Google Git
Sign in
chromium / chromium / src / bb67bf56b4b5d4cb0a32b8376eee5e740db220d3 / . / chrome / browser / net / trial_comparison_cert_verifier.h
blob: 30a0b94c11f3831f526e4059e94c7c87b92e1c38 [file] [log] [blame]
// Copyright 2018 The Chromium Authors. All rights reserved.
// Use of this source code is governed by a BSD-style license that can be
// found in the LICENSE file.
#ifndef CHROME_BROWSER_NET_TRIAL_COMPARISON_CERT_VERIFIER_H_
#define CHROME_BROWSER_NET_TRIAL_COMPARISON_CERT_VERIFIER_H_
#include "base/containers/unique_ptr_adapters.h"
#include "base/macros.h"
#include "base/memory/ref_counted.h"
#include "base/memory/weak_ptr.h"
#include "base/threading/thread_checker.h"
#include "net/base/net_export.h"
#include "net/cert/cert_verifier.h"
namespace net {
class CertVerifyProc;
}
class TrialComparisonCertVerifier : public net::CertVerifier {
public:
// These values are persisted to logs. Entries should not be renumbered and
// numeric values should never be reused.
enum TrialComparisonResult {
kInvalid = 0,
kEqual = 1,
kPrimaryValidSecondaryError = 2,
kPrimaryErrorSecondaryValid = 3,
kBothValidDifferentDetails = 4,
kBothErrorDifferentDetails = 5,
kIgnoredMacUndesiredRevocationChecking = 6,
kIgnoredMultipleEVPoliciesAndOneMatchesRoot = 7,
kIgnoredDifferentPathReVerifiesEquivalent = 8,
kIgnoredLocallyTrustedLeaf = 9,
kMaxValue = kIgnoredLocallyTrustedLeaf
};
TrialComparisonCertVerifier(
void* profile_id,
scoped_refptr<net::CertVerifyProc> primary_verify_proc,
scoped_refptr<net::CertVerifyProc> trial_verify_proc);
~TrialComparisonCertVerifier() override;
// This method can be called by tests to fake an official build (reports are
// only sent from official builds).
static void SetFakeOfficialBuildForTesting();
// CertVerifier implementation
int Verify(const RequestParams& params,
net::CRLSet* crl_set,
net::CertVerifyResult* verify_result,
const net::CompletionCallback& callback,
std::unique_ptr<Request>* out_req,
const net::NetLogWithSource& net_log) override;
bool SupportsOCSPStapling() override;
// Returns a CertVerifier using the primary CertVerifyProc, which will not
// cause OnPrimaryVerifierComplete to be called. This can be used to
// attempt to re-verify a cert with different chain or flags without
// messing up the stats or potentially causing an infinite loop.
net::CertVerifier* primary_reverifier() const {
return primary_reverifier_.get();
}
net::CertVerifier* trial_verifier() const { return trial_verifier_.get(); }
private:
class TrialVerificationJob;
void OnPrimaryVerifierComplete(const RequestParams& params,
scoped_refptr<net::CRLSet> crl_set,
const net::NetLogWithSource& net_log,
int primary_error,
const net::CertVerifyResult& primary_result,
base::TimeDelta latency,
bool is_first_job);
void OnTrialVerifierComplete(const RequestParams& params,
scoped_refptr<net::CRLSet> crl_set,
const net::NetLogWithSource& net_log,
int trial_error,
const net::CertVerifyResult& trial_result,
base::TimeDelta latency,
bool is_first_job);
void MaybeDoTrialVerification(const RequestParams& params,
scoped_refptr<net::CRLSet> crl_set,
const net::NetLogWithSource& net_log,
int primary_error,
const net::CertVerifyResult& primary_result,
void* profile_id,
bool trial_allowed);
void RemoveJob(TrialVerificationJob* job_ptr);
// The profile this verifier is associated with. Stored as a void* to avoid
// accidentally using it on IO thread.
void* profile_id_;
std::unique_ptr<net::CertVerifier> primary_verifier_;
std::unique_ptr<net::CertVerifier> primary_reverifier_;
std::unique_ptr<net::CertVerifier> trial_verifier_;
std::set<std::unique_ptr<TrialVerificationJob>, base::UniquePtrComparator>
jobs_;
THREAD_CHECKER(thread_checker_);
base::WeakPtrFactory<TrialComparisonCertVerifier> weak_ptr_factory_;
DISALLOW_COPY_AND_ASSIGN(TrialComparisonCertVerifier);
};
#endif // CHROME_BROWSER_NET_TRIAL_COMPARISON_CERT_VERIFIER_H_