| OLD | NEW |
|---|
| (Empty) |
| 1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. | |
| 2 // Use of this source code is governed by a BSD-style license that can be | |
| 3 // found in the LICENSE file. | |
| 4 | |
| 5 #include "content/browser/cert_store.h" | |
| 6 | |
| 7 #include <algorithm> | |
| 8 #include <functional> | |
| 9 | |
| 10 #include "base/bind.h" | |
| 11 #include "base/stl_util.h" | |
| 12 #include "content/browser/renderer_host/render_process_host_impl.h" | |
| 13 #include "content/browser/renderer_host/render_view_host_impl.h" | |
| 14 #include "content/public/browser/browser_thread.h" | |
| 15 #include "content/public/browser/notification_service.h" | |
| 16 #include "content/public/browser/notification_types.h" | |
| 17 | |
| 18 template <typename T> | |
| 19 struct MatchSecond { | |
| 20 explicit MatchSecond(const T& t) : value(t) {} | |
| 21 | |
| 22 template<typename Pair> | |
| 23 bool operator()(const Pair& p) const { | |
| 24 return (value == p.second); | |
| 25 } | |
| 26 T value; | |
| 27 }; | |
| 28 | |
| 29 // static | |
| 30 CertStore* CertStore::GetInstance() { | |
| 31 return Singleton<CertStore>::get(); | |
| 32 } | |
| 33 | |
| 34 CertStore::CertStore() : next_cert_id_(1) { | |
| 35 if (content::BrowserThread::CurrentlyOn(content::BrowserThread::UI)) { | |
| 36 RegisterForNotification(); | |
| 37 } else { | |
| 38 content::BrowserThread::PostTask( | |
| 39 content::BrowserThread::UI, FROM_HERE, | |
| 40 base::Bind(&CertStore::RegisterForNotification, | |
| 41 base::Unretained(this))); | |
| 42 } | |
| 43 } | |
| 44 | |
| 45 CertStore::~CertStore() { | |
| 46 } | |
| 47 | |
| 48 void CertStore::RegisterForNotification() { | |
| 49 // We watch for RenderProcess termination, as this is how we clear | |
| 50 // certificates for now. | |
| 51 // TODO(jcampan): we should be listening to events such as resource cached/ | |
| 52 // removed from cache, and remove the cert when we know it | |
| 53 // is not used anymore. | |
| 54 | |
| 55 registrar_.Add(this, content::NOTIFICATION_RENDERER_PROCESS_TERMINATED, | |
| 56 content::NotificationService::AllBrowserContextsAndSources()); | |
| 57 registrar_.Add(this, content::NOTIFICATION_RENDERER_PROCESS_CLOSED, | |
| 58 content::NotificationService::AllBrowserContextsAndSources()); | |
| 59 } | |
| 60 | |
| 61 int CertStore::StoreCert(net::X509Certificate* cert, int process_id) { | |
| 62 DCHECK(cert); | |
| 63 base::AutoLock auto_lock(cert_lock_); | |
| 64 | |
| 65 int cert_id; | |
| 66 | |
| 67 // Do we already know this cert? | |
| 68 ReverseCertMap::iterator cert_iter = cert_to_id_.find(cert); | |
| 69 if (cert_iter == cert_to_id_.end()) { | |
| 70 cert_id = next_cert_id_++; | |
| 71 // We use 0 as an invalid cert_id value. In the unlikely event that | |
| 72 // next_cert_id_ wraps around, we reset it to 1. | |
| 73 if (next_cert_id_ == 0) | |
| 74 next_cert_id_ = 1; | |
| 75 cert->AddRef(); | |
| 76 id_to_cert_[cert_id] = cert; | |
| 77 cert_to_id_[cert] = cert_id; | |
| 78 } else { | |
| 79 cert_id = cert_iter->second; | |
| 80 } | |
| 81 | |
| 82 // Let's update process_id_to_cert_id_. | |
| 83 std::pair<IDMap::iterator, IDMap::iterator> process_ids = | |
| 84 process_id_to_cert_id_.equal_range(process_id); | |
| 85 if (std::find_if(process_ids.first, process_ids.second, | |
| 86 MatchSecond<int>(cert_id)) == process_ids.second) { | |
| 87 process_id_to_cert_id_.insert(std::make_pair(process_id, cert_id)); | |
| 88 } | |
| 89 | |
| 90 // And cert_id_to_process_id_. | |
| 91 std::pair<IDMap::iterator, IDMap::iterator> cert_ids = | |
| 92 cert_id_to_process_id_.equal_range(cert_id); | |
| 93 if (std::find_if(cert_ids.first, cert_ids.second, | |
| 94 MatchSecond<int>(process_id)) == cert_ids.second) { | |
| 95 cert_id_to_process_id_.insert(std::make_pair(cert_id, process_id)); | |
| 96 } | |
| 97 | |
| 98 return cert_id; | |
| 99 } | |
| 100 | |
| 101 bool CertStore::RetrieveCert(int cert_id, | |
| 102 scoped_refptr<net::X509Certificate>* cert) { | |
| 103 base::AutoLock auto_lock(cert_lock_); | |
| 104 | |
| 105 CertMap::iterator iter = id_to_cert_.find(cert_id); | |
| 106 if (iter == id_to_cert_.end()) | |
| 107 return false; | |
| 108 if (cert) | |
| 109 *cert = iter->second; | |
| 110 return true; | |
| 111 } | |
| 112 | |
| 113 void CertStore::RemoveCertInternal(int cert_id) { | |
| 114 CertMap::iterator cert_iter = id_to_cert_.find(cert_id); | |
| 115 DCHECK(cert_iter != id_to_cert_.end()); | |
| 116 | |
| 117 ReverseCertMap::iterator id_iter = cert_to_id_.find(cert_iter->second); | |
| 118 DCHECK(id_iter != cert_to_id_.end()); | |
| 119 cert_to_id_.erase(id_iter); | |
| 120 | |
| 121 cert_iter->second->Release(); | |
| 122 id_to_cert_.erase(cert_iter); | |
| 123 } | |
| 124 | |
| 125 void CertStore::RemoveCertsForRenderProcesHost(int process_id) { | |
| 126 base::AutoLock auto_lock(cert_lock_); | |
| 127 | |
| 128 // We iterate through all the cert ids for that process. | |
| 129 std::pair<IDMap::iterator, IDMap::iterator> process_ids = | |
| 130 process_id_to_cert_id_.equal_range(process_id); | |
| 131 for (IDMap::iterator ids_iter = process_ids.first; | |
| 132 ids_iter != process_ids.second; ++ids_iter) { | |
| 133 int cert_id = ids_iter->second; | |
| 134 // Find all the processes referring to this cert id in | |
| 135 // cert_id_to_process_id_, then locate the process being removed within | |
| 136 // that range. | |
| 137 std::pair<IDMap::iterator, IDMap::iterator> cert_ids = | |
| 138 cert_id_to_process_id_.equal_range(cert_id); | |
| 139 IDMap::iterator proc_iter = | |
| 140 std::find_if(cert_ids.first, cert_ids.second, | |
| 141 MatchSecond<int>(process_id)); | |
| 142 DCHECK(proc_iter != cert_ids.second); | |
| 143 | |
| 144 // Before removing, determine if no other processes refer to the current | |
| 145 // cert id. If |proc_iter| (the current process) is the lower bound of | |
| 146 // processes containing the current cert id and if |next_proc_iter| is the | |
| 147 // upper bound (the first process that does not), then only one process, | |
| 148 // the one being removed, refers to the cert id. | |
| 149 IDMap::iterator next_proc_iter = proc_iter; | |
| 150 ++next_proc_iter; | |
| 151 bool last_process_for_cert_id = | |
| 152 (proc_iter == cert_ids.first && next_proc_iter == cert_ids.second); | |
| 153 cert_id_to_process_id_.erase(proc_iter); | |
| 154 | |
| 155 if (last_process_for_cert_id) { | |
| 156 // The current cert id is not referenced by any other processes, so | |
| 157 // remove it from id_to_cert_ and cert_to_id_. | |
| 158 RemoveCertInternal(cert_id); | |
| 159 } | |
| 160 } | |
| 161 if (process_ids.first != process_ids.second) | |
| 162 process_id_to_cert_id_.erase(process_ids.first, process_ids.second); | |
| 163 } | |
| 164 | |
| 165 void CertStore::Observe(int type, | |
| 166 const content::NotificationSource& source, | |
| 167 const content::NotificationDetails& details) { | |
| 168 DCHECK(type == content::NOTIFICATION_RENDERER_PROCESS_TERMINATED || | |
| 169 type == content::NOTIFICATION_RENDERER_PROCESS_CLOSED); | |
| 170 content::RenderProcessHost* rph = | |
| 171 content::Source<content::RenderProcessHost>(source).ptr(); | |
| 172 DCHECK(rph); | |
| 173 RemoveCertsForRenderProcesHost(rph->GetID()); | |
| 174 } | |
| OLD | NEW |
|---|
Chromium Code Reviews
Issue 9691003:
Add Content API around CertStore. (Closed)
Base URL: svn://chrome-svn/chrome/trunk/src/