| OLD | NEW |
|---|
| 1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. | 1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. |
| 2 // Use of this source code is governed by a BSD-style license that can be | 2 // Use of this source code is governed by a BSD-style license that can be |
| 3 // found in the LICENSE file. | 3 // found in the LICENSE file. |
| 4 | 4 |
| 5 #ifndef NET_CERT_MULTI_THREADED_CERT_VERIFIER_H_ | 5 #ifndef NET_CERT_MULTI_THREADED_CERT_VERIFIER_H_ |
| 6 #define NET_CERT_MULTI_THREADED_CERT_VERIFIER_H_ | 6 #define NET_CERT_MULTI_THREADED_CERT_VERIFIER_H_ |
| 7 | 7 |
| 8 #include <map> | 8 #include <map> |
| 9 #include <string> | 9 #include <string> |
| 10 #include <vector> | 10 #include <vector> |
| (...skipping 82 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 93 std::string hostname; | 93 std::string hostname; |
| 94 int flags; | 94 int flags; |
| 95 std::vector<SHA1HashValue> hash_values; | 95 std::vector<SHA1HashValue> hash_values; |
| 96 }; | 96 }; |
| 97 | 97 |
| 98 // CachedResult contains the result of a certificate verification. | 98 // CachedResult contains the result of a certificate verification. |
| 99 struct CachedResult { | 99 struct CachedResult { |
| 100 CachedResult(); | 100 CachedResult(); |
| 101 ~CachedResult(); | 101 ~CachedResult(); |
| 102 | 102 |
| 103 int error; // The return value of CertVerifier::Verify. | 103 int error; // The return value of CertVerifier::Verify. |
| 104 CertVerifyResult result; // The output of CertVerifier::Verify. | 104 CertVerifyResult result; // The output of CertVerifier::Verify. |
| 105 }; | 105 }; |
| 106 | 106 |
| 107 // Rather than having a single validity point along a monotonically increasing | 107 // Rather than having a single validity point along a monotonically increasing |
| 108 // timeline, certificate verification is based on falling within a range of | 108 // timeline, certificate verification is based on falling within a range of |
| 109 // the certificate's NotBefore and NotAfter and based on what the current | 109 // the certificate's NotBefore and NotAfter and based on what the current |
| 110 // system clock says (which may advance forwards or backwards as users correct | 110 // system clock says (which may advance forwards or backwards as users correct |
| 111 // clock skew). CacheValidityPeriod and CacheExpirationFunctor are helpers to | 111 // clock skew). CacheValidityPeriod and CacheExpirationFunctor are helpers to |
| 112 // ensure that expiration is measured both by the 'general' case (now + cache | 112 // ensure that expiration is measured both by the 'general' case (now + cache |
| 113 // TTL) and by whether or not significant enough clock skew was introduced | 113 // TTL) and by whether or not significant enough clock skew was introduced |
| 114 // since the last verification. | 114 // since the last verification. |
| 115 struct CacheValidityPeriod { | 115 struct CacheValidityPeriod { |
| 116 explicit CacheValidityPeriod(const base::Time& now); | 116 explicit CacheValidityPeriod(const base::Time& now); |
| 117 CacheValidityPeriod(const base::Time& now, const base::Time& expiration); | 117 CacheValidityPeriod(const base::Time& now, const base::Time& expiration); |
| 118 | 118 |
| 119 base::Time verification_time; | 119 base::Time verification_time; |
| 120 base::Time expiration_time; | 120 base::Time expiration_time; |
| 121 }; | 121 }; |
| 122 | 122 |
| 123 struct CacheExpirationFunctor { | 123 struct CacheExpirationFunctor { |
| 124 // Returns true iff |now| is within the validity period of |expiration|. | 124 // Returns true iff |now| is within the validity period of |expiration|. |
| 125 bool operator()(const CacheValidityPeriod& now, | 125 bool operator()(const CacheValidityPeriod& now, |
| 126 const CacheValidityPeriod& expiration) const; | 126 const CacheValidityPeriod& expiration) const; |
| 127 }; | 127 }; |
| 128 | 128 |
| 129 typedef ExpiringCache<RequestParams, CachedResult, CacheValidityPeriod, | 129 typedef ExpiringCache<RequestParams, |
| 130 CachedResult, |
| 131 CacheValidityPeriod, |
| 130 CacheExpirationFunctor> CertVerifierCache; | 132 CacheExpirationFunctor> CertVerifierCache; |
| 131 | 133 |
| 132 void HandleResult(X509Certificate* cert, | 134 void HandleResult(X509Certificate* cert, |
| 133 const std::string& hostname, | 135 const std::string& hostname, |
| 134 int flags, | 136 int flags, |
| 135 const CertificateList& additional_trust_anchors, | 137 const CertificateList& additional_trust_anchors, |
| 136 int error, | 138 int error, |
| 137 const CertVerifyResult& verify_result); | 139 const CertVerifyResult& verify_result); |
| 138 | 140 |
| 139 // CertDatabase::Observer methods: | 141 // CertDatabase::Observer methods: |
| (...skipping 23 matching lines...) Expand all Loading... |
| 163 scoped_refptr<CertVerifyProc> verify_proc_; | 165 scoped_refptr<CertVerifyProc> verify_proc_; |
| 164 | 166 |
| 165 CertTrustAnchorProvider* trust_anchor_provider_; | 167 CertTrustAnchorProvider* trust_anchor_provider_; |
| 166 | 168 |
| 167 DISALLOW_COPY_AND_ASSIGN(MultiThreadedCertVerifier); | 169 DISALLOW_COPY_AND_ASSIGN(MultiThreadedCertVerifier); |
| 168 }; | 170 }; |
| 169 | 171 |
| 170 } // namespace net | 172 } // namespace net |
| 171 | 173 |
| 172 #endif // NET_CERT_MULTI_THREADED_CERT_VERIFIER_H_ | 174 #endif // NET_CERT_MULTI_THREADED_CERT_VERIFIER_H_ |
| OLD | NEW |
|---|
Chromium Code Reviews
