Chromium Code Reviews
chromiumcodereview-hr@appspot.gserviceaccount.com (chromiumcodereview-hr) | Please choose your nickname with Settings | Help | Chromium Project | Gerrit Changes | Sign out
(169)

Issues Search
    My Issues | Starred     Open | Closed | All

Unified Diff: net/cert/caching_cert_verifier.h

Issue 1999733002: Add support for walking and modifying the CachingCertVerifier (Closed) Base URL: https://chromium.googlesource.com/chromium/src.git@move_cache
Patch Set: Constify Created 4 years, 6 months ago
Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.
Jump to:
View side-by-side diff with in-line comments
Download patch
« no previous file with comments | « no previous file | net/cert/caching_cert_verifier.cc » ('j') | no next file with comments »
Expand Comments ('e') | Collapse Comments ('c') | Show Comments Hide Comments ('s')
Index: net/cert/caching_cert_verifier.h
diff --git a/net/cert/caching_cert_verifier.h b/net/cert/caching_cert_verifier.h
index 523f72c2982b4d1b0ed04a31209fdaf992184ce3..53c7196057db5621084fff1ed32001e9a0517707 100644
--- a/net/cert/caching_cert_verifier.h
+++ b/net/cert/caching_cert_verifier.h
@@ -36,6 +36,21 @@ class CertTrustAnchorProvider;
class NET_EXPORT CachingCertVerifier : public CertVerifier,
public CertDatabase::Observer {
public:
+ // Visitor class to allow read-only inspection of the verification cache.
+ class NET_EXPORT CacheVisitor {
+ public:
+ virtual ~CacheVisitor() {}
+
+ // Called once for each entry in the cache, providing details about the
+ // cached entry.
+ // Returns true to continue iteration, or false to abort.
+ virtual bool VisitEntry(const RequestParams& params,
+ int error,
+ const CertVerifyResult& verify_result,
+ base::Time verification_time,
+ base::Time expiration_time) = 0;
+ };
+
// Creates a CachingCertVerifier that will use |verifier| to perform the
// actual verifications if they're not already cached or if the cached
// item has expired.
@@ -59,8 +74,29 @@ class NET_EXPORT CachingCertVerifier : public CertVerifier,
const BoundNetLog& net_log) override;
bool SupportsOCSPStapling() override;
+ // Opportunistically attempts to add |error| and |verify_result| as the
+ // result for |params|, which was obtained at |verification_time| and
+ // expires at |expiration_time|.
+ // This is opportunistic because it is not guaranteed that the entry
+ // will be added (such as if the cache is full or an entry already
+ // exists).
+ // Returns true if the entry was added.
+ bool AddEntry(const RequestParams& params,
+ int error,
+ const CertVerifyResult& verify_result,
+ base::Time verification_time);
+
+ // Iterates through all of the non-expired entries in the cache, calling
+ // VisitEntry on |visitor| for each, until either all entries are
+ // iterated through or the |visitor| aborts.
+ // Note: During this call, it is not safe to call any non-const methods
+ // on the CachingCertVerifier.
+ void VisitEntries(CacheVisitor* visitor) const;
+
private:
FRIEND_TEST_ALL_PREFIXES(CachingCertVerifierTest, CacheHit);
+ FRIEND_TEST_ALL_PREFIXES(CachingCertVerifierTest, Visitor);
+ FRIEND_TEST_ALL_PREFIXES(CachingCertVerifierTest, AddsEntries);
FRIEND_TEST_ALL_PREFIXES(CachingCertVerifierTest, DifferentCACerts);
FRIEND_TEST_ALL_PREFIXES(CachingCertVerifierTest, CertTrustAnchorProvider);
« no previous file with comments | « no previous file | net/cert/caching_cert_verifier.cc » ('j') | no next file with comments »

Powered by Google App Engine
This is Rietveld 408576698