OLD | NEW |
---|---|
1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. | 1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. |
2 // Use of this source code is governed by a BSD-style license that can be | 2 // Use of this source code is governed by a BSD-style license that can be |
3 // found in the LICENSE file. | 3 // found in the LICENSE file. |
4 | 4 |
5 #include "net/cert/x509_certificate.h" | 5 #include "net/cert/x509_certificate.h" |
6 | 6 |
7 #include <limits.h> | 7 #include <limits.h> |
8 #include <stdlib.h> | 8 #include <stdlib.h> |
9 | 9 |
10 #include <algorithm> | 10 #include <algorithm> |
(...skipping 30 matching lines...) Expand all Loading... | |
41 const X509Certificate::Format kFormatDecodePriority[] = { | 41 const X509Certificate::Format kFormatDecodePriority[] = { |
42 X509Certificate::FORMAT_SINGLE_CERTIFICATE, | 42 X509Certificate::FORMAT_SINGLE_CERTIFICATE, |
43 X509Certificate::FORMAT_PKCS7 | 43 X509Certificate::FORMAT_PKCS7 |
44 }; | 44 }; |
45 | 45 |
46 // The PEM block header used for DER certificates | 46 // The PEM block header used for DER certificates |
47 const char kCertificateHeader[] = "CERTIFICATE"; | 47 const char kCertificateHeader[] = "CERTIFICATE"; |
48 // The PEM block header used for PKCS#7 data | 48 // The PEM block header used for PKCS#7 data |
49 const char kPKCS7Header[] = "PKCS7"; | 49 const char kPKCS7Header[] = "PKCS7"; |
50 | 50 |
51 #if !defined(USE_NSS_CERTS) | 51 #if !defined(USE_NSS_CERTS) && !defined(USE_BYTE_CERTS) |
52 // A thread-safe cache for OS certificate handles. | 52 // A thread-safe cache for OS certificate handles. |
53 // | 53 // |
54 // Within each of the supported underlying crypto libraries, a certificate | 54 // Within each of the supported underlying crypto libraries, a certificate |
55 // handle is represented as a ref-counted object that contains the parsed | 55 // handle is represented as a ref-counted object that contains the parsed |
56 // data for the certificate. In addition, the underlying OS handle may also | 56 // data for the certificate. In addition, the underlying OS handle may also |
57 // contain a copy of the original ASN.1 DER used to constructed the handle. | 57 // contain a copy of the original ASN.1 DER used to constructed the handle. |
58 // | 58 // |
59 // In order to reduce the memory usage when multiple SSL connections exist, | 59 // In order to reduce the memory usage when multiple SSL connections exist, |
60 // with each connection storing the server's identity certificate plus any | 60 // with each connection storing the server's identity certificate plus any |
61 // intermediates supplied, the certificate handles are cached. Any two | 61 // intermediates supplied, the certificate handles are cached. Any two |
(...skipping 120 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... | |
182 return; // A hash collision where the winning cert is still around. | 182 return; // A hash collision where the winning cert is still around. |
183 | 183 |
184 if (--pos->second.ref_count == 0) { | 184 if (--pos->second.ref_count == 0) { |
185 // The last reference to |cert_handle| has been removed, so release the | 185 // The last reference to |cert_handle| has been removed, so release the |
186 // Entry's OS handle and remove the Entry. The caller still holds a | 186 // Entry's OS handle and remove the Entry. The caller still holds a |
187 // reference to |cert_handle| and is responsible for freeing it. | 187 // reference to |cert_handle| and is responsible for freeing it. |
188 X509Certificate::FreeOSCertHandle(pos->second.cert_handle); | 188 X509Certificate::FreeOSCertHandle(pos->second.cert_handle); |
189 cache_.erase(pos); | 189 cache_.erase(pos); |
190 } | 190 } |
191 } | 191 } |
192 #endif // !defined(USE_NSS_CERTS) | 192 #endif // !defined(USE_NSS_CERTS) |
eroman
2017/03/29 23:06:54
nit: Update comments?
mattm
2017/03/30 04:38:09
Done.
| |
193 | 193 |
194 // See X509CertificateCache::InsertOrUpdate. NSS has a built-in cache, so there | 194 // See X509CertificateCache::InsertOrUpdate. NSS has a built-in cache, so there |
195 // is no point in wrapping another cache around it. | 195 // is no point in wrapping another cache around it. With USE_BYTE_CERTS, the |
196 // CYRPTO_BUFFERs are deduped by a CRYPTO_BUFFER_POOL. | |
196 void InsertOrUpdateCache(X509Certificate::OSCertHandle* cert_handle) { | 197 void InsertOrUpdateCache(X509Certificate::OSCertHandle* cert_handle) { |
197 #if !defined(USE_NSS_CERTS) | 198 #if !defined(USE_NSS_CERTS) && !defined(USE_BYTE_CERTS) |
198 g_x509_certificate_cache.Pointer()->InsertOrUpdate(cert_handle); | 199 g_x509_certificate_cache.Pointer()->InsertOrUpdate(cert_handle); |
199 #endif | 200 #endif |
200 } | 201 } |
201 | 202 |
202 // See X509CertificateCache::Remove. | 203 // See X509CertificateCache::Remove. |
203 void RemoveFromCache(X509Certificate::OSCertHandle cert_handle) { | 204 void RemoveFromCache(X509Certificate::OSCertHandle cert_handle) { |
204 #if !defined(USE_NSS_CERTS) | 205 #if !defined(USE_NSS_CERTS) && !defined(USE_BYTE_CERTS) |
205 g_x509_certificate_cache.Pointer()->Remove(cert_handle); | 206 g_x509_certificate_cache.Pointer()->Remove(cert_handle); |
206 #endif | 207 #endif |
207 } | 208 } |
208 | 209 |
209 // Utility to split |src| on the first occurrence of |c|, if any. |right| will | 210 // Utility to split |src| on the first occurrence of |c|, if any. |right| will |
210 // either be empty if |c| was not found, or will contain the remainder of the | 211 // either be empty if |c| was not found, or will contain the remainder of the |
211 // string including the split character itself. | 212 // string including the split character itself. |
212 void SplitOnChar(const base::StringPiece& src, | 213 void SplitOnChar(const base::StringPiece& src, |
213 char c, | 214 char c, |
214 base::StringPiece* left, | 215 base::StringPiece* left, |
(...skipping 516 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... | |
731 RemoveFromCache(cert_handle_); | 732 RemoveFromCache(cert_handle_); |
732 FreeOSCertHandle(cert_handle_); | 733 FreeOSCertHandle(cert_handle_); |
733 } | 734 } |
734 for (size_t i = 0; i < intermediate_ca_certs_.size(); ++i) { | 735 for (size_t i = 0; i < intermediate_ca_certs_.size(); ++i) { |
735 RemoveFromCache(intermediate_ca_certs_[i]); | 736 RemoveFromCache(intermediate_ca_certs_[i]); |
736 FreeOSCertHandle(intermediate_ca_certs_[i]); | 737 FreeOSCertHandle(intermediate_ca_certs_[i]); |
737 } | 738 } |
738 } | 739 } |
739 | 740 |
740 } // namespace net | 741 } // namespace net |
OLD | NEW |