1ddb351dbec246cf1fab5ec20d2d5520909041de1Kristian Monsen// Copyright (c) 2011 The Chromium Authors. All rights reserved. 2c7f5f8508d98d5952d42ed7648c2a8f30a4da156Patrick Scott// Use of this source code is governed by a BSD-style license that can be 3c7f5f8508d98d5952d42ed7648c2a8f30a4da156Patrick Scott// found in the LICENSE file. 4c7f5f8508d98d5952d42ed7648c2a8f30a4da156Patrick Scott 5c7f5f8508d98d5952d42ed7648c2a8f30a4da156Patrick Scott#ifndef NET_BASE_CERT_VERIFIER_H_ 6c7f5f8508d98d5952d42ed7648c2a8f30a4da156Patrick Scott#define NET_BASE_CERT_VERIFIER_H_ 73345a6884c488ff3a535c2c9acdd33d74b37e311Iain Merrick#pragma once 8c7f5f8508d98d5952d42ed7648c2a8f30a4da156Patrick Scott 921d179b334e59e9a3bfcaed4c4430bef1bc5759dKristian Monsen#include <map> 10c7f5f8508d98d5952d42ed7648c2a8f30a4da156Patrick Scott#include <string> 11c7f5f8508d98d5952d42ed7648c2a8f30a4da156Patrick Scott 12c7f5f8508d98d5952d42ed7648c2a8f30a4da156Patrick Scott#include "base/basictypes.h" 13ddb351dbec246cf1fab5ec20d2d5520909041de1Kristian Monsen#include "base/memory/scoped_ptr.h" 143f50c38dc070f4bb515c1b64450dae14f316474eKristian Monsen#include "base/threading/non_thread_safe.h" 1521d179b334e59e9a3bfcaed4c4430bef1bc5759dKristian Monsen#include "base/time.h" 16ddb351dbec246cf1fab5ec20d2d5520909041de1Kristian Monsen#include "net/base/cert_database.h" 1721d179b334e59e9a3bfcaed4c4430bef1bc5759dKristian Monsen#include "net/base/cert_verify_result.h" 18c7f5f8508d98d5952d42ed7648c2a8f30a4da156Patrick Scott#include "net/base/completion_callback.h" 192557749644f9d25af9721533322db19197c49b49Kristian Monsen#include "net/base/net_export.h" 2021d179b334e59e9a3bfcaed4c4430bef1bc5759dKristian Monsen#include "net/base/x509_cert_types.h" 21c7f5f8508d98d5952d42ed7648c2a8f30a4da156Patrick Scott 22c7f5f8508d98d5952d42ed7648c2a8f30a4da156Patrick Scottnamespace net { 23c7f5f8508d98d5952d42ed7648c2a8f30a4da156Patrick Scott 2421d179b334e59e9a3bfcaed4c4430bef1bc5759dKristian Monsenclass CertVerifierJob; 2521d179b334e59e9a3bfcaed4c4430bef1bc5759dKristian Monsenclass CertVerifierWorker; 26c7f5f8508d98d5952d42ed7648c2a8f30a4da156Patrick Scottclass X509Certificate; 27c7f5f8508d98d5952d42ed7648c2a8f30a4da156Patrick Scott 2821d179b334e59e9a3bfcaed4c4430bef1bc5759dKristian Monsen// CachedCertVerifyResult contains the result of a certificate verification. 2921d179b334e59e9a3bfcaed4c4430bef1bc5759dKristian Monsenstruct CachedCertVerifyResult { 3021d179b334e59e9a3bfcaed4c4430bef1bc5759dKristian Monsen CachedCertVerifyResult(); 3121d179b334e59e9a3bfcaed4c4430bef1bc5759dKristian Monsen ~CachedCertVerifyResult(); 3221d179b334e59e9a3bfcaed4c4430bef1bc5759dKristian Monsen 3372a454cd3513ac24fbdd0e0cb9ad70b86a99b801Kristian Monsen // Returns true if |current_time| is greater than or equal to |expiry|. 3472a454cd3513ac24fbdd0e0cb9ad70b86a99b801Kristian Monsen bool HasExpired(base::Time current_time) const; 3572a454cd3513ac24fbdd0e0cb9ad70b86a99b801Kristian Monsen 3621d179b334e59e9a3bfcaed4c4430bef1bc5759dKristian Monsen int error; // The return value of CertVerifier::Verify. 3721d179b334e59e9a3bfcaed4c4430bef1bc5759dKristian Monsen CertVerifyResult result; // The output of CertVerifier::Verify. 3821d179b334e59e9a3bfcaed4c4430bef1bc5759dKristian Monsen 3921d179b334e59e9a3bfcaed4c4430bef1bc5759dKristian Monsen // The time at which the certificate verification result expires. 4021d179b334e59e9a3bfcaed4c4430bef1bc5759dKristian Monsen base::Time expiry; 4121d179b334e59e9a3bfcaed4c4430bef1bc5759dKristian Monsen}; 4221d179b334e59e9a3bfcaed4c4430bef1bc5759dKristian Monsen 4321d179b334e59e9a3bfcaed4c4430bef1bc5759dKristian Monsen// CertVerifier represents a service for verifying certificates. 44c7f5f8508d98d5952d42ed7648c2a8f30a4da156Patrick Scott// 4521d179b334e59e9a3bfcaed4c4430bef1bc5759dKristian Monsen// CertVerifier can handle multiple requests at a time, so when canceling a 4621d179b334e59e9a3bfcaed4c4430bef1bc5759dKristian Monsen// request the RequestHandle that was returned by Verify() needs to be 4721d179b334e59e9a3bfcaed4c4430bef1bc5759dKristian Monsen// given. A simpler alternative for consumers that only have 1 outstanding 4821d179b334e59e9a3bfcaed4c4430bef1bc5759dKristian Monsen// request at a time is to create a SingleRequestCertVerifier wrapper around 4921d179b334e59e9a3bfcaed4c4430bef1bc5759dKristian Monsen// CertVerifier (which will automatically cancel the single request when it 5021d179b334e59e9a3bfcaed4c4430bef1bc5759dKristian Monsen// goes out of scope). 512557749644f9d25af9721533322db19197c49b49Kristian Monsenclass NET_EXPORT CertVerifier : public base::NonThreadSafe, 52ddb351dbec246cf1fab5ec20d2d5520909041de1Kristian Monsen public CertDatabase::Observer { 53c7f5f8508d98d5952d42ed7648c2a8f30a4da156Patrick Scott public: 5421d179b334e59e9a3bfcaed4c4430bef1bc5759dKristian Monsen // Opaque type used to cancel a request. 5521d179b334e59e9a3bfcaed4c4430bef1bc5759dKristian Monsen typedef void* RequestHandle; 5621d179b334e59e9a3bfcaed4c4430bef1bc5759dKristian Monsen 5721d179b334e59e9a3bfcaed4c4430bef1bc5759dKristian Monsen // CertVerifier must not call base::Time::Now() directly. It must call 5821d179b334e59e9a3bfcaed4c4430bef1bc5759dKristian Monsen // time_service_->Now(). This allows unit tests to mock the current time. 5921d179b334e59e9a3bfcaed4c4430bef1bc5759dKristian Monsen class TimeService { 6021d179b334e59e9a3bfcaed4c4430bef1bc5759dKristian Monsen public: 6121d179b334e59e9a3bfcaed4c4430bef1bc5759dKristian Monsen virtual ~TimeService() {} 6221d179b334e59e9a3bfcaed4c4430bef1bc5759dKristian Monsen 6321d179b334e59e9a3bfcaed4c4430bef1bc5759dKristian Monsen virtual base::Time Now() = 0; 6421d179b334e59e9a3bfcaed4c4430bef1bc5759dKristian Monsen }; 6521d179b334e59e9a3bfcaed4c4430bef1bc5759dKristian Monsen 66c7f5f8508d98d5952d42ed7648c2a8f30a4da156Patrick Scott CertVerifier(); 67c7f5f8508d98d5952d42ed7648c2a8f30a4da156Patrick Scott 6821d179b334e59e9a3bfcaed4c4430bef1bc5759dKristian Monsen // Used by unit tests to mock the current time. Takes ownership of 6921d179b334e59e9a3bfcaed4c4430bef1bc5759dKristian Monsen // |time_service|. 7021d179b334e59e9a3bfcaed4c4430bef1bc5759dKristian Monsen explicit CertVerifier(TimeService* time_service); 7121d179b334e59e9a3bfcaed4c4430bef1bc5759dKristian Monsen 7221d179b334e59e9a3bfcaed4c4430bef1bc5759dKristian Monsen // When the verifier is destroyed, all certificate verifications requests are 7321d179b334e59e9a3bfcaed4c4430bef1bc5759dKristian Monsen // canceled, and their completion callbacks will not be called. 74c7f5f8508d98d5952d42ed7648c2a8f30a4da156Patrick Scott ~CertVerifier(); 75c7f5f8508d98d5952d42ed7648c2a8f30a4da156Patrick Scott 76c7f5f8508d98d5952d42ed7648c2a8f30a4da156Patrick Scott // Verifies the given certificate against the given hostname. Returns OK if 77c7f5f8508d98d5952d42ed7648c2a8f30a4da156Patrick Scott // successful or an error code upon failure. 78c7f5f8508d98d5952d42ed7648c2a8f30a4da156Patrick Scott // 79c7f5f8508d98d5952d42ed7648c2a8f30a4da156Patrick Scott // The |*verify_result| structure, including the |verify_result->cert_status| 80c7f5f8508d98d5952d42ed7648c2a8f30a4da156Patrick Scott // bitmask, is always filled out regardless of the return value. If the 81c7f5f8508d98d5952d42ed7648c2a8f30a4da156Patrick Scott // certificate has multiple errors, the corresponding status flags are set in 82c7f5f8508d98d5952d42ed7648c2a8f30a4da156Patrick Scott // |verify_result->cert_status|, and the error code for the most serious 83c7f5f8508d98d5952d42ed7648c2a8f30a4da156Patrick Scott // error is returned. 84c7f5f8508d98d5952d42ed7648c2a8f30a4da156Patrick Scott // 85c7f5f8508d98d5952d42ed7648c2a8f30a4da156Patrick Scott // |flags| is bitwise OR'd of X509Certificate::VerifyFlags. 86c7f5f8508d98d5952d42ed7648c2a8f30a4da156Patrick Scott // If VERIFY_REV_CHECKING_ENABLED is set in |flags|, certificate revocation 87c7f5f8508d98d5952d42ed7648c2a8f30a4da156Patrick Scott // checking is performed. 88c7f5f8508d98d5952d42ed7648c2a8f30a4da156Patrick Scott // 89c7f5f8508d98d5952d42ed7648c2a8f30a4da156Patrick Scott // If VERIFY_EV_CERT is set in |flags| too, EV certificate verification is 90c7f5f8508d98d5952d42ed7648c2a8f30a4da156Patrick Scott // performed. If |flags| is VERIFY_EV_CERT (that is, 91c7f5f8508d98d5952d42ed7648c2a8f30a4da156Patrick Scott // VERIFY_REV_CHECKING_ENABLED is not set), EV certificate verification will 92c7f5f8508d98d5952d42ed7648c2a8f30a4da156Patrick Scott // not be performed. 93c7f5f8508d98d5952d42ed7648c2a8f30a4da156Patrick Scott // 9421d179b334e59e9a3bfcaed4c4430bef1bc5759dKristian Monsen // |callback| must not be null. ERR_IO_PENDING is returned if the operation 95c7f5f8508d98d5952d42ed7648c2a8f30a4da156Patrick Scott // could not be completed synchronously, in which case the result code will 96c7f5f8508d98d5952d42ed7648c2a8f30a4da156Patrick Scott // be passed to the callback when available. 97c7f5f8508d98d5952d42ed7648c2a8f30a4da156Patrick Scott // 9821d179b334e59e9a3bfcaed4c4430bef1bc5759dKristian Monsen // If |out_req| is non-NULL, then |*out_req| will be filled with a handle to 9921d179b334e59e9a3bfcaed4c4430bef1bc5759dKristian Monsen // the async request. This handle is not valid after the request has 10021d179b334e59e9a3bfcaed4c4430bef1bc5759dKristian Monsen // completed. 10121d179b334e59e9a3bfcaed4c4430bef1bc5759dKristian Monsen int Verify(X509Certificate* cert, 10221d179b334e59e9a3bfcaed4c4430bef1bc5759dKristian Monsen const std::string& hostname, 10321d179b334e59e9a3bfcaed4c4430bef1bc5759dKristian Monsen int flags, 10421d179b334e59e9a3bfcaed4c4430bef1bc5759dKristian Monsen CertVerifyResult* verify_result, 10521d179b334e59e9a3bfcaed4c4430bef1bc5759dKristian Monsen CompletionCallback* callback, 10621d179b334e59e9a3bfcaed4c4430bef1bc5759dKristian Monsen RequestHandle* out_req); 10721d179b334e59e9a3bfcaed4c4430bef1bc5759dKristian Monsen 10821d179b334e59e9a3bfcaed4c4430bef1bc5759dKristian Monsen // Cancels the specified request. |req| is the handle returned by Verify(). 10921d179b334e59e9a3bfcaed4c4430bef1bc5759dKristian Monsen // After a request is canceled, its completion callback will not be called. 11021d179b334e59e9a3bfcaed4c4430bef1bc5759dKristian Monsen void CancelRequest(RequestHandle req); 11121d179b334e59e9a3bfcaed4c4430bef1bc5759dKristian Monsen 11221d179b334e59e9a3bfcaed4c4430bef1bc5759dKristian Monsen // Clears the verification result cache. 11321d179b334e59e9a3bfcaed4c4430bef1bc5759dKristian Monsen void ClearCache(); 11421d179b334e59e9a3bfcaed4c4430bef1bc5759dKristian Monsen 11521d179b334e59e9a3bfcaed4c4430bef1bc5759dKristian Monsen size_t GetCacheSize() const; 11621d179b334e59e9a3bfcaed4c4430bef1bc5759dKristian Monsen 11721d179b334e59e9a3bfcaed4c4430bef1bc5759dKristian Monsen uint64 requests() const { return requests_; } 11821d179b334e59e9a3bfcaed4c4430bef1bc5759dKristian Monsen uint64 cache_hits() const { return cache_hits_; } 11921d179b334e59e9a3bfcaed4c4430bef1bc5759dKristian Monsen uint64 inflight_joins() const { return inflight_joins_; } 120c7f5f8508d98d5952d42ed7648c2a8f30a4da156Patrick Scott 121c7f5f8508d98d5952d42ed7648c2a8f30a4da156Patrick Scott private: 12221d179b334e59e9a3bfcaed4c4430bef1bc5759dKristian Monsen friend class CertVerifierWorker; // Calls HandleResult. 12321d179b334e59e9a3bfcaed4c4430bef1bc5759dKristian Monsen 12421d179b334e59e9a3bfcaed4c4430bef1bc5759dKristian Monsen // Input parameters of a certificate verification request. 12521d179b334e59e9a3bfcaed4c4430bef1bc5759dKristian Monsen struct RequestParams { 12621d179b334e59e9a3bfcaed4c4430bef1bc5759dKristian Monsen bool operator==(const RequestParams& other) const { 12721d179b334e59e9a3bfcaed4c4430bef1bc5759dKristian Monsen // |flags| is compared before |cert_fingerprint| and |hostname| under 12821d179b334e59e9a3bfcaed4c4430bef1bc5759dKristian Monsen // assumption that integer comparisons are faster than memory and string 12921d179b334e59e9a3bfcaed4c4430bef1bc5759dKristian Monsen // comparisons. 13021d179b334e59e9a3bfcaed4c4430bef1bc5759dKristian Monsen return (flags == other.flags && 13121d179b334e59e9a3bfcaed4c4430bef1bc5759dKristian Monsen memcmp(cert_fingerprint.data, other.cert_fingerprint.data, 13221d179b334e59e9a3bfcaed4c4430bef1bc5759dKristian Monsen sizeof(cert_fingerprint.data)) == 0 && 13321d179b334e59e9a3bfcaed4c4430bef1bc5759dKristian Monsen hostname == other.hostname); 13421d179b334e59e9a3bfcaed4c4430bef1bc5759dKristian Monsen } 13521d179b334e59e9a3bfcaed4c4430bef1bc5759dKristian Monsen 13621d179b334e59e9a3bfcaed4c4430bef1bc5759dKristian Monsen bool operator<(const RequestParams& other) const { 13721d179b334e59e9a3bfcaed4c4430bef1bc5759dKristian Monsen // |flags| is compared before |cert_fingerprint| and |hostname| under 13821d179b334e59e9a3bfcaed4c4430bef1bc5759dKristian Monsen // assumption that integer comparisons are faster than memory and string 13921d179b334e59e9a3bfcaed4c4430bef1bc5759dKristian Monsen // comparisons. 14021d179b334e59e9a3bfcaed4c4430bef1bc5759dKristian Monsen if (flags != other.flags) 14121d179b334e59e9a3bfcaed4c4430bef1bc5759dKristian Monsen return flags < other.flags; 14221d179b334e59e9a3bfcaed4c4430bef1bc5759dKristian Monsen int rv = memcmp(cert_fingerprint.data, other.cert_fingerprint.data, 14321d179b334e59e9a3bfcaed4c4430bef1bc5759dKristian Monsen sizeof(cert_fingerprint.data)); 14421d179b334e59e9a3bfcaed4c4430bef1bc5759dKristian Monsen if (rv != 0) 14521d179b334e59e9a3bfcaed4c4430bef1bc5759dKristian Monsen return rv < 0; 14621d179b334e59e9a3bfcaed4c4430bef1bc5759dKristian Monsen return hostname < other.hostname; 14721d179b334e59e9a3bfcaed4c4430bef1bc5759dKristian Monsen } 14821d179b334e59e9a3bfcaed4c4430bef1bc5759dKristian Monsen 14921d179b334e59e9a3bfcaed4c4430bef1bc5759dKristian Monsen SHA1Fingerprint cert_fingerprint; 15021d179b334e59e9a3bfcaed4c4430bef1bc5759dKristian Monsen std::string hostname; 15121d179b334e59e9a3bfcaed4c4430bef1bc5759dKristian Monsen int flags; 15221d179b334e59e9a3bfcaed4c4430bef1bc5759dKristian Monsen }; 15321d179b334e59e9a3bfcaed4c4430bef1bc5759dKristian Monsen 15421d179b334e59e9a3bfcaed4c4430bef1bc5759dKristian Monsen void HandleResult(X509Certificate* cert, 15521d179b334e59e9a3bfcaed4c4430bef1bc5759dKristian Monsen const std::string& hostname, 15621d179b334e59e9a3bfcaed4c4430bef1bc5759dKristian Monsen int flags, 15721d179b334e59e9a3bfcaed4c4430bef1bc5759dKristian Monsen int error, 15821d179b334e59e9a3bfcaed4c4430bef1bc5759dKristian Monsen const CertVerifyResult& verify_result); 15921d179b334e59e9a3bfcaed4c4430bef1bc5759dKristian Monsen 160ddb351dbec246cf1fab5ec20d2d5520909041de1Kristian Monsen // CertDatabase::Observer methods: 161ddb351dbec246cf1fab5ec20d2d5520909041de1Kristian Monsen virtual void OnCertTrustChanged(const X509Certificate* cert); 162ddb351dbec246cf1fab5ec20d2d5520909041de1Kristian Monsen 16321d179b334e59e9a3bfcaed4c4430bef1bc5759dKristian Monsen // cache_ maps from a request to a cached result. The cached result may 16421d179b334e59e9a3bfcaed4c4430bef1bc5759dKristian Monsen // have expired and the size of |cache_| must be <= kMaxCacheEntries. 16521d179b334e59e9a3bfcaed4c4430bef1bc5759dKristian Monsen std::map<RequestParams, CachedCertVerifyResult> cache_; 16621d179b334e59e9a3bfcaed4c4430bef1bc5759dKristian Monsen 16721d179b334e59e9a3bfcaed4c4430bef1bc5759dKristian Monsen // inflight_ maps from a request to an active verification which is taking 16821d179b334e59e9a3bfcaed4c4430bef1bc5759dKristian Monsen // place. 16921d179b334e59e9a3bfcaed4c4430bef1bc5759dKristian Monsen std::map<RequestParams, CertVerifierJob*> inflight_; 17021d179b334e59e9a3bfcaed4c4430bef1bc5759dKristian Monsen 17121d179b334e59e9a3bfcaed4c4430bef1bc5759dKristian Monsen scoped_ptr<TimeService> time_service_; 17221d179b334e59e9a3bfcaed4c4430bef1bc5759dKristian Monsen 17321d179b334e59e9a3bfcaed4c4430bef1bc5759dKristian Monsen uint64 requests_; 17421d179b334e59e9a3bfcaed4c4430bef1bc5759dKristian Monsen uint64 cache_hits_; 17521d179b334e59e9a3bfcaed4c4430bef1bc5759dKristian Monsen uint64 inflight_joins_; 17621d179b334e59e9a3bfcaed4c4430bef1bc5759dKristian Monsen 177c7f5f8508d98d5952d42ed7648c2a8f30a4da156Patrick Scott DISALLOW_COPY_AND_ASSIGN(CertVerifier); 178c7f5f8508d98d5952d42ed7648c2a8f30a4da156Patrick Scott}; 179c7f5f8508d98d5952d42ed7648c2a8f30a4da156Patrick Scott 18021d179b334e59e9a3bfcaed4c4430bef1bc5759dKristian Monsen// This class represents the task of verifying a certificate. It wraps 18121d179b334e59e9a3bfcaed4c4430bef1bc5759dKristian Monsen// CertVerifier to verify only a single certificate at a time and cancels this 18221d179b334e59e9a3bfcaed4c4430bef1bc5759dKristian Monsen// request when going out of scope. 18321d179b334e59e9a3bfcaed4c4430bef1bc5759dKristian Monsenclass SingleRequestCertVerifier { 18421d179b334e59e9a3bfcaed4c4430bef1bc5759dKristian Monsen public: 18521d179b334e59e9a3bfcaed4c4430bef1bc5759dKristian Monsen // |cert_verifier| must remain valid for the lifetime of |this|. 18621d179b334e59e9a3bfcaed4c4430bef1bc5759dKristian Monsen explicit SingleRequestCertVerifier(CertVerifier* cert_verifier); 18721d179b334e59e9a3bfcaed4c4430bef1bc5759dKristian Monsen 18821d179b334e59e9a3bfcaed4c4430bef1bc5759dKristian Monsen // If a completion callback is pending when the verifier is destroyed, the 18921d179b334e59e9a3bfcaed4c4430bef1bc5759dKristian Monsen // certificate verification is canceled, and the completion callback will 19021d179b334e59e9a3bfcaed4c4430bef1bc5759dKristian Monsen // not be called. 19121d179b334e59e9a3bfcaed4c4430bef1bc5759dKristian Monsen ~SingleRequestCertVerifier(); 19221d179b334e59e9a3bfcaed4c4430bef1bc5759dKristian Monsen 19321d179b334e59e9a3bfcaed4c4430bef1bc5759dKristian Monsen // Verifies the given certificate, filling out the |verify_result| object 19421d179b334e59e9a3bfcaed4c4430bef1bc5759dKristian Monsen // upon success. See CertVerifier::Verify() for details. 19521d179b334e59e9a3bfcaed4c4430bef1bc5759dKristian Monsen int Verify(X509Certificate* cert, 19621d179b334e59e9a3bfcaed4c4430bef1bc5759dKristian Monsen const std::string& hostname, 19721d179b334e59e9a3bfcaed4c4430bef1bc5759dKristian Monsen int flags, 19821d179b334e59e9a3bfcaed4c4430bef1bc5759dKristian Monsen CertVerifyResult* verify_result, 19921d179b334e59e9a3bfcaed4c4430bef1bc5759dKristian Monsen CompletionCallback* callback); 20021d179b334e59e9a3bfcaed4c4430bef1bc5759dKristian Monsen 20121d179b334e59e9a3bfcaed4c4430bef1bc5759dKristian Monsen private: 20221d179b334e59e9a3bfcaed4c4430bef1bc5759dKristian Monsen // Callback for when the request to |cert_verifier_| completes, so we 20321d179b334e59e9a3bfcaed4c4430bef1bc5759dKristian Monsen // dispatch to the user's callback. 20421d179b334e59e9a3bfcaed4c4430bef1bc5759dKristian Monsen void OnVerifyCompletion(int result); 20521d179b334e59e9a3bfcaed4c4430bef1bc5759dKristian Monsen 20621d179b334e59e9a3bfcaed4c4430bef1bc5759dKristian Monsen // The actual certificate verifier that will handle the request. 20721d179b334e59e9a3bfcaed4c4430bef1bc5759dKristian Monsen CertVerifier* const cert_verifier_; 20821d179b334e59e9a3bfcaed4c4430bef1bc5759dKristian Monsen 20921d179b334e59e9a3bfcaed4c4430bef1bc5759dKristian Monsen // The current request (if any). 21021d179b334e59e9a3bfcaed4c4430bef1bc5759dKristian Monsen CertVerifier::RequestHandle cur_request_; 21121d179b334e59e9a3bfcaed4c4430bef1bc5759dKristian Monsen CompletionCallback* cur_request_callback_; 21221d179b334e59e9a3bfcaed4c4430bef1bc5759dKristian Monsen 21321d179b334e59e9a3bfcaed4c4430bef1bc5759dKristian Monsen // Completion callback for when request to |cert_verifier_| completes. 214ddb351dbec246cf1fab5ec20d2d5520909041de1Kristian Monsen CompletionCallbackImpl<SingleRequestCertVerifier> callback_; 21521d179b334e59e9a3bfcaed4c4430bef1bc5759dKristian Monsen 21621d179b334e59e9a3bfcaed4c4430bef1bc5759dKristian Monsen DISALLOW_COPY_AND_ASSIGN(SingleRequestCertVerifier); 21721d179b334e59e9a3bfcaed4c4430bef1bc5759dKristian Monsen}; 21821d179b334e59e9a3bfcaed4c4430bef1bc5759dKristian Monsen 219c7f5f8508d98d5952d42ed7648c2a8f30a4da156Patrick Scott} // namespace net 220c7f5f8508d98d5952d42ed7648c2a8f30a4da156Patrick Scott 221c7f5f8508d98d5952d42ed7648c2a8f30a4da156Patrick Scott#endif // NET_BASE_CERT_VERIFIER_H_ 222