net/cert/caching_cert_verifier.h - Issue 1999733002: Add support for walking and modifying the CachingCertVerifier

Side by Side Diff: net/cert/caching_cert_verifier.h

Issue 1999733002: Add support for walking and modifying the CachingCertVerifier (Closed) Base URL: https://chromium.googlesource.com/chromium/src.git@move_cache

Patch Set: Created 4 years, 7 months ago

Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.

Jump to:

View unified diff | Download patch

OLD	NEW
1 // Copyright 2016 The Chromium Authors. All rights reserved.	1 // Copyright 2016 The Chromium Authors. All rights reserved.

2 // Use of this source code is governed by a BSD-style license that can be	2 // Use of this source code is governed by a BSD-style license that can be

3 // found in the LICENSE file.	3 // found in the LICENSE file.

4	4

5 #ifndef NET_CERT_CACHING_CERT_VERIFIER_H_	5 #ifndef NET_CERT_CACHING_CERT_VERIFIER_H_

6 #define NET_CERT_CACHING_CERT_VERIFIER_H_	6 #define NET_CERT_CACHING_CERT_VERIFIER_H_

7	7

8 #include <memory>	8 #include <memory>

9	9

10 #include "net/base/expiring_cache.h"	10 #include "net/base/expiring_cache.h"

11 #include "net/base/net_export.h"	11 #include "net/base/net_export.h"

12 #include "net/cert/cert_database.h"	12 #include "net/cert/cert_database.h"

13 #include "net/cert/cert_verifier.h"	13 #include "net/cert/cert_verifier.h"

14 #include "net/cert/cert_verify_result.h"	14 #include "net/cert/cert_verify_result.h"

15	15

16 namespace net {	16 namespace net {

17	17

18 class CertTrustAnchorProvider;	18 class CertTrustAnchorProvider;

19	19

20 class NET_EXPORT CachingCertVerifier : public CertVerifier,	20 class NET_EXPORT CachingCertVerifier : public CertVerifier,

21 public CertDatabase::Observer {	21 public CertDatabase::Observer {

22 public:	22 public:

	23 // Provides a read-only iterator over items in the cache.

	24 //

	25 // This iterator is invalidated by any modifications to the cache, such

	26 // as by a call to Verify() or to AddEntry().

	27 class NET_EXPORT Iterator {

	28 public:

	29 explicit Iterator(const CachingCertVerifier& verifier);
	eroman 2016/06/13 22:49:35 I would have said this is clearer as a pointer rat I would have said this is clearer as a pointer rather than reference type given how this is coupled to the lifetime of \|verifier\|.... But looks like the underlying cache iterator using this same interface. Can you add a comment explaining that \|verifier\| needs to outlive \|this\| ? (Technically a bit stronger requirement, but easier to explain).
	30 ~Iterator();

	31

	32 bool HasNext() const;
	eroman 2016/06/13 22:49:35 Iteration currently exposes expired entries right? Iteration currently exposes expired entries right? Should a compaction be done before iterating, or is the expectation on the client to not bother serializing expired entries?
	33 void Advance();

	34

	35 const RequestParams& params() const;

	36 int error() const;

	37 const CertVerifyResult& verify_result() const;

	38 base::Time verification_time() const;

	39 base::Time expiration_time() const;

	40

	41 private:

	42 void* iter_;

	43 };
	eroman 2016/06/13 22:49:35 Disallow copy and assign. Disallow copy and assign.
	44

23 explicit CachingCertVerifier(std::unique_ptr<CertVerifier> verifier);	45 explicit CachingCertVerifier(std::unique_ptr<CertVerifier> verifier);

24	46

25 ~CachingCertVerifier() override;	47 ~CachingCertVerifier() override;

26	48

27 // Configures a source of additional certificates that should be treated as	49 // Configures a source of additional certificates that should be treated as

28 // trust anchors during verification, provided that the underlying	50 // trust anchors during verification, provided that the underlying

29 // CertVerifyProc supports additional trust beyond the default implementation.	51 // CertVerifyProc supports additional trust beyond the default implementation.

30 // It must outlive the CachingCertVerifier.	52 // It must outlive the CachingCertVerifier.

31 void SetCertTrustAnchorProvider(	53 void SetCertTrustAnchorProvider(

32 CertTrustAnchorProvider* trust_anchor_provider);	54 CertTrustAnchorProvider* trust_anchor_provider);

33	55

34 // CertVerifier implementation:	56 // CertVerifier implementation:

35 int Verify(const RequestParams& params,	57 int Verify(const RequestParams& params,

36 CRLSet* crl_set,	58 CRLSet* crl_set,

37 CertVerifyResult* verify_result,	59 CertVerifyResult* verify_result,

38 const CompletionCallback& callback,	60 const CompletionCallback& callback,

39 std::unique_ptr<Request>* out_req,	61 std::unique_ptr<Request>* out_req,

40 const BoundNetLog& net_log) override;	62 const BoundNetLog& net_log) override;

41 bool SupportsOCSPStapling() override;	63 bool SupportsOCSPStapling() override;

42	64

	65 // Opportunistically attempt to add \|error\| and \|verify_result\| as the
	eroman 2016/06/13 22:49:35 style nit: use descriptive rather than imperative style nit: use descriptive rather than imperative comment. i.e. "attempt" --> "attempts"
	66 // result for \|params\|, which was obtained at \|verification_time\| and

	67 // expires at \|expiration_time\|.

	68 // This is opportunistic because it is not guaranteed that the entry

	69 // will be added (such as if the cache is full or an entry already

	70 // exists).
	eroman 2016/06/13 22:49:35 nit: Mention how how this relates to the return va nit: Mention how how this relates to the return value. eroman 2016/06/16 00:25:04 ping? (My request was to comment that returns true Show quoted text On 2016/06/13 22:49:35, eroman wrote: > nit: Mention how how this relates to the return value. ping? (My request was to comment that returns true if an entry was added)
	71 bool AddEntry(const RequestParams& params,

	72 int error,

	73 const CertVerifyResult& verify_result,

	74 base::Time verification_time);

	75

43 private:	76 private:

	77 friend class Iterator;

44 FRIEND_TEST_ALL_PREFIXES(CachingCertVerifierTest, CacheHit);	78 FRIEND_TEST_ALL_PREFIXES(CachingCertVerifierTest, CacheHit);

45 FRIEND_TEST_ALL_PREFIXES(CachingCertVerifierTest, DifferentCACerts);	79 FRIEND_TEST_ALL_PREFIXES(CachingCertVerifierTest, DifferentCACerts);

46 FRIEND_TEST_ALL_PREFIXES(CachingCertVerifierTest, CertTrustAnchorProvider);	80 FRIEND_TEST_ALL_PREFIXES(CachingCertVerifierTest, CertTrustAnchorProvider);

47	81

48 // CachedResult contains the result of a certificate verification.	82 // CachedResult contains the result of a certificate verification.

49 struct NET_EXPORT_PRIVATE CachedResult {	83 struct NET_EXPORT_PRIVATE CachedResult {

50 CachedResult();	84 CachedResult();

51 ~CachedResult();	85 ~CachedResult();

52	86

53 int error; // The return value of CertVerifier::Verify.	87 int error; // The return value of CertVerifier::Verify.

(...skipping 61 matching lines...) Expand 10 before \| Expand all \| Expand 10 after Loading...
115	149

116 uint64_t requests_;	150 uint64_t requests_;

117 uint64_t cache_hits_;	151 uint64_t cache_hits_;

118	152

119 DISALLOW_COPY_AND_ASSIGN(CachingCertVerifier);	153 DISALLOW_COPY_AND_ASSIGN(CachingCertVerifier);

120 };	154 };

121	155

122 } // namespace net	156 } // namespace net

123	157

124 #endif // NET_CERT_CACHING_CERT_VERIFIER_H_	158 #endif // NET_CERT_CACHING_CERT_VERIFIER_H_

OLD	NEW

« no previous file with comments | « no previous file | net/cert/caching_cert_verifier.cc » ('j') | no next file with comments »