Reverting 8868.

This relands wtc's original CL for working around not caching the intermediate CA certificates. We believe the original commit failed on buildbot because of a bad incremental build, and will be resolved by doing a clobber Review URL: http://codereview.chromium.org/19463 git-svn-id: svn://svn.chromium.org/chrome/trunk/src@8870 0039d316-1c4b-4281-b951-d872f2087c98
author: ericroman@google.com <ericroman@google.com@0039d316-1c4b-4281-b951-d872f2087c98> 2009-01-29 08:32:11 +0000
committer: ericroman@google.com <ericroman@google.com@0039d316-1c4b-4281-b951-d872f2087c98> 2009-01-29 08:32:11 +0000
commit: 9283116a8f8a31f967ab2ba84802ef32ea01ebfe (patch)
tree: 0121e6c3b9aadcdee08554173422a0ddedb9e43b /net/base/x509_certificate.h
parent: 90900d92333c8574979d502e3a3629a9f0ed6e5a (diff)
download: chromium_src-9283116a8f8a31f967ab2ba84802ef32ea01ebfe.zip
chromium_src-9283116a8f8a31f967ab2ba84802ef32ea01ebfe.tar.gz
chromium_src-9283116a8f8a31f967ab2ba84802ef32ea01ebfe.tar.bz2
1 files changed, 37 insertions, 4 deletions
diff --git a/net/base/x509_certificate.h b/net/base/x509_certificate.h
index 4e41570..9127cc6 100644
--- a/net/base/x509_certificate.h
+++ b/net/base/x509_certificate.h
@@ -13,6 +13,7 @@
 #include "base/ref_counted.h"
 #include "base/singleton.h"
 #include "base/time.h"
+#include "testing/gtest/include/gtest/gtest_prod.h"
 
 #if defined(OS_WIN)
 #include <windows.h>
@@ -112,10 +113,25 @@ class X509Certificate : public base::RefCountedThreadSafe<X509Certificate> {
     std::set<Fingerprint, FingerprintLessThan> denied_;
   };
 
+  // Where the certificate comes from.  The enumeration constants are
+  // listed in increasing order of preference.
+  enum Source {
+    SOURCE_UNUSED = 0,            // The source_ member is not used.
+    SOURCE_LONE_CERT_IMPORT = 1,  // From importing a certificate without
+                                  // its intermediate CA certificates.
+    SOURCE_FROM_NETWORK = 2,      // From the network.
+  };
+
   // Create an X509Certificate from a handle to the certificate object
   // in the underlying crypto library. This is a transfer of ownership;
   // X509Certificate will properly dispose of |cert_handle| for you.
-  static X509Certificate* CreateFromHandle(OSCertHandle cert_handle);
+  // |source| specifies where |cert_handle| comes from.  Given two
+  // certificate handles for the same certificate, our certificate cache
+  // prefers the handle from the network because our HTTP cache isn't
+  // caching the corresponding intermediate CA certificates yet
+  // (http://crbug.com/7065).
+  static X509Certificate* CreateFromHandle(OSCertHandle cert_handle,
+                                           Source source);
 
   // Create an X509Certificate from the BER-encoded representation.
   // Returns NULL on failure.
@@ -130,7 +146,7 @@ class X509Certificate : public base::RefCountedThreadSafe<X509Certificate> {
 
   // Creates a X509Certificate from the ground up.  Used by tests that simulate
   // SSL connections.
-  X509Certificate(std::string subject, std::string issuer,
+  X509Certificate(const std::string& subject, const std::string& issuer,
                   base::Time start_date, base::Time expiration_date);
 
   // Appends a representation of this object to the given pickle.
@@ -172,6 +188,9 @@ class X509Certificate : public base::RefCountedThreadSafe<X509Certificate> {
   OSCertHandle os_cert_handle() const { return cert_handle_; }
 
  private:
+  friend class base::RefCountedThreadSafe<X509Certificate>;
+  FRIEND_TEST(X509CertificateTest, Cache);
+
   // A cache of X509Certificate objects.
   class Cache {
    public:
@@ -200,14 +219,25 @@ class X509Certificate : public base::RefCountedThreadSafe<X509Certificate> {
 
   // Construct an X509Certificate from a handle to the certificate object
   // in the underlying crypto library.
-  explicit X509Certificate(OSCertHandle cert_handle);
+  X509Certificate(OSCertHandle cert_handle, Source source);
 
-  friend class base::RefCountedThreadSafe<X509Certificate>;
   ~X509Certificate();
 
   // Common object initialization code.  Called by the constructors only.
   void Initialize();
 
+  // Creates an OS certificate handle from the BER-encoded representation.
+  // Returns NULL on failure.
+  static OSCertHandle CreateOSCertHandleFromBytes(const char* data,
+                                                  int length);
+
+  // Frees an OS certificate handle.
+  static void FreeOSCertHandle(OSCertHandle cert_handle);
+
+  // Calculates the SHA-1 fingerprint of the certificate.  Returns an empty
+  // (all zero) fingerprint on failure.
+  static Fingerprint CalculateFingerprint(OSCertHandle cert_handle);
+
   // The subject of the certificate.
   Principal subject_;
 
@@ -226,6 +256,9 @@ class X509Certificate : public base::RefCountedThreadSafe<X509Certificate> {
   // A handle to the certificate object in the underlying crypto library.
   OSCertHandle cert_handle_;
 
+  // Where the certificate comes from.
+  Source source_;
+
   DISALLOW_COPY_AND_ASSIGN(X509Certificate);
 };
author	ericroman@google.com <ericroman@google.com@0039d316-1c4b-4281-b951-d872f2087c98>	2009-01-29 08:32:11 +0000
committer	ericroman@google.com <ericroman@google.com@0039d316-1c4b-4281-b951-d872f2087c98>	2009-01-29 08:32:11 +0000
commit	9283116a8f8a31f967ab2ba84802ef32ea01ebfe (patch)
tree	0121e6c3b9aadcdee08554173422a0ddedb9e43b /net/base/x509_certificate.h
parent	90900d92333c8574979d502e3a3629a9f0ed6e5a (diff)
download	chromium_src-9283116a8f8a31f967ab2ba84802ef32ea01ebfe.zip chromium_src-9283116a8f8a31f967ab2ba84802ef32ea01ebfe.tar.gz chromium_src-9283116a8f8a31f967ab2ba84802ef32ea01ebfe.tar.bz2