OLD | NEW |
---|---|
1 // Copyright 2015 The Chromium Authors. All rights reserved. | 1 // Copyright 2015 The Chromium Authors. All rights reserved. |
Ryan Sleevi
2015/08/06 03:07:08
Doesn't the use of blocks in this file intrinsical
Eugene But (OOO till 7-30)
2015/08/07 02:27:20
Clang and GCC implement blocks for C/C++ as a lang
| |
2 // Use of this source code is governed by a BSD-style license that can be | 2 // Use of this source code is governed by a BSD-style license that can be |
3 // found in the LICENSE file. | 3 // found in the LICENSE file. |
4 | 4 |
5 #include "ios/web/net/cert_verifier_block_adapter.h" | 5 #include "ios/web/net/cert_verifier_block_adapter.h" |
6 | 6 |
7 #include "base/mac/bind_objc_block.h" | 7 #include "base/mac/bind_objc_block.h" |
8 #include "net/base/net_errors.h" | 8 #include "net/base/net_errors.h" |
9 #include "net/cert/cert_verify_result.h" | 9 #include "net/cert/cert_verify_result.h" |
10 #include "net/cert/crl_set.h" | 10 #include "net/cert/crl_set.h" |
11 #include "net/cert/x509_certificate.h" | 11 #include "net/cert/x509_certificate.h" |
12 | 12 |
13 namespace net { | 13 namespace net { |
14 | 14 |
15 namespace { | 15 namespace { |
16 | 16 |
17 // Resource manager which keeps CertVerifier::Request, CertVerifyResult and | 17 // Resource manager which keeps CertVerifier::Request, CertVerifyResult and |
18 // X509Certificate alive until verification is completed. | 18 // X509Certificate alive until verification is completed. |
19 struct VerificationContext : public base::RefCounted<VerificationContext> { | 19 struct VerificationContext : public base::RefCounted<VerificationContext> { |
Ryan Sleevi
2015/08/06 03:07:08
With blocks, isn't there the possibility of arbitr
Eugene But (OOO till 7-30)
2015/08/07 02:27:20
Good catch. Done.
| |
20 VerificationContext(scoped_refptr<net::X509Certificate> cert) : cert(cert) { | 20 VerificationContext(scoped_refptr<net::X509Certificate> cert) : cert(cert) { |
Ryan Sleevi
2015/08/06 03:07:08
Explicit
Eugene But (OOO till 7-30)
2015/08/07 02:27:20
Done.
| |
21 result.cert_status = CERT_STATUS_INVALID; | 21 result.cert_status = CERT_STATUS_INVALID; |
Ryan Sleevi
2015/08/06 03:07:08
Why is this?
This feels a very ad-hoc way of crea
Eugene But (OOO till 7-30)
2015/08/07 02:27:20
Removed.
| |
22 } | 22 } |
23 // Verification request. Must be alive until verification is completed, | 23 // Verification request. Must be alive until verification is completed, |
24 // otherwise it will be cancelled. | 24 // otherwise it will be cancelled. |
25 scoped_ptr<CertVerifier::Request> request; | 25 scoped_ptr<CertVerifier::Request> request; |
26 // The result of certificate verification. | 26 // The result of certificate verification. |
27 CertVerifyResult result; | 27 CertVerifyResult result; |
28 // Certificate being verificated. | 28 // Certificate being verificated. |
29 scoped_refptr<net::X509Certificate> cert; | 29 scoped_refptr<net::X509Certificate> cert; |
30 | 30 |
31 // Copies CertVerifyResult and wraps it into a scoped_ptr. | |
32 scoped_ptr<CertVerifyResult> scoped_result() { | |
33 scoped_ptr<CertVerifyResult> scoped_result(new CertVerifyResult()); | |
34 scoped_result->CopyFrom(result); | |
35 return scoped_result.Pass(); | |
36 } | |
37 | |
38 private: | 31 private: |
39 VerificationContext() = delete; | 32 VerificationContext() = delete; |
40 // Required by base::RefCounted. | 33 // Required by base::RefCounted. |
41 friend class base::RefCounted<VerificationContext>; | 34 friend class base::RefCounted<VerificationContext>; |
42 ~VerificationContext() {} | 35 ~VerificationContext() {} |
43 }; | 36 }; |
44 } | 37 } |
45 | 38 |
46 CertVerifierBlockAdapter::CertVerifierBlockAdapter() | 39 CertVerifierBlockAdapter::CertVerifierBlockAdapter(CertVerifier* cert_verifier) |
47 : CertVerifierBlockAdapter( | 40 : cert_verifier_(cert_verifier) { |
48 scoped_ptr<CertVerifier>(CertVerifier::CreateDefault())) { | |
Ryan Sleevi
2015/08/06 03:07:08
Thanks for removing this; I would have nacked this
| |
49 } | |
50 | |
51 CertVerifierBlockAdapter::CertVerifierBlockAdapter( | |
52 scoped_ptr<CertVerifier> cert_verifier) | |
53 : cert_verifier_(cert_verifier.Pass()) { | |
54 DCHECK(cert_verifier_); | 41 DCHECK(cert_verifier_); |
55 } | 42 } |
56 | 43 |
57 CertVerifierBlockAdapter::~CertVerifierBlockAdapter() { | 44 CertVerifierBlockAdapter::~CertVerifierBlockAdapter() { |
58 } | 45 } |
59 | 46 |
60 CertVerifierBlockAdapter::Params::Params(scoped_refptr<X509Certificate> cert, | 47 CertVerifierBlockAdapter::Params::Params(scoped_refptr<X509Certificate> cert, |
61 const std::string& hostname) | 48 const std::string& hostname) |
62 : cert(cert), | 49 : cert(cert), |
63 hostname(hostname), | 50 hostname(hostname), |
64 flags(static_cast<CertVerifier::VerifyFlags>(0)) { | 51 flags(static_cast<CertVerifier::VerifyFlags>(0)) { |
65 } | 52 } |
66 | 53 |
67 CertVerifierBlockAdapter::Params::~Params() { | 54 CertVerifierBlockAdapter::Params::~Params() { |
68 } | 55 } |
69 | 56 |
70 void CertVerifierBlockAdapter::Verify( | 57 void CertVerifierBlockAdapter::Verify( |
71 const Params& params, | 58 const Params& params, |
72 void (^completion_handler)(scoped_ptr<CertVerifyResult>, int)) { | 59 void (^completion_handler)(CertVerifyResult, int)) { |
73 DCHECK(completion_handler); | 60 DCHECK(completion_handler); |
61 if (!params.cert || !params.hostname.size()) { | |
Ryan Sleevi
2015/08/06 03:07:08
!params.hostname.empty() for empty checks with STL
Eugene But (OOO till 7-30)
2015/08/07 02:27:20
Done.
| |
62 completion_handler(CertVerifyResult(), ERR_INVALID_ARGUMENT); | |
Ryan Sleevi
2015/08/06 03:07:08
While David explained how CertVerifier doesn't che
Eugene But (OOO till 7-30)
2015/08/07 02:27:20
Actually CertVerifier DOES check for this:
https:/
| |
63 return; | |
64 } | |
74 | 65 |
75 scoped_refptr<VerificationContext> context( | 66 scoped_refptr<VerificationContext> context( |
76 new VerificationContext(params.cert)); | 67 new VerificationContext(params.cert)); |
77 CompletionCallback callback = base::BindBlock(^(int) { | 68 CompletionCallback callback = base::BindBlock(^(int) { |
78 completion_handler(context->scoped_result(), 0); | 69 completion_handler(context->result, OK); |
Ryan Sleevi
2015/08/06 03:07:08
BUG? It seems that you're assuming that any return
Eugene But (OOO till 7-30)
2015/08/07 02:27:20
Done.
| |
79 }); | 70 }); |
80 int status = cert_verifier_->Verify(params.cert.get(), params.hostname, | 71 int status = cert_verifier_->Verify(params.cert.get(), params.hostname, |
Ryan Sleevi
2015/08/06 03:07:08
This is typically called |result| in //net, rather
Eugene But (OOO till 7-30)
2015/08/07 02:27:20
I named this |status| to differentiate from |certV
Ryan Sleevi
2015/08/07 21:52:11
Well, you're not naming things statusResult/certVe
Eugene But (OOO till 7-30)
2015/08/12 22:00:38
Sorry for confusion, this file is .cc and a subjec
| |
81 params.ocsp_response, params.flags, | 72 params.ocsp_response, params.flags, |
82 params.crl_set.get(), &(context->result), | 73 params.crl_set.get(), &(context->result), |
83 callback, &(context->request), net_log_); | 74 callback, &(context->request), net_log_); |
84 | 75 |
85 if (status == ERR_IO_PENDING) { | 76 if (status == ERR_IO_PENDING) { |
86 // Completion handler will be called from |callback| when verification | 77 // Completion handler will be called from |callback| when verification |
87 // request is completed. | 78 // request is completed. |
88 return; | 79 return; |
89 } | 80 } |
90 | 81 |
91 // Verification has either failed or result was retrieved from the cache. | 82 // Verification has either failed or result was retrieved from the cache. |
92 completion_handler(status ? nullptr : context->scoped_result(), status); | 83 completion_handler(context->result, status); |
Ryan Sleevi
2015/08/06 03:07:08
BUG? Nothing in here seems like it actually keeps
Eugene But (OOO till 7-30)
2015/08/07 02:27:20
|context| is kept alive by the block (blocks retai
| |
93 } | 84 } |
94 | 85 |
95 } // net | 86 } // net |
OLD | NEW |