry.cached_result();
|
| + MultiThreadedCertVerifier::CachedResult cached_result;
|
| + if (!DeserializeCachedResult(proto_cached_result, key.hostname,
|
| + &cached_result)) {
|
| + continue;
|
| + }
|
| +
|
| + verifier_->cache_.Put(
|
| + key, cached_result,
|
| + MultiThreadedCertVerifier::CacheValidityPeriod(key.start_time),
|
| + expiration);
|
| + }
|
| + UMA_HISTOGRAM_TIMES("Net.CertVerifierCachePersister.LoadCacheTime",
|
| + base::TimeTicks::Now() - start_time);
|
| + return true;
|
| +}
|
| +
|
| +void CertVerifierCachePersister::SerializeRequestParams(
|
| + MultiThreadedCertVerifier::CertVerifierCacheIterator& cache_iterator,
|
| + CertVerificationRequestParams* proto_request_param) {
|
| + proto_request_param->set_hostname(cache_iterator.hostname());
|
| + proto_request_param->set_flags(cache_iterator.flags());
|
| + proto_request_param->set_start_time(
|
| + cache_iterator.start_time().ToInternalValue());
|
| + for (const SHA1HashValue& value : cache_iterator.hash_values()) {
|
| + CertVerificationSHA1HashValue* hash_value =
|
| + proto_request_param->add_hash_values();
|
| + hash_value->set_data(value.data, 20);
|
| + }
|
| +}
|
| +
|
| +void CertVerifierCachePersister::SerializeCachedResult(
|
| + MultiThreadedCertVerifier::CertVerifierCacheIterator& cache_iterator,
|
| + CertVerificationCachedResult* proto_cached_result) {
|
| + proto_cached_result->set_error(cache_iterator.error());
|
| +
|
| + // Serialize CertVerifyResult.
|
| + CertVerificationResult* proto_result = proto_cached_result->mutable_result();
|
| + const CertVerifyResult& result = cache_iterator.result();
|
| +
|
| + // TODO(rtenneti): Don't use picke to persist the certificates. Persist each
|
| + // unique individual certificate.
|
| + base::Pickle pickle;
|
| + result.verified_cert->Persist(&pickle);
|
| + std::string verified_cert(reinterpret_cast<const char*>(pickle.data()),
|
| + pickle.size());
|
| + proto_result->set_verified_cert(verified_cert);
|
| + proto_result->set_cert_status(result.cert_status);
|
| + proto_result->set_has_md2(result.has_md2);
|
| + proto_result->set_has_md4(result.has_md4);
|
| + proto_result->set_has_md5(result.has_md5);
|
| + proto_result->set_has_sha1(result.has_sha1);
|
| + proto_result->set_has_sha1_leaf(result.has_sha1_leaf);
|
| + for (const HashValue& value : result.public_key_hashes)
|
| + proto_result->add_public_key_hashes(value.ToString());
|
| + proto_result->set_is_issued_by_known_root(result.is_issued_by_known_root);
|
| + proto_result->set_is_issued_by_additional_trust_anchor(
|
| + result.is_issued_by_additional_trust_anchor);
|
| + proto_result->set_common_name_fallback_used(result.common_name_fallback_used);
|
| +}
|
| +
|
| +void CertVerifierCachePersister::SerializeValidityPeriod(
|
| + MultiThreadedCertVerifier::CertVerifierCacheIterator& cache_iterator,
|
| + CertVerificationCacheValidityPeriod* proto_cache_validity_period) {
|
| + proto_cache_validity_period->set_verification_time(
|
| + cache_iterator.verification_time().ToInternalValue());
|
| + proto_cache_validity_period->set_expiration_time(
|
| + cache_iterator.expiration_time().ToInternalValue());
|
| +}
|
| +
|
| +bool CertVerifierCachePersister::DeserializeRequestParams(
|
| + const CertVerificationRequestParams& proto_request_params,
|
| + MultiThreadedCertVerifier::RequestParams* request_params) {
|
| + int hash_values_size = proto_request_params.hash_values_size();
|
| + if (!proto_request_params.has_hostname() ||
|
| + proto_request_params.hostname().empty() ||
|
| + !proto_request_params.has_flags() || hash_values_size <= 0 ||
|
| + !proto_request_params.has_start_time()) {
|
| + DVLOG(1) << "Invalid CertVerificationRequestParams";
|
| + return false;
|
| + }
|
| +
|
| + request_params->hostname.assign(proto_request_params.hostname());
|
| + request_params->flags = proto_request_params.flags();
|
| + request_params->hash_values.resize(hash_values_size);
|
| + for (int index = 0; index < hash_values_size; ++index) {
|
| + const CertVerificationSHA1HashValue& hash_values =
|
| + proto_request_params.hash_values(index);
|
| + if (!hash_values.has_data()) {
|
| + DVLOG(1) << "Invalid CertVerificationSHA1HashValue for "
|
| + << request_params->hostname;
|
| + return false;
|
| + }
|
| + const std::string& data = hash_values.data();
|
| + memcpy(request_params->hash_values[index].data, data.data(), data.length());
|
| + }
|
| + return true;
|
| +}
|
| +
|
| +bool CertVerifierCachePersister::DeserializeValidityPeriod(
|
| + const CertVerificationCacheValidityPeriod& proto_cache_validity_period,
|
| + const std::string& hostname,
|
| + MultiThreadedCertVerifier::CacheValidityPeriod* expiration) {
|
| + if (!proto_cache_validity_period.has_verification_time() ||
|
| + !proto_cache_validity_period.has_expiration_time()) {
|
| + DVLOG(1) << "Invalid CertVerificationCacheValidityPeriod" << hostname;
|
| + return false;
|
| + }
|
| + expiration->verification_time = base::Time::FromInternalValue(
|
| + proto_cache_validity_period.verification_time());
|
| + expiration->expiration_time = base::Time::FromInternalValue(
|
| + proto_cache_validity_period.expiration_time());
|
| + if (expiration->verification_time > expiration->expiration_time ||
|
| + expiration->expiration_time < base::Time::Now() ||
|
| + expiration->verification_time > base::Time::Now()) {
|
| + DVLOG(1) << "CertVerificationCacheValidityPeriod expired for " << hostname;
|
| + return false;
|
| + }
|
| + return true;
|
| +}
|
| +
|
| +bool CertVerifierCachePersister::DeserializeCachedResult(
|
| + const CertVerificationCachedResult& proto_cached_result,
|
| + const std::string& hostname,
|
| + MultiThreadedCertVerifier::CachedResult* cached_result) {
|
| + if (!proto_cached_result.has_error() || !proto_cached_result.has_result()) {
|
| + DVLOG(1) << "Invalid CertVerificationCacheEntry";
|
| + return false;
|
| + }
|
| + const CertVerificationResult& proto_result = proto_cached_result.result();
|
| + if (!proto_result.has_verified_cert() || !proto_result.has_cert_status()) {
|
| + DVLOG(1) << "Invalid CertVerificationResult for " << hostname;
|
| + return false;
|
| + }
|
| +
|
| + cached_result->error = proto_cached_result.error();
|
| + const std::string& verified_cert = proto_result.verified_cert();
|
| + base::Pickle pickle(verified_cert.data(), verified_cert.length());
|
| + base::PickleIterator iter1(pickle);
|
| + cached_result->result.verified_cert = X509Certificate::CreateFromPickle(
|
| + &iter1, X509Certificate::PICKLETYPE_CERTIFICATE_CHAIN_V3);
|
| + if (cached_result->result.verified_cert.get() == nullptr) {
|
| + DVLOG(1) << "CertVerificationResult has invalid certificate chain for "
|
| + << hostname;
|
| + return false;
|
| + }
|
| + for (int i = 0; i < proto_result.public_key_hashes_size(); ++i) {
|
| + const ::std::string& public_key_hash = proto_result.public_key_hashes(i);
|
| + HashValue hash;
|
| + if (!hash.FromString(public_key_hash)) {
|
| + DVLOG(1) << "CertVerificationResult has invalid public_key_hashes for "
|
| + << hostname;
|
| + return false;
|
| + }
|
| + cached_result->result.public_key_hashes.push_back(hash);
|
| + }
|
| + cached_result->result.cert_status = proto_result.cert_status();
|
| + cached_result->result.has_md2 = proto_result.has_md2();
|
| + cached_result->result.has_md4 = proto_result.has_md4();
|
| + cached_result->result.has_md5 = proto_result.has_md5();
|
| + cached_result->result.has_sha1 = proto_result.has_sha1();
|
| + cached_result->result.has_sha1_leaf = proto_result.has_sha1_leaf();
|
| + cached_result->result.is_issued_by_known_root =
|
| + proto_result.is_issued_by_known_root();
|
| + cached_result->result.is_issued_by_additional_trust_anchor =
|
| + proto_result.is_issued_by_additional_trust_anchor();
|
| + cached_result->result.common_name_fallback_used =
|
| + proto_result.common_name_fallback_used();
|
| + return true;
|
| +}
|
| +
|
| +} // namespace net
|
|
|
Chromium Code Reviews
Issue 1892033002:
Cert - protobufs to serialize and deserialize CertVerifierCache. (Closed)
Base URL: https://chromium.googlesource.com/chromium/src.git@master