net/ssl/ssl_client_session_cache_openssl.h

   1 // Copyright 2015 The Chromium Authors. All rights reserved.
   2 // Use of this source code is governed by a BSD-style license that can be
   3 // found in the LICENSE file.
   4
   5 #ifndef NET_SSL_SSL_CLIENT_SESSION_CACHE_OPENSSL_H
   6 #define NET_SSL_SSL_CLIENT_SESSION_CACHE_OPENSSL_H
   7
   8 #include <openssl/ssl.h>
   9
  10 #include <string>
  11
  12 #include "base/containers/mru_cache.h"
  13 #include "base/macros.h"
  14 #include "base/memory/scoped_ptr.h"
  15 #include "base/synchronization/lock.h"
  16 #include "base/threading/thread_checker.h"
  17 #include "base/time/time.h"
  18 #include "net/base/net_export.h"
  19 #include "net/ssl/scoped_openssl_types.h"
  20
  21 namespace base {
  22 class Clock;
  23 }
  24
  25 namespace net {
  26
  27 class NET_EXPORT SSLClientSessionCacheOpenSSL {
  28  public:
  29   struct Config {
  30     // The maximum number of entries in the cache.
  31     size_t max_entries = 1024;
  32     // The number of calls to Lookup before a new check for expired sessions.
  33     size_t expiration_check_count = 256;
  34     // How long each session should last.
  35     base::TimeDelta timeout = base::TimeDelta::FromHours(1);
  36   };
  37
  38   explicit SSLClientSessionCacheOpenSSL(const Config& config);
  39   ~SSLClientSessionCacheOpenSSL();
  40
  41   size_t size() const;
  42
  43   // Returns the session associated with |cache_key| and moves it to the front
  44   // of the MRU list. Returns null if there is none. The caller is responsible
  45   // for taking a reference to the pointer if the cache is destroyed or a call
  46   // to Insert is made.
  47   SSL_SESSION* Lookup(const std::string& cache_key);
  48
  49   // Inserts |session| into the cache at |cache_key|. If there is an existing
  50   // one, it is released. Every |expiration_check_count| calls, the cache is
  51   // checked for stale entries.
  52   void Insert(const std::string& cache_key, SSL_SESSION* session);
  53
  54   // Removes all entries from the cache.
  55   void Flush();
  56
  57   void SetClockForTesting(scoped_ptr<base::Clock> clock);
  58
  59  private:
  60   struct CacheEntry {
  61     CacheEntry();
  62     ~CacheEntry();
  63
  64     ScopedSSL_SESSION session;
  65     // The time at which this entry was created.
  66     base::Time creation_time;
  67   };
  68
  69   using CacheEntryMap =
  70       base::MRUCacheBase<std::string,
  71                          CacheEntry*,
  72                          base::MRUCachePointerDeletor<CacheEntry*>,
  73                          base::MRUCacheHashMap>;
  74
  75   // Returns true if |entry| is expired as of |now|.
  76   bool IsExpired(CacheEntry* entry, const base::Time& now);
  77
  78   // Removes all expired sessions from the cache.
  79   void FlushExpiredSessions();
  80
  81   scoped_ptr<base::Clock> clock_;
  82   Config config_;
  83   CacheEntryMap cache_;
  84   size_t lookups_since_flush_;
  85
  86   // TODO(davidben): After https://crbug.com/458365 is fixed, replace this with
  87   // a ThreadChecker. The session cache should be single-threaded like other
  88   // classes in net.
  89   base::Lock lock_;
  90
  91   DISALLOW_COPY_AND_ASSIGN(SSLClientSessionCacheOpenSSL);
  92 };
  93
  94 }  // namespace net
  95
  96 #endif  // NET_SSL_SSL_CLIENT_SESSION_CACHE_OPENSSL_H