diff options
| author | rsleevi@chromium.org <rsleevi@chromium.org@0039d316-1c4b-4281-b951-d872f2087c98> | 2012-03-22 03:04:32 +0000 |
|---|---|---|
| committer | rsleevi@chromium.org <rsleevi@chromium.org@0039d316-1c4b-4281-b951-d872f2087c98> | 2012-03-22 03:04:32 +0000 |
| commit | 66d9b6e3a23a94991e5583029d1f7e20d870433a (patch) | |
| tree | c86853bcbf0247be7c6b8e0c58a88ebb68105001 /net/base/multi_threaded_cert_verifier.cc | |
| parent | 576e90a9b70a20f4eb09e4e44a078a26c5214548 (diff) | |
| download | chromium_src-66d9b6e3a23a94991e5583029d1f7e20d870433a.zip chromium_src-66d9b6e3a23a94991e5583029d1f7e20d870433a.tar.gz chromium_src-66d9b6e3a23a94991e5583029d1f7e20d870433a.tar.bz2 | |
Introduce a CertVerifierProc to handle system cert validation.
In preparation for moving certificate path building and
verification out of X509Certificate, introduce a
CertVerifierProc that can be used by the
MultiThreadedCertVerifier to verify certificates using the
underlying system store.
Unit tests previously coded against X509Certificate are now
coded against the CertVerifierProc, as future CLs will shift
verification into this interface.
This was originally reviewed as http://codereview.chromium.org/9584041/ and
http://codereview.chromium.org/9553014/ , and has been
combined in order to preserve SVN history.
BUG=114343
TEST=net_unittests
R=wtc
Review URL: https://chromiumcodereview.appspot.com/9812035
git-svn-id: svn://svn.chromium.org/chrome/trunk/src@128150 0039d316-1c4b-4281-b951-d872f2087c98
Diffstat (limited to 'net/base/multi_threaded_cert_verifier.cc')
| -rw-r--r-- | net/base/multi_threaded_cert_verifier.cc | 23 |
1 files changed, 18 insertions, 5 deletions
diff --git a/net/base/multi_threaded_cert_verifier.cc b/net/base/multi_threaded_cert_verifier.cc index 6a3037b..d614590 100644 --- a/net/base/multi_threaded_cert_verifier.cc +++ b/net/base/multi_threaded_cert_verifier.cc @@ -4,6 +4,8 @@ #include "net/base/multi_threaded_cert_verifier.h" +#include <vector> + #include "base/bind.h" #include "base/bind_helpers.h" #include "base/compiler_specific.h" @@ -13,6 +15,7 @@ #include "base/synchronization/lock.h" #include "base/time.h" #include "base/threading/worker_pool.h" +#include "net/base/cert_verify_proc.h" #include "net/base/crl_set.h" #include "net/base/net_errors.h" #include "net/base/net_log.h" @@ -130,12 +133,14 @@ class CertVerifierRequest { // eventually if Start() succeeds. class CertVerifierWorker { public: - CertVerifierWorker(X509Certificate* cert, + CertVerifierWorker(CertVerifyProc* verify_proc, + X509Certificate* cert, const std::string& hostname, int flags, CRLSet* crl_set, MultiThreadedCertVerifier* cert_verifier) - : cert_(cert), + : verify_proc_(verify_proc), + cert_(cert), hostname_(hostname), flags_(flags), crl_set_(crl_set), @@ -168,7 +173,8 @@ class CertVerifierWorker { private: void Run() { // Runs on a worker thread. - error_ = cert_->Verify(hostname_, flags_, crl_set_, &verify_result_); + error_ = verify_proc_->Verify(cert_, hostname_, flags_, crl_set_, + &verify_result_); #if defined(USE_NSS) // Detach the thread from NSPR. // Calling NSS functions attaches the thread to NSPR, which stores @@ -226,6 +232,7 @@ class CertVerifierWorker { delete this; } + scoped_refptr<CertVerifyProc> verify_proc_; scoped_refptr<X509Certificate> cert_; const std::string hostname_; const int flags_; @@ -324,7 +331,8 @@ MultiThreadedCertVerifier::MultiThreadedCertVerifier() : cache_(kMaxCacheEntries), requests_(0), cache_hits_(0), - inflight_joins_(0) { + inflight_joins_(0), + verify_proc_(CertVerifyProc::CreateDefault()) { CertDatabase::AddObserver(this); } @@ -373,7 +381,8 @@ int MultiThreadedCertVerifier::Verify(X509Certificate* cert, job = j->second; } else { // Need to make a new request. - CertVerifierWorker* worker = new CertVerifierWorker(cert, hostname, flags, + CertVerifierWorker* worker = new CertVerifierWorker(verify_proc_, cert, + hostname, flags, crl_set, this); job = new CertVerifierJob( worker, @@ -441,4 +450,8 @@ void MultiThreadedCertVerifier::OnCertTrustChanged( ClearCache(); } +void MultiThreadedCertVerifier::SetCertVerifyProc(CertVerifyProc* verify_proc) { + verify_proc_ = verify_proc; +} + } // namespace net |