1 // Copyright 2012 The Chromium Authors 2 // Use of this source code is governed by a BSD-style license that can be 3 // found in the LICENSE file. 4 5 #ifndef NET_CERT_MULTI_THREADED_CERT_VERIFIER_H_ 6 #define NET_CERT_MULTI_THREADED_CERT_VERIFIER_H_ 7 8 #include <stddef.h> 9 #include <stdint.h> 10 11 #include <map> 12 #include <memory> 13 14 #include "base/containers/linked_list.h" 15 #include "base/memory/scoped_refptr.h" 16 #include "base/observer_list.h" 17 #include "base/threading/thread_checker.h" 18 #include "crypto/crypto_buildflags.h" 19 #include "net/base/net_export.h" 20 #include "net/cert/cert_verifier.h" 21 22 #if BUILDFLAG(USE_NSS_CERTS) 23 #include "net/cert/scoped_nss_types.h" 24 #endif 25 26 namespace net { 27 28 class CertVerifyProc; 29 class CertNetFetcher; 30 class CertVerifyProcFactory; 31 32 // MultiThreadedCertVerifier is a CertVerifier implementation that runs 33 // synchronous CertVerifier implementations on worker threads. 34 class NET_EXPORT_PRIVATE MultiThreadedCertVerifier 35 : public CertVerifierWithUpdatableProc { 36 public: 37 explicit MultiThreadedCertVerifier( 38 scoped_refptr<CertVerifyProc> verify_proc, 39 scoped_refptr<CertVerifyProcFactory> verify_proc_factory); 40 41 MultiThreadedCertVerifier(const MultiThreadedCertVerifier&) = delete; 42 MultiThreadedCertVerifier& operator=(const MultiThreadedCertVerifier&) = 43 delete; 44 45 // When the verifier is destroyed, all certificate verifications requests are 46 // canceled, and their completion callbacks will not be called. 47 ~MultiThreadedCertVerifier() override; 48 49 // CertVerifier implementation 50 int Verify(const RequestParams& params, 51 CertVerifyResult* verify_result, 52 CompletionOnceCallback callback, 53 std::unique_ptr<Request>* out_req, 54 const NetLogWithSource& net_log) override; 55 void SetConfig(const CertVerifier::Config& config) override; 56 void AddObserver(Observer* observer) override; 57 void RemoveObserver(Observer* observer) override; 58 void UpdateVerifyProcData( 59 scoped_refptr<CertNetFetcher> cert_net_fetcher, 60 const net::CertVerifyProcFactory::ImplParams& impl_params) override; 61 62 private: 63 class InternalRequest; 64 65 // Notify the |observers_| of an OnCertVerifierChanged event. 66 void NotifyCertVerifierChanged(); 67 68 base::ObserverList<Observer> observers_; 69 Config config_; 70 scoped_refptr<CertVerifyProc> verify_proc_; 71 scoped_refptr<CertVerifyProcFactory> verify_proc_factory_; 72 73 // Holds a list of CertVerifier::Requests that have not yet completed or been 74 // deleted. It is used to ensure that when the MultiThreadedCertVerifier is 75 // deleted, we eagerly reset all of the callbacks provided to Verify(), and 76 // don't call them later, as required by the CertVerifier contract. 77 base::LinkedList<InternalRequest> request_list_; 78 79 #if BUILDFLAG(USE_NSS_CERTS) 80 // Holds NSS temporary certificates that will be exposed as untrusted 81 // authorities by SystemCertStoreNSS. 82 // TODO(https://crbug.com/978854): Pass these into the actual CertVerifyProc 83 // rather than relying on global side-effects. 84 net::ScopedCERTCertificateList temp_certs_; 85 #endif 86 87 THREAD_CHECKER(thread_checker_); 88 }; 89 90 } // namespace net 91 92 #endif // NET_CERT_MULTI_THREADED_CERT_VERIFIER_H_ 93