1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
|
// Copyright (c) 2012 The Chromium Authors. All rights reserved.
// Use of this source code is governed by a BSD-style license that can be
// found in the LICENSE file.
#ifndef NET_BASE_DEFAULT_SERVER_BOUND_CERT_STORE_H_
#define NET_BASE_DEFAULT_SERVER_BOUND_CERT_STORE_H_
#pragma once
#include <map>
#include <string>
#include <vector>
#include "base/callback_forward.h"
#include "base/compiler_specific.h"
#include "base/memory/ref_counted.h"
#include "base/synchronization/lock.h"
#include "net/base/net_export.h"
#include "net/base/server_bound_cert_store.h"
class Task;
namespace net {
// This class is the system for storing and retrieving server bound certs.
// Modeled after the CookieMonster class, it has an in-memory cert store,
// and synchronizes server bound certs to an optional permanent storage that
// implements the PersistentStore interface. The use case is described in
// http://balfanz.github.com/tls-obc-spec/draft-balfanz-tls-obc-00.html
//
// This class can be accessed by multiple threads. For example, it can be used
// by IO and server bound cert management UI.
class NET_EXPORT DefaultServerBoundCertStore : public ServerBoundCertStore {
public:
class PersistentStore;
// The key for each ServerBoundCert* in ServerBoundCertMap is the
// corresponding server.
typedef std::map<std::string, ServerBoundCert*> ServerBoundCertMap;
// The store passed in should not have had Init() called on it yet. This
// class will take care of initializing it. The backing store is NOT owned by
// this class, but it must remain valid for the duration of the
// DefaultServerBoundCertStore's existence. If |store| is NULL, then no
// backing store will be updated.
explicit DefaultServerBoundCertStore(PersistentStore* store);
virtual ~DefaultServerBoundCertStore();
// Flush the backing store (if any) to disk and post the given task when done.
// WARNING: THE CALLBACK WILL RUN ON A RANDOM THREAD. IT MUST BE THREAD SAFE.
// It may be posted to the current thread, or it may run on the thread that
// actually does the flushing. Your Task should generally post a notification
// to the thread you actually want to be notified on.
void FlushStore(const base::Closure& completion_task);
// ServerBoundCertStore implementation.
virtual bool GetServerBoundCert(
const std::string& server_identifier,
SSLClientCertType* type,
base::Time* creation_time,
base::Time* expiration_time,
std::string* private_key_result,
std::string* cert_result) OVERRIDE;
virtual void SetServerBoundCert(
const std::string& server_identifier,
SSLClientCertType type,
base::Time creation_time,
base::Time expiration_time,
const std::string& private_key,
const std::string& cert) OVERRIDE;
virtual void DeleteServerBoundCert(const std::string& server_identifier)
OVERRIDE;
virtual void DeleteAllCreatedBetween(base::Time delete_begin,
base::Time delete_end) OVERRIDE;
virtual void DeleteAll() OVERRIDE;
virtual void GetAllServerBoundCerts(
std::vector<ServerBoundCert>* server_bound_certs) OVERRIDE;
virtual int GetCertCount() OVERRIDE;
private:
static const size_t kMaxCerts;
// Deletes all of the certs. Does not delete them from |store_|.
void DeleteAllInMemory();
// Called by all non-static functions to ensure that the cert store has
// been initialized. This is not done during creating so it doesn't block
// the window showing.
// Note: this method should always be called with lock_ held.
void InitIfNecessary() {
if (!initialized_) {
if (store_)
InitStore();
initialized_ = true;
}
}
// Initializes the backing store and reads existing certs from it.
// Should only be called by InitIfNecessary().
void InitStore();
// Deletes the cert for the specified server, if such a cert exists, from the
// in-memory store. Deletes it from |store_| if |store_| is not NULL.
void InternalDeleteServerBoundCert(const std::string& server);
// Takes ownership of *cert.
// Adds the cert for the specified server to the in-memory store. Deletes it
// from |store_| if |store_| is not NULL.
void InternalInsertServerBoundCert(const std::string& server_identifier,
ServerBoundCert* cert);
// Indicates whether the cert store has been initialized. This happens
// Lazily in InitStoreIfNecessary().
bool initialized_;
scoped_refptr<PersistentStore> store_;
ServerBoundCertMap server_bound_certs_;
// Lock for thread-safety
base::Lock lock_;
DISALLOW_COPY_AND_ASSIGN(DefaultServerBoundCertStore);
};
typedef base::RefCountedThreadSafe<DefaultServerBoundCertStore::PersistentStore>
RefcountedPersistentStore;
class NET_EXPORT DefaultServerBoundCertStore::PersistentStore
: public RefcountedPersistentStore {
public:
virtual ~PersistentStore() {}
// Initializes the store and retrieves the existing certs. This will be
// called only once at startup. Note that the certs are individually allocated
// and that ownership is transferred to the caller upon return.
virtual bool Load(
std::vector<ServerBoundCert*>* certs) = 0;
virtual void AddServerBoundCert(const ServerBoundCert& cert) = 0;
virtual void DeleteServerBoundCert(const ServerBoundCert& cert) = 0;
// Sets the value of the user preference whether the persistent storage
// must be deleted upon destruction.
virtual void SetClearLocalStateOnExit(bool clear_local_state) = 0;
// Flush the store and post the given Task when complete.
virtual void Flush(const base::Closure& completion_task) = 0;
protected:
PersistentStore();
private:
DISALLOW_COPY_AND_ASSIGN(PersistentStore);
};
} // namespace net
#endif // NET_DEFAULT_ORIGIN_BOUND_CERT_STORE_H_
|
