OLD | NEW |
1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. | 1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. |
2 // Use of this source code is governed by a BSD-style license that can be | 2 // Use of this source code is governed by a BSD-style license that can be |
3 // found in the LICENSE file. | 3 // found in the LICENSE file. |
4 | 4 |
5 #ifndef NET_BASE_CERT_VERIFIER_H_ | 5 #ifndef NET_BASE_SINGLE_REQUEST_CERT_VERIFIER_H_ |
6 #define NET_BASE_CERT_VERIFIER_H_ | 6 #define NET_BASE_SINGLE_REQUEST_CERT_VERIFIER_H_ |
7 #pragma once | 7 #pragma once |
8 | 8 |
9 #include <map> | 9 #include "net/base/cert_verifier.h" |
10 #include <string> | |
11 | |
12 #include "base/basictypes.h" | |
13 #include "base/gtest_prod_util.h" | |
14 #include "base/memory/scoped_ptr.h" | |
15 #include "base/threading/non_thread_safe.h" | |
16 #include "net/base/cert_database.h" | |
17 #include "net/base/cert_verify_result.h" | |
18 #include "net/base/completion_callback.h" | |
19 #include "net/base/expiring_cache.h" | |
20 #include "net/base/net_export.h" | |
21 #include "net/base/x509_cert_types.h" | |
22 | 10 |
23 namespace net { | 11 namespace net { |
24 | 12 |
25 class BoundNetLog; | |
26 class CertVerifierJob; | |
27 class CertVerifierWorker; | |
28 class CRLSet; | |
29 class X509Certificate; | |
30 | |
31 // CertVerifier represents a service for verifying certificates. | |
32 // | |
33 // CertVerifier can handle multiple requests at a time, so when canceling a | |
34 // request the RequestHandle that was returned by Verify() needs to be | |
35 // given. A simpler alternative for consumers that only have 1 outstanding | |
36 // request at a time is to create a SingleRequestCertVerifier wrapper around | |
37 // CertVerifier (which will automatically cancel the single request when it | |
38 // goes out of scope). | |
39 class NET_EXPORT CertVerifier : NON_EXPORTED_BASE(public base::NonThreadSafe), | |
40 public CertDatabase::Observer { | |
41 public: | |
42 // Opaque type used to cancel a request. | |
43 typedef void* RequestHandle; | |
44 | |
45 CertVerifier(); | |
46 | |
47 // When the verifier is destroyed, all certificate verifications requests are | |
48 // canceled, and their completion callbacks will not be called. | |
49 virtual ~CertVerifier(); | |
50 | |
51 // Verifies the given certificate against the given hostname. Returns OK if | |
52 // successful or an error code upon failure. | |
53 // | |
54 // The |*verify_result| structure, including the |verify_result->cert_status| | |
55 // bitmask, is always filled out regardless of the return value. If the | |
56 // certificate has multiple errors, the corresponding status flags are set in | |
57 // |verify_result->cert_status|, and the error code for the most serious | |
58 // error is returned. | |
59 // | |
60 // |flags| is bitwise OR'd of X509Certificate::VerifyFlags. | |
61 // If VERIFY_REV_CHECKING_ENABLED is set in |flags|, certificate revocation | |
62 // checking is performed. | |
63 // | |
64 // If VERIFY_EV_CERT is set in |flags| too, EV certificate verification is | |
65 // performed. If |flags| is VERIFY_EV_CERT (that is, | |
66 // VERIFY_REV_CHECKING_ENABLED is not set), EV certificate verification will | |
67 // not be performed. | |
68 // | |
69 // |crl_set| points to an optional CRLSet structure which can be used to | |
70 // avoid revocation checks over the network. | |
71 // | |
72 // |callback| must not be null. ERR_IO_PENDING is returned if the operation | |
73 // could not be completed synchronously, in which case the result code will | |
74 // be passed to the callback when available. | |
75 // | |
76 // If |out_req| is non-NULL, then |*out_req| will be filled with a handle to | |
77 // the async request. This handle is not valid after the request has | |
78 // completed. | |
79 int Verify(X509Certificate* cert, | |
80 const std::string& hostname, | |
81 int flags, | |
82 CRLSet* crl_set, | |
83 CertVerifyResult* verify_result, | |
84 const CompletionCallback& callback, | |
85 RequestHandle* out_req, | |
86 const BoundNetLog& net_log); | |
87 | |
88 // Cancels the specified request. |req| is the handle returned by Verify(). | |
89 // After a request is canceled, its completion callback will not be called. | |
90 void CancelRequest(RequestHandle req); | |
91 | |
92 private: | |
93 friend class CertVerifierWorker; // Calls HandleResult. | |
94 friend class CertVerifierRequest; | |
95 friend class CertVerifierJob; | |
96 FRIEND_TEST_ALL_PREFIXES(CertVerifierTest, CacheHit); | |
97 FRIEND_TEST_ALL_PREFIXES(CertVerifierTest, DifferentCACerts); | |
98 FRIEND_TEST_ALL_PREFIXES(CertVerifierTest, InflightJoin); | |
99 FRIEND_TEST_ALL_PREFIXES(CertVerifierTest, CancelRequest); | |
100 FRIEND_TEST_ALL_PREFIXES(CertVerifierTest, RequestParamsComparators); | |
101 | |
102 // Input parameters of a certificate verification request. | |
103 struct RequestParams { | |
104 RequestParams(const SHA1Fingerprint& cert_fingerprint_arg, | |
105 const SHA1Fingerprint& ca_fingerprint_arg, | |
106 const std::string& hostname_arg, | |
107 int flags_arg) | |
108 : cert_fingerprint(cert_fingerprint_arg), | |
109 ca_fingerprint(ca_fingerprint_arg), | |
110 hostname(hostname_arg), | |
111 flags(flags_arg) {} | |
112 | |
113 bool operator<(const RequestParams& other) const { | |
114 // |flags| is compared before |cert_fingerprint|, |ca_fingerprint|, and | |
115 // |hostname| under assumption that integer comparisons are faster than | |
116 // memory and string comparisons. | |
117 if (flags != other.flags) | |
118 return flags < other.flags; | |
119 int rv = memcmp(cert_fingerprint.data, other.cert_fingerprint.data, | |
120 sizeof(cert_fingerprint.data)); | |
121 if (rv != 0) | |
122 return rv < 0; | |
123 rv = memcmp(ca_fingerprint.data, other.ca_fingerprint.data, | |
124 sizeof(ca_fingerprint.data)); | |
125 if (rv != 0) | |
126 return rv < 0; | |
127 return hostname < other.hostname; | |
128 } | |
129 | |
130 SHA1Fingerprint cert_fingerprint; | |
131 SHA1Fingerprint ca_fingerprint; | |
132 std::string hostname; | |
133 int flags; | |
134 }; | |
135 | |
136 // CachedResult contains the result of a certificate verification. | |
137 struct CachedResult { | |
138 CachedResult(); | |
139 ~CachedResult(); | |
140 | |
141 int error; // The return value of CertVerifier::Verify. | |
142 CertVerifyResult result; // The output of CertVerifier::Verify. | |
143 }; | |
144 | |
145 void HandleResult(X509Certificate* cert, | |
146 const std::string& hostname, | |
147 int flags, | |
148 int error, | |
149 const CertVerifyResult& verify_result); | |
150 | |
151 // CertDatabase::Observer methods: | |
152 virtual void OnCertTrustChanged(const X509Certificate* cert) OVERRIDE; | |
153 | |
154 // For unit testing. | |
155 void ClearCache() { cache_.Clear(); } | |
156 size_t GetCacheSize() const { return cache_.size(); } | |
157 uint64 cache_hits() const { return cache_hits_; } | |
158 uint64 requests() const { return requests_; } | |
159 uint64 inflight_joins() const { return inflight_joins_; } | |
160 | |
161 // cache_ maps from a request to a cached result. | |
162 typedef ExpiringCache<RequestParams, CachedResult> CertVerifierCache; | |
163 CertVerifierCache cache_; | |
164 | |
165 // inflight_ maps from a request to an active verification which is taking | |
166 // place. | |
167 std::map<RequestParams, CertVerifierJob*> inflight_; | |
168 | |
169 uint64 requests_; | |
170 uint64 cache_hits_; | |
171 uint64 inflight_joins_; | |
172 | |
173 DISALLOW_COPY_AND_ASSIGN(CertVerifier); | |
174 }; | |
175 | |
176 // This class represents the task of verifying a certificate. It wraps | 13 // This class represents the task of verifying a certificate. It wraps |
177 // CertVerifier to verify only a single certificate at a time and cancels this | 14 // CertVerifier to verify only a single certificate at a time and cancels this |
178 // request when going out of scope. | 15 // request when going out of scope. |
179 class SingleRequestCertVerifier { | 16 class SingleRequestCertVerifier { |
180 public: | 17 public: |
181 // |cert_verifier| must remain valid for the lifetime of |this|. | 18 // |cert_verifier| must remain valid for the lifetime of |this|. |
182 explicit SingleRequestCertVerifier(CertVerifier* cert_verifier); | 19 explicit SingleRequestCertVerifier(CertVerifier* cert_verifier); |
183 | 20 |
184 // If a completion callback is pending when the verifier is destroyed, the | 21 // If a completion callback is pending when the verifier is destroyed, the |
185 // certificate verification is canceled, and the completion callback will | 22 // certificate verification is canceled, and the completion callback will |
(...skipping 20 matching lines...) Expand all Loading... |
206 | 43 |
207 // The current request (if any). | 44 // The current request (if any). |
208 CertVerifier::RequestHandle cur_request_; | 45 CertVerifier::RequestHandle cur_request_; |
209 CompletionCallback cur_request_callback_; | 46 CompletionCallback cur_request_callback_; |
210 | 47 |
211 DISALLOW_COPY_AND_ASSIGN(SingleRequestCertVerifier); | 48 DISALLOW_COPY_AND_ASSIGN(SingleRequestCertVerifier); |
212 }; | 49 }; |
213 | 50 |
214 } // namespace net | 51 } // namespace net |
215 | 52 |
216 #endif // NET_BASE_CERT_VERIFIER_H_ | 53 #endif // NET_BASE_SINGLE_REQUEST_CERT_VERIFIER_H_ |
OLD | NEW |