OLD | NEW |
---|---|
(Empty) | |
1 // Copyright 2015 The Chromium Authors. All rights reserved. | |
2 // Use of this source code is governed by a BSD-style license that can be | |
3 // found in the LICENSE file. | |
4 | |
5 #ifndef IOS_WEB_NET_CRW_CERT_VERIFICATION_CONTROLLER_H_ | |
6 #define IOS_WEB_NET_CRW_CERT_VERIFICATION_CONTROLLER_H_ | |
7 | |
8 #import <Foundation/Foundation.h> | |
9 | |
10 #import "base/memory/ref_counted.h" | |
11 #include "net/cert/cert_status_flags.h" | |
12 | |
13 namespace net { | |
14 class X509Certificate; | |
15 } | |
16 | |
17 namespace web { | |
18 | |
19 class BrowserState; | |
20 | |
21 // Accept policy for valid or invalid SSL cert. | |
22 typedef NS_ENUM(NSInteger, CertAcceptPolicy) { | |
23 // Cert status can't be determined due to an error. Caller should not proceed | |
24 // with the load, but show net error page instead. | |
25 CERT_ACCEPT_POLICY_ERROR = 0, | |
26 // Cert is valid or user has agreed to proceed with this invalid cert. | |
27 // Caller should proceed with the load. | |
28 CERT_ACCEPT_POLICY_ALLOW, | |
29 // Cert is not valid and used has not agreed to proceed with this cert. | |
30 // Caller can present recoverable SSL interstitial and ask used if they want | |
stuartmorgan
2015/09/03 18:07:57
Minor nit; I'd prefer we not refer to specific UI
Eugene But (OOO till 7-30)
2015/09/03 18:59:05
Done.
| |
31 // to proceed with the load. | |
32 CERT_ACCEPT_POLICY_DENY, | |
33 }; | |
34 | |
35 // Completion handler called by decidePolicyForCert:host:completionHandler:. | |
36 typedef void (^PolicyDecisionHandler)(web::CertAcceptPolicy, net::CertStatus); | |
37 | |
38 } // namespace web | |
39 | |
40 // Provides various cert verification API that can be used for blocking requests | |
41 // with bad SSL cert, presenting SSL interstitials and determining SSL status | |
42 // for Navigation Items. Must be used on UI thread. | |
43 @interface CRWCertVerificationController : NSObject | |
44 | |
45 - (instancetype)init NS_UNAVAILABLE; | |
46 | |
47 // Initializes CRWCertVerificationController with the given |browserState| which | |
48 // cannot be null and must outlive CRWCertVerificationController. | |
49 - (instancetype)initWithBrowserState:(web::BrowserState*)browserState | |
50 NS_DESIGNATED_INITIALIZER; | |
51 | |
52 // TODO(eugenebut): add API for: | |
53 // - accepting bad SSL cert using CertPolicyCache | |
54 // - querying SSL cert status for Navigation Item | |
55 | |
56 // Decides the policy for the given |cert| for the given |host| and calls | |
57 // |completionHandler| on completion. |completionHandler| cannot be null and | |
58 // will be called synchronously or asynchronously on UI thread. | |
59 - (void)decidePolicyForCert:(const scoped_refptr<net::X509Certificate>&)cert | |
60 host:(NSString*)host | |
61 completionHandler:(web::PolicyDecisionHandler)handler; | |
62 | |
63 // Cancels all pending verification requests. Completion handlers will not be | |
64 // called after |shutDown| call. Must always be called before object's | |
65 // deallocation. | |
66 - (void)shutDown; | |
67 | |
68 @end | |
69 | |
70 #endif // IOS_WEB_NET_CRW_CERT_VERIFICATION_CONTROLLER_H_ | |
OLD | NEW |