summaryrefslogtreecommitdiff
path: root/chromium/net/ssl
diff options
context:
space:
mode:
Diffstat (limited to 'chromium/net/ssl')
-rw-r--r--chromium/net/ssl/server_bound_cert_service.cc201
-rw-r--r--chromium/net/ssl/server_bound_cert_service.h48
-rw-r--r--chromium/net/ssl/server_bound_cert_service_unittest.cc289
-rw-r--r--chromium/net/ssl/ssl_config_service.cc2
4 files changed, 106 insertions, 434 deletions
diff --git a/chromium/net/ssl/server_bound_cert_service.cc b/chromium/net/ssl/server_bound_cert_service.cc
index 2bbcbc79e6b..4bc82ed5d9b 100644
--- a/chromium/net/ssl/server_bound_cert_service.cc
+++ b/chromium/net/ssl/server_bound_cert_service.cc
@@ -43,8 +43,7 @@ const int kValidityPeriodInDays = 365;
const int kSystemTimeValidityBufferInDays = 90;
// Used by the GetDomainBoundCertResult histogram to record the final
-// outcome of each GetDomainBoundCert or GetOrCreateDomainBoundCert call.
-// Do not re-use values.
+// outcome of each GetDomainBoundCert call. Do not re-use values.
enum GetCertResult {
// Synchronously found and returned an existing domain bound cert.
SYNC_SUCCESS = 0,
@@ -58,8 +57,7 @@ enum GetCertResult {
ASYNC_FAILURE_CREATE_CERT = 4,
ASYNC_FAILURE_EXPORT_KEY = 5,
ASYNC_FAILURE_UNKNOWN = 6,
- // GetDomainBoundCert or GetOrCreateDomainBoundCert was called with
- // invalid arguments.
+ // GetDomainBoundCert was called with invalid arguments.
INVALID_ARGUMENT = 7,
// We don't support any of the cert types the server requested.
UNSUPPORTED_TYPE = 8,
@@ -279,18 +277,14 @@ class ServerBoundCertServiceWorker {
// origin message loop.
class ServerBoundCertServiceJob {
public:
- ServerBoundCertServiceJob(bool create_if_missing)
- : create_if_missing_(create_if_missing) {
- }
+ ServerBoundCertServiceJob() { }
~ServerBoundCertServiceJob() {
if (!requests_.empty())
DeleteAllCanceled();
}
- void AddRequest(ServerBoundCertServiceRequest* request,
- bool create_if_missing = false) {
- create_if_missing_ |= create_if_missing;
+ void AddRequest(ServerBoundCertServiceRequest* request) {
requests_.push_back(request);
}
@@ -300,8 +294,6 @@ class ServerBoundCertServiceJob {
PostAll(error, private_key, cert);
}
- bool CreateIfMissing() const { return create_if_missing_; }
-
private:
void PostAll(int error,
const std::string& private_key,
@@ -328,7 +320,6 @@ class ServerBoundCertServiceJob {
}
std::vector<ServerBoundCertServiceRequest*> requests_;
- bool create_if_missing_;
};
// static
@@ -397,7 +388,7 @@ std::string ServerBoundCertService::GetDomainForHost(const std::string& host) {
return domain;
}
-int ServerBoundCertService::GetOrCreateDomainBoundCert(
+int ServerBoundCertService::GetDomainBoundCert(
const std::string& host,
std::string* private_key,
std::string* cert,
@@ -420,15 +411,49 @@ int ServerBoundCertService::GetOrCreateDomainBoundCert(
requests_++;
- // See if a request for the same domain is currently in flight.
- bool create_if_missing = true;
- if (JoinToInFlightRequest(request_start, domain, private_key, cert,
- create_if_missing, callback, out_req)) {
+ // See if an identical request is currently in flight.
+ ServerBoundCertServiceJob* job = NULL;
+ std::map<std::string, ServerBoundCertServiceJob*>::const_iterator j;
+ j = inflight_.find(domain);
+ if (j != inflight_.end()) {
+ // An identical request is in flight already. We'll just attach our
+ // callback.
+ job = j->second;
+ inflight_joins_++;
+
+ ServerBoundCertServiceRequest* request = new ServerBoundCertServiceRequest(
+ request_start,
+ base::Bind(&RequestHandle::OnRequestComplete,
+ base::Unretained(out_req)),
+ private_key, cert);
+ job->AddRequest(request);
+ out_req->RequestStarted(this, request, callback);
return ERR_IO_PENDING;
}
- int err = LookupDomainBoundCert(request_start, domain, private_key, cert,
- create_if_missing, callback, out_req);
+ // Check if a domain bound cert of an acceptable type already exists for this
+ // domain. Note that |expiration_time| is ignored, and expired certs are
+ // considered valid.
+ base::Time expiration_time;
+ int err = server_bound_cert_store_->GetServerBoundCert(
+ domain,
+ &expiration_time /* ignored */,
+ private_key,
+ cert,
+ base::Bind(&ServerBoundCertService::GotServerBoundCert,
+ weak_ptr_factory_.GetWeakPtr()));
+
+ if (err == OK) {
+ // Sync lookup found a valid cert.
+ DVLOG(1) << "Cert store had valid cert for " << domain;
+ cert_store_hits_++;
+ RecordGetDomainBoundCertResult(SYNC_SUCCESS);
+ base::TimeDelta request_time = base::TimeTicks::Now() - request_start;
+ UMA_HISTOGRAM_TIMES("DomainBoundCerts.GetCertTimeSync", request_time);
+ RecordGetCertTime(request_time);
+ return OK;
+ }
+
if (err == ERR_FILE_NOT_FOUND) {
// Sync lookup did not find a valid cert. Start generating a new one.
workers_created_++;
@@ -442,17 +467,19 @@ int ServerBoundCertService::GetOrCreateDomainBoundCert(
RecordGetDomainBoundCertResult(WORKER_FAILURE);
return ERR_INSUFFICIENT_RESOURCES;
}
- // We are waiting for cert generation. Create a job & request to track it.
- ServerBoundCertServiceJob* job =
- new ServerBoundCertServiceJob(create_if_missing);
+ }
+
+ if (err == ERR_IO_PENDING || err == ERR_FILE_NOT_FOUND) {
+ // We are either waiting for async DB lookup, or waiting for cert
+ // generation. Create a job & request to track it.
+ job = new ServerBoundCertServiceJob();
inflight_[domain] = job;
ServerBoundCertServiceRequest* request = new ServerBoundCertServiceRequest(
request_start,
base::Bind(&RequestHandle::OnRequestComplete,
base::Unretained(out_req)),
- private_key,
- cert);
+ private_key, cert);
job->AddRequest(request);
out_req->RequestStarted(this, request, callback);
return ERR_IO_PENDING;
@@ -461,41 +488,6 @@ int ServerBoundCertService::GetOrCreateDomainBoundCert(
return err;
}
-int ServerBoundCertService::GetDomainBoundCert(
- const std::string& host,
- std::string* private_key,
- std::string* cert,
- const CompletionCallback& callback,
- RequestHandle* out_req) {
- DVLOG(1) << __FUNCTION__ << " " << host;
- DCHECK(CalledOnValidThread());
- base::TimeTicks request_start = base::TimeTicks::Now();
-
- if (callback.is_null() || !private_key || !cert || host.empty()) {
- RecordGetDomainBoundCertResult(INVALID_ARGUMENT);
- return ERR_INVALID_ARGUMENT;
- }
-
- std::string domain = GetDomainForHost(host);
- if (domain.empty()) {
- RecordGetDomainBoundCertResult(INVALID_ARGUMENT);
- return ERR_INVALID_ARGUMENT;
- }
-
- requests_++;
-
- // See if a request for the same domain currently in flight.
- bool create_if_missing = false;
- if (JoinToInFlightRequest(request_start, domain, private_key, cert,
- create_if_missing, callback, out_req)) {
- return ERR_IO_PENDING;
- }
-
- int err = LookupDomainBoundCert(request_start, domain, private_key, cert,
- create_if_missing, callback, out_req);
- return err;
-}
-
void ServerBoundCertService::GotServerBoundCert(
int err,
const std::string& server_identifier,
@@ -519,13 +511,7 @@ void ServerBoundCertService::GotServerBoundCert(
HandleResult(OK, server_identifier, key, cert);
return;
}
- // Async lookup did not find a valid cert. If no request asked to create one,
- // return the error directly.
- if (!j->second->CreateIfMissing()) {
- HandleResult(err, server_identifier, key, cert);
- return;
- }
- // At least one request asked to create a cert => start generating a new one.
+ // Async lookup did not find a valid cert. Start generating a new one.
workers_created_++;
ServerBoundCertServiceWorker* worker = new ServerBoundCertServiceWorker(
server_identifier,
@@ -538,6 +524,7 @@ void ServerBoundCertService::GotServerBoundCert(
server_identifier,
std::string(),
std::string());
+ return;
}
}
@@ -592,86 +579,6 @@ void ServerBoundCertService::HandleResult(
delete job;
}
-bool ServerBoundCertService::JoinToInFlightRequest(
- const base::TimeTicks& request_start,
- const std::string& domain,
- std::string* private_key,
- std::string* cert,
- bool create_if_missing,
- const CompletionCallback& callback,
- RequestHandle* out_req) {
- ServerBoundCertServiceJob* job = NULL;
- std::map<std::string, ServerBoundCertServiceJob*>::const_iterator j =
- inflight_.find(domain);
- if (j != inflight_.end()) {
- // A request for the same domain is in flight already. We'll attach our
- // callback, but we'll also mark it as requiring a cert if one's mising.
- job = j->second;
- inflight_joins_++;
-
- ServerBoundCertServiceRequest* request = new ServerBoundCertServiceRequest(
- request_start,
- base::Bind(&RequestHandle::OnRequestComplete,
- base::Unretained(out_req)),
- private_key,
- cert);
- job->AddRequest(request, create_if_missing);
- out_req->RequestStarted(this, request, callback);
- return true;
- }
- return false;
-}
-
-int ServerBoundCertService::LookupDomainBoundCert(
- const base::TimeTicks& request_start,
- const std::string& domain,
- std::string* private_key,
- std::string* cert,
- bool create_if_missing,
- const CompletionCallback& callback,
- RequestHandle* out_req) {
- // Check if a domain bound cert already exists for this domain. Note that
- // |expiration_time| is ignored, and expired certs are considered valid.
- base::Time expiration_time;
- int err = server_bound_cert_store_->GetServerBoundCert(
- domain,
- &expiration_time /* ignored */,
- private_key,
- cert,
- base::Bind(&ServerBoundCertService::GotServerBoundCert,
- weak_ptr_factory_.GetWeakPtr()));
-
- if (err == OK) {
- // Sync lookup found a valid cert.
- DVLOG(1) << "Cert store had valid cert for " << domain;
- cert_store_hits_++;
- RecordGetDomainBoundCertResult(SYNC_SUCCESS);
- base::TimeDelta request_time = base::TimeTicks::Now() - request_start;
- UMA_HISTOGRAM_TIMES("DomainBoundCerts.GetCertTimeSync", request_time);
- RecordGetCertTime(request_time);
- return OK;
- }
-
- if (err == ERR_IO_PENDING) {
- // We are waiting for async DB lookup. Create a job & request to track it.
- ServerBoundCertServiceJob* job =
- new ServerBoundCertServiceJob(create_if_missing);
- inflight_[domain] = job;
-
- ServerBoundCertServiceRequest* request = new ServerBoundCertServiceRequest(
- request_start,
- base::Bind(&RequestHandle::OnRequestComplete,
- base::Unretained(out_req)),
- private_key,
- cert);
- job->AddRequest(request);
- out_req->RequestStarted(this, request, callback);
- return ERR_IO_PENDING;
- }
-
- return err;
-}
-
int ServerBoundCertService::cert_count() {
return server_bound_cert_store_->GetCertCount();
}
diff --git a/chromium/net/ssl/server_bound_cert_service.h b/chromium/net/ssl/server_bound_cert_service.h
index 0dc7f4ae390..d931ec87082 100644
--- a/chromium/net/ssl/server_bound_cert_service.h
+++ b/chromium/net/ssl/server_bound_cert_service.h
@@ -106,31 +106,6 @@ class NET_EXPORT ServerBoundCertService
// |*out_req| will be initialized with a handle to the async request. This
// RequestHandle object must be cancelled or destroyed before the
// ServerBoundCertService is destroyed.
- int GetOrCreateDomainBoundCert(
- const std::string& host,
- std::string* private_key,
- std::string* cert,
- const CompletionCallback& callback,
- RequestHandle* out_req);
-
- // Fetches the domain bound cert for the specified host if one exists.
- // Returns OK if successful, ERR_FILE_NOT_FOUND if none exists, or an error
- // code upon failure.
- //
- // On successful completion, |private_key| stores a DER-encoded
- // PrivateKeyInfo struct, and |cert| stores a DER-encoded certificate.
- // The PrivateKeyInfo is always an ECDSA private key.
- //
- // |callback| must not be null. ERR_IO_PENDING is returned if the operation
- // could not be completed immediately, in which case the result code will
- // be passed to the callback when available. If an in-flight
- // GetDomainBoundCert is pending, and a new GetOrCreateDomainBoundCert
- // request arrives for the same domain, the GetDomainBoundCert request will
- // not complete until a new cert is created.
- //
- // |*out_req| will be initialized with a handle to the async request. This
- // RequestHandle object must be cancelled or destroyed before the
- // ServerBoundCertService is destroyed.
int GetDomainBoundCert(
const std::string& host,
std::string* private_key,
@@ -168,29 +143,6 @@ class NET_EXPORT ServerBoundCertService
const std::string& private_key,
const std::string& cert);
- // Searches for an in-flight request for the same domain. If found,
- // attaches to the request and returns true. Returns false if no in-flight
- // request is found.
- bool JoinToInFlightRequest(const base::TimeTicks& request_start,
- const std::string& domain,
- std::string* private_key,
- std::string* cert,
- bool create_if_missing,
- const CompletionCallback& callback,
- RequestHandle* out_req);
-
- // Looks for the domain bound cert for |domain| in this service's store.
- // Returns OK if it can be found synchronously, ERR_IO_PENDING if the
- // result cannot be obtained synchronously, or a network error code on
- // failure (including failure to find a domain-bound cert of |domain|).
- int LookupDomainBoundCert(const base::TimeTicks& request_start,
- const std::string& domain,
- std::string* private_key,
- std::string* cert,
- bool create_if_missing,
- const CompletionCallback& callback,
- RequestHandle* out_req);
-
scoped_ptr<ServerBoundCertStore> server_bound_cert_store_;
scoped_refptr<base::TaskRunner> task_runner_;
diff --git a/chromium/net/ssl/server_bound_cert_service_unittest.cc b/chromium/net/ssl/server_bound_cert_service_unittest.cc
index b8ca1fa54d0..d7b8553b5ac 100644
--- a/chromium/net/ssl/server_bound_cert_service_unittest.cc
+++ b/chromium/net/ssl/server_bound_cert_service_unittest.cc
@@ -136,24 +136,6 @@ TEST_F(ServerBoundCertServiceTest, GetDomainForHost) {
// See http://crbug.com/91512 - implement OpenSSL version of CreateSelfSigned.
#if !defined(USE_OPENSSL)
-TEST_F(ServerBoundCertServiceTest, GetCacheMiss) {
- std::string host("encrypted.google.com");
-
- int error;
- TestCompletionCallback callback;
- ServerBoundCertService::RequestHandle request_handle;
-
- // Synchronous completion, because the store is initialized.
- std::string private_key, der_cert;
- EXPECT_EQ(0, service_->cert_count());
- error = service_->GetDomainBoundCert(
- host, &private_key, &der_cert, callback.callback(), &request_handle);
- EXPECT_EQ(ERR_FILE_NOT_FOUND, error);
- EXPECT_FALSE(request_handle.is_active());
- EXPECT_EQ(0, service_->cert_count());
- EXPECT_TRUE(der_cert.empty());
-}
-
TEST_F(ServerBoundCertServiceTest, CacheHit) {
std::string host("encrypted.google.com");
@@ -164,7 +146,7 @@ TEST_F(ServerBoundCertServiceTest, CacheHit) {
// Asynchronous completion.
std::string private_key_info1, der_cert1;
EXPECT_EQ(0, service_->cert_count());
- error = service_->GetOrCreateDomainBoundCert(
+ error = service_->GetDomainBoundCert(
host, &private_key_info1, &der_cert1,
callback.callback(), &request_handle);
EXPECT_EQ(ERR_IO_PENDING, error);
@@ -178,7 +160,7 @@ TEST_F(ServerBoundCertServiceTest, CacheHit) {
// Synchronous completion.
std::string private_key_info2, der_cert2;
- error = service_->GetOrCreateDomainBoundCert(
+ error = service_->GetDomainBoundCert(
host, &private_key_info2, &der_cert2,
callback.callback(), &request_handle);
EXPECT_FALSE(request_handle.is_active());
@@ -187,19 +169,8 @@ TEST_F(ServerBoundCertServiceTest, CacheHit) {
EXPECT_EQ(private_key_info1, private_key_info2);
EXPECT_EQ(der_cert1, der_cert2);
- // Synchronous get.
- std::string private_key_info3, der_cert3;
- error = service_->GetDomainBoundCert(
- host, &private_key_info3, &der_cert3, callback.callback(),
- &request_handle);
- EXPECT_FALSE(request_handle.is_active());
- EXPECT_EQ(OK, error);
- EXPECT_EQ(1, service_->cert_count());
- EXPECT_EQ(der_cert1, der_cert3);
- EXPECT_EQ(private_key_info1, private_key_info3);
-
- EXPECT_EQ(3u, service_->requests());
- EXPECT_EQ(2u, service_->cert_store_hits());
+ EXPECT_EQ(2u, service_->requests());
+ EXPECT_EQ(1u, service_->cert_store_hits());
EXPECT_EQ(0u, service_->inflight_joins());
}
@@ -211,7 +182,7 @@ TEST_F(ServerBoundCertServiceTest, StoreCerts) {
std::string host1("encrypted.google.com");
std::string private_key_info1, der_cert1;
EXPECT_EQ(0, service_->cert_count());
- error = service_->GetOrCreateDomainBoundCert(
+ error = service_->GetDomainBoundCert(
host1, &private_key_info1, &der_cert1,
callback.callback(), &request_handle);
EXPECT_EQ(ERR_IO_PENDING, error);
@@ -222,7 +193,7 @@ TEST_F(ServerBoundCertServiceTest, StoreCerts) {
std::string host2("www.verisign.com");
std::string private_key_info2, der_cert2;
- error = service_->GetOrCreateDomainBoundCert(
+ error = service_->GetDomainBoundCert(
host2, &private_key_info2, &der_cert2,
callback.callback(), &request_handle);
EXPECT_EQ(ERR_IO_PENDING, error);
@@ -233,7 +204,7 @@ TEST_F(ServerBoundCertServiceTest, StoreCerts) {
std::string host3("www.twitter.com");
std::string private_key_info3, der_cert3;
- error = service_->GetOrCreateDomainBoundCert(
+ error = service_->GetDomainBoundCert(
host3, &private_key_info3, &der_cert3,
callback.callback(), &request_handle);
EXPECT_EQ(ERR_IO_PENDING, error);
@@ -263,13 +234,13 @@ TEST_F(ServerBoundCertServiceTest, InflightJoin) {
TestCompletionCallback callback2;
ServerBoundCertService::RequestHandle request_handle2;
- error = service_->GetOrCreateDomainBoundCert(
+ error = service_->GetDomainBoundCert(
host, &private_key_info1, &der_cert1,
callback1.callback(), &request_handle1);
EXPECT_EQ(ERR_IO_PENDING, error);
EXPECT_TRUE(request_handle1.is_active());
// Should join with the original request.
- error = service_->GetOrCreateDomainBoundCert(
+ error = service_->GetDomainBoundCert(
host, &private_key_info2, &der_cert2,
callback2.callback(), &request_handle2);
EXPECT_EQ(ERR_IO_PENDING, error);
@@ -283,45 +254,6 @@ TEST_F(ServerBoundCertServiceTest, InflightJoin) {
EXPECT_EQ(2u, service_->requests());
EXPECT_EQ(0u, service_->cert_store_hits());
EXPECT_EQ(1u, service_->inflight_joins());
- EXPECT_EQ(1u, service_->workers_created());
-}
-
-// Tests an inflight join of a Get request to a GetOrCreate request.
-TEST_F(ServerBoundCertServiceTest, InflightJoinGetOrCreateAndGet) {
- std::string host("encrypted.google.com");
- int error;
-
- std::string private_key_info1, der_cert1;
- TestCompletionCallback callback1;
- ServerBoundCertService::RequestHandle request_handle1;
-
- std::string private_key_info2;
- std::string der_cert2;
- TestCompletionCallback callback2;
- ServerBoundCertService::RequestHandle request_handle2;
-
- error = service_->GetOrCreateDomainBoundCert(
- host, &private_key_info1, &der_cert1,
- callback1.callback(), &request_handle1);
- EXPECT_EQ(ERR_IO_PENDING, error);
- EXPECT_TRUE(request_handle1.is_active());
- // Should join with the original request.
- error = service_->GetDomainBoundCert(
- host, &private_key_info2, &der_cert2, callback2.callback(),
- &request_handle2);
- EXPECT_EQ(ERR_IO_PENDING, error);
- EXPECT_TRUE(request_handle2.is_active());
-
- error = callback1.WaitForResult();
- EXPECT_EQ(OK, error);
- error = callback2.WaitForResult();
- EXPECT_EQ(OK, error);
- EXPECT_EQ(der_cert1, der_cert2);
-
- EXPECT_EQ(2u, service_->requests());
- EXPECT_EQ(0u, service_->cert_store_hits());
- EXPECT_EQ(1u, service_->inflight_joins());
- EXPECT_EQ(1u, service_->workers_created());
}
TEST_F(ServerBoundCertServiceTest, ExtractValuesFromBytesEC) {
@@ -331,7 +263,7 @@ TEST_F(ServerBoundCertServiceTest, ExtractValuesFromBytesEC) {
TestCompletionCallback callback;
ServerBoundCertService::RequestHandle request_handle;
- error = service_->GetOrCreateDomainBoundCert(
+ error = service_->GetDomainBoundCert(
host, &private_key_info, &der_cert, callback.callback(),
&request_handle);
EXPECT_EQ(ERR_IO_PENDING, error);
@@ -365,11 +297,11 @@ TEST_F(ServerBoundCertServiceTest, CancelRequest) {
int error;
ServerBoundCertService::RequestHandle request_handle;
- error = service_->GetOrCreateDomainBoundCert(host,
- &private_key_info,
- &der_cert,
- base::Bind(&FailTest),
- &request_handle);
+ error = service_->GetDomainBoundCert(host,
+ &private_key_info,
+ &der_cert,
+ base::Bind(&FailTest),
+ &request_handle);
EXPECT_EQ(ERR_IO_PENDING, error);
EXPECT_TRUE(request_handle.is_active());
request_handle.Cancel();
@@ -394,11 +326,11 @@ TEST_F(ServerBoundCertServiceTest, CancelRequestByHandleDestruction) {
{
ServerBoundCertService::RequestHandle request_handle;
- error = service_->GetOrCreateDomainBoundCert(host,
- &private_key_info,
- &der_cert,
- base::Bind(&FailTest),
- &request_handle);
+ error = service_->GetDomainBoundCert(host,
+ &private_key_info,
+ &der_cert,
+ base::Bind(&FailTest),
+ &request_handle);
EXPECT_EQ(ERR_IO_PENDING, error);
EXPECT_TRUE(request_handle.is_active());
}
@@ -420,11 +352,11 @@ TEST_F(ServerBoundCertServiceTest, DestructionWithPendingRequest) {
int error;
ServerBoundCertService::RequestHandle request_handle;
- error = service_->GetOrCreateDomainBoundCert(host,
- &private_key_info,
- &der_cert,
- base::Bind(&FailTest),
- &request_handle);
+ error = service_->GetDomainBoundCert(host,
+ &private_key_info,
+ &der_cert,
+ base::Bind(&FailTest),
+ &request_handle);
EXPECT_EQ(ERR_IO_PENDING, error);
EXPECT_TRUE(request_handle.is_active());
@@ -459,11 +391,11 @@ TEST_F(ServerBoundCertServiceTest, RequestAfterPoolShutdown) {
int error;
ServerBoundCertService::RequestHandle request_handle;
- error = service_->GetOrCreateDomainBoundCert(host,
- &private_key_info,
- &der_cert,
- base::Bind(&FailTest),
- &request_handle);
+ error = service_->GetDomainBoundCert(host,
+ &private_key_info,
+ &der_cert,
+ base::Bind(&FailTest),
+ &request_handle);
// If we got here without crashing or a valgrind error, it worked.
ASSERT_EQ(ERR_INSUFFICIENT_RESOURCES, error);
EXPECT_FALSE(request_handle.is_active());
@@ -488,27 +420,27 @@ TEST_F(ServerBoundCertServiceTest, SimultaneousCreation) {
TestCompletionCallback callback3;
ServerBoundCertService::RequestHandle request_handle3;
- error = service_->GetOrCreateDomainBoundCert(host1,
- &private_key_info1,
- &der_cert1,
- callback1.callback(),
- &request_handle1);
+ error = service_->GetDomainBoundCert(host1,
+ &private_key_info1,
+ &der_cert1,
+ callback1.callback(),
+ &request_handle1);
EXPECT_EQ(ERR_IO_PENDING, error);
EXPECT_TRUE(request_handle1.is_active());
- error = service_->GetOrCreateDomainBoundCert(host2,
- &private_key_info2,
- &der_cert2,
- callback2.callback(),
- &request_handle2);
+ error = service_->GetDomainBoundCert(host2,
+ &private_key_info2,
+ &der_cert2,
+ callback2.callback(),
+ &request_handle2);
EXPECT_EQ(ERR_IO_PENDING, error);
EXPECT_TRUE(request_handle2.is_active());
- error = service_->GetOrCreateDomainBoundCert(host3,
- &private_key_info3,
- &der_cert3,
- callback3.callback(),
- &request_handle3);
+ error = service_->GetDomainBoundCert(host3,
+ &private_key_info3,
+ &der_cert3,
+ callback3.callback(),
+ &request_handle3);
EXPECT_EQ(ERR_IO_PENDING, error);
EXPECT_TRUE(request_handle3.is_active());
@@ -560,7 +492,7 @@ TEST_F(ServerBoundCertServiceTest, Expiration) {
// Cert is valid - synchronous completion.
std::string private_key_info1, der_cert1;
- error = service_->GetOrCreateDomainBoundCert(
+ error = service_->GetDomainBoundCert(
"good", &private_key_info1, &der_cert1,
callback.callback(), &request_handle);
EXPECT_EQ(OK, error);
@@ -571,7 +503,7 @@ TEST_F(ServerBoundCertServiceTest, Expiration) {
// Expired cert is valid as well - synchronous completion.
std::string private_key_info2, der_cert2;
- error = service_->GetOrCreateDomainBoundCert(
+ error = service_->GetDomainBoundCert(
"expired", &private_key_info2, &der_cert2,
callback.callback(), &request_handle);
EXPECT_EQ(OK, error);
@@ -581,7 +513,7 @@ TEST_F(ServerBoundCertServiceTest, Expiration) {
EXPECT_STREQ("d", der_cert2.c_str());
}
-TEST_F(ServerBoundCertServiceTest, AsyncStoreGetOrCreateNoCertsInStore) {
+TEST_F(ServerBoundCertServiceTest, AsyncStoreGetNoCertsInStore) {
MockServerBoundCertStoreWithAsyncGet* mock_store =
new MockServerBoundCertStoreWithAsyncGet();
service_ = scoped_ptr<ServerBoundCertService>(
@@ -596,7 +528,7 @@ TEST_F(ServerBoundCertServiceTest, AsyncStoreGetOrCreateNoCertsInStore) {
// Asynchronous completion with no certs in the store.
std::string private_key_info, der_cert;
EXPECT_EQ(0, service_->cert_count());
- error = service_->GetOrCreateDomainBoundCert(
+ error = service_->GetDomainBoundCert(
host, &private_key_info, &der_cert, callback.callback(), &request_handle);
EXPECT_EQ(ERR_IO_PENDING, error);
EXPECT_TRUE(request_handle.is_active());
@@ -612,38 +544,7 @@ TEST_F(ServerBoundCertServiceTest, AsyncStoreGetOrCreateNoCertsInStore) {
EXPECT_FALSE(request_handle.is_active());
}
-TEST_F(ServerBoundCertServiceTest, AsyncStoreGetNoCertsInStore) {
- MockServerBoundCertStoreWithAsyncGet* mock_store =
- new MockServerBoundCertStoreWithAsyncGet();
- service_ = scoped_ptr<ServerBoundCertService>(
- new ServerBoundCertService(mock_store, sequenced_worker_pool_));
-
- std::string host("encrypted.google.com");
-
- int error;
- TestCompletionCallback callback;
- ServerBoundCertService::RequestHandle request_handle;
-
- // Asynchronous completion with no certs in the store.
- std::string private_key, der_cert;
- EXPECT_EQ(0, service_->cert_count());
- error = service_->GetDomainBoundCert(
- host, &private_key, &der_cert, callback.callback(), &request_handle);
- EXPECT_EQ(ERR_IO_PENDING, error);
- EXPECT_TRUE(request_handle.is_active());
-
- mock_store->CallGetServerBoundCertCallbackWithResult(
- ERR_FILE_NOT_FOUND, base::Time(), std::string(), std::string());
-
- error = callback.WaitForResult();
- EXPECT_EQ(ERR_FILE_NOT_FOUND, error);
- EXPECT_EQ(0, service_->cert_count());
- EXPECT_EQ(0u, service_->workers_created());
- EXPECT_TRUE(der_cert.empty());
- EXPECT_FALSE(request_handle.is_active());
-}
-
-TEST_F(ServerBoundCertServiceTest, AsyncStoreGetOrCreateOneCertInStore) {
+TEST_F(ServerBoundCertServiceTest, AsyncStoreGetOneCertInStore) {
MockServerBoundCertStoreWithAsyncGet* mock_store =
new MockServerBoundCertStoreWithAsyncGet();
service_ = scoped_ptr<ServerBoundCertService>(
@@ -658,7 +559,7 @@ TEST_F(ServerBoundCertServiceTest, AsyncStoreGetOrCreateOneCertInStore) {
// Asynchronous completion with a cert in the store.
std::string private_key_info, der_cert;
EXPECT_EQ(0, service_->cert_count());
- error = service_->GetOrCreateDomainBoundCert(
+ error = service_->GetDomainBoundCert(
host, &private_key_info, &der_cert, callback.callback(), &request_handle);
EXPECT_EQ(ERR_IO_PENDING, error);
EXPECT_TRUE(request_handle.is_active());
@@ -679,94 +580,6 @@ TEST_F(ServerBoundCertServiceTest, AsyncStoreGetOrCreateOneCertInStore) {
EXPECT_FALSE(request_handle.is_active());
}
-TEST_F(ServerBoundCertServiceTest, AsyncStoreGetOneCertInStore) {
- MockServerBoundCertStoreWithAsyncGet* mock_store =
- new MockServerBoundCertStoreWithAsyncGet();
- service_ = scoped_ptr<ServerBoundCertService>(
- new ServerBoundCertService(mock_store, sequenced_worker_pool_));
-
- std::string host("encrypted.google.com");
-
- int error;
- TestCompletionCallback callback;
- ServerBoundCertService::RequestHandle request_handle;
-
- // Asynchronous completion with a cert in the store.
- std::string private_key, der_cert;
- EXPECT_EQ(0, service_->cert_count());
- error = service_->GetDomainBoundCert(
- host, &private_key, &der_cert, callback.callback(), &request_handle);
- EXPECT_EQ(ERR_IO_PENDING, error);
- EXPECT_TRUE(request_handle.is_active());
-
- mock_store->CallGetServerBoundCertCallbackWithResult(
- OK, base::Time(), "ab", "cd");
-
- error = callback.WaitForResult();
- EXPECT_EQ(OK, error);
- EXPECT_EQ(1, service_->cert_count());
- EXPECT_EQ(1u, service_->requests());
- EXPECT_EQ(1u, service_->cert_store_hits());
- // Because the cert was found in the store, no new workers should have been
- // created.
- EXPECT_EQ(0u, service_->workers_created());
- EXPECT_STREQ("cd", der_cert.c_str());
- EXPECT_FALSE(request_handle.is_active());
-}
-
-TEST_F(ServerBoundCertServiceTest, AsyncStoreGetThenCreateNoCertsInStore) {
- MockServerBoundCertStoreWithAsyncGet* mock_store =
- new MockServerBoundCertStoreWithAsyncGet();
- service_ = scoped_ptr<ServerBoundCertService>(
- new ServerBoundCertService(mock_store, sequenced_worker_pool_));
-
- std::string host("encrypted.google.com");
-
- int error;
-
- // Asynchronous get with no certs in the store.
- TestCompletionCallback callback1;
- ServerBoundCertService::RequestHandle request_handle1;
- std::string private_key1, der_cert1;
- EXPECT_EQ(0, service_->cert_count());
- error = service_->GetDomainBoundCert(
- host, &private_key1, &der_cert1, callback1.callback(), &request_handle1);
- EXPECT_EQ(ERR_IO_PENDING, error);
- EXPECT_TRUE(request_handle1.is_active());
-
- // Asynchronous get/create with no certs in the store.
- TestCompletionCallback callback2;
- ServerBoundCertService::RequestHandle request_handle2;
- std::string private_key2, der_cert2;
- EXPECT_EQ(0, service_->cert_count());
- error = service_->GetOrCreateDomainBoundCert(
- host, &private_key2, &der_cert2, callback2.callback(), &request_handle2);
- EXPECT_EQ(ERR_IO_PENDING, error);
- EXPECT_TRUE(request_handle2.is_active());
-
- mock_store->CallGetServerBoundCertCallbackWithResult(
- ERR_FILE_NOT_FOUND, base::Time(), std::string(), std::string());
-
- // Even though the first request didn't ask to create a cert, it gets joined
- // by the second, which does, so both succeed.
- error = callback1.WaitForResult();
- EXPECT_EQ(OK, error);
- error = callback2.WaitForResult();
- EXPECT_EQ(OK, error);
-
- // One cert is created, one request is joined.
- EXPECT_EQ(2U, service_->requests());
- EXPECT_EQ(1, service_->cert_count());
- EXPECT_EQ(1u, service_->workers_created());
- EXPECT_EQ(1u, service_->inflight_joins());
- EXPECT_FALSE(der_cert1.empty());
- EXPECT_EQ(der_cert1, der_cert2);
- EXPECT_FALSE(private_key1.empty());
- EXPECT_EQ(private_key1, private_key2);
- EXPECT_FALSE(request_handle1.is_active());
- EXPECT_FALSE(request_handle2.is_active());
-}
-
#endif // !defined(USE_OPENSSL)
} // namespace
diff --git a/chromium/net/ssl/ssl_config_service.cc b/chromium/net/ssl/ssl_config_service.cc
index a2c34a26852..265b43c10e5 100644
--- a/chromium/net/ssl/ssl_config_service.cc
+++ b/chromium/net/ssl/ssl_config_service.cc
@@ -42,7 +42,7 @@ SSLConfig::SSLConfig()
version_max(g_default_version_max),
cached_info_enabled(false),
channel_id_enabled(true),
- false_start_enabled(true),
+ false_start_enabled(false),
unrestricted_ssl3_fallback_enabled(false),
send_client_cert(false),
verify_ev_cert(false),
View Lorry Controller Status