OLD | NEW |
1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. | 1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. |
2 // Use of this source code is governed by a BSD-style license that can be | 2 // Use of this source code is governed by a BSD-style license that can be |
3 // found in the LICENSE file. | 3 // found in the LICENSE file. |
4 | 4 |
5 #ifndef NET_BASE_DEFAULT_SERVER_BOUND_CERT_STORE_H_ | 5 #ifndef NET_BASE_DEFAULT_SERVER_BOUND_CERT_STORE_H_ |
6 #define NET_BASE_DEFAULT_SERVER_BOUND_CERT_STORE_H_ | 6 #define NET_BASE_DEFAULT_SERVER_BOUND_CERT_STORE_H_ |
7 | 7 |
8 #include <map> | 8 #include <map> |
9 #include <string> | 9 #include <string> |
10 #include <vector> | 10 #include <vector> |
11 | 11 |
12 #include "base/callback_forward.h" | 12 #include "base/callback_forward.h" |
13 #include "base/compiler_specific.h" | 13 #include "base/compiler_specific.h" |
14 #include "base/memory/ref_counted.h" | 14 #include "base/memory/ref_counted.h" |
| 15 #include "base/memory/scoped_ptr.h" |
| 16 #include "base/memory/scoped_vector.h" |
| 17 #include "base/memory/weak_ptr.h" |
15 #include "net/base/net_export.h" | 18 #include "net/base/net_export.h" |
16 #include "net/base/server_bound_cert_store.h" | 19 #include "net/base/server_bound_cert_store.h" |
17 | 20 |
18 class Task; | |
19 | |
20 namespace net { | 21 namespace net { |
21 | 22 |
22 // This class is the system for storing and retrieving server bound certs. | 23 // This class is the system for storing and retrieving server bound certs. |
23 // Modeled after the CookieMonster class, it has an in-memory cert store, | 24 // Modeled after the CookieMonster class, it has an in-memory cert store, |
24 // and synchronizes server bound certs to an optional permanent storage that | 25 // and synchronizes server bound certs to an optional permanent storage that |
25 // implements the PersistentStore interface. The use case is described in | 26 // implements the PersistentStore interface. The use case is described in |
26 // http://balfanz.github.com/tls-obc-spec/draft-balfanz-tls-obc-00.html | 27 // http://balfanz.github.com/tls-obc-spec/draft-balfanz-tls-obc-00.html |
27 class NET_EXPORT DefaultServerBoundCertStore : public ServerBoundCertStore { | 28 class NET_EXPORT DefaultServerBoundCertStore : public ServerBoundCertStore { |
28 public: | 29 public: |
29 class PersistentStore; | 30 class PersistentStore; |
(...skipping 15 matching lines...) Expand all Loading... |
45 // WARNING: THE CALLBACK WILL RUN ON A RANDOM THREAD. IT MUST BE THREAD SAFE. | 46 // WARNING: THE CALLBACK WILL RUN ON A RANDOM THREAD. IT MUST BE THREAD SAFE. |
46 // It may be posted to the current thread, or it may run on the thread that | 47 // It may be posted to the current thread, or it may run on the thread that |
47 // actually does the flushing. Your Task should generally post a notification | 48 // actually does the flushing. Your Task should generally post a notification |
48 // to the thread you actually want to be notified on. | 49 // to the thread you actually want to be notified on. |
49 void FlushStore(const base::Closure& completion_task); | 50 void FlushStore(const base::Closure& completion_task); |
50 | 51 |
51 // ServerBoundCertStore implementation. | 52 // ServerBoundCertStore implementation. |
52 virtual bool GetServerBoundCert( | 53 virtual bool GetServerBoundCert( |
53 const std::string& server_identifier, | 54 const std::string& server_identifier, |
54 SSLClientCertType* type, | 55 SSLClientCertType* type, |
55 base::Time* creation_time, | |
56 base::Time* expiration_time, | 56 base::Time* expiration_time, |
57 std::string* private_key_result, | 57 std::string* private_key_result, |
58 std::string* cert_result) OVERRIDE; | 58 std::string* cert_result, |
| 59 const GetCertCallback& callback) OVERRIDE; |
59 virtual void SetServerBoundCert( | 60 virtual void SetServerBoundCert( |
60 const std::string& server_identifier, | 61 const std::string& server_identifier, |
61 SSLClientCertType type, | 62 SSLClientCertType type, |
62 base::Time creation_time, | 63 base::Time creation_time, |
63 base::Time expiration_time, | 64 base::Time expiration_time, |
64 const std::string& private_key, | 65 const std::string& private_key, |
65 const std::string& cert) OVERRIDE; | 66 const std::string& cert) OVERRIDE; |
66 virtual void DeleteServerBoundCert(const std::string& server_identifier) | 67 virtual void DeleteServerBoundCert( |
67 OVERRIDE; | 68 const std::string& server_identifier, |
68 virtual void DeleteAllCreatedBetween(base::Time delete_begin, | 69 const base::Closure& callback) OVERRIDE; |
69 base::Time delete_end) OVERRIDE; | 70 virtual void DeleteAllCreatedBetween( |
70 virtual void DeleteAll() OVERRIDE; | 71 base::Time delete_begin, |
| 72 base::Time delete_end, |
| 73 const base::Closure& callback) OVERRIDE; |
| 74 virtual void DeleteAll(const base::Closure& callback) OVERRIDE; |
71 virtual void GetAllServerBoundCerts( | 75 virtual void GetAllServerBoundCerts( |
72 ServerBoundCertList* server_bound_certs) OVERRIDE; | 76 const GetCertListCallback& callback) OVERRIDE; |
73 virtual int GetCertCount() OVERRIDE; | 77 virtual int GetCertCount() OVERRIDE; |
74 virtual void SetForceKeepSessionState() OVERRIDE; | 78 virtual void SetForceKeepSessionState() OVERRIDE; |
75 | 79 |
76 private: | 80 private: |
| 81 class Task; |
| 82 class GetServerBoundCertTask; |
| 83 class SetServerBoundCertTask; |
| 84 class DeleteServerBoundCertTask; |
| 85 class DeleteAllCreatedBetweenTask; |
| 86 class GetAllServerBoundCertsTask; |
| 87 |
77 static const size_t kMaxCerts; | 88 static const size_t kMaxCerts; |
78 | 89 |
79 // Deletes all of the certs. Does not delete them from |store_|. | 90 // Deletes all of the certs. Does not delete them from |store_|. |
80 void DeleteAllInMemory(); | 91 void DeleteAllInMemory(); |
81 | 92 |
82 // Called by all non-static functions to ensure that the cert store has | 93 // Called by all non-static functions to ensure that the cert store has |
83 // been initialized. This is not done during creating so it doesn't block | 94 // been initialized. |
84 // the window showing. | 95 // TODO(mattm): since we load asynchronously now, maybe we should start |
| 96 // loading immediately on construction, or provide some method to initiate |
| 97 // loading? |
85 void InitIfNecessary() { | 98 void InitIfNecessary() { |
86 if (!initialized_) { | 99 if (!initialized_) { |
87 if (store_) | 100 if (store_) { |
88 InitStore(); | 101 InitStore(); |
| 102 } else { |
| 103 loaded_ = true; |
| 104 } |
89 initialized_ = true; | 105 initialized_ = true; |
90 } | 106 } |
91 } | 107 } |
92 | 108 |
93 // Initializes the backing store and reads existing certs from it. | 109 // Initializes the backing store and reads existing certs from it. |
94 // Should only be called by InitIfNecessary(). | 110 // Should only be called by InitIfNecessary(). |
95 void InitStore(); | 111 void InitStore(); |
96 | 112 |
| 113 // Callback for backing store loading completion. |
| 114 void OnLoaded(scoped_ptr<ScopedVector<ServerBoundCert> > certs); |
| 115 |
| 116 // Syncronous methods which do the actual work. Can only be called after |
| 117 // initialization is complete. |
| 118 void SyncSetServerBoundCert( |
| 119 const std::string& server_identifier, |
| 120 SSLClientCertType type, |
| 121 base::Time creation_time, |
| 122 base::Time expiration_time, |
| 123 const std::string& private_key, |
| 124 const std::string& cert); |
| 125 void SyncDeleteServerBoundCert(const std::string& server_identifier); |
| 126 void SyncDeleteAllCreatedBetween(base::Time delete_begin, |
| 127 base::Time delete_end); |
| 128 void SyncGetAllServerBoundCerts(ServerBoundCertList* cert_list); |
| 129 |
| 130 // Add |task| to |waiting_tasks_|. |
| 131 void EnqueueTask(scoped_ptr<Task> task); |
| 132 // If already initialized, run |task| immediately. Otherwise add it to |
| 133 // |waiting_tasks_|. |
| 134 void RunOrEnqueueTask(scoped_ptr<Task> task); |
| 135 |
97 // Deletes the cert for the specified server, if such a cert exists, from the | 136 // Deletes the cert for the specified server, if such a cert exists, from the |
98 // in-memory store. Deletes it from |store_| if |store_| is not NULL. | 137 // in-memory store. Deletes it from |store_| if |store_| is not NULL. |
99 void InternalDeleteServerBoundCert(const std::string& server); | 138 void InternalDeleteServerBoundCert(const std::string& server); |
100 | 139 |
101 // Takes ownership of *cert. | 140 // Takes ownership of *cert. |
102 // Adds the cert for the specified server to the in-memory store. Deletes it | 141 // Adds the cert for the specified server to the in-memory store. Deletes it |
103 // from |store_| if |store_| is not NULL. | 142 // from |store_| if |store_| is not NULL. |
104 void InternalInsertServerBoundCert(const std::string& server_identifier, | 143 void InternalInsertServerBoundCert(const std::string& server_identifier, |
105 ServerBoundCert* cert); | 144 ServerBoundCert* cert); |
106 | 145 |
107 // Indicates whether the cert store has been initialized. This happens | 146 // Indicates whether the cert store has been initialized. This happens |
108 // Lazily in InitStoreIfNecessary(). | 147 // lazily in InitIfNecessary(). |
109 bool initialized_; | 148 bool initialized_; |
110 | 149 |
| 150 // Indicates whether loading from the backend store is completed and |
| 151 // calls may be immediately processed. |
| 152 bool loaded_; |
| 153 |
| 154 // Tasks that are waiting to be run once we finish loading. |
| 155 ScopedVector<Task> waiting_tasks_; |
| 156 base::TimeTicks waiting_tasks_start_time_; |
| 157 |
111 scoped_refptr<PersistentStore> store_; | 158 scoped_refptr<PersistentStore> store_; |
112 | 159 |
113 ServerBoundCertMap server_bound_certs_; | 160 ServerBoundCertMap server_bound_certs_; |
114 | 161 |
| 162 base::WeakPtrFactory<DefaultServerBoundCertStore> weak_ptr_factory_; |
| 163 |
115 DISALLOW_COPY_AND_ASSIGN(DefaultServerBoundCertStore); | 164 DISALLOW_COPY_AND_ASSIGN(DefaultServerBoundCertStore); |
116 }; | 165 }; |
117 | 166 |
118 typedef base::RefCountedThreadSafe<DefaultServerBoundCertStore::PersistentStore> | 167 typedef base::RefCountedThreadSafe<DefaultServerBoundCertStore::PersistentStore> |
119 RefcountedPersistentStore; | 168 RefcountedPersistentStore; |
120 | 169 |
121 class NET_EXPORT DefaultServerBoundCertStore::PersistentStore | 170 class NET_EXPORT DefaultServerBoundCertStore::PersistentStore |
122 : public RefcountedPersistentStore { | 171 : public RefcountedPersistentStore { |
123 public: | 172 public: |
| 173 typedef base::Callback<void(scoped_ptr<ScopedVector<ServerBoundCert> >)> |
| 174 LoadedCallback; |
| 175 |
124 // Initializes the store and retrieves the existing certs. This will be | 176 // Initializes the store and retrieves the existing certs. This will be |
125 // called only once at startup. Note that the certs are individually allocated | 177 // called only once at startup. Note that the certs are individually allocated |
126 // and that ownership is transferred to the caller upon return. | 178 // and that ownership is transferred to the caller upon return. |
127 virtual bool Load( | 179 // The |loaded_callback| must not be called synchronously. |
128 std::vector<ServerBoundCert*>* certs) = 0; | 180 virtual void Load(const LoadedCallback& loaded_callback) = 0; |
129 | 181 |
130 virtual void AddServerBoundCert(const ServerBoundCert& cert) = 0; | 182 virtual void AddServerBoundCert(const ServerBoundCert& cert) = 0; |
131 | 183 |
132 virtual void DeleteServerBoundCert(const ServerBoundCert& cert) = 0; | 184 virtual void DeleteServerBoundCert(const ServerBoundCert& cert) = 0; |
133 | 185 |
134 // When invoked, instructs the store to keep session related data on | 186 // When invoked, instructs the store to keep session related data on |
135 // destruction. | 187 // destruction. |
136 virtual void SetForceKeepSessionState() = 0; | 188 virtual void SetForceKeepSessionState() = 0; |
137 | 189 |
138 // Flush the store and post the given Task when complete. | 190 // Flush the store and post the given Task when complete. |
139 virtual void Flush(const base::Closure& completion_task) = 0; | 191 virtual void Flush(const base::Closure& completion_task) = 0; |
140 | 192 |
141 protected: | 193 protected: |
142 friend class base::RefCountedThreadSafe<PersistentStore>; | 194 friend class base::RefCountedThreadSafe<PersistentStore>; |
143 | 195 |
144 PersistentStore(); | 196 PersistentStore(); |
145 virtual ~PersistentStore(); | 197 virtual ~PersistentStore(); |
146 | 198 |
147 private: | 199 private: |
148 DISALLOW_COPY_AND_ASSIGN(PersistentStore); | 200 DISALLOW_COPY_AND_ASSIGN(PersistentStore); |
149 }; | 201 }; |
150 | 202 |
151 } // namespace net | 203 } // namespace net |
152 | 204 |
153 #endif // NET_DEFAULT_ORIGIN_BOUND_CERT_STORE_H_ | 205 #endif // NET_DEFAULT_ORIGIN_BOUND_CERT_STORE_H_ |
OLD | NEW |