| OLD | NEW |
|---|
| 1 // Copyright 2016 The Chromium Authors. All rights reserved. | 1 // Copyright 2016 The Chromium Authors. All rights reserved. |
| 2 // Use of this source code is governed by a BSD-style license that can be | 2 // Use of this source code is governed by a BSD-style license that can be |
| 3 // found in the LICENSE file. | 3 // found in the LICENSE file. |
| 4 | 4 |
| 5 #include "net/cert/caching_cert_verifier.h" | 5 #include "net/cert/caching_cert_verifier.h" |
| 6 | 6 |
| 7 #include "base/time/time.h" | 7 #include "base/time/time.h" |
| 8 #include "net/base/net_errors.h" | 8 #include "net/base/net_errors.h" |
| 9 #include "net/cert/cert_trust_anchor_provider.h" | |
| 10 | 9 |
| 11 namespace net { | 10 namespace net { |
| 12 | 11 |
| 13 namespace { | 12 namespace { |
| 14 | 13 |
| 15 // The maximum number of cache entries to use for the ExpiringCache. | 14 // The maximum number of cache entries to use for the ExpiringCache. |
| 16 const unsigned kMaxCacheEntries = 256; | 15 const unsigned kMaxCacheEntries = 256; |
| 17 | 16 |
| 18 // The number of seconds to cache entries. | 17 // The number of seconds to cache entries. |
| 19 const unsigned kTTLSecs = 1800; // 30 minutes. | 18 const unsigned kTTLSecs = 1800; // 30 minutes. |
| 20 | 19 |
| 21 } // namespace | 20 } // namespace |
| 22 | 21 |
| 23 CachingCertVerifier::CachingCertVerifier(std::unique_ptr<CertVerifier> verifier) | 22 CachingCertVerifier::CachingCertVerifier(std::unique_ptr<CertVerifier> verifier) |
| 24 : verifier_(std::move(verifier)), | 23 : verifier_(std::move(verifier)), |
| 25 trust_anchor_provider_(nullptr), | |
| 26 cache_(kMaxCacheEntries), | 24 cache_(kMaxCacheEntries), |
| 27 requests_(0u), | 25 requests_(0u), |
| 28 cache_hits_(0u) { | 26 cache_hits_(0u) { |
| 29 CertDatabase::GetInstance()->AddObserver(this); | 27 CertDatabase::GetInstance()->AddObserver(this); |
| 30 } | 28 } |
| 31 | 29 |
| 32 CachingCertVerifier::~CachingCertVerifier() { | 30 CachingCertVerifier::~CachingCertVerifier() { |
| 33 CertDatabase::GetInstance()->RemoveObserver(this); | 31 CertDatabase::GetInstance()->RemoveObserver(this); |
| 34 } | 32 } |
| 35 | 33 |
| 36 void CachingCertVerifier::SetCertTrustAnchorProvider( | |
| 37 CertTrustAnchorProvider* trust_anchor_provider) { | |
| 38 DCHECK(!trust_anchor_provider_); | |
| 39 trust_anchor_provider_ = trust_anchor_provider; | |
| 40 } | |
| 41 | |
| 42 int CachingCertVerifier::Verify(const CertVerifier::RequestParams& params, | 34 int CachingCertVerifier::Verify(const CertVerifier::RequestParams& params, |
| 43 CRLSet* crl_set, | 35 CRLSet* crl_set, |
| 44 CertVerifyResult* verify_result, | 36 CertVerifyResult* verify_result, |
| 45 const CompletionCallback& callback, | 37 const CompletionCallback& callback, |
| 46 std::unique_ptr<Request>* out_req, | 38 std::unique_ptr<Request>* out_req, |
| 47 const BoundNetLog& net_log) { | 39 const BoundNetLog& net_log) { |
| 48 out_req->reset(); | 40 out_req->reset(); |
| 49 | 41 |
| 50 requests_++; | 42 requests_++; |
| 51 | 43 |
| 52 CertificateList additional_trust_anchors(params.additional_trust_anchors()); | |
| 53 if (trust_anchor_provider_) { | |
| 54 const CertificateList& trust_anchors = | |
| 55 trust_anchor_provider_->GetAdditionalTrustAnchors(); | |
| 56 additional_trust_anchors.insert(additional_trust_anchors.begin(), | |
| 57 trust_anchors.begin(), trust_anchors.end()); | |
| 58 } | |
| 59 | |
| 60 const CertVerifier::RequestParams new_params( | |
| 61 params.certificate(), params.hostname(), params.flags(), | |
| 62 params.ocsp_response(), additional_trust_anchors); | |
| 63 const CertVerificationCache::value_type* cached_entry = | 44 const CertVerificationCache::value_type* cached_entry = |
| 64 cache_.Get(new_params, CacheValidityPeriod(base::Time::Now())); | 45 cache_.Get(params, CacheValidityPeriod(base::Time::Now())); |
| 65 if (cached_entry) { | 46 if (cached_entry) { |
| 66 ++cache_hits_; | 47 ++cache_hits_; |
| 67 *verify_result = cached_entry->result; | 48 *verify_result = cached_entry->result; |
| 68 return cached_entry->error; | 49 return cached_entry->error; |
| 69 } | 50 } |
| 70 | 51 |
| 71 base::Time start_time = base::Time::Now(); | 52 base::Time start_time = base::Time::Now(); |
| 72 CompletionCallback caching_callback = base::Bind( | 53 CompletionCallback caching_callback = base::Bind( |
| 73 &CachingCertVerifier::OnRequestFinished, base::Unretained(this), | 54 &CachingCertVerifier::OnRequestFinished, base::Unretained(this), params, |
| 74 new_params, start_time, callback, verify_result); | 55 start_time, callback, verify_result); |
| 75 int result = verifier_->Verify(new_params, crl_set, verify_result, | 56 int result = verifier_->Verify(params, crl_set, verify_result, |
| 76 caching_callback, out_req, net_log); | 57 caching_callback, out_req, net_log); |
| 77 if (result != ERR_IO_PENDING) { | 58 if (result != ERR_IO_PENDING) { |
| 78 // Synchronous completion; add directly to cache. | 59 // Synchronous completion; add directly to cache. |
| 79 AddResultToCache(new_params, start_time, *verify_result, result); | 60 AddResultToCache(params, start_time, *verify_result, result); |
| 80 } | 61 } |
| 81 | 62 |
| 82 return result; | 63 return result; |
| 83 } | 64 } |
| 84 | 65 |
| 85 bool CachingCertVerifier::SupportsOCSPStapling() { | 66 bool CachingCertVerifier::SupportsOCSPStapling() { |
| 86 return verifier_->SupportsOCSPStapling(); | 67 return verifier_->SupportsOCSPStapling(); |
| 87 } | 68 } |
| 88 | 69 |
| 89 bool CachingCertVerifier::AddEntry(const RequestParams& params, | 70 bool CachingCertVerifier::AddEntry(const RequestParams& params, |
| (...skipping 133 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 223 | 204 |
| 224 void CachingCertVerifier::ClearCache() { | 205 void CachingCertVerifier::ClearCache() { |
| 225 cache_.Clear(); | 206 cache_.Clear(); |
| 226 } | 207 } |
| 227 | 208 |
| 228 size_t CachingCertVerifier::GetCacheSize() const { | 209 size_t CachingCertVerifier::GetCacheSize() const { |
| 229 return cache_.size(); | 210 return cache_.size(); |
| 230 } | 211 } |
| 231 | 212 |
| 232 } // namespace net | 213 } // namespace net |
| OLD | NEW |
|---|
Chromium Code Reviews
Issue 2070223002:
Remove CertTrustAnchorProvider from net (Closed)
Base URL: https://chromium.googlesource.com/chromium/src.git@master