ios/web/net/cert_verifier_block_adapter.h - Issue 1230033005: WKWebView: Added cert verification API to web controller.

Side by Side Diff: ios/web/net/cert_verifier_block_adapter.h

Issue 1230033005: WKWebView: Added cert verification API to web controller. (Closed) Base URL: https://chromium.googlesource.com/chromium/src.git@master

Patch Set: Put CertVerifierBlockAdapter to web namespace. Created 5 years, 4 months ago

Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.

Jump to:

View unified diff | Download patch

OLD	NEW
1 // Copyright 2015 The Chromium Authors. All rights reserved.	1 // Copyright 2015 The Chromium Authors. All rights reserved.

2 // Use of this source code is governed by a BSD-style license that can be	2 // Use of this source code is governed by a BSD-style license that can be

3 // found in the LICENSE file.	3 // found in the LICENSE file.

4	4

5 #ifndef IOS_WEB_NET_CERT_VERIFIER_BLOCK_ADAPTER_H_	5 #ifndef IOS_WEB_NET_CERT_VERIFIER_BLOCK_ADAPTER_H_

6 #define IOS_WEB_NET_CERT_VERIFIER_BLOCK_ADAPTER_H_	6 #define IOS_WEB_NET_CERT_VERIFIER_BLOCK_ADAPTER_H_

7	7

8 #include "base/memory/scoped_ptr.h"	8 #include "base/memory/scoped_ptr.h"

	9 #include "base/memory/scoped_vector.h"

	10 #include "base/threading/thread_checker.h"

9 #include "net/cert/cert_verifier.h"	11 #include "net/cert/cert_verifier.h"

10 #include "net/log/net_log.h"	12 #include "net/cert/cert_verify_result.h"

11	13

12 namespace net {	14 namespace net {

	15 class CRLSet;

	16 class NetLog;

	17 class X509Certificate;

	18 } // namespace net

13	19

14 class CertVerifyResult;	20 namespace web {

15 class CRLSet;

16 class X509Certificate;

17	21

18 // Provides block-based interface for net::CertVerifier.	22 // Provides block-based interface for net::CertVerifier. This class can be

	23 // created and used on any thread as long as it's the same thread where

	24 // \|CertVerifier\| was created.
	stuartmorgan 2015/08/20 20:42:20 This sounds a bit "any color so long as it's black This sounds a bit "any color so long as it's black"; how about "This class must be created and used on the same thread where the CertVerifier was created". Eugene But (OOO till 7-30) 2015/08/20 22:03:52 Done. :) Show quoted text On 2015/08/20 20:42:20, stuartmorgan wrote: > This sounds a bit "any color so long as it's black"; how about "This class must > be created and used on the same thread where the CertVerifier was created". Done. :)
19 class CertVerifierBlockAdapter {	25 class CertVerifierBlockAdapter {

20 public:	26 public:

21 CertVerifierBlockAdapter();	27 // Constructs adapter with given \|CertVerifier\| and \|NetLog\|, both can not be

22 // Constructs adapter with given \|CertVerifier\| which can not be null.	28 // null. CertVerifierBlockAdapter does NOT take ownership of \|cert_verifier\|

23 CertVerifierBlockAdapter(scoped_ptr<CertVerifier> cert_verifier);	29 // and \|net_log\|.

	30 CertVerifierBlockAdapter(net::CertVerifier* cert_verifier,

	31 net::NetLog* net_log);

24	32

25 // When the verifier is destroyed, all certificate verification requests are	33 // When the verifier is destroyed, all certificate verification requests are

26 // canceled, and their completion handlers will not be called.	34 // canceled, and their completion handlers will not be called.

27 ~CertVerifierBlockAdapter();	35 ~CertVerifierBlockAdapter();

28	36

29 // Encapsulates verification parms. \|cert\| and \|hostname\| are mandatory, the	37 // Encapsulates verification params. \|cert\| and \|hostname\| are mandatory, the

30 // other params are optional. If either of mandatory arguments is null or	38 // other params are optional. If either of mandatory arguments is null or

31 // empty then verification \|CompletionHandler\| will be called with	39 // empty then verification \|CompletionHandler\| will be called with

32 // ERR_INVALID_ARGUMENT status.	40 // ERR_INVALID_ARGUMENT \|error\|.

33 struct Params {	41 struct Params {

34 // Constructs Params from X509 cert and hostname, which are mandatory for	42 // Constructs Params from X509 cert and hostname, which are mandatory for

35 // verification.	43 // verification.

36 Params(scoped_refptr<net::X509Certificate> cert,	44 Params(const scoped_refptr<net::X509Certificate>& cert,

37 const std::string& hostname);	45 const std::string& hostname);

38 ~Params();	46 ~Params();

39	47

40 // Certificate to verify, can not be null.	48 // Certificate to verify, can not be null.

41 scoped_refptr<net::X509Certificate> cert;	49 scoped_refptr<net::X509Certificate> cert;

42	50

43 // Hostname as an SSL server, can not be empty.	51 // Hostname as an SSL server, can not be empty.

44 std::string hostname;	52 std::string hostname;

45	53

46 // If non-empty, is a stapled OCSP response to use.	54 // If non-empty, is a stapled OCSP response to use.

47 std::string ocsp_response;	55 std::string ocsp_response;

48	56

49 // Bitwise OR of CertVerifier::VerifyFlags.	57 // Bitwise OR of \|net::CertVerifier::VerifyFlags\|.

50 CertVerifier::VerifyFlags flags;	58 int flags;

51	59

52 // An optional CRLSet structure which can be used to avoid revocation checks	60 // An optional \|net::CRLSet\| structure which can be used to avoid revocation

53 // over the network.	61 // checks over the network.

54 scoped_refptr<CRLSet> crl_set;	62 scoped_refptr<net::CRLSet> crl_set;

55 };	63 };

56	64

57 // Type of verification completion block. On success CertVerifyResult is not	65 // Type of verification completion block. If cert is successfully validated

58 // null and status is OK, otherwise CertVerifyResult is null and status is a	66 // \|error\| is OK, otherwise \|error\| is a net error code.

59 // net error code.	67 typedef void (^CompletionHandler)(net::CertVerifyResult result, int error);

60 typedef void (^CompletionHandler)(scoped_ptr<CertVerifyResult>, int status);

61	68

62 // Verifies certificate with given \|params\|. \|completion_handler\| must not be	69 // Verifies certificate with given \|params\|. \|completion_handler\| must not be

63 // null and call be called either syncronously (in the same runloop) or	70 // null and can be called either synchronously (in the same runloop) or

64 // asyncronously.	71 // asynchronously.

65 void Verify(const Params& params, CompletionHandler completion_handler);	72 void Verify(const Params& params, CompletionHandler completion_handler);

66	73

67 private:	74 private:

68 // Underlying CertVerifier.	75 // Pending verification requests. Request must be alive until verification is

69 scoped_ptr<CertVerifier> cert_verifier_;	76 // completed, otherwise verification operation will be cancelled.

70 // Net Log required by CertVerifier.	77 ScopedVector<net::CertVerifier::Request> pending_requests_;

71 BoundNetLog net_log_;	78 // Underlying unowned CertVerifier.

	79 net::CertVerifier* cert_verifier_;

	80 // Unowned NetLog required by CertVerifier.

	81 net::NetLog* net_log_;

	82 // CertVerifierBlockAdapter should be used on the same thread where it was

	83 // created.

	84 base::ThreadChecker thread_checker_;

72 };	85 };

73	86

74 } // net	87 } // namespace web

75	88

76 #endif // IOS_WEB_NET_CERT_VERIFIER_BLOCK_ADAPTER_H_	89 #endif // IOS_WEB_NET_CERT_VERIFIER_BLOCK_ADAPTER_H_

OLD	NEW

« no previous file with comments | « ios/web/ios_web_unittests.gyp ('k') | ios/web/net/cert_verifier_block_adapter.cc » ('j') | ios/web/web_state/ui/crw_wk_web_view_web_controller.mm » ('J')