Google Git
Sign in
android / platform / external / chromium_org / 3551c9c / . / content / browser / cert_store_impl.cc
blob: e7fc1d24060f52a1a3865a2a23d90db0f415fbd6 [file] [log] [blame]
// Copyright (c) 2012 The Chromium Authors. All rights reserved.
// Use of this source code is governed by a BSD-style license that can be
// found in the LICENSE file.
#include "content/browser/cert_store_impl.h"
#include <algorithm>
#include <functional>
#include "base/bind.h"
#include "base/stl_util.h"
#include "content/browser/renderer_host/render_process_host_impl.h"
#include "content/browser/renderer_host/render_view_host_impl.h"
#include "content/public/browser/browser_thread.h"
#include "content/public/browser/notification_service.h"
#include "content/public/browser/notification_types.h"
template <typename T>
struct MatchSecond {
explicit MatchSecond(const T& t) : value(t) {}
template<typename Pair>
bool operator()(const Pair& p) const {
return (value == p.second);
}
T value;
};
namespace content {
// static
CertStore* CertStore::GetInstance() {
return CertStoreImpl::GetInstance();
}
// static
CertStoreImpl* CertStoreImpl::GetInstance() {
return Singleton<CertStoreImpl>::get();
}
CertStoreImpl::CertStoreImpl() : next_cert_id_(1) {
if (BrowserThread::CurrentlyOn(BrowserThread::UI)) {
RegisterForNotification();
} else {
BrowserThread::PostTask(
BrowserThread::UI, FROM_HERE,
base::Bind(&CertStoreImpl::RegisterForNotification,
base::Unretained(this)));
}
}
CertStoreImpl::~CertStoreImpl() {
}
void CertStoreImpl::RegisterForNotification() {
// We watch for RenderProcess termination, as this is how we clear
// certificates for now.
// TODO(jcampan): we should be listening to events such as resource cached/
// removed from cache, and remove the cert when we know it
// is not used anymore.
registrar_.Add(this, NOTIFICATION_RENDERER_PROCESS_TERMINATED,
NotificationService::AllBrowserContextsAndSources());
registrar_.Add(this, NOTIFICATION_RENDERER_PROCESS_CLOSED,
NotificationService::AllBrowserContextsAndSources());
}
int CertStoreImpl::StoreCert(net::X509Certificate* cert, int process_id) {
DCHECK(cert);
base::AutoLock auto_lock(cert_lock_);
int cert_id;
// Do we already know this cert?
ReverseCertMap::iterator cert_iter = cert_to_id_.find(cert);
if (cert_iter == cert_to_id_.end()) {
cert_id = next_cert_id_++;
// We use 0 as an invalid cert_id value. In the unlikely event that
// next_cert_id_ wraps around, we reset it to 1.
if (next_cert_id_ == 0)
next_cert_id_ = 1;
cert->AddRef();
id_to_cert_[cert_id] = cert;
cert_to_id_[cert] = cert_id;
} else {
cert_id = cert_iter->second;
}
// Let's update process_id_to_cert_id_.
std::pair<IDMap::iterator, IDMap::iterator> process_ids =
process_id_to_cert_id_.equal_range(process_id);
if (std::find_if(process_ids.first, process_ids.second,
MatchSecond<int>(cert_id)) == process_ids.second) {
process_id_to_cert_id_.insert(std::make_pair(process_id, cert_id));
}
// And cert_id_to_process_id_.
std::pair<IDMap::iterator, IDMap::iterator> cert_ids =
cert_id_to_process_id_.equal_range(cert_id);
if (std::find_if(cert_ids.first, cert_ids.second,
MatchSecond<int>(process_id)) == cert_ids.second) {
cert_id_to_process_id_.insert(std::make_pair(cert_id, process_id));
}
return cert_id;
}
bool CertStoreImpl::RetrieveCert(int cert_id,
scoped_refptr<net::X509Certificate>* cert) {
base::AutoLock auto_lock(cert_lock_);
CertMap::iterator iter = id_to_cert_.find(cert_id);
if (iter == id_to_cert_.end())
return false;
if (cert)
*cert = iter->second;
return true;
}
void CertStoreImpl::RemoveCertInternal(int cert_id) {
CertMap::iterator cert_iter = id_to_cert_.find(cert_id);
DCHECK(cert_iter != id_to_cert_.end());
ReverseCertMap::iterator id_iter = cert_to_id_.find(cert_iter->second.get());
DCHECK(id_iter != cert_to_id_.end());
cert_to_id_.erase(id_iter);
cert_iter->second->Release();
id_to_cert_.erase(cert_iter);
}
void CertStoreImpl::RemoveCertsForRenderProcesHost(int process_id) {
base::AutoLock auto_lock(cert_lock_);
// We iterate through all the cert ids for that process.
std::pair<IDMap::iterator, IDMap::iterator> process_ids =
process_id_to_cert_id_.equal_range(process_id);
for (IDMap::iterator ids_iter = process_ids.first;
ids_iter != process_ids.second; ++ids_iter) {
int cert_id = ids_iter->second;
// Find all the processes referring to this cert id in
// cert_id_to_process_id_, then locate the process being removed within
// that range.
std::pair<IDMap::iterator, IDMap::iterator> cert_ids =
cert_id_to_process_id_.equal_range(cert_id);
IDMap::iterator proc_iter =
std::find_if(cert_ids.first, cert_ids.second,
MatchSecond<int>(process_id));
DCHECK(proc_iter != cert_ids.second);
// Before removing, determine if no other processes refer to the current
// cert id. If |proc_iter| (the current process) is the lower bound of
// processes containing the current cert id and if |next_proc_iter| is the
// upper bound (the first process that does not), then only one process,
// the one being removed, refers to the cert id.
IDMap::iterator next_proc_iter = proc_iter;
++next_proc_iter;
bool last_process_for_cert_id =
(proc_iter == cert_ids.first && next_proc_iter == cert_ids.second);
cert_id_to_process_id_.erase(proc_iter);
if (last_process_for_cert_id) {
// The current cert id is not referenced by any other processes, so
// remove it from id_to_cert_ and cert_to_id_.
RemoveCertInternal(cert_id);
}
}
if (process_ids.first != process_ids.second)
process_id_to_cert_id_.erase(process_ids.first, process_ids.second);
}
void CertStoreImpl::Observe(int type,
const NotificationSource& source,
const NotificationDetails& details) {
DCHECK(type == NOTIFICATION_RENDERER_PROCESS_TERMINATED ||
type == NOTIFICATION_RENDERER_PROCESS_CLOSED);
RenderProcessHost* rph = Source<RenderProcessHost>(source).ptr();
DCHECK(rph);
RemoveCertsForRenderProcesHost(rph->GetID());
}
} // namespace content