Chromium Code Reviews Chromium Code Reviews
Issue 1987113002:
Introduce CertVerifier::RequestParams (Closed)
Base URL: https://chromium.googlesource.com/chromium/src.git@master| OLD | NEW |
|---|---|
| 1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. | 1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. |
| 2 // Use of this source code is governed by a BSD-style license that can be | 2 // Use of this source code is governed by a BSD-style license that can be |
| 3 // found in the LICENSE file. | 3 // found in the LICENSE file. |
| 4 | 4 |
| 5 #ifndef NET_CERT_MULTI_THREADED_CERT_VERIFIER_H_ | 5 #ifndef NET_CERT_MULTI_THREADED_CERT_VERIFIER_H_ |
| 6 #define NET_CERT_MULTI_THREADED_CERT_VERIFIER_H_ | 6 #define NET_CERT_MULTI_THREADED_CERT_VERIFIER_H_ |
| 7 | 7 |
| 8 #include <stddef.h> | 8 #include <stddef.h> |
| 9 #include <stdint.h> | 9 #include <stdint.h> |
| 10 | 10 |
| (...skipping 67 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... | |
| 78 FRIEND_TEST_ALL_PREFIXES(MultiThreadedCertVerifierTest, CacheHit); | 78 FRIEND_TEST_ALL_PREFIXES(MultiThreadedCertVerifierTest, CacheHit); |
| 79 FRIEND_TEST_ALL_PREFIXES(MultiThreadedCertVerifierTest, DifferentCACerts); | 79 FRIEND_TEST_ALL_PREFIXES(MultiThreadedCertVerifierTest, DifferentCACerts); |
| 80 FRIEND_TEST_ALL_PREFIXES(MultiThreadedCertVerifierTest, InflightJoin); | 80 FRIEND_TEST_ALL_PREFIXES(MultiThreadedCertVerifierTest, InflightJoin); |
| 81 FRIEND_TEST_ALL_PREFIXES(MultiThreadedCertVerifierTest, MultipleInflightJoin); | 81 FRIEND_TEST_ALL_PREFIXES(MultiThreadedCertVerifierTest, MultipleInflightJoin); |
| 82 FRIEND_TEST_ALL_PREFIXES(MultiThreadedCertVerifierTest, CancelRequest); | 82 FRIEND_TEST_ALL_PREFIXES(MultiThreadedCertVerifierTest, CancelRequest); |
| 83 FRIEND_TEST_ALL_PREFIXES(MultiThreadedCertVerifierTest, | 83 FRIEND_TEST_ALL_PREFIXES(MultiThreadedCertVerifierTest, |
| 84 RequestParamsComparators); | 84 RequestParamsComparators); |
| 85 FRIEND_TEST_ALL_PREFIXES(MultiThreadedCertVerifierTest, | 85 FRIEND_TEST_ALL_PREFIXES(MultiThreadedCertVerifierTest, |
| 86 CertTrustAnchorProvider); | 86 CertTrustAnchorProvider); |
| 87 | 87 |
| 88 // Input parameters of a certificate verification request. | |
| 89 struct NET_EXPORT_PRIVATE RequestParams { | |
| 90 RequestParams(const SHA1HashValue& cert_fingerprint_arg, | |
| 91 const SHA1HashValue& ca_fingerprint_arg, | |
| 92 const std::string& hostname_arg, | |
| 93 const std::string& ocsp_response_arg, | |
| 94 int flags_arg, | |
| 95 const CertificateList& additional_trust_anchors); | |
| 96 RequestParams(const RequestParams& other); | |
| 97 ~RequestParams(); | |
| 98 | |
| 99 bool operator<(const RequestParams& other) const; | |
| 100 | |
| 101 std::string hostname; | |
| 102 int flags; | |
| 103 std::vector<SHA1HashValue> hash_values; | |
| 104 // The time when verification started. | |
| 105 // Note: This uses base::Time, rather than base::TimeTicks, to | |
| 106 // account for system clock changes. | |
| 107 base::Time start_time; | |
| 108 }; | |
| 109 | |
| 110 // CachedResult contains the result of a certificate verification. | 88 // CachedResult contains the result of a certificate verification. |
| 111 struct NET_EXPORT_PRIVATE CachedResult { | 89 struct NET_EXPORT_PRIVATE CachedResult { |
| 112 CachedResult(); | 90 CachedResult(); |
| 113 ~CachedResult(); | 91 ~CachedResult(); |
| 114 | 92 |
| 115 int error; // The return value of CertVerifier::Verify. | 93 int error; // The return value of CertVerifier::Verify. |
| 116 CertVerifyResult result; // The output of CertVerifier::Verify. | 94 CertVerifyResult result; // The output of CertVerifier::Verify. |
| 117 }; | 95 }; |
| 118 | 96 |
| 119 // Rather than having a single validity point along a monotonically increasing | 97 // Rather than having a single validity point along a monotonically increasing |
| (...skipping 17 matching lines...) Expand all Loading... | |
| 137 bool operator()(const CacheValidityPeriod& now, | 115 bool operator()(const CacheValidityPeriod& now, |
| 138 const CacheValidityPeriod& expiration) const; | 116 const CacheValidityPeriod& expiration) const; |
| 139 }; | 117 }; |
| 140 | 118 |
| 141 struct JobComparator { | 119 struct JobComparator { |
| 142 bool operator()(const CertVerifierJob* job1, | 120 bool operator()(const CertVerifierJob* job1, |
| 143 const CertVerifierJob* job2) const; | 121 const CertVerifierJob* job2) const; |
| 144 }; | 122 }; |
| 145 | 123 |
| 146 using JobSet = std::set<CertVerifierJob*, JobComparator>; | 124 using JobSet = std::set<CertVerifierJob*, JobComparator>; |
| 125 using CertVerifierCache = ExpiringCache<CertVerifier::RequestParams, | |
| 126 CachedResult, | |
| 127 CacheValidityPeriod, | |
| 128 CacheExpirationFunctor>; | |
| 147 | 129 |
| 148 typedef ExpiringCache<RequestParams, CachedResult, CacheValidityPeriod, | 130 // Saves |result| into the cache, keyed by |key|, which began validation at |
| 149 CacheExpirationFunctor> CertVerifierCache; | 131 // |start_time|. |
| 150 | 132 void SaveResultToCache(const CertVerifier::RequestParams& key, |
|
eroman
2016/05/18 01:43:18
nit: is the CertVerifier:: prefix needed here?
| |
| 151 // Saves |result| into the cache, keyed by |key|. | 133 const base::Time& start_time, |
| 152 void SaveResultToCache(const RequestParams& key, const CachedResult& result); | 134 const CachedResult& result); |
| 153 | 135 |
| 154 // CertDatabase::Observer methods: | 136 // CertDatabase::Observer methods: |
| 155 void OnCACertChanged(const X509Certificate* cert) override; | 137 void OnCACertChanged(const X509Certificate* cert) override; |
| 156 | 138 |
| 157 // Returns an inflight job for |key|. If there is no such job then returns | 139 // Returns an inflight job for |key|. If there is no such job then returns |
| 158 // null. | 140 // null. |
| 159 CertVerifierJob* FindJob(const RequestParams& key); | 141 CertVerifierJob* FindJob(const CertVerifier::RequestParams& key); |
| 160 | 142 |
| 161 // Removes |job| from the inflight set, and passes ownership back to the | 143 // Removes |job| from the inflight set, and passes ownership back to the |
| 162 // caller. |job| must already be |inflight_|. | 144 // caller. |job| must already be |inflight_|. |
| 163 std::unique_ptr<CertVerifierJob> RemoveJob(CertVerifierJob* job); | 145 std::unique_ptr<CertVerifierJob> RemoveJob(CertVerifierJob* job); |
| 164 | 146 |
| 165 // For unit testing. | 147 // For unit testing. |
| 166 void ClearCache() { cache_.Clear(); } | 148 void ClearCache() { cache_.Clear(); } |
| 167 size_t GetCacheSize() const { return cache_.size(); } | 149 size_t GetCacheSize() const { return cache_.size(); } |
| 168 uint64_t cache_hits() const { return cache_hits_; } | 150 uint64_t cache_hits() const { return cache_hits_; } |
| 169 uint64_t requests() const { return requests_; } | 151 uint64_t requests() const { return requests_; } |
| (...skipping 12 matching lines...) Expand all Loading... | |
| 182 scoped_refptr<CertVerifyProc> verify_proc_; | 164 scoped_refptr<CertVerifyProc> verify_proc_; |
| 183 | 165 |
| 184 CertTrustAnchorProvider* trust_anchor_provider_; | 166 CertTrustAnchorProvider* trust_anchor_provider_; |
| 185 | 167 |
| 186 DISALLOW_COPY_AND_ASSIGN(MultiThreadedCertVerifier); | 168 DISALLOW_COPY_AND_ASSIGN(MultiThreadedCertVerifier); |
| 187 }; | 169 }; |
| 188 | 170 |
| 189 } // namespace net | 171 } // namespace net |
| 190 | 172 |
| 191 #endif // NET_CERT_MULTI_THREADED_CERT_VERIFIER_H_ | 173 #endif // NET_CERT_MULTI_THREADED_CERT_VERIFIER_H_ |
| OLD | NEW |
