1*6777b538SAndroid Build Coastguard Worker // Copyright 2019 The Chromium Authors 2*6777b538SAndroid Build Coastguard Worker // Use of this source code is governed by a BSD-style license that can be 3*6777b538SAndroid Build Coastguard Worker // found in the LICENSE file. 4*6777b538SAndroid Build Coastguard Worker 5*6777b538SAndroid Build Coastguard Worker #ifndef NET_CERT_COALESCING_CERT_VERIFIER_H_ 6*6777b538SAndroid Build Coastguard Worker #define NET_CERT_COALESCING_CERT_VERIFIER_H_ 7*6777b538SAndroid Build Coastguard Worker 8*6777b538SAndroid Build Coastguard Worker #include <stdint.h> 9*6777b538SAndroid Build Coastguard Worker 10*6777b538SAndroid Build Coastguard Worker #include <map> 11*6777b538SAndroid Build Coastguard Worker #include <memory> 12*6777b538SAndroid Build Coastguard Worker #include <vector> 13*6777b538SAndroid Build Coastguard Worker 14*6777b538SAndroid Build Coastguard Worker #include "net/base/net_export.h" 15*6777b538SAndroid Build Coastguard Worker #include "net/cert/cert_verifier.h" 16*6777b538SAndroid Build Coastguard Worker 17*6777b538SAndroid Build Coastguard Worker namespace net { 18*6777b538SAndroid Build Coastguard Worker 19*6777b538SAndroid Build Coastguard Worker // CoalescingCertVerifier is a CertVerifier that keeps track of in-flight 20*6777b538SAndroid Build Coastguard Worker // CertVerifier Verify() requests. If a new call to Verify() is started that 21*6777b538SAndroid Build Coastguard Worker // matches the same parameters as an in-progress verification, the new 22*6777b538SAndroid Build Coastguard Worker // Verify() call will be joined to the existing, in-progress verification, 23*6777b538SAndroid Build Coastguard Worker // completing when it does. If no in-flight requests match, a new request to 24*6777b538SAndroid Build Coastguard Worker // the underlying verifier will be started. 25*6777b538SAndroid Build Coastguard Worker // 26*6777b538SAndroid Build Coastguard Worker // If the underlying configuration changes, existing requests are allowed to 27*6777b538SAndroid Build Coastguard Worker // complete, but any new requests will not be seen as matching, even if they 28*6777b538SAndroid Build Coastguard Worker // share the same parameters. This ensures configuration changes propagate 29*6777b538SAndroid Build Coastguard Worker // "immediately" for all new requests. 30*6777b538SAndroid Build Coastguard Worker class NET_EXPORT CoalescingCertVerifier : public CertVerifier, 31*6777b538SAndroid Build Coastguard Worker public CertVerifier::Observer { 32*6777b538SAndroid Build Coastguard Worker public: 33*6777b538SAndroid Build Coastguard Worker // Create a new verifier that will forward calls to |verifier|, coalescing 34*6777b538SAndroid Build Coastguard Worker // any in-flight, not-yet-completed calls to Verify(). 35*6777b538SAndroid Build Coastguard Worker explicit CoalescingCertVerifier(std::unique_ptr<CertVerifier> verifier); 36*6777b538SAndroid Build Coastguard Worker 37*6777b538SAndroid Build Coastguard Worker CoalescingCertVerifier(const CoalescingCertVerifier&) = delete; 38*6777b538SAndroid Build Coastguard Worker CoalescingCertVerifier& operator=(const CoalescingCertVerifier&) = delete; 39*6777b538SAndroid Build Coastguard Worker 40*6777b538SAndroid Build Coastguard Worker ~CoalescingCertVerifier() override; 41*6777b538SAndroid Build Coastguard Worker 42*6777b538SAndroid Build Coastguard Worker // CertVerifier implementation: 43*6777b538SAndroid Build Coastguard Worker int Verify(const RequestParams& params, 44*6777b538SAndroid Build Coastguard Worker CertVerifyResult* verify_result, 45*6777b538SAndroid Build Coastguard Worker CompletionOnceCallback callback, 46*6777b538SAndroid Build Coastguard Worker std::unique_ptr<CertVerifier::Request>* out_req, 47*6777b538SAndroid Build Coastguard Worker const NetLogWithSource& net_log) override; 48*6777b538SAndroid Build Coastguard Worker void SetConfig(const CertVerifier::Config& config) override; 49*6777b538SAndroid Build Coastguard Worker void AddObserver(CertVerifier::Observer* observer) override; 50*6777b538SAndroid Build Coastguard Worker void RemoveObserver(CertVerifier::Observer* observer) override; 51*6777b538SAndroid Build Coastguard Worker requests_for_testing()52*6777b538SAndroid Build Coastguard Worker uint64_t requests_for_testing() const { return requests_; } inflight_joins_for_testing()53*6777b538SAndroid Build Coastguard Worker uint64_t inflight_joins_for_testing() const { return inflight_joins_; } 54*6777b538SAndroid Build Coastguard Worker 55*6777b538SAndroid Build Coastguard Worker private: 56*6777b538SAndroid Build Coastguard Worker class Job; 57*6777b538SAndroid Build Coastguard Worker class Request; 58*6777b538SAndroid Build Coastguard Worker 59*6777b538SAndroid Build Coastguard Worker // If there is a pending request that matches |params|, and which can be 60*6777b538SAndroid Build Coastguard Worker // joined (it shares the same config), returns that Job. 61*6777b538SAndroid Build Coastguard Worker // Otherwise, returns nullptr, meaning a new Job should be started. 62*6777b538SAndroid Build Coastguard Worker Job* FindJob(const RequestParams& params); 63*6777b538SAndroid Build Coastguard Worker void RemoveJob(Job* job); 64*6777b538SAndroid Build Coastguard Worker void IncrementGenerationAndMakeCurrentJobsUnjoinable(); 65*6777b538SAndroid Build Coastguard Worker 66*6777b538SAndroid Build Coastguard Worker // CertVerifier::Observer methods: 67*6777b538SAndroid Build Coastguard Worker void OnCertVerifierChanged() override; 68*6777b538SAndroid Build Coastguard Worker 69*6777b538SAndroid Build Coastguard Worker // Contains the set of Jobs for which an active verification is taking 70*6777b538SAndroid Build Coastguard Worker // place and which can be used for new requests (e.g. the config is the 71*6777b538SAndroid Build Coastguard Worker // same). 72*6777b538SAndroid Build Coastguard Worker std::map<CertVerifier::RequestParams, std::unique_ptr<Job>> joinable_jobs_; 73*6777b538SAndroid Build Coastguard Worker 74*6777b538SAndroid Build Coastguard Worker // Contains all pending Jobs that are in-flight, but cannot be joined, due 75*6777b538SAndroid Build Coastguard Worker // to the configuration having changed since they were started. 76*6777b538SAndroid Build Coastguard Worker std::vector<std::unique_ptr<Job>> inflight_jobs_; 77*6777b538SAndroid Build Coastguard Worker 78*6777b538SAndroid Build Coastguard Worker std::unique_ptr<CertVerifier> verifier_; 79*6777b538SAndroid Build Coastguard Worker 80*6777b538SAndroid Build Coastguard Worker uint64_t requests_ = 0; 81*6777b538SAndroid Build Coastguard Worker uint64_t inflight_joins_ = 0; 82*6777b538SAndroid Build Coastguard Worker }; 83*6777b538SAndroid Build Coastguard Worker 84*6777b538SAndroid Build Coastguard Worker } // namespace net 85*6777b538SAndroid Build Coastguard Worker 86*6777b538SAndroid Build Coastguard Worker #endif // NET_CERT_COALESCING_CERT_VERIFIER_H_ 87