Chromium Code Reviews Chromium Code Reviews
Issue 356953003:
Adding DiskBasedCertCache to HttpCache (+UMA). (Closed)
Base URL: https://chromium.googlesource.com/chromium/src.git@current| OLD | NEW |
|---|---|
| 1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. | 1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. |
| 2 // Use of this source code is governed by a BSD-style license that can be | 2 // Use of this source code is governed by a BSD-style license that can be |
| 3 // found in the LICENSE file. | 3 // found in the LICENSE file. |
| 4 | 4 |
| 5 #include "net/http/http_cache_transaction.h" | 5 #include "net/http/http_cache_transaction.h" |
| 6 | 6 |
| 7 #include "build/build_config.h" | 7 #include "build/build_config.h" |
| 8 | 8 |
| 9 #if defined(OS_POSIX) | 9 #if defined(OS_POSIX) |
| 10 #include <unistd.h> | 10 #include <unistd.h> |
| (...skipping 14 matching lines...) Expand all Loading... | |
| 25 #include "base/time/time.h" | 25 #include "base/time/time.h" |
| 26 #include "net/base/completion_callback.h" | 26 #include "net/base/completion_callback.h" |
| 27 #include "net/base/io_buffer.h" | 27 #include "net/base/io_buffer.h" |
| 28 #include "net/base/load_flags.h" | 28 #include "net/base/load_flags.h" |
| 29 #include "net/base/load_timing_info.h" | 29 #include "net/base/load_timing_info.h" |
| 30 #include "net/base/net_errors.h" | 30 #include "net/base/net_errors.h" |
| 31 #include "net/base/net_log.h" | 31 #include "net/base/net_log.h" |
| 32 #include "net/base/upload_data_stream.h" | 32 #include "net/base/upload_data_stream.h" |
| 33 #include "net/cert/cert_status_flags.h" | 33 #include "net/cert/cert_status_flags.h" |
| 34 #include "net/disk_cache/disk_cache.h" | 34 #include "net/disk_cache/disk_cache.h" |
| 35 #include "net/http/disk_based_cert_cache.h" | |
| 35 #include "net/http/http_network_session.h" | 36 #include "net/http/http_network_session.h" |
| 36 #include "net/http/http_request_info.h" | 37 #include "net/http/http_request_info.h" |
| 37 #include "net/http/http_response_headers.h" | 38 #include "net/http/http_response_headers.h" |
| 38 #include "net/http/http_transaction.h" | 39 #include "net/http/http_transaction.h" |
| 39 #include "net/http/http_util.h" | 40 #include "net/http/http_util.h" |
| 40 #include "net/http/partial_data.h" | 41 #include "net/http/partial_data.h" |
| 41 #include "net/ssl/ssl_cert_request_info.h" | 42 #include "net/ssl/ssl_cert_request_info.h" |
| 42 #include "net/ssl/ssl_config_service.h" | 43 #include "net/ssl/ssl_config_service.h" |
| 43 | 44 |
| 44 using base::Time; | 45 using base::Time; |
| 45 using base::TimeDelta; | 46 using base::TimeDelta; |
| 46 using base::TimeTicks; | 47 using base::TimeTicks; |
| 47 | 48 |
| 48 namespace { | 49 namespace { |
| 49 | 50 |
| 51 // Stores data relevant to the statistics of writing and reading entire | |
| 52 // certificate chains using DiskBasedCertCache. |num_pending_ops| is the number | |
| 53 // of certificates in the chain that have pending operations in the | |
| 54 // DiskBasedCertCache. |start_time| is the time that the read and write | |
| 55 // commands began being issued to the DiskBasedCertCache. | |
| 56 // TODO(brandonsalmon): Remove this when it is no longer necessary to | |
| 57 // collect data. | |
| 58 class SharedChainData : public base::RefCountedThreadSafe<SharedChainData> { | |
| 59 public: | |
| 60 SharedChainData(int num_ops, TimeTicks start) | |
| 61 : num_pending_ops(num_ops), start_time(start) {} | |
|
wtc
2014/07/08 22:37:34
Nit: add a blank line to separate the constructor
| |
| 62 int num_pending_ops; | |
| 63 TimeTicks start_time; | |
| 64 | |
| 65 private: | |
| 66 friend class base::RefCountedThreadSafe<SharedChainData>; | |
| 67 ~SharedChainData() {} | |
| 68 DISALLOW_COPY_AND_ASSIGN(SharedChainData); | |
| 69 }; | |
| 70 | |
| 71 // Used to obtain a cache entry key for an OSCertHandle. | |
| 72 // TODO(brandonsalmon): Remove this when cache keys are stored | |
| 73 // and no longer have to be recomputed to retrieve the OSCertHandle | |
| 74 // from the disk. | |
| 75 std::string GetCacheKeyToCert( | |
|
wtc
2014/07/08 22:37:34
Nit: GetCacheKeyToCert => GetCacheKeyForCert
| |
| 76 const net::X509Certificate::OSCertHandle cert_handle) { | |
|
wtc
2014/07/08 22:37:34
This const is not necessary.
| |
| 77 net::SHA1HashValue fingerprint = | |
| 78 net::X509Certificate::CalculateFingerprint(cert_handle); | |
| 79 | |
| 80 return "cert:" + | |
| 81 base::HexEncode(fingerprint.data, arraysize(fingerprint.data)); | |
| 82 } | |
| 83 | |
| 84 // |dist_from_root| indicates the position of the read certificate in the | |
| 85 // certificate chain, 0 indicating it is the leaf. |is_leaf| indicates | |
|
wtc
2014/07/08 22:37:34
Typo: 0 indicating it is the leaf => 0 indicating
| |
| 86 // whether or not the read certificate was the leaf of the chain. | |
| 87 // |shared_chain_data| contains data shared by each certificate in | |
| 88 // the chain. | |
| 89 void OnCertReadIOComplete( | |
| 90 int dist_from_root, | |
| 91 bool is_leaf, | |
| 92 const scoped_refptr<SharedChainData>& shared_chain_data, | |
| 93 net::X509Certificate::OSCertHandle cert_handle) { | |
| 94 // If |num_pending_ops| is one, this was the last pending read operation | |
| 95 // for this chain of certificates. The total time to write the chain | |
|
wtc
2014/07/08 22:37:34
write the chain => read the chain
| |
| 96 // can be calculated by subtracting the starting time from Now(). | |
| 97 shared_chain_data->num_pending_ops--; | |
| 98 if (!shared_chain_data->num_pending_ops) { | |
| 99 const TimeDelta read_chain_wait = | |
| 100 TimeTicks::Now() - shared_chain_data->start_time; | |
| 101 UMA_HISTOGRAM_TIMES("DiskBasedCertCache.ChainReadTime", read_chain_wait); | |
| 102 } | |
| 103 | |
| 104 bool success = (cert_handle != NULL); | |
| 105 UMA_HISTOGRAM_BOOLEAN("DiskBasedCertCache.ReadSuccessTotal", success); | |
| 106 | |
| 107 if (is_leaf) | |
| 108 UMA_HISTOGRAM_BOOLEAN("DiskBasedCertCache.ReadSuccessLeaf", success); | |
| 109 else if (dist_from_root == 0) | |
| 110 UMA_HISTOGRAM_BOOLEAN("DiskBasedCertCache.ReadSuccessRoot", success); | |
| 111 else if (dist_from_root == 1) | |
| 112 UMA_HISTOGRAM_BOOLEAN("DiskBasedCertCache.ReadSuccessInt1", success); | |
| 113 else if (dist_from_root == 2) | |
| 114 UMA_HISTOGRAM_BOOLEAN("DiskBasedCertCache.ReadSuccessInt2", success); | |
| 115 else | |
| 116 UMA_HISTOGRAM_BOOLEAN("DiskBasedCertCache.ReadSuccessIntN", success); | |
| 117 } | |
| 118 | |
| 119 // |dist_from_root| indicates the position of the written certificate in the | |
| 120 // certificate chain, 0 indicating it is the leaf. |is_leaf| indicates | |
| 121 // whether or not the written certificate was the leaf of the chain. | |
| 122 // |shared_chain_data| contains data shared by each certificate in | |
| 123 // the chain. | |
| 124 void OnCertWriteIOComplete( | |
| 125 int dist_from_root, | |
| 126 bool is_leaf, | |
| 127 const scoped_refptr<SharedChainData>& shared_chain_data, | |
| 128 const std::string& key) { | |
| 129 // If |num_pending_ops| is one, this was the last pending write operation | |
| 130 // for this chain of certificates. The total time to write the chain | |
| 131 // can be calculated by subtracting the starting time from Now(). | |
| 132 shared_chain_data->num_pending_ops--; | |
| 133 if (!shared_chain_data->num_pending_ops) { | |
| 134 const TimeDelta write_chain_wait = | |
| 135 TimeTicks::Now() - shared_chain_data->start_time; | |
| 136 UMA_HISTOGRAM_TIMES("DiskBasedCertCache.ChainWriteTime", write_chain_wait); | |
| 137 } | |
| 138 | |
| 139 bool success = !key.empty(); | |
| 140 UMA_HISTOGRAM_BOOLEAN("DiskBasedCertCache.WriteSuccessTotal", success); | |
| 141 | |
| 142 if (is_leaf) | |
| 143 UMA_HISTOGRAM_BOOLEAN("DiskBasedCertCache.WriteSuccessLeaf", success); | |
| 144 else if (dist_from_root == 0) | |
| 145 UMA_HISTOGRAM_BOOLEAN("DiskBasedCertCache.WriteSuccessRoot", success); | |
| 146 else if (dist_from_root == 1) | |
| 147 UMA_HISTOGRAM_BOOLEAN("DiskBasedCertCache.WriteSuccessInt1", success); | |
| 148 else if (dist_from_root == 2) | |
| 149 UMA_HISTOGRAM_BOOLEAN("DiskBasedCertCache.WriteSuccessInt2", success); | |
| 150 else | |
| 151 UMA_HISTOGRAM_BOOLEAN("DiskBasedCertCache.WriteSuccessIntN", success); | |
| 152 } | |
| 153 | |
| 50 // From http://tools.ietf.org/html/draft-ietf-httpbis-p6-cache-21#section-6 | 154 // From http://tools.ietf.org/html/draft-ietf-httpbis-p6-cache-21#section-6 |
| 51 // a "non-error response" is one with a 2xx (Successful) or 3xx | 155 // a "non-error response" is one with a 2xx (Successful) or 3xx |
| 52 // (Redirection) status code. | 156 // (Redirection) status code. |
| 53 bool NonErrorResponse(int status_code) { | 157 bool NonErrorResponse(int status_code) { |
| 54 int status_code_range = status_code / 100; | 158 int status_code_range = status_code / 100; |
| 55 return status_code_range == 2 || status_code_range == 3; | 159 return status_code_range == 2 || status_code_range == 3; |
| 56 } | 160 } |
| 57 | 161 |
| 58 // Error codes that will be considered indicative of a page being offline/ | 162 // Error codes that will be considered indicative of a page being offline/ |
| 59 // unreachable for LOAD_FROM_CACHE_IF_OFFLINE. | 163 // unreachable for LOAD_FROM_CACHE_IF_OFFLINE. |
| (...skipping 1428 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... | |
| 1488 } | 1592 } |
| 1489 | 1593 |
| 1490 int HttpCache::Transaction::DoCacheReadResponseComplete(int result) { | 1594 int HttpCache::Transaction::DoCacheReadResponseComplete(int result) { |
| 1491 net_log_.EndEventWithNetErrorCode(NetLog::TYPE_HTTP_CACHE_READ_INFO, result); | 1595 net_log_.EndEventWithNetErrorCode(NetLog::TYPE_HTTP_CACHE_READ_INFO, result); |
| 1492 if (result != io_buf_len_ || | 1596 if (result != io_buf_len_ || |
| 1493 !HttpCache::ParseResponseInfo(read_buf_->data(), io_buf_len_, | 1597 !HttpCache::ParseResponseInfo(read_buf_->data(), io_buf_len_, |
| 1494 &response_, &truncated_)) { | 1598 &response_, &truncated_)) { |
| 1495 return OnCacheReadError(result, true); | 1599 return OnCacheReadError(result, true); |
| 1496 } | 1600 } |
| 1497 | 1601 |
| 1602 // cert_cache() will be null if the CertCacheTrial field trial is disabled. | |
| 1603 if (cache_->cert_cache() && response_.ssl_info.is_valid()) { | |
| 1604 std::string key = | |
| 1605 GetCacheKeyToCert(response_.ssl_info.cert->os_cert_handle()); | |
| 1606 const X509Certificate::OSCertHandles& intermediates = | |
| 1607 response_.ssl_info.cert->GetIntermediateCertificates(); | |
| 1608 int dist_from_root = intermediates.size(); | |
| 1609 | |
| 1610 scoped_refptr<SharedChainData> shared_chain_data( | |
| 1611 new SharedChainData(intermediates.size() + 1, TimeTicks::Now())); | |
| 1612 cache_->cert_cache()->Get(key, | |
| 1613 base::Bind(&OnCertReadIOComplete, | |
| 1614 dist_from_root, | |
| 1615 true /* is leaf */, | |
| 1616 shared_chain_data)); | |
| 1617 | |
| 1618 for (X509Certificate::OSCertHandles::const_iterator it = | |
| 1619 intermediates.begin(); | |
| 1620 it != intermediates.end(); | |
| 1621 ++it) { | |
| 1622 --dist_from_root; | |
| 1623 key = GetCacheKeyToCert(*it); | |
| 1624 cache_->cert_cache()->Get(key, | |
| 1625 base::Bind(&OnCertReadIOComplete, | |
| 1626 dist_from_root, | |
| 1627 false /* is not leaf */, | |
| 1628 shared_chain_data)); | |
| 1629 } | |
| 1630 DCHECK_EQ(0, dist_from_root); | |
| 1631 } | |
| 1632 | |
| 1498 // Some resources may have slipped in as truncated when they're not. | 1633 // Some resources may have slipped in as truncated when they're not. |
| 1499 int current_size = entry_->disk_entry->GetDataSize(kResponseContentIndex); | 1634 int current_size = entry_->disk_entry->GetDataSize(kResponseContentIndex); |
| 1500 if (response_.headers->GetContentLength() == current_size) | 1635 if (response_.headers->GetContentLength() == current_size) |
| 1501 truncated_ = false; | 1636 truncated_ = false; |
| 1502 | 1637 |
| 1503 // We now have access to the cache entry. | 1638 // We now have access to the cache entry. |
| 1504 // | 1639 // |
| 1505 // o if we are a reader for the transaction, then we can start reading the | 1640 // o if we are a reader for the transaction, then we can start reading the |
| 1506 // cache entry. | 1641 // cache entry. |
| 1507 // | 1642 // |
| (...skipping 812 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... | |
| 2320 // reverse-map the cert status to a net error and replay the net error. | 2455 // reverse-map the cert status to a net error and replay the net error. |
| 2321 if ((cache_->mode() != RECORD && | 2456 if ((cache_->mode() != RECORD && |
| 2322 response_.headers->HasHeaderValue("cache-control", "no-store")) || | 2457 response_.headers->HasHeaderValue("cache-control", "no-store")) || |
| 2323 net::IsCertStatusError(response_.ssl_info.cert_status)) { | 2458 net::IsCertStatusError(response_.ssl_info.cert_status)) { |
| 2324 DoneWritingToEntry(false); | 2459 DoneWritingToEntry(false); |
| 2325 if (net_log_.IsLogging()) | 2460 if (net_log_.IsLogging()) |
| 2326 net_log_.EndEvent(NetLog::TYPE_HTTP_CACHE_WRITE_INFO); | 2461 net_log_.EndEvent(NetLog::TYPE_HTTP_CACHE_WRITE_INFO); |
| 2327 return OK; | 2462 return OK; |
| 2328 } | 2463 } |
| 2329 | 2464 |
| 2465 // cert_cache() will be null if the CertCacheTrial field trial is disabled. | |
| 2466 if (cache_->cert_cache() && response_.ssl_info.is_valid()) { | |
| 2467 const X509Certificate::OSCertHandles& intermediates = | |
| 2468 response_.ssl_info.cert->GetIntermediateCertificates(); | |
| 2469 int dist_from_root = intermediates.size(); | |
| 2470 | |
| 2471 scoped_refptr<SharedChainData> shared_chain_data( | |
| 2472 new SharedChainData(intermediates.size() + 1, TimeTicks::Now())); | |
| 2473 cache_->cert_cache()->Set(response_.ssl_info.cert->os_cert_handle(), | |
| 2474 base::Bind(&OnCertWriteIOComplete, | |
| 2475 dist_from_root, | |
| 2476 true /* is leaf */, | |
| 2477 shared_chain_data)); | |
| 2478 for (X509Certificate::OSCertHandles::const_iterator it = | |
| 2479 intermediates.begin(); | |
| 2480 it != intermediates.end(); | |
| 2481 ++it) { | |
| 2482 --dist_from_root; | |
| 2483 cache_->cert_cache()->Set(*it, | |
| 2484 base::Bind(&OnCertWriteIOComplete, | |
| 2485 dist_from_root, | |
| 2486 false /* is not leaf */, | |
| 2487 shared_chain_data)); | |
| 2488 } | |
| 2489 DCHECK_EQ(0, dist_from_root); | |
| 2490 } | |
| 2491 | |
| 2330 // When writing headers, we normally only write the non-transient | 2492 // When writing headers, we normally only write the non-transient |
| 2331 // headers; when in record mode, record everything. | 2493 // headers; when in record mode, record everything. |
| 2332 bool skip_transient_headers = (cache_->mode() != RECORD); | 2494 bool skip_transient_headers = (cache_->mode() != RECORD); |
| 2333 | 2495 |
| 2334 if (truncated) | 2496 if (truncated) |
| 2335 DCHECK_EQ(200, response_.headers->response_code()); | 2497 DCHECK_EQ(200, response_.headers->response_code()); |
| 2336 | 2498 |
| 2337 scoped_refptr<PickledIOBuffer> data(new PickledIOBuffer()); | 2499 scoped_refptr<PickledIOBuffer> data(new PickledIOBuffer()); |
| 2338 response_.Persist(data->pickle(), skip_transient_headers, truncated); | 2500 response_.Persist(data->pickle(), skip_transient_headers, truncated); |
| 2339 data->Done(); | 2501 data->Done(); |
| (...skipping 236 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... | |
| 2576 default: | 2738 default: |
| 2577 NOTREACHED(); | 2739 NOTREACHED(); |
| 2578 } | 2740 } |
| 2579 } | 2741 } |
| 2580 | 2742 |
| 2581 void HttpCache::Transaction::OnIOComplete(int result) { | 2743 void HttpCache::Transaction::OnIOComplete(int result) { |
| 2582 DoLoop(result); | 2744 DoLoop(result); |
| 2583 } | 2745 } |
| 2584 | 2746 |
| 2585 } // namespace net | 2747 } // namespace net |
| OLD | NEW |
