diff options
| author | mattm@chromium.org <mattm@chromium.org@0039d316-1c4b-4281-b951-d872f2087c98> | 2011-12-21 00:26:46 +0000 |
|---|---|---|
| committer | mattm@chromium.org <mattm@chromium.org@0039d316-1c4b-4281-b951-d872f2087c98> | 2011-12-21 00:26:46 +0000 |
| commit | 27c77f2c339aa9a4578298c8120fdd40b3eb9340 (patch) | |
| tree | 81f388ffe77aa442094cd55989d9317226b0c8d9 /net/base/origin_bound_cert_service.cc | |
| parent | f2defa18f6ca5ba6a3fd592a453b3f4620658f14 (diff) | |
| download | chromium_src-27c77f2c339aa9a4578298c8120fdd40b3eb9340.zip chromium_src-27c77f2c339aa9a4578298c8120fdd40b3eb9340.tar.gz chromium_src-27c77f2c339aa9a4578298c8120fdd40b3eb9340.tar.bz2 | |
Revert 115219 - Handle Origin Bound Certificate expiration.
BUG=107047
TEST=net_unittests, unit_tests
Review URL: http://codereview.chromium.org/8890073
TBR=mattm@chromium.org
Review URL: http://codereview.chromium.org/8965065
git-svn-id: svn://svn.chromium.org/chrome/trunk/src@115239 0039d316-1c4b-4281-b951-d872f2087c98
Diffstat (limited to 'net/base/origin_bound_cert_service.cc')
| -rw-r--r-- | net/base/origin_bound_cert_service.cc | 45 |
1 files changed, 13 insertions, 32 deletions
diff --git a/net/base/origin_bound_cert_service.cc b/net/base/origin_bound_cert_service.cc index 246383e..762255f 100644 --- a/net/base/origin_bound_cert_service.cc +++ b/net/base/origin_bound_cert_service.cc @@ -134,7 +134,6 @@ class OriginBoundCertServiceWorker { error_ = OriginBoundCertService::GenerateCert(origin_, type_, serial_number_, - &expiration_time_, &private_key_, &cert_); #if defined(USE_NSS) @@ -160,8 +159,8 @@ class OriginBoundCertServiceWorker { // memory leaks or worse errors. base::AutoLock locked(lock_); if (!canceled_) { - origin_bound_cert_service_->HandleResult( - origin_, error_, type_, expiration_time_, private_key_, cert_); + origin_bound_cert_service_->HandleResult(origin_, error_, type_, + private_key_, cert_); } } delete this; @@ -209,7 +208,6 @@ class OriginBoundCertServiceWorker { bool canceled_; int error_; - base::Time expiration_time_; std::string private_key_; std::string cert_; @@ -324,26 +322,20 @@ int OriginBoundCertService::GetOriginBoundCert( requests_++; // Check if an origin bound cert of an acceptable type already exists for this - // origin, and that it has not expired. - base::Time now = base::Time::Now(); - base::Time expiration_time; + // origin. if (origin_bound_cert_store_->GetOriginBoundCert(origin, type, - &expiration_time, private_key, cert)) { - if (expiration_time < now) { - DVLOG(1) << "Cert store had expired cert for " << origin; - } else if (!IsSupportedCertType(*type) || - std::find(requested_types.begin(), requested_types.end(), - *type) == requested_types.end()) { - DVLOG(1) << "Cert store had cert of wrong type " << *type << " for " - << origin; - } else { + if (IsSupportedCertType(*type) && + std::find(requested_types.begin(), requested_types.end(), *type) != + requested_types.end()) { cert_store_hits_++; *out_req = NULL; return OK; } + DVLOG(1) << "Cert store had cert of wrong type " << *type << " for " + << origin; } // |origin_bound_cert_store_| has no cert for this origin. See if an @@ -371,10 +363,8 @@ int OriginBoundCertService::GetOriginBoundCert( inflight_joins_++; } else { // Need to make a new request. - OriginBoundCertServiceWorker* worker = new OriginBoundCertServiceWorker( - origin, - preferred_type, - this); + OriginBoundCertServiceWorker* worker = + new OriginBoundCertServiceWorker(origin, preferred_type, this); job = new OriginBoundCertServiceJob(worker, preferred_type); if (!worker->Start()) { delete job; @@ -398,12 +388,8 @@ int OriginBoundCertService::GetOriginBoundCert( int OriginBoundCertService::GenerateCert(const std::string& origin, SSLClientCertType type, uint32 serial_number, - base::Time* expiration_time, std::string* private_key, std::string* cert) { - base::Time now = base::Time::Now(); - base::Time not_valid_after = - now + base::TimeDelta::FromDays(kValidityPeriodInDays); std::string der_cert; std::vector<uint8> private_key_info; switch (type) { @@ -418,8 +404,7 @@ int OriginBoundCertService::GenerateCert(const std::string& origin, key.get(), origin, serial_number, - now, - not_valid_after, + base::TimeDelta::FromDays(kValidityPeriodInDays), &der_cert)) { DLOG(ERROR) << "Unable to create x509 cert for client"; return ERR_ORIGIN_BOUND_CERT_GENERATION_FAILED; @@ -441,8 +426,7 @@ int OriginBoundCertService::GenerateCert(const std::string& origin, key.get(), origin, serial_number, - now, - not_valid_after, + base::TimeDelta::FromDays(kValidityPeriodInDays), &der_cert)) { DLOG(ERROR) << "Unable to create x509 cert for client"; return ERR_ORIGIN_BOUND_CERT_GENERATION_FAILED; @@ -466,7 +450,6 @@ int OriginBoundCertService::GenerateCert(const std::string& origin, private_key->swap(key_out); cert->swap(der_cert); - *expiration_time = not_valid_after; return OK; } @@ -482,13 +465,11 @@ void OriginBoundCertService::CancelRequest(RequestHandle req) { void OriginBoundCertService::HandleResult(const std::string& origin, int error, SSLClientCertType type, - base::Time expiration_time, const std::string& private_key, const std::string& cert) { DCHECK(CalledOnValidThread()); - origin_bound_cert_store_->SetOriginBoundCert( - origin, type, expiration_time, private_key, cert); + origin_bound_cert_store_->SetOriginBoundCert(origin, type, private_key, cert); std::map<std::string, OriginBoundCertServiceJob*>::iterator j; j = inflight_.find(origin); |