summaryrefslogtreecommitdiffstats
path: root/net/base/cert_verifier.cc
blob: 567ea38c6d0b81542bf8818243d5a650e553f850 (plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
// Copyright (c) 2008 The Chromium Authors. All rights reserved.
// Use of this source code is governed by a BSD-style license that can be
// found in the LICENSE file.

#include "net/base/cert_verifier.h"

#include "base/message_loop.h"
#include "base/worker_pool.h"
#include "net/base/cert_verify_result.h"
#include "net/base/net_errors.h"
#include "net/base/x509_certificate.h"

namespace net {

class CertVerifier::Request :
    public base::RefCountedThreadSafe<CertVerifier::Request> {
 public:
  Request(CertVerifier* verifier,
          X509Certificate* cert,
          const std::string& hostname,
          bool rev_checking_enabled,
          CertVerifyResult* verify_result,
          CompletionCallback* callback)
      : cert_(cert),
        hostname_(hostname),
        rev_checking_enabled_(rev_checking_enabled),
        verifier_(verifier),
        verify_result_(verify_result),
        callback_(callback),
        origin_loop_(MessageLoop::current()),
        error_(OK) {
  }

  ~Request() {}

  void DoVerify() {
    // Running on the worker thread
    error_ = cert_->Verify(hostname_, rev_checking_enabled_, &result_);

    Task* reply = NewRunnableMethod(this, &Request::DoCallback);

    // The origin loop could go away while we are trying to post to it, so we
    // need to call its PostTask method inside a lock.  See ~CertVerifier.
    {
      AutoLock locked(origin_loop_lock_);
      if (origin_loop_) {
        origin_loop_->PostTask(FROM_HERE, reply);
        reply = NULL;
      }
    }

    // Does nothing if it got posted.
    delete reply;
  }

  void DoCallback() {
    // Running on the origin thread.

    // We may have been cancelled!
    if (!verifier_)
      return;

    *verify_result_ = result_;

    // Drop the verifier's reference to us.  Do this before running the
    // callback since the callback might result in the verifier being
    // destroyed.
    verifier_->request_ = NULL;

    callback_->Run(error_);
  }

  void Cancel() {
    verifier_ = NULL;

    AutoLock locked(origin_loop_lock_);
    origin_loop_ = NULL;
  }

 private:
  // Set on the origin thread, read on the worker thread.
  scoped_refptr<X509Certificate> cert_;
  std::string hostname_;
  bool rev_checking_enabled_;

  // Only used on the origin thread (where Verify was called).
  CertVerifier* verifier_;
  CertVerifyResult* verify_result_;
  CompletionCallback* callback_;

  // Used to post ourselves onto the origin thread.
  Lock origin_loop_lock_;
  MessageLoop* origin_loop_;

  // Assigned on the worker thread, read on the origin thread.
  int error_;
  CertVerifyResult result_;
};

//-----------------------------------------------------------------------------

CertVerifier::CertVerifier() {
}

CertVerifier::~CertVerifier() {
  if (request_)
    request_->Cancel();
}

int CertVerifier::Verify(X509Certificate* cert,
                         const std::string& hostname,
                         bool rev_checking_enabled,
                         CertVerifyResult* verify_result,
                         CompletionCallback* callback) {
  DCHECK(!request_) << "verifier already in use";

  // Do a synchronous verification.
  if (!callback) {
    CertVerifyResult result;
    int rv = cert->Verify(hostname, rev_checking_enabled, &result);
    *verify_result = result;
    return rv;
  }

  request_ = new Request(this, cert, hostname, rev_checking_enabled,
                         verify_result, callback);

  // Dispatch to worker thread...
  if (!WorkerPool::PostTask(FROM_HERE,
          NewRunnableMethod(request_.get(), &Request::DoVerify), true)) {
    NOTREACHED();
    request_ = NULL;
    return ERR_FAILED;
  }

  return ERR_IO_PENDING;
}

}  // namespace net