Make CertVerifier a pure virtual interface.

net/base/multi_threaded_cert_verifier.cc

 // Copyright (c) 2012 The Chromium Authors. All rights reserved.
 // Use of this source code is governed by a BSD-style license that can be
 // found in the LICENSE file.
 
-#include "net/base/cert_verifier.h"
+#include "net/base/multi_threaded_cert_verifier.h"
 
 #include "base/bind.h"
 #include "base/bind_helpers.h"
 #include "base/compiler_specific.h"
 #include "base/message_loop.h"
 #include "base/metrics/histogram.h"
 #include "base/stl_util.h"
 #include "base/synchronization/lock.h"
 #include "base/time.h"
 #include "base/threading/worker_pool.h"
 #include "net/base/crl_set.h"
 #include "net/base/net_errors.h"
 #include "net/base/net_log.h"
 #include "net/base/x509_certificate.h"
 #include "net/base/x509_certificate_net_log_param.h"
 
 #if defined(USE_NSS)
 #include <private/pprthred.h>  // PR_DetachThread
 #endif
 
 namespace net {
 
 ////////////////////////////////////////////////////////////////////////////
 
 // Life of a request:
 //
-// CertVerifier CertVerifierJob       CertVerifierWorker          Request
-//      |                       (origin loop)    (worker loop)
+// MultiThreadedCertVerifier  CertVerifierJob  CertVerifierWorker     Request
+//      |                                         (origin loop)    (worker loop)
 //      |
 //   Verify()
+//      |---->-------------------------------------<creates>
+//      |
 //      |---->-------------------<creates>
 //      |
-//      |---->----<creates>
+//      |---->-------------------------------------------------------<creates>
 //      |
-//      |---->---------------------------------------------------<creates>
+//      |---->---------------------------------------Start
+//      |                                              |
+//      |                                           PostTask
 //      |
-//      |---->--------------------Start
-//      |                           |
-//      |                        PostTask
-//      |
-//      |                                     <starts verifying>
-//      |---->-----AddRequest                         |
-//                                                    |
-//                                                    |
-//                                                    |
-//                                                  Finish
-//                                                    |
-//                                                 PostTask
+//      |                                                     <starts verifying>
+//      |---->-------------------AddRequest                           |
+//                                                                    |
+//                                                                    |
+//                                                                    |
+//                                                                  Finish
+//                                                                    |
+//                                                                 PostTask
 //
-//                                   |
-//                                DoReply
-//      |----<-----------------------|
+//                                                     |
+//                                                  DoReply
+//      |----<-----------------------------------------|
 //  HandleResult
 //      |
-//      |---->-----HandleResult
-//                      |
-//                      |------>-----------------------------------Post
+//      |---->------------------HandleResult
+//                                   |
+//                                   |------>---------------------------Post
 //
 //
 //
-// On a cache hit, CertVerifier::Verify() returns synchronously without
-// posting a task to a worker thread.
+// On a cache hit, MultiThreadedCertVerifier::Verify() returns synchronously
+// without posting a task to a worker thread.
 
 namespace {
 
 // The default value of max_cache_entries_.
 const unsigned kMaxCacheEntries = 256;
 
 // The number of seconds for which we'll cache a cache entry.
 const unsigned kTTLSecs = 1800;  // 30 minutes.
 
 }  // namespace
 
-CertVerifier::CachedResult::CachedResult() : error(ERR_FAILED) {}
+MultiThreadedCertVerifier::CachedResult::CachedResult() : error(ERR_FAILED) {}
 
-CertVerifier::CachedResult::~CachedResult() {}
+MultiThreadedCertVerifier::CachedResult::~CachedResult() {}
 
 // Represents the output and result callback of a request.
 class CertVerifierRequest {
  public:
   CertVerifierRequest(const CompletionCallback& callback,
                       CertVerifyResult* verify_result,
                       const BoundNetLog& net_log)
       : callback_(callback),
         verify_result_(verify_result),
         net_log_(net_log) {
     net_log_.BeginEvent(NetLog::TYPE_CERT_VERIFIER_REQUEST, NULL);
   }
 
   ~CertVerifierRequest() {
   }
 
   // Ensures that the result callback will never be made.
   void Cancel() {
     callback_.Reset();
     verify_result_ = NULL;
     net_log_.AddEvent(NetLog::TYPE_CANCELLED, NULL);
     net_log_.EndEvent(NetLog::TYPE_CERT_VERIFIER_REQUEST, NULL);
   }
 
   // Copies the contents of |verify_result| to the caller's
   // CertVerifyResult and calls the callback.
-  void Post(const CertVerifier::CachedResult& verify_result) {
+  void Post(const MultiThreadedCertVerifier::CachedResult& verify_result) {
     if (!callback_.is_null()) {
       net_log_.EndEvent(NetLog::TYPE_CERT_VERIFIER_REQUEST, NULL);
       *verify_result_ = verify_result.result;
       callback_.Run(verify_result.error);
     }
     delete this;
   }
 
   bool canceled() const { return callback_.is_null(); }
 
   const BoundNetLog& net_log() const { return net_log_; }
 
  private:
   CompletionCallback callback_;
   CertVerifyResult* verify_result_;
   const BoundNetLog net_log_;
 };
 
 
 // CertVerifierWorker runs on a worker thread and takes care of the blocking
 // process of performing the certificate verification.  Deletes itself
 // eventually if Start() succeeds.
 class CertVerifierWorker {
  public:
   CertVerifierWorker(X509Certificate* cert,
                      const std::string& hostname,
                      int flags,
                      CRLSet* crl_set,
-                     CertVerifier* cert_verifier)
+                     MultiThreadedCertVerifier* cert_verifier)
       : cert_(cert),
         hostname_(hostname),
         flags_(flags),
         crl_set_(crl_set),
         origin_loop_(MessageLoop::current()),
         cert_verifier_(cert_verifier),
         canceled_(false),
         error_(ERR_FAILED) {
   }
 
   // Returns the certificate being verified. May only be called /before/
   // Start() is called.
   X509Certificate* certificate() const { return cert_; }
 
   bool Start() {
     DCHECK_EQ(MessageLoop::current(), origin_loop_);
 
     return base::WorkerPool::PostTask(
         FROM_HERE, base::Bind(&CertVerifierWorker::Run, base::Unretained(this)),
         true /* task is slow */);
   }
 
-  // Cancel is called from the origin loop when the CertVerifier is getting
-  // deleted.
+  // Cancel is called from the origin loop when the MultiThreadedCertVerifier is
+  // getting deleted.
   void Cancel() {
     DCHECK_EQ(MessageLoop::current(), origin_loop_);
     base::AutoLock locked(lock_);
     canceled_ = true;
   }
 
  private:
   void Run() {
     // Runs on a worker thread.
     error_ = cert_->Verify(hostname_, flags_, crl_set_, &verify_result_);
@@ skipping 22 matching lines @@
       if (!canceled_) {
         cert_verifier_->HandleResult(cert_, hostname_, flags_,
                                      error_, verify_result_);
       }
     }
     delete this;
   }
 
   void Finish() {
     // Runs on the worker thread.
-    // We assume that the origin loop outlives the CertVerifier. If the
-    // CertVerifier is deleted, it will call Cancel on us. If it does so
-    // before the Acquire, we'll delete ourselves and return. If it's trying to
-    // do so concurrently, then it'll block on the lock and we'll call PostTask
-    // while the CertVerifier (and therefore the MessageLoop) is still alive.
+    // We assume that the origin loop outlives the MultiThreadedCertVerifier. If
+    // the MultiThreadedCertVerifier is deleted, it will call Cancel on us. If
+    // it does so before the Acquire, we'll delete ourselves and return. If it's
+    // trying to do so concurrently, then it'll block on the lock and we'll call
+    // PostTask while the MultiThreadedCertVerifier (and therefore the
+    // MessageLoop) is still alive.
     // If it does so after this function, we assume that the MessageLoop will
     // process pending tasks. In which case we'll notice the |canceled_| flag
     // in DoReply.
 
     bool canceled;
     {
       base::AutoLock locked(lock_);
       canceled = canceled_;
       if (!canceled) {
         origin_loop_->PostTask(
             FROM_HERE, base::Bind(
                 &CertVerifierWorker::DoReply, base::Unretained(this)));
       }
     }
 
     if (canceled)
       delete this;
   }
 
   scoped_refptr<X509Certificate> cert_;
   const std::string hostname_;
   const int flags_;
   scoped_refptr<CRLSet> crl_set_;
   MessageLoop* const origin_loop_;
-  CertVerifier* const cert_verifier_;
+  MultiThreadedCertVerifier* const cert_verifier_;
 
   // lock_ protects canceled_.
   base::Lock lock_;
 
   // If canceled_ is true,
   // * origin_loop_ cannot be accessed by the worker thread,
   // * cert_verifier_ cannot be accessed by any thread.
   bool canceled_;
 
   int error_;
@@ skipping 27 matching lines @@
 
   void AddRequest(CertVerifierRequest* request) {
     request->net_log().AddEvent(
         NetLog::TYPE_CERT_VERIFIER_REQUEST_BOUND_TO_JOB,
         make_scoped_refptr(new NetLogSourceParameter(
           "source_dependency", net_log_.source())));
 
     requests_.push_back(request);
   }
 
-  void HandleResult(const CertVerifier::CachedResult& verify_result) {
+  void HandleResult(
+      const MultiThreadedCertVerifier::CachedResult& verify_result) {
     worker_ = NULL;
     net_log_.EndEvent(NetLog::TYPE_CERT_VERIFIER_JOB, NULL);
     UMA_HISTOGRAM_CUSTOM_TIMES("Net.CertVerifier_Job_Latency",
                                base::TimeTicks::Now() - start_time_,
                                base::TimeDelta::FromMilliseconds(1),
                                base::TimeDelta::FromMinutes(10),
                                100);
     PostAll(verify_result);
   }
 
  private:
-  void PostAll(const CertVerifier::CachedResult& verify_result) {
+  void PostAll(const MultiThreadedCertVerifier::CachedResult& verify_result) {
     std::vector<CertVerifierRequest*> requests;
     requests_.swap(requests);
 
     for (std::vector<CertVerifierRequest*>::iterator
          i = requests.begin(); i != requests.end(); i++) {
       (*i)->Post(verify_result);
       // Post() causes the CertVerifierRequest to delete itself.
     }
   }
 
   void DeleteAllCanceled() {
     for (std::vector<CertVerifierRequest*>::iterator
          i = requests_.begin(); i != requests_.end(); i++) {
       if ((*i)->canceled()) {
         delete *i;
       } else {
         LOG(DFATAL) << "CertVerifierRequest leaked!";
       }
     }
   }
 
   const base::TimeTicks start_time_;
   std::vector<CertVerifierRequest*> requests_;
   CertVerifierWorker* worker_;
   const BoundNetLog net_log_;
 };
 
-CertVerifier::CertVerifier()
+MultiThreadedCertVerifier::MultiThreadedCertVerifier()
     : cache_(kMaxCacheEntries),
       requests_(0),
       cache_hits_(0),
       inflight_joins_(0) {
   CertDatabase::AddObserver(this);
 }
 
-CertVerifier::~CertVerifier() {
+MultiThreadedCertVerifier::~MultiThreadedCertVerifier() {
   STLDeleteValues(&inflight_);
 
   CertDatabase::RemoveObserver(this);
 }
 
-int CertVerifier::Verify(X509Certificate* cert,
-                         const std::string& hostname,
-                         int flags,
-                         CRLSet* crl_set,
-                         CertVerifyResult* verify_result,
-                         const CompletionCallback& callback,
-                         RequestHandle* out_req,
-                         const BoundNetLog& net_log) {
+int MultiThreadedCertVerifier::Verify(X509Certificate* cert,
+                                      const std::string& hostname,
+                                      int flags,
+                                      CRLSet* crl_set,
+                                      CertVerifyResult* verify_result,
+                                      const CompletionCallback& callback,
+                                      RequestHandle* out_req,
+                                      const BoundNetLog& net_log) {
   DCHECK(CalledOnValidThread());
 
   if (callback.is_null() || !verify_result || hostname.empty()) {
     *out_req = NULL;
     return ERR_INVALID_ARGUMENT;
   }
 
   requests_++;
 
   const RequestParams key(cert->fingerprint(), cert->ca_fingerprint(),
@@ skipping 34 matching lines @@
     inflight_.insert(std::make_pair(key, job));
   }
 
   CertVerifierRequest* request =
       new CertVerifierRequest(callback, verify_result, net_log);
   job->AddRequest(request);
   *out_req = request;
   return ERR_IO_PENDING;
 }
 
-void CertVerifier::CancelRequest(RequestHandle req) {
+void MultiThreadedCertVerifier::CancelRequest(RequestHandle req) {
   DCHECK(CalledOnValidThread());
   CertVerifierRequest* request = reinterpret_cast<CertVerifierRequest*>(req);
   request->Cancel();
 }
 
 // HandleResult is called by CertVerifierWorker on the origin message loop.
 // It deletes CertVerifierJob.
-void CertVerifier::HandleResult(X509Certificate* cert,
-                                const std::string& hostname,
-                                int flags,
-                                int error,
-                                const CertVerifyResult& verify_result) {
+void MultiThreadedCertVerifier::HandleResult(
+    X509Certificate* cert,
+    const std::string& hostname,
+    int flags,
+    int error,
+    const CertVerifyResult& verify_result) {
   DCHECK(CalledOnValidThread());
 
   const RequestParams key(cert->fingerprint(), cert->ca_fingerprint(),
                           hostname, flags);
 
   CachedResult cached_result;
   cached_result.error = error;
   cached_result.result = verify_result;
   cache_.Put(key, cached_result, base::TimeTicks::Now(),
              base::TimeDelta::FromSeconds(kTTLSecs));
 
   std::map<RequestParams, CertVerifierJob*>::iterator j;
   j = inflight_.find(key);
   if (j == inflight_.end()) {
     NOTREACHED();
     return;
   }
   CertVerifierJob* job = j->second;
   inflight_.erase(j);
 
   job->HandleResult(cached_result);
   delete job;
 }
 
-void CertVerifier::OnCertTrustChanged(const X509Certificate* cert) {
+void MultiThreadedCertVerifier::OnCertTrustChanged(
+    const X509Certificate* cert) {
   DCHECK(CalledOnValidThread());
 
   ClearCache();
 }
 
-/////////////////////////////////////////////////////////////////////
-
-SingleRequestCertVerifier::SingleRequestCertVerifier(
-    CertVerifier* cert_verifier)
-    : cert_verifier_(cert_verifier),
-      cur_request_(NULL) {
-  DCHECK(cert_verifier_ != NULL);
-}
-
-SingleRequestCertVerifier::~SingleRequestCertVerifier() {
-  if (cur_request_) {
-    cert_verifier_->CancelRequest(cur_request_);
-    cur_request_ = NULL;
-  }
-}
-
-int SingleRequestCertVerifier::Verify(X509Certificate* cert,
-                                      const std::string& hostname,
-                                      int flags,
-                                      CRLSet* crl_set,
-                                      CertVerifyResult* verify_result,
-                                      const CompletionCallback& callback,
-                                      const BoundNetLog& net_log) {
-  // Should not be already in use.
-  DCHECK(!cur_request_ && cur_request_callback_.is_null());
-
-  // Do a synchronous verification.
-  if (callback.is_null())
-    return cert->Verify(hostname, flags, crl_set, verify_result);
-
-  CertVerifier::RequestHandle request = NULL;
-
-  // We need to be notified of completion before |callback| is called, so that
-  // we can clear out |cur_request_*|.
-  int rv = cert_verifier_->Verify(
-      cert, hostname, flags, crl_set, verify_result,
-      base::Bind(&SingleRequestCertVerifier::OnVerifyCompletion,
-                 base::Unretained(this)),
-      &request, net_log);
-
-  if (rv == ERR_IO_PENDING) {
-    // Cleared in OnVerifyCompletion().
-    cur_request_ = request;
-    cur_request_callback_ = callback;
-  }
-
-  return rv;
-}
-
-void SingleRequestCertVerifier::OnVerifyCompletion(int result) {
-  DCHECK(cur_request_ && !cur_request_callback_.is_null());
-
-  CompletionCallback callback = cur_request_callback_;
-
-  // Clear the outstanding request information.
-  cur_request_ = NULL;
-  cur_request_callback_.Reset();
-
-  // Call the user's original callback.
-  callback.Run(result);
-}
-
 }  // namespace net