OLD | NEW |
1 // Copyright (c) 2008-2009 The Chromium Authors. All rights reserved. | 1 // Copyright (c) 2010 The Chromium Authors. All rights reserved. |
2 // Use of this source code is governed by a BSD-style license that can be | 2 // Use of this source code is governed by a BSD-style license that can be |
3 // found in the LICENSE file. | 3 // found in the LICENSE file. |
4 | 4 |
5 #ifndef NET_BASE_CERT_VERIFIER_H_ | 5 #ifndef NET_BASE_CERT_VERIFIER_H_ |
6 #define NET_BASE_CERT_VERIFIER_H_ | 6 #define NET_BASE_CERT_VERIFIER_H_ |
7 #pragma once | 7 #pragma once |
8 | 8 |
| 9 #include <map> |
9 #include <string> | 10 #include <string> |
10 | 11 |
11 #include "base/basictypes.h" | 12 #include "base/basictypes.h" |
12 #include "base/ref_counted.h" | 13 #include "base/non_thread_safe.h" |
| 14 #include "base/scoped_ptr.h" |
| 15 #include "base/time.h" |
| 16 #include "net/base/cert_verify_result.h" |
13 #include "net/base/completion_callback.h" | 17 #include "net/base/completion_callback.h" |
| 18 #include "net/base/x509_cert_types.h" |
14 | 19 |
15 namespace net { | 20 namespace net { |
16 | 21 |
17 class CertVerifyResult; | 22 class CertVerifierJob; |
| 23 class CertVerifierWorker; |
18 class X509Certificate; | 24 class X509Certificate; |
19 | 25 |
20 // This class represents the task of verifying a certificate. It can only | 26 // CachedCertVerifyResult contains the result of a certificate verification. |
21 // verify a single certificate at a time, so if you need to verify multiple | 27 struct CachedCertVerifyResult { |
22 // certificates at the same time, you will need to allocate a CertVerifier | 28 CachedCertVerifyResult(); |
23 // object for each certificate. | 29 ~CachedCertVerifyResult(); |
| 30 |
| 31 int error; // The return value of CertVerifier::Verify. |
| 32 CertVerifyResult result; // The output of CertVerifier::Verify. |
| 33 |
| 34 // The time at which the certificate verification result expires. |
| 35 base::Time expiry; |
| 36 |
| 37 // Returns true if |current_time| is greater than or equal to |expiry|. |
| 38 bool HasExpired(base::Time current_time) const; |
| 39 }; |
| 40 |
| 41 // CertVerifier represents a service for verifying certificates. |
24 // | 42 // |
25 class CertVerifier { | 43 // CertVerifier can handle multiple requests at a time, so when canceling a |
| 44 // request the RequestHandle that was returned by Verify() needs to be |
| 45 // given. A simpler alternative for consumers that only have 1 outstanding |
| 46 // request at a time is to create a SingleRequestCertVerifier wrapper around |
| 47 // CertVerifier (which will automatically cancel the single request when it |
| 48 // goes out of scope). |
| 49 class CertVerifier : public NonThreadSafe { |
26 public: | 50 public: |
| 51 // Opaque type used to cancel a request. |
| 52 typedef void* RequestHandle; |
| 53 |
| 54 // CertVerifier must not call base::Time::Now() directly. It must call |
| 55 // time_service_->Now(). This allows unit tests to mock the current time. |
| 56 class TimeService { |
| 57 public: |
| 58 virtual ~TimeService() {} |
| 59 |
| 60 virtual base::Time Now() = 0; |
| 61 }; |
| 62 |
27 CertVerifier(); | 63 CertVerifier(); |
28 | 64 |
29 // If a completion callback is pending when the verifier is destroyed, the | 65 // Used by unit tests to mock the current time. Takes ownership of |
30 // certificate verification is cancelled, and the completion callback will | 66 // |time_service|. |
31 // not be called. | 67 explicit CertVerifier(TimeService* time_service); |
| 68 |
| 69 // When the verifier is destroyed, all certificate verifications requests are |
| 70 // canceled, and their completion callbacks will not be called. |
32 ~CertVerifier(); | 71 ~CertVerifier(); |
33 | 72 |
34 // Verifies the given certificate against the given hostname. Returns OK if | 73 // Verifies the given certificate against the given hostname. Returns OK if |
35 // successful or an error code upon failure. | 74 // successful or an error code upon failure. |
36 // | 75 // |
37 // The |*verify_result| structure, including the |verify_result->cert_status| | 76 // The |*verify_result| structure, including the |verify_result->cert_status| |
38 // bitmask, is always filled out regardless of the return value. If the | 77 // bitmask, is always filled out regardless of the return value. If the |
39 // certificate has multiple errors, the corresponding status flags are set in | 78 // certificate has multiple errors, the corresponding status flags are set in |
40 // |verify_result->cert_status|, and the error code for the most serious | 79 // |verify_result->cert_status|, and the error code for the most serious |
41 // error is returned. | 80 // error is returned. |
42 // | 81 // |
43 // |flags| is bitwise OR'd of X509Certificate::VerifyFlags. | 82 // |flags| is bitwise OR'd of X509Certificate::VerifyFlags. |
44 // If VERIFY_REV_CHECKING_ENABLED is set in |flags|, certificate revocation | 83 // If VERIFY_REV_CHECKING_ENABLED is set in |flags|, certificate revocation |
45 // checking is performed. | 84 // checking is performed. |
46 // | 85 // |
47 // If VERIFY_EV_CERT is set in |flags| too, EV certificate verification is | 86 // If VERIFY_EV_CERT is set in |flags| too, EV certificate verification is |
48 // performed. If |flags| is VERIFY_EV_CERT (that is, | 87 // performed. If |flags| is VERIFY_EV_CERT (that is, |
49 // VERIFY_REV_CHECKING_ENABLED is not set), EV certificate verification will | 88 // VERIFY_REV_CHECKING_ENABLED is not set), EV certificate verification will |
50 // not be performed. | 89 // not be performed. |
51 // | 90 // |
52 // When callback is null, the operation completes synchronously. | 91 // |callback| must not be null. ERR_IO_PENDING is returned if the operation |
53 // | |
54 // When callback is non-null, ERR_IO_PENDING is returned if the operation | |
55 // could not be completed synchronously, in which case the result code will | 92 // could not be completed synchronously, in which case the result code will |
56 // be passed to the callback when available. | 93 // be passed to the callback when available. |
57 // | 94 // |
58 int Verify(X509Certificate* cert, const std::string& hostname, | 95 // If |out_req| is non-NULL, then |*out_req| will be filled with a handle to |
59 int flags, CertVerifyResult* verify_result, | 96 // the async request. This handle is not valid after the request has |
| 97 // completed. |
| 98 int Verify(X509Certificate* cert, |
| 99 const std::string& hostname, |
| 100 int flags, |
| 101 CertVerifyResult* verify_result, |
| 102 CompletionCallback* callback, |
| 103 RequestHandle* out_req); |
| 104 |
| 105 // Cancels the specified request. |req| is the handle returned by Verify(). |
| 106 // After a request is canceled, its completion callback will not be called. |
| 107 void CancelRequest(RequestHandle req); |
| 108 |
| 109 // Clears the verification result cache. |
| 110 void ClearCache(); |
| 111 |
| 112 size_t GetCacheSize() const; |
| 113 |
| 114 uint64 requests() const { return requests_; } |
| 115 uint64 cache_hits() const { return cache_hits_; } |
| 116 uint64 inflight_joins() const { return inflight_joins_; } |
| 117 |
| 118 private: |
| 119 friend class CertVerifierWorker; // Calls HandleResult. |
| 120 |
| 121 // Input parameters of a certificate verification request. |
| 122 struct RequestParams { |
| 123 bool operator==(const RequestParams& other) const { |
| 124 // |flags| is compared before |cert_fingerprint| and |hostname| under |
| 125 // assumption that integer comparisons are faster than memory and string |
| 126 // comparisons. |
| 127 return (flags == other.flags && |
| 128 memcmp(cert_fingerprint.data, other.cert_fingerprint.data, |
| 129 sizeof(cert_fingerprint.data)) == 0 && |
| 130 hostname == other.hostname); |
| 131 } |
| 132 |
| 133 bool operator<(const RequestParams& other) const { |
| 134 // |flags| is compared before |cert_fingerprint| and |hostname| under |
| 135 // assumption that integer comparisons are faster than memory and string |
| 136 // comparisons. |
| 137 if (flags != other.flags) |
| 138 return flags < other.flags; |
| 139 int rv = memcmp(cert_fingerprint.data, other.cert_fingerprint.data, |
| 140 sizeof(cert_fingerprint.data)); |
| 141 if (rv != 0) |
| 142 return rv < 0; |
| 143 return hostname < other.hostname; |
| 144 } |
| 145 |
| 146 SHA1Fingerprint cert_fingerprint; |
| 147 std::string hostname; |
| 148 int flags; |
| 149 }; |
| 150 |
| 151 void HandleResult(X509Certificate* cert, |
| 152 const std::string& hostname, |
| 153 int flags, |
| 154 int error, |
| 155 const CertVerifyResult& verify_result); |
| 156 |
| 157 // cache_ maps from a request to a cached result. The cached result may |
| 158 // have expired and the size of |cache_| must be <= kMaxCacheEntries. |
| 159 std::map<RequestParams, CachedCertVerifyResult> cache_; |
| 160 |
| 161 // inflight_ maps from a request to an active verification which is taking |
| 162 // place. |
| 163 std::map<RequestParams, CertVerifierJob*> inflight_; |
| 164 |
| 165 scoped_ptr<TimeService> time_service_; |
| 166 |
| 167 uint64 requests_; |
| 168 uint64 cache_hits_; |
| 169 uint64 inflight_joins_; |
| 170 |
| 171 DISALLOW_COPY_AND_ASSIGN(CertVerifier); |
| 172 }; |
| 173 |
| 174 // This class represents the task of verifying a certificate. It wraps |
| 175 // CertVerifier to verify only a single certificate at a time and cancels this |
| 176 // request when going out of scope. |
| 177 class SingleRequestCertVerifier { |
| 178 public: |
| 179 // |cert_verifier| must remain valid for the lifetime of |this|. |
| 180 explicit SingleRequestCertVerifier(CertVerifier* cert_verifier); |
| 181 |
| 182 // If a completion callback is pending when the verifier is destroyed, the |
| 183 // certificate verification is canceled, and the completion callback will |
| 184 // not be called. |
| 185 ~SingleRequestCertVerifier(); |
| 186 |
| 187 // Verifies the given certificate, filling out the |verify_result| object |
| 188 // upon success. See CertVerifier::Verify() for details. |
| 189 int Verify(X509Certificate* cert, |
| 190 const std::string& hostname, |
| 191 int flags, |
| 192 CertVerifyResult* verify_result, |
60 CompletionCallback* callback); | 193 CompletionCallback* callback); |
61 | 194 |
62 private: | 195 private: |
63 class Request; | 196 // Callback for when the request to |cert_verifier_| completes, so we |
64 friend class Request; | 197 // dispatch to the user's callback. |
65 scoped_refptr<Request> request_; | 198 void OnVerifyCompletion(int result); |
66 DISALLOW_COPY_AND_ASSIGN(CertVerifier); | 199 |
| 200 // The actual certificate verifier that will handle the request. |
| 201 CertVerifier* const cert_verifier_; |
| 202 |
| 203 // The current request (if any). |
| 204 CertVerifier::RequestHandle cur_request_; |
| 205 CompletionCallback* cur_request_callback_; |
| 206 |
| 207 // Completion callback for when request to |cert_verifier_| completes. |
| 208 net::CompletionCallbackImpl<SingleRequestCertVerifier> callback_; |
| 209 |
| 210 DISALLOW_COPY_AND_ASSIGN(SingleRequestCertVerifier); |
67 }; | 211 }; |
68 | 212 |
69 } // namespace net | 213 } // namespace net |
70 | 214 |
71 #endif // NET_BASE_CERT_VERIFIER_H_ | 215 #endif // NET_BASE_CERT_VERIFIER_H_ |
OLD | NEW |