| OLD | NEW |
|---|
| 1 // Copyright 2016 The Chromium Authors. All rights reserved. | 1 // Copyright 2016 The Chromium Authors. All rights reserved. |
| 2 // Use of this source code is governed by a BSD-style license that can be | 2 // Use of this source code is governed by a BSD-style license that can be |
| 3 // found in the LICENSE file. | 3 // found in the LICENSE file. |
| 4 | 4 |
| 5 #ifndef NET_CERT_CACHING_CERT_VERIFIER_H_ | 5 #ifndef NET_CERT_CACHING_CERT_VERIFIER_H_ |
| 6 #define NET_CERT_CACHING_CERT_VERIFIER_H_ | 6 #define NET_CERT_CACHING_CERT_VERIFIER_H_ |
| 7 | 7 |
| 8 #include <memory> | 8 #include <memory> |
| 9 | 9 |
| 10 #include "net/base/expiring_cache.h" | 10 #include "net/base/expiring_cache.h" |
| 11 #include "net/base/net_export.h" | 11 #include "net/base/net_export.h" |
| 12 #include "net/cert/cert_database.h" | 12 #include "net/cert/cert_database.h" |
| 13 #include "net/cert/cert_verifier.h" | 13 #include "net/cert/cert_verifier.h" |
| 14 #include "net/cert/cert_verify_result.h" | 14 #include "net/cert/cert_verify_result.h" |
| 15 | 15 |
| 16 namespace net { | 16 namespace net { |
| 17 | 17 |
| 18 class CertTrustAnchorProvider; | |
| 19 | |
| 20 // CertVerifier that caches the results of certificate verifications. | 18 // CertVerifier that caches the results of certificate verifications. |
| 21 // | 19 // |
| 22 // In general, certificate verification results will vary on only three | 20 // In general, certificate verification results will vary on only three |
| 23 // parameters: | 21 // parameters: |
| 24 // - The time of validation (as certificates are only valid for a period of | 22 // - The time of validation (as certificates are only valid for a period of |
| 25 // time) | 23 // time) |
| 26 // - The revocation status (a certificate may be revoked at any time, but | 24 // - The revocation status (a certificate may be revoked at any time, but |
| 27 // revocation statuses themselves have validity period, so a 'good' result | 25 // revocation statuses themselves have validity period, so a 'good' result |
| 28 // may be reused for a period of time) | 26 // may be reused for a period of time) |
| 29 // - The trust settings (a user may change trust settings at any time) | 27 // - The trust settings (a user may change trust settings at any time) |
| (...skipping 21 matching lines...) Expand all Loading... |
| 51 base::Time expiration_time) = 0; | 49 base::Time expiration_time) = 0; |
| 52 }; | 50 }; |
| 53 | 51 |
| 54 // Creates a CachingCertVerifier that will use |verifier| to perform the | 52 // Creates a CachingCertVerifier that will use |verifier| to perform the |
| 55 // actual verifications if they're not already cached or if the cached | 53 // actual verifications if they're not already cached or if the cached |
| 56 // item has expired. | 54 // item has expired. |
| 57 explicit CachingCertVerifier(std::unique_ptr<CertVerifier> verifier); | 55 explicit CachingCertVerifier(std::unique_ptr<CertVerifier> verifier); |
| 58 | 56 |
| 59 ~CachingCertVerifier() override; | 57 ~CachingCertVerifier() override; |
| 60 | 58 |
| 61 // Configures a source of additional certificates that should be treated as | |
| 62 // trust anchors during verification, provided that the underlying | |
| 63 // CertVerifyProc supports additional trust beyond the default implementation. | |
| 64 // It must outlive the CachingCertVerifier. | |
| 65 void SetCertTrustAnchorProvider( | |
| 66 CertTrustAnchorProvider* trust_anchor_provider); | |
| 67 | |
| 68 // CertVerifier implementation: | 59 // CertVerifier implementation: |
| 69 int Verify(const RequestParams& params, | 60 int Verify(const RequestParams& params, |
| 70 CRLSet* crl_set, | 61 CRLSet* crl_set, |
| 71 CertVerifyResult* verify_result, | 62 CertVerifyResult* verify_result, |
| 72 const CompletionCallback& callback, | 63 const CompletionCallback& callback, |
| 73 std::unique_ptr<Request>* out_req, | 64 std::unique_ptr<Request>* out_req, |
| 74 const BoundNetLog& net_log) override; | 65 const BoundNetLog& net_log) override; |
| 75 bool SupportsOCSPStapling() override; | 66 bool SupportsOCSPStapling() override; |
| 76 | 67 |
| 77 // Opportunistically attempts to add |error| and |verify_result| as the | 68 // Opportunistically attempts to add |error| and |verify_result| as the |
| (...skipping 13 matching lines...) Expand all Loading... |
| 91 // iterated through or the |visitor| aborts. | 82 // iterated through or the |visitor| aborts. |
| 92 // Note: During this call, it is not safe to call any non-const methods | 83 // Note: During this call, it is not safe to call any non-const methods |
| 93 // on the CachingCertVerifier. | 84 // on the CachingCertVerifier. |
| 94 void VisitEntries(CacheVisitor* visitor) const; | 85 void VisitEntries(CacheVisitor* visitor) const; |
| 95 | 86 |
| 96 private: | 87 private: |
| 97 FRIEND_TEST_ALL_PREFIXES(CachingCertVerifierTest, CacheHit); | 88 FRIEND_TEST_ALL_PREFIXES(CachingCertVerifierTest, CacheHit); |
| 98 FRIEND_TEST_ALL_PREFIXES(CachingCertVerifierTest, Visitor); | 89 FRIEND_TEST_ALL_PREFIXES(CachingCertVerifierTest, Visitor); |
| 99 FRIEND_TEST_ALL_PREFIXES(CachingCertVerifierTest, AddsEntries); | 90 FRIEND_TEST_ALL_PREFIXES(CachingCertVerifierTest, AddsEntries); |
| 100 FRIEND_TEST_ALL_PREFIXES(CachingCertVerifierTest, DifferentCACerts); | 91 FRIEND_TEST_ALL_PREFIXES(CachingCertVerifierTest, DifferentCACerts); |
| 101 FRIEND_TEST_ALL_PREFIXES(CachingCertVerifierTest, CertTrustAnchorProvider); | |
| 102 | 92 |
| 103 // CachedResult contains the result of a certificate verification. | 93 // CachedResult contains the result of a certificate verification. |
| 104 struct NET_EXPORT_PRIVATE CachedResult { | 94 struct NET_EXPORT_PRIVATE CachedResult { |
| 105 CachedResult(); | 95 CachedResult(); |
| 106 ~CachedResult(); | 96 ~CachedResult(); |
| 107 | 97 |
| 108 int error; // The return value of CertVerifier::Verify. | 98 int error; // The return value of CertVerifier::Verify. |
| 109 CertVerifyResult result; // The output of CertVerifier::Verify. | 99 CertVerifyResult result; // The output of CertVerifier::Verify. |
| 110 }; | 100 }; |
| 111 | 101 |
| (...skipping 45 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 157 void OnCACertChanged(const X509Certificate* cert) override; | 147 void OnCACertChanged(const X509Certificate* cert) override; |
| 158 | 148 |
| 159 // For unit testing. | 149 // For unit testing. |
| 160 void ClearCache(); | 150 void ClearCache(); |
| 161 size_t GetCacheSize() const; | 151 size_t GetCacheSize() const; |
| 162 uint64_t cache_hits() const { return cache_hits_; } | 152 uint64_t cache_hits() const { return cache_hits_; } |
| 163 uint64_t requests() const { return requests_; } | 153 uint64_t requests() const { return requests_; } |
| 164 | 154 |
| 165 std::unique_ptr<CertVerifier> verifier_; | 155 std::unique_ptr<CertVerifier> verifier_; |
| 166 | 156 |
| 167 CertTrustAnchorProvider* trust_anchor_provider_; | |
| 168 | |
| 169 CertVerificationCache cache_; | 157 CertVerificationCache cache_; |
| 170 | 158 |
| 171 uint64_t requests_; | 159 uint64_t requests_; |
| 172 uint64_t cache_hits_; | 160 uint64_t cache_hits_; |
| 173 | 161 |
| 174 DISALLOW_COPY_AND_ASSIGN(CachingCertVerifier); | 162 DISALLOW_COPY_AND_ASSIGN(CachingCertVerifier); |
| 175 }; | 163 }; |
| 176 | 164 |
| 177 } // namespace net | 165 } // namespace net |
| 178 | 166 |
| 179 #endif // NET_CERT_CACHING_CERT_VERIFIER_H_ | 167 #endif // NET_CERT_CACHING_CERT_VERIFIER_H_ |
| OLD | NEW |
|---|
Chromium Code Reviews
Issue 2070223002:
Remove CertTrustAnchorProvider from net (Closed)
Base URL: https://chromium.googlesource.com/chromium/src.git@master