QUIC - Race Cert Verification with host resolution if certs are

net/quic/quic_stream_factory.h

 // Copyright (c) 2012 The Chromium Authors. All rights reserved.
 // Use of this source code is governed by a BSD-style license that can be
 // found in the LICENSE file.
 
 #ifndef NET_QUIC_QUIC_STREAM_FACTORY_H_
 #define NET_QUIC_QUIC_STREAM_FACTORY_H_
 
 #include <stddef.h>
 #include <stdint.h>
 
@@ skipping 168 matching lines @@
       int threshold_timeouts_with_streams_open,
       int threshold_public_resets_post_handshake,
       int socket_receive_buffer_size,
       bool delay_tcp_race,
       int max_server_configs_stored_in_properties,
       bool close_sessions_on_ip_change,
       bool disable_quic_on_timeout_with_open_streams,
       int idle_connection_timeout_seconds,
       bool migrate_sessions_on_network_change,
       bool migrate_sessions_early,
+      bool race_cert_verification,
       const QuicTagVector& connection_options,
       bool enable_token_binding);
   ~QuicStreamFactory() override;
 
   // Returns true if there is an existing session for |server_id| or if the
   // request can be pooled to an existing session to the IP address of
   // |destination|.
   bool CanUseExistingSession(const QuicServerId& server_id,
                              const HostPortPair& destination);
 
@@ skipping 146 matching lines @@
   void set_enable_connection_racing(bool enable_connection_racing) {
     enable_connection_racing_ = enable_connection_racing;
   }
 
   int socket_receive_buffer_size() const { return socket_receive_buffer_size_; }
 
   bool delay_tcp_race() const { return delay_tcp_race_; }
 
  private:
   class Job;
+  class CertVerifierJob;
   friend class test::QuicStreamFactoryPeer;
   FRIEND_TEST_ALL_PREFIXES(HttpStreamFactoryTest, QuicLossyProxyMarkedAsBad);
 
   typedef std::map<QuicServerId, QuicChromiumClientSession*> SessionMap;
   typedef std::map<QuicChromiumClientSession*, QuicSessionKey> SessionIdMap;
   typedef std::set<QuicSessionKey> AliasSet;
   typedef std::map<QuicChromiumClientSession*, AliasSet> SessionAliasMap;
   typedef std::set<QuicChromiumClientSession*> SessionSet;
   typedef std::map<IPEndPoint, SessionSet> IPAliasMap;
   typedef std::map<QuicServerId, QuicCryptoClientConfig*> CryptoConfigMap;
   typedef std::set<Job*> JobSet;
   typedef std::map<QuicServerId, JobSet> JobMap;
   typedef std::map<QuicStreamRequest*, QuicServerId> RequestMap;
   typedef std::set<QuicStreamRequest*> RequestSet;
   typedef std::map<QuicServerId, RequestSet> ServerIDRequestsMap;
   typedef std::deque<enum QuicChromiumClientSession::QuicDisabledReason>
       DisabledReasonsQueue;
+  typedef std::map<QuicServerId, CertVerifierJob*> CertVerifierJobMap;
 
   enum FactoryStatus {
     OPEN,     // New streams may be created.
     CLOSED,   // No new streams may be created temporarily.
     DISABLED  // No more streams may be created until the network changes.
   };
 
   // Creates a job which doesn't wait for server config to be loaded from the
   // disk cache. This job is started via a PostTask.
   void CreateAuxilaryJob(const QuicSessionKey& key,
                          int cert_verify_flags,
                          const BoundNetLog& net_log);
 
   // Returns a newly created QuicHttpStream owned by the caller.
   std::unique_ptr<QuicHttpStream> CreateFromSession(
       QuicChromiumClientSession* session);
 
   bool OnResolution(const QuicSessionKey& key, const AddressList& address_list);
   void OnJobComplete(Job* job, int rv);
+  void OnCertVerifyJobComplete(CertVerifierJob* job, int rv);
   bool HasActiveSession(const QuicServerId& server_id) const;
   bool HasActiveJob(const QuicServerId& server_id) const;
+  bool HasActiveCertVerifierJob(const QuicServerId& server_id) const;
   int CreateSession(const QuicSessionKey& key,
                     int cert_verify_flags,
                     std::unique_ptr<QuicServerInfo> quic_server_info,
                     const AddressList& address_list,
                     base::TimeTicks dns_resolution_end_time,
                     const BoundNetLog& net_log,
                     QuicChromiumClientSession** session);
   void ActivateSession(const QuicSessionKey& key,
                        QuicChromiumClientSession* session);
 
   // Returns |srtt| in micro seconds from ServerNetworkStats. Returns 0 if there
   // is no |http_server_properties_| or if |http_server_properties_| doesn't
   // have ServerNetworkStats for the given |server_id|.
   int64_t GetServerNetworkStatsSmoothedRttInMicroseconds(
       const QuicServerId& server_id) const;
 
   // Helper methods.
   bool WasQuicRecentlyBroken(const QuicServerId& server_id) const;
 
   bool CryptoConfigCacheIsEmpty(const QuicServerId& server_id);
 
+  // Starts an asynchronous job for cert verification if
+  // |race_cert_verification_| is enabled and if there are cached certs for the
+  // given |server_id|.
+  void StartCertVerifyJob(const QuicServerId& server_id,
+                          int cert_verify_flags,
+                          const BoundNetLog& net_log);
+
   // Initializes the cached state associated with |server_id| in
   // |crypto_config_| with the information in |server_info|. Populates
   // |connection_id| with the next server designated connection id,
   // if any, and otherwise leaves it unchanged.
   void InitializeCachedStateInCryptoConfig(
       const QuicServerId& server_id,
       const std::unique_ptr<QuicServerInfo>& server_info,
       QuicConnectionId* connection_id);
 
   // Initialize |quic_supported_servers_at_startup_| with the list of servers
@@ skipping 47 matching lines @@
   // Origins which have gone away recently.
   AliasSet gone_away_aliases_;
 
   const QuicConfig config_;
   QuicCryptoClientConfig crypto_config_;
 
   JobMap active_jobs_;
   ServerIDRequestsMap job_requests_map_;
   RequestMap active_requests_;
 
+  CertVerifierJobMap active_cert_verifier_jobs_;
+
   QuicVersionVector supported_versions_;
 
   // Determine if we should consistently select a client UDP port. If false,
   // then we will just let the OS select a random client port for each new
   // connection.
   bool enable_port_selection_;
 
   // Set if we always require handshake confirmation. If true, this will
   // introduce at least one RTT for the handshake before the client sends data.
   bool always_require_handshake_confirmation_;
@@ skipping 62 matching lines @@
   const bool close_sessions_on_ip_change_;
 
   // Set if migration should be attempted on active sessions when primary
   // interface changes.
   const bool migrate_sessions_on_network_change_;
 
   // Set if early migration should be attempted when the connection
   // experiences poor connectivity.
   const bool migrate_sessions_early_;
 
+  // Set if cert verification is to be raced with host resolution.
+  bool race_cert_verification_;
+
   // Each profile will (probably) have a unique port_seed_ value.  This value
   // is used to help seed a pseudo-random number generator (PortSuggester) so
   // that we consistently (within this profile) suggest the same ephemeral
   // port when we re-connect to any given server/port.  The differences between
   // profiles (probablistically) prevent two profiles from colliding in their
   // ephemeral port requests.
   uint64_t port_seed_;
 
   // Local address of socket that was created in CreateSession.
   IPEndPoint local_address_;
@@ skipping 15 matching lines @@
   const scoped_refptr<SSLConfigService> ssl_config_service_;
 
   base::WeakPtrFactory<QuicStreamFactory> weak_factory_;
 
   DISALLOW_COPY_AND_ASSIGN(QuicStreamFactory);
 };
 
 }  // namespace net
 
 #endif  // NET_QUIC_QUIC_STREAM_FACTORY_H_