Index: net/base/multi_threaded_cert_verifier.h |
=================================================================== |
--- net/base/multi_threaded_cert_verifier.h (revision 128056) |
+++ net/base/multi_threaded_cert_verifier.h (working copy) |
@@ -2,8 +2,8 @@ |
// Use of this source code is governed by a BSD-style license that can be |
// found in the LICENSE file. |
-#ifndef NET_BASE_CERT_VERIFIER_H_ |
-#define NET_BASE_CERT_VERIFIER_H_ |
+#ifndef NET_BASE_MULTI_THREADED_CERT_VERIFIER_H_ |
+#define NET_BASE_MULTI_THREADED_CERT_VERIFIER_H_ |
#pragma once |
#include <map> |
@@ -14,6 +14,7 @@ |
#include "base/memory/scoped_ptr.h" |
#include "base/threading/non_thread_safe.h" |
#include "net/base/cert_database.h" |
+#include "net/base/cert_verifier.h" |
#include "net/base/cert_verify_result.h" |
#include "net/base/completion_callback.h" |
#include "net/base/expiring_cache.h" |
@@ -22,82 +23,45 @@ |
namespace net { |
-class BoundNetLog; |
class CertVerifierJob; |
+class CertVerifierRequest; |
class CertVerifierWorker; |
-class CRLSet; |
-class X509Certificate; |
-// CertVerifier represents a service for verifying certificates. |
-// |
-// CertVerifier can handle multiple requests at a time, so when canceling a |
-// request the RequestHandle that was returned by Verify() needs to be |
-// given. A simpler alternative for consumers that only have 1 outstanding |
-// request at a time is to create a SingleRequestCertVerifier wrapper around |
-// CertVerifier (which will automatically cancel the single request when it |
-// goes out of scope). |
-class NET_EXPORT CertVerifier : NON_EXPORTED_BASE(public base::NonThreadSafe), |
- public CertDatabase::Observer { |
+// MultiThreadedCertVerifier is a CertVerifier implementation that runs |
+// synchronous CertVerifier implementations on worker threads. |
+class NET_EXPORT MultiThreadedCertVerifier : |
+ public CertVerifier, |
+ NON_EXPORTED_BASE(public base::NonThreadSafe), |
+ public CertDatabase::Observer { |
public: |
- // Opaque type used to cancel a request. |
- typedef void* RequestHandle; |
+ MultiThreadedCertVerifier(); |
- CertVerifier(); |
- |
// When the verifier is destroyed, all certificate verifications requests are |
// canceled, and their completion callbacks will not be called. |
- virtual ~CertVerifier(); |
+ virtual ~MultiThreadedCertVerifier(); |
- // Verifies the given certificate against the given hostname. Returns OK if |
- // successful or an error code upon failure. |
- // |
- // The |*verify_result| structure, including the |verify_result->cert_status| |
- // bitmask, is always filled out regardless of the return value. If the |
- // certificate has multiple errors, the corresponding status flags are set in |
- // |verify_result->cert_status|, and the error code for the most serious |
- // error is returned. |
- // |
- // |flags| is bitwise OR'd of X509Certificate::VerifyFlags. |
- // If VERIFY_REV_CHECKING_ENABLED is set in |flags|, certificate revocation |
- // checking is performed. |
- // |
- // If VERIFY_EV_CERT is set in |flags| too, EV certificate verification is |
- // performed. If |flags| is VERIFY_EV_CERT (that is, |
- // VERIFY_REV_CHECKING_ENABLED is not set), EV certificate verification will |
- // not be performed. |
- // |
- // |crl_set| points to an optional CRLSet structure which can be used to |
- // avoid revocation checks over the network. |
- // |
- // |callback| must not be null. ERR_IO_PENDING is returned if the operation |
- // could not be completed synchronously, in which case the result code will |
- // be passed to the callback when available. |
- // |
- // If |out_req| is non-NULL, then |*out_req| will be filled with a handle to |
- // the async request. This handle is not valid after the request has |
- // completed. |
- int Verify(X509Certificate* cert, |
- const std::string& hostname, |
- int flags, |
- CRLSet* crl_set, |
- CertVerifyResult* verify_result, |
- const CompletionCallback& callback, |
- RequestHandle* out_req, |
- const BoundNetLog& net_log); |
+ // CertVerifier implementation |
+ virtual int Verify(X509Certificate* cert, |
+ const std::string& hostname, |
+ int flags, |
+ CRLSet* crl_set, |
+ CertVerifyResult* verify_result, |
+ const CompletionCallback& callback, |
+ CertVerifier::RequestHandle* out_req, |
+ const BoundNetLog& net_log) OVERRIDE; |
- // Cancels the specified request. |req| is the handle returned by Verify(). |
- // After a request is canceled, its completion callback will not be called. |
- void CancelRequest(RequestHandle req); |
+ virtual void CancelRequest(CertVerifier::RequestHandle req) OVERRIDE; |
private: |
friend class CertVerifierWorker; // Calls HandleResult. |
friend class CertVerifierRequest; |
friend class CertVerifierJob; |
- FRIEND_TEST_ALL_PREFIXES(CertVerifierTest, CacheHit); |
- FRIEND_TEST_ALL_PREFIXES(CertVerifierTest, DifferentCACerts); |
- FRIEND_TEST_ALL_PREFIXES(CertVerifierTest, InflightJoin); |
- FRIEND_TEST_ALL_PREFIXES(CertVerifierTest, CancelRequest); |
- FRIEND_TEST_ALL_PREFIXES(CertVerifierTest, RequestParamsComparators); |
+ FRIEND_TEST_ALL_PREFIXES(MultiThreadedCertVerifierTest, CacheHit); |
+ FRIEND_TEST_ALL_PREFIXES(MultiThreadedCertVerifierTest, DifferentCACerts); |
+ FRIEND_TEST_ALL_PREFIXES(MultiThreadedCertVerifierTest, InflightJoin); |
+ FRIEND_TEST_ALL_PREFIXES(MultiThreadedCertVerifierTest, CancelRequest); |
+ FRIEND_TEST_ALL_PREFIXES(MultiThreadedCertVerifierTest, |
+ RequestParamsComparators); |
// Input parameters of a certificate verification request. |
struct RequestParams { |
@@ -170,47 +134,9 @@ |
uint64 cache_hits_; |
uint64 inflight_joins_; |
- DISALLOW_COPY_AND_ASSIGN(CertVerifier); |
+ DISALLOW_COPY_AND_ASSIGN(MultiThreadedCertVerifier); |
}; |
-// This class represents the task of verifying a certificate. It wraps |
-// CertVerifier to verify only a single certificate at a time and cancels this |
-// request when going out of scope. |
-class SingleRequestCertVerifier { |
- public: |
- // |cert_verifier| must remain valid for the lifetime of |this|. |
- explicit SingleRequestCertVerifier(CertVerifier* cert_verifier); |
- |
- // If a completion callback is pending when the verifier is destroyed, the |
- // certificate verification is canceled, and the completion callback will |
- // not be called. |
- ~SingleRequestCertVerifier(); |
- |
- // Verifies the given certificate, filling out the |verify_result| object |
- // upon success. See CertVerifier::Verify() for details. |
- int Verify(X509Certificate* cert, |
- const std::string& hostname, |
- int flags, |
- CRLSet* crl_set, |
- CertVerifyResult* verify_result, |
- const CompletionCallback& callback, |
- const BoundNetLog& net_log); |
- |
- private: |
- // Callback for when the request to |cert_verifier_| completes, so we |
- // dispatch to the user's callback. |
- void OnVerifyCompletion(int result); |
- |
- // The actual certificate verifier that will handle the request. |
- CertVerifier* const cert_verifier_; |
- |
- // The current request (if any). |
- CertVerifier::RequestHandle cur_request_; |
- CompletionCallback cur_request_callback_; |
- |
- DISALLOW_COPY_AND_ASSIGN(SingleRequestCertVerifier); |
-}; |
- |
} // namespace net |
-#endif // NET_BASE_CERT_VERIFIER_H_ |
+#endif // NET_BASE_MULTI_THREADED_CERT_VERIFIER_H_ |