OLD | NEW |
---|---|
1 // Copyright 2015 The Chromium Authors. All rights reserved. | 1 // Copyright 2015 The Chromium Authors. All rights reserved. |
2 // Use of this source code is governed by a BSD-style license that can be | 2 // Use of this source code is governed by a BSD-style license that can be |
3 // found in the LICENSE file. | 3 // found in the LICENSE file. |
4 | 4 |
5 #ifndef IOS_WEB_NET_CERT_VERIFIER_BLOCK_ADAPTER_H_ | 5 #ifndef IOS_WEB_NET_CERT_VERIFIER_BLOCK_ADAPTER_H_ |
6 #define IOS_WEB_NET_CERT_VERIFIER_BLOCK_ADAPTER_H_ | 6 #define IOS_WEB_NET_CERT_VERIFIER_BLOCK_ADAPTER_H_ |
7 | 7 |
8 #include "base/memory/scoped_ptr.h" | 8 #include "base/memory/scoped_ptr.h" |
9 #include "net/cert/cert_verifier.h" | 9 #include "net/cert/cert_verifier.h" |
10 #include "net/cert/cert_verify_result.h" | |
10 #include "net/log/net_log.h" | 11 #include "net/log/net_log.h" |
11 | 12 |
12 namespace net { | 13 namespace net { |
13 | 14 |
14 class CertVerifyResult; | |
15 class CRLSet; | 15 class CRLSet; |
16 class X509Certificate; | 16 class X509Certificate; |
17 | 17 |
18 // Provides block-based interface for net::CertVerifier. | 18 // Provides block-based interface for net::CertVerifier. |
19 class CertVerifierBlockAdapter { | 19 class CertVerifierBlockAdapter { |
20 public: | 20 public: |
21 CertVerifierBlockAdapter(); | |
22 // Constructs adapter with given |CertVerifier| which can not be null. | 21 // Constructs adapter with given |CertVerifier| which can not be null. |
23 CertVerifierBlockAdapter(scoped_ptr<CertVerifier> cert_verifier); | 22 // CertVerifierBlockAdapter does NOT take ownership over |cert_verifier|. |
23 CertVerifierBlockAdapter(CertVerifier* cert_verifier); | |
Ryan Sleevi
2015/08/06 03:07:08
BUG/STYLE: This should be explicit.
Eugene But (OOO till 7-30)
2015/08/07 02:27:20
Acknowledged. This constructor now accepts 2 argum
| |
24 | 24 |
25 // When the verifier is destroyed, all certificate verification requests are | 25 // When the verifier is destroyed, all certificate verification requests are |
26 // canceled, and their completion handlers will not be called. | 26 // canceled, and their completion handlers will not be called. |
27 ~CertVerifierBlockAdapter(); | 27 ~CertVerifierBlockAdapter(); |
28 | 28 |
29 // Encapsulates verification parms. |cert| and |hostname| are mandatory, the | 29 // Encapsulates verification parms. |cert| and |hostname| are mandatory, the |
30 // other params are optional. If either of mandatory arguments is null or | 30 // other params are optional. If either of mandatory arguments is null or |
31 // empty then verification |CompletionHandler| will be called with | 31 // empty then verification |CompletionHandler| will be called with |
32 // ERR_INVALID_ARGUMENT status. | 32 // ERR_INVALID_ARGUMENT status. |
33 struct Params { | 33 struct Params { |
34 // Constructs Params from X509 cert and hostname, which are mandatory for | 34 // Constructs Params from X509 cert and hostname, which are mandatory for |
35 // verification. | 35 // verification. |
36 Params(scoped_refptr<net::X509Certificate> cert, | 36 Params(scoped_refptr<net::X509Certificate> cert, |
37 const std::string& hostname); | 37 const std::string& hostname); |
38 ~Params(); | 38 ~Params(); |
39 | 39 |
40 // Certificate to verify, can not be null. | 40 // Certificate to verify, can not be null. |
41 scoped_refptr<net::X509Certificate> cert; | 41 scoped_refptr<net::X509Certificate> cert; |
42 | 42 |
43 // Hostname as an SSL server, can not be empty. | 43 // Hostname as an SSL server, can not be empty. |
44 std::string hostname; | 44 std::string hostname; |
45 | 45 |
46 // If non-empty, is a stapled OCSP response to use. | 46 // If non-empty, is a stapled OCSP response to use. |
47 std::string ocsp_response; | 47 std::string ocsp_response; |
48 | 48 |
49 // Bitwise OR of CertVerifier::VerifyFlags. | 49 // Bitwise OR of CertVerifier::VerifyFlags. |
50 CertVerifier::VerifyFlags flags; | 50 CertVerifier::VerifyFlags flags; |
Ryan Sleevi
2015/08/06 03:07:09
It's a bitwise or. It shouldn't be stored as an en
Eugene But (OOO till 7-30)
2015/08/07 02:27:20
Done.
| |
51 | 51 |
52 // An optional CRLSet structure which can be used to avoid revocation checks | 52 // An optional CRLSet structure which can be used to avoid revocation checks |
53 // over the network. | 53 // over the network. |
54 scoped_refptr<CRLSet> crl_set; | 54 scoped_refptr<CRLSet> crl_set; |
55 }; | 55 }; |
56 | 56 |
57 // Type of verification completion block. On success CertVerifyResult is not | 57 // Type of verification completion block. On success status is OK, otherwise |
58 // null and status is OK, otherwise CertVerifyResult is null and status is a | 58 // status is a net error code and CertVerifyResult is not a valid object. |
59 // net error code. | 59 typedef void (^CompletionHandler)(CertVerifyResult, int status); |
Ryan Sleevi
2015/08/06 03:07:09
Do blocks not allow you to forward declare such st
Eugene But (OOO till 7-30)
2015/08/07 02:27:20
No you can't forward declare this block without in
| |
60 typedef void (^CompletionHandler)(scoped_ptr<CertVerifyResult>, int status); | |
61 | 60 |
62 // Verifies certificate with given |params|. |completion_handler| must not be | 61 // Verifies certificate with given |params|. |completion_handler| must not be |
63 // null and call be called either syncronously (in the same runloop) or | 62 // null and call be called either syncronously (in the same runloop) or |
64 // asyncronously. | 63 // asyncronously. |
65 void Verify(const Params& params, CompletionHandler completion_handler); | 64 void Verify(const Params& params, CompletionHandler completion_handler); |
66 | 65 |
67 private: | 66 private: |
68 // Underlying CertVerifier. | 67 // Underlying weak CertVerifier. |
Ryan Sleevi
2015/08/06 03:07:08
Weak has a particular meaning in Chromium (c.f. We
Eugene But (OOO till 7-30)
2015/08/07 02:27:20
Good catch. Changed to "unowned", because this is
| |
69 scoped_ptr<CertVerifier> cert_verifier_; | 68 CertVerifier* cert_verifier_; |
70 // Net Log required by CertVerifier. | 69 // Net Log required by CertVerifier. |
Ryan Sleevi
2015/08/06 03:07:09
This comment doesn't seem to help documentation mu
| |
71 BoundNetLog net_log_; | 70 BoundNetLog net_log_; |
72 }; | 71 }; |
73 | 72 |
74 } // net | 73 } // net |
75 | 74 |
76 #endif // IOS_WEB_NET_CERT_VERIFIER_BLOCK_ADAPTER_H_ | 75 #endif // IOS_WEB_NET_CERT_VERIFIER_BLOCK_ADAPTER_H_ |
OLD | NEW |