Chromium Code Reviews Chromium Code Reviews
Issue 1999733002:
Add support for walking and modifying the CachingCertVerifier (Closed)
Base URL: https://chromium.googlesource.com/chromium/src.git@move_cache| OLD | NEW |
|---|---|
| 1 // Copyright 2016 The Chromium Authors. All rights reserved. | 1 // Copyright 2016 The Chromium Authors. All rights reserved. |
| 2 // Use of this source code is governed by a BSD-style license that can be | 2 // Use of this source code is governed by a BSD-style license that can be |
| 3 // found in the LICENSE file. | 3 // found in the LICENSE file. |
| 4 | 4 |
| 5 #include "net/cert/caching_cert_verifier.h" | 5 #include "net/cert/caching_cert_verifier.h" |
| 6 | 6 |
| 7 #include "base/time/time.h" | 7 #include "base/time/time.h" |
| 8 #include "net/base/net_errors.h" | 8 #include "net/base/net_errors.h" |
| 9 #include "net/cert/cert_trust_anchor_provider.h" | 9 #include "net/cert/cert_trust_anchor_provider.h" |
| 10 | 10 |
| (...skipping 68 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... | |
| 79 AddResultToCache(new_params, start_time, *verify_result, result); | 79 AddResultToCache(new_params, start_time, *verify_result, result); |
| 80 } | 80 } |
| 81 | 81 |
| 82 return result; | 82 return result; |
| 83 } | 83 } |
| 84 | 84 |
| 85 bool CachingCertVerifier::SupportsOCSPStapling() { | 85 bool CachingCertVerifier::SupportsOCSPStapling() { |
| 86 return verifier_->SupportsOCSPStapling(); | 86 return verifier_->SupportsOCSPStapling(); |
| 87 } | 87 } |
| 88 | 88 |
| 89 bool CachingCertVerifier::AddEntry(const RequestParams& params, | |
| 90 int error, | |
| 91 const CertVerifyResult& verify_result, | |
| 92 base::Time verification_time) { | |
| 93 // If the cache is full, don't bother. | |
| 94 if (cache_.size() == cache_.max_entries()) | |
| 95 return false; | |
| 96 | |
| 97 // If there is an existing entry, don't bother updating it. | |
| 98 const CertVerificationCache::value_type* entry = | |
| 99 cache_.Get(params, CacheValidityPeriod(base::Time::Now())); | |
| 100 if (entry) | |
| 101 return false; | |
| 102 | |
| 103 // Otherwise, go and add it. | |
| 104 AddResultToCache(params, verification_time, verify_result, error); | |
| 105 return true; | |
| 106 } | |
| 107 | |
| 89 CachingCertVerifier::CachedResult::CachedResult() : error(ERR_FAILED) {} | 108 CachingCertVerifier::CachedResult::CachedResult() : error(ERR_FAILED) {} |
| 90 | 109 |
| 91 CachingCertVerifier::CachedResult::~CachedResult() {} | 110 CachingCertVerifier::CachedResult::~CachedResult() {} |
| 92 | 111 |
| 93 CachingCertVerifier::CacheValidityPeriod::CacheValidityPeriod(base::Time now) | 112 CachingCertVerifier::CacheValidityPeriod::CacheValidityPeriod(base::Time now) |
| 94 : verification_time(now), expiration_time(now) {} | 113 : verification_time(now), expiration_time(now) {} |
| 95 | 114 |
| 96 CachingCertVerifier::CacheValidityPeriod::CacheValidityPeriod( | 115 CachingCertVerifier::CacheValidityPeriod::CacheValidityPeriod( |
| 97 base::Time now, | 116 base::Time now, |
| 98 base::Time expiration) | 117 base::Time expiration) |
| (...skipping 75 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... | |
| 174 // invalid result for kTTLSecs. | 193 // invalid result for kTTLSecs. |
| 175 CachedResult cached_result; | 194 CachedResult cached_result; |
| 176 cached_result.error = error; | 195 cached_result.error = error; |
| 177 cached_result.result = verify_result; | 196 cached_result.result = verify_result; |
| 178 cache_.Put( | 197 cache_.Put( |
| 179 params, cached_result, CacheValidityPeriod(start_time), | 198 params, cached_result, CacheValidityPeriod(start_time), |
| 180 CacheValidityPeriod(start_time, | 199 CacheValidityPeriod(start_time, |
| 181 start_time + base::TimeDelta::FromSeconds(kTTLSecs))); | 200 start_time + base::TimeDelta::FromSeconds(kTTLSecs))); |
| 182 } | 201 } |
| 183 | 202 |
| 203 void CachingCertVerifier::VisitEntries(CacheVisitor* visitor) { | |
| 204 DCHECK(visitor); | |
| 205 | |
| 206 CacheValidityPeriod now(base::Time::Now()); | |
| 207 CacheExpirationFunctor expiration_cmp; | |
| 208 | |
| 209 using Iter = CertVerificationCache::Iterator; | |
| 210 Iter it(cache_); | |
|
eroman
2016/06/16 00:25:04
optional: Move the definition of "it" into the for
| |
| 211 for (; it.HasNext(); it.Advance()) { | |
| 212 if (!expiration_cmp(now, it.expiration())) | |
| 213 continue; | |
| 214 if (!visitor->VisitEntry(it.key(), it.value().error, it.value().result, | |
| 215 it.expiration().verification_time, | |
| 216 it.expiration().expiration_time)) { | |
| 217 break; | |
| 218 } | |
| 219 } | |
| 220 } | |
| 221 | |
| 184 void CachingCertVerifier::OnCACertChanged(const X509Certificate* cert) { | 222 void CachingCertVerifier::OnCACertChanged(const X509Certificate* cert) { |
| 185 ClearCache(); | 223 ClearCache(); |
| 186 } | 224 } |
| 187 | 225 |
| 188 void CachingCertVerifier::ClearCache() { | 226 void CachingCertVerifier::ClearCache() { |
| 189 cache_.Clear(); | 227 cache_.Clear(); |
| 190 } | 228 } |
| 191 | 229 |
| 192 size_t CachingCertVerifier::GetCacheSize() const { | 230 size_t CachingCertVerifier::GetCacheSize() const { |
| 193 return cache_.size(); | 231 return cache_.size(); |
| 194 } | 232 } |
| 195 | 233 |
| 196 } // namespace net | 234 } // namespace net |
| OLD | NEW |
