OLD | NEW |
1 // Copyright 2015 The Chromium Authors. All rights reserved. | 1 // Copyright 2015 The Chromium Authors. All rights reserved. |
2 // Use of this source code is governed by a BSD-style license that can be | 2 // Use of this source code is governed by a BSD-style license that can be |
3 // found in the LICENSE file. | 3 // found in the LICENSE file. |
4 | 4 |
5 #ifndef IOS_WEB_NET_CERT_VERIFIER_BLOCK_ADAPTER_H_ | 5 #ifndef IOS_WEB_NET_CERT_VERIFIER_BLOCK_ADAPTER_H_ |
6 #define IOS_WEB_NET_CERT_VERIFIER_BLOCK_ADAPTER_H_ | 6 #define IOS_WEB_NET_CERT_VERIFIER_BLOCK_ADAPTER_H_ |
7 | 7 |
8 #include "base/memory/scoped_ptr.h" | 8 #include "base/memory/scoped_ptr.h" |
| 9 #include "base/memory/scoped_vector.h" |
| 10 #include "base/threading/thread_checker.h" |
9 #include "net/cert/cert_verifier.h" | 11 #include "net/cert/cert_verifier.h" |
10 #include "net/log/net_log.h" | 12 #include "net/cert/cert_verify_result.h" |
11 | 13 |
12 namespace net { | 14 namespace net { |
13 | 15 |
14 class CertVerifyResult; | |
15 class CRLSet; | 16 class CRLSet; |
| 17 class NetLog; |
16 class X509Certificate; | 18 class X509Certificate; |
17 | 19 |
18 // Provides block-based interface for net::CertVerifier. | 20 // Provides block-based interface for net::CertVerifier. This class can be |
| 21 // created and used on any thread as long as it's the same thread where |
| 22 // |CertVerifier| was created. |
19 class CertVerifierBlockAdapter { | 23 class CertVerifierBlockAdapter { |
20 public: | 24 public: |
21 CertVerifierBlockAdapter(); | 25 // Constructs adapter with given |CertVerifier| and |NetLog|, both can not be |
22 // Constructs adapter with given |CertVerifier| which can not be null. | 26 // null. CertVerifierBlockAdapter does NOT take ownership over |cert_verifier| |
23 CertVerifierBlockAdapter(scoped_ptr<CertVerifier> cert_verifier); | 27 // and |net_log|. |
| 28 CertVerifierBlockAdapter(CertVerifier* cert_verifier, NetLog* net_log); |
24 | 29 |
25 // When the verifier is destroyed, all certificate verification requests are | 30 // When the verifier is destroyed, all certificate verification requests are |
26 // canceled, and their completion handlers will not be called. | 31 // canceled, and their completion handlers will not be called. |
27 ~CertVerifierBlockAdapter(); | 32 ~CertVerifierBlockAdapter(); |
28 | 33 |
29 // Encapsulates verification parms. |cert| and |hostname| are mandatory, the | 34 // Encapsulates verification params. |cert| and |hostname| are mandatory, the |
30 // other params are optional. If either of mandatory arguments is null or | 35 // other params are optional. If either of mandatory arguments is null or |
31 // empty then verification |CompletionHandler| will be called with | 36 // empty then verification |CompletionHandler| will be called with |
32 // ERR_INVALID_ARGUMENT status. | 37 // ERR_INVALID_ARGUMENT status_result. |
33 struct Params { | 38 struct Params { |
34 // Constructs Params from X509 cert and hostname, which are mandatory for | 39 // Constructs Params from X509 cert and hostname, which are mandatory for |
35 // verification. | 40 // verification. |
36 Params(scoped_refptr<net::X509Certificate> cert, | 41 Params(const scoped_refptr<net::X509Certificate>& cert, |
37 const std::string& hostname); | 42 const std::string& hostname); |
38 ~Params(); | 43 ~Params(); |
39 | 44 |
40 // Certificate to verify, can not be null. | 45 // Certificate to verify, can not be null. |
41 scoped_refptr<net::X509Certificate> cert; | 46 scoped_refptr<net::X509Certificate> cert; |
42 | 47 |
43 // Hostname as an SSL server, can not be empty. | 48 // Hostname as an SSL server, can not be empty. |
44 std::string hostname; | 49 std::string hostname; |
45 | 50 |
46 // If non-empty, is a stapled OCSP response to use. | 51 // If non-empty, is a stapled OCSP response to use. |
47 std::string ocsp_response; | 52 std::string ocsp_response; |
48 | 53 |
49 // Bitwise OR of CertVerifier::VerifyFlags. | 54 // Bitwise OR of CertVerifier::VerifyFlags. |
50 CertVerifier::VerifyFlags flags; | 55 int flags; |
51 | 56 |
52 // An optional CRLSet structure which can be used to avoid revocation checks | 57 // An optional CRLSet structure which can be used to avoid revocation checks |
53 // over the network. | 58 // over the network. |
54 scoped_refptr<CRLSet> crl_set; | 59 scoped_refptr<CRLSet> crl_set; |
55 }; | 60 }; |
56 | 61 |
57 // Type of verification completion block. On success CertVerifyResult is not | 62 // Type of verification completion block. On success |status_result| is OK, |
58 // null and status is OK, otherwise CertVerifyResult is null and status is a | 63 // otherwise |status_result| is a net error code and |cert_verify_result| is |
59 // net error code. | 64 // not a valid object. |
60 typedef void (^CompletionHandler)(scoped_ptr<CertVerifyResult>, int status); | 65 typedef void (^CompletionHandler)(CertVerifyResult cert_verify_result, |
| 66 int status_result); |
61 | 67 |
62 // Verifies certificate with given |params|. |completion_handler| must not be | 68 // Verifies certificate with given |params|. |completion_handler| must not be |
63 // null and call be called either syncronously (in the same runloop) or | 69 // null and call be called either synchronously (in the same runloop) or |
64 // asyncronously. | 70 // asynchronously. |
65 void Verify(const Params& params, CompletionHandler completion_handler); | 71 void Verify(const Params& params, CompletionHandler completion_handler); |
66 | 72 |
67 private: | 73 private: |
68 // Underlying CertVerifier. | 74 // Pending verification requests. Request must be alive until verification is |
69 scoped_ptr<CertVerifier> cert_verifier_; | 75 // completed, otherwise verification operation will be cancelled. |
70 // Net Log required by CertVerifier. | 76 ScopedVector<CertVerifier::Request> pending_requests_; |
71 BoundNetLog net_log_; | 77 // Underlying unowned CertVerifier. |
| 78 CertVerifier* cert_verifier_; |
| 79 // Unowned NetLog required by CertVerifier. |
| 80 NetLog* net_log_; |
| 81 // CertVerifierBlockAdapter should be used on the same thread where it was |
| 82 // created. |
| 83 base::ThreadChecker thread_checker_; |
72 }; | 84 }; |
73 | 85 |
74 } // net | 86 } // net |
75 | 87 |
76 #endif // IOS_WEB_NET_CERT_VERIFIER_BLOCK_ADAPTER_H_ | 88 #endif // IOS_WEB_NET_CERT_VERIFIER_BLOCK_ADAPTER_H_ |
OLD | NEW |