ios/web/net/cert_verifier_block_adapter.h - Issue 1230033005: WKWebView: Added cert verification API to web controller.

Side by Side Diff: ios/web/net/cert_verifier_block_adapter.h

Issue 1230033005: WKWebView: Added cert verification API to web controller. (Closed) Base URL: https://chromium.googlesource.com/chromium/src.git@master

Patch Set: Addressed review comments Created 5 years, 4 months ago

Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.

Jump to:

View unified diff | Download patch

OLD	NEW
1 // Copyright 2015 The Chromium Authors. All rights reserved.	1 // Copyright 2015 The Chromium Authors. All rights reserved.

2 // Use of this source code is governed by a BSD-style license that can be	2 // Use of this source code is governed by a BSD-style license that can be

3 // found in the LICENSE file.	3 // found in the LICENSE file.

4	4

5 #ifndef IOS_WEB_NET_CERT_VERIFIER_BLOCK_ADAPTER_H_	5 #ifndef IOS_WEB_NET_CERT_VERIFIER_BLOCK_ADAPTER_H_

6 #define IOS_WEB_NET_CERT_VERIFIER_BLOCK_ADAPTER_H_	6 #define IOS_WEB_NET_CERT_VERIFIER_BLOCK_ADAPTER_H_

7	7

8 #include "base/memory/scoped_ptr.h"	8 #include "base/memory/scoped_ptr.h"

9 #include "net/cert/cert_verifier.h"	9 #include "net/cert/cert_verifier.h"

	10 #include "net/cert/cert_verify_result.h"

10 #include "net/log/net_log.h"	11 #include "net/log/net_log.h"

11	12

12 namespace net {	13 namespace net {

13	14

14 class CertVerifyResult;

15 class CRLSet;	15 class CRLSet;

16 class X509Certificate;	16 class X509Certificate;

17	17

18 // Provides block-based interface for net::CertVerifier.	18 // Provides block-based interface for net::CertVerifier.

19 class CertVerifierBlockAdapter {	19 class CertVerifierBlockAdapter {

20 public:	20 public:

21 CertVerifierBlockAdapter();

22 // Constructs adapter with given \|CertVerifier\| which can not be null.	21 // Constructs adapter with given \|CertVerifier\| which can not be null.

23 CertVerifierBlockAdapter(scoped_ptr<CertVerifier> cert_verifier);	22 // CertVerifierBlockAdapter does NOT take ownership over \|cert_verifier\|.

	23 CertVerifierBlockAdapter(CertVerifier* cert_verifier);
	Ryan Sleevi 2015/08/06 03:07:08 BUG/STYLE: This should be explicit. BUG/STYLE: This should be explicit. Eugene But (OOO till 7-30) 2015/08/07 02:27:20 Acknowledged. This constructor now accepts 2 argum Show quoted text On 2015/08/06 03:07:08, Ryan Sleevi wrote: > BUG/STYLE: This should be explicit. Acknowledged. This constructor now accepts 2 arguments.
24	24

25 // When the verifier is destroyed, all certificate verification requests are	25 // When the verifier is destroyed, all certificate verification requests are

26 // canceled, and their completion handlers will not be called.	26 // canceled, and their completion handlers will not be called.

27 ~CertVerifierBlockAdapter();	27 ~CertVerifierBlockAdapter();

28	28

29 // Encapsulates verification parms. \|cert\| and \|hostname\| are mandatory, the	29 // Encapsulates verification parms. \|cert\| and \|hostname\| are mandatory, the

30 // other params are optional. If either of mandatory arguments is null or	30 // other params are optional. If either of mandatory arguments is null or

31 // empty then verification \|CompletionHandler\| will be called with	31 // empty then verification \|CompletionHandler\| will be called with

32 // ERR_INVALID_ARGUMENT status.	32 // ERR_INVALID_ARGUMENT status.

33 struct Params {	33 struct Params {

34 // Constructs Params from X509 cert and hostname, which are mandatory for	34 // Constructs Params from X509 cert and hostname, which are mandatory for

35 // verification.	35 // verification.

36 Params(scoped_refptr<net::X509Certificate> cert,	36 Params(scoped_refptr<net::X509Certificate> cert,

37 const std::string& hostname);	37 const std::string& hostname);

38 ~Params();	38 ~Params();

39	39

40 // Certificate to verify, can not be null.	40 // Certificate to verify, can not be null.

41 scoped_refptr<net::X509Certificate> cert;	41 scoped_refptr<net::X509Certificate> cert;

42	42

43 // Hostname as an SSL server, can not be empty.	43 // Hostname as an SSL server, can not be empty.

44 std::string hostname;	44 std::string hostname;

45	45

46 // If non-empty, is a stapled OCSP response to use.	46 // If non-empty, is a stapled OCSP response to use.

47 std::string ocsp_response;	47 std::string ocsp_response;

48	48

49 // Bitwise OR of CertVerifier::VerifyFlags.	49 // Bitwise OR of CertVerifier::VerifyFlags.

50 CertVerifier::VerifyFlags flags;	50 CertVerifier::VerifyFlags flags;
	Ryan Sleevi 2015/08/06 03:07:09 It's a bitwise or. It shouldn't be stored as an en It's a bitwise or. It shouldn't be stored as an enum, but as an int. Eugene But (OOO till 7-30) 2015/08/07 02:27:20 Done. Show quoted text On 2015/08/06 03:07:09, Ryan Sleevi wrote: > It's a bitwise or. It shouldn't be stored as an enum, but as an int. Done.
51	51

52 // An optional CRLSet structure which can be used to avoid revocation checks	52 // An optional CRLSet structure which can be used to avoid revocation checks

53 // over the network.	53 // over the network.

54 scoped_refptr<CRLSet> crl_set;	54 scoped_refptr<CRLSet> crl_set;

55 };	55 };

56	56

57 // Type of verification completion block. On success CertVerifyResult is not	57 // Type of verification completion block. On success status is OK, otherwise

58 // null and status is OK, otherwise CertVerifyResult is null and status is a	58 // status is a net error code and CertVerifyResult is not a valid object.

59 // net error code.	59 typedef void (^CompletionHandler)(CertVerifyResult, int status);
	Ryan Sleevi 2015/08/06 03:07:09 Do blocks not allow you to forward declare such st Do blocks not allow you to forward declare such structures? Eugene But (OOO till 7-30) 2015/08/07 02:27:20 No you can't forward declare this block without in Show quoted text On 2015/08/06 03:07:09, Ryan Sleevi wrote: > Do blocks not allow you to forward declare such structures? No you can't forward declare this block without including cert_verify_result.h, because block takes CertVerifyResult by value.
60 typedef void (^CompletionHandler)(scoped_ptr<CertVerifyResult>, int status);

61	60

62 // Verifies certificate with given \|params\|. \|completion_handler\| must not be	61 // Verifies certificate with given \|params\|. \|completion_handler\| must not be

63 // null and call be called either syncronously (in the same runloop) or	62 // null and call be called either syncronously (in the same runloop) or

64 // asyncronously.	63 // asyncronously.

65 void Verify(const Params& params, CompletionHandler completion_handler);	64 void Verify(const Params& params, CompletionHandler completion_handler);

66	65

67 private:	66 private:

68 // Underlying CertVerifier.	67 // Underlying weak CertVerifier.
	Ryan Sleevi 2015/08/06 03:07:08 Weak has a particular meaning in Chromium (c.f. We Weak has a particular meaning in Chromium (c.f. WeakPtr); this does not appear to be a common term in Chromium code, although I'm guessing you're using the iOS terminology. Eugene But (OOO till 7-30) 2015/08/07 02:27:20 Good catch. Changed to "unowned", because this is Show quoted text On 2015/08/06 03:07:08, Ryan Sleevi wrote: > Weak has a particular meaning in Chromium (c.f. WeakPtr); this does not appear > to be a common term in Chromium code, although I'm guessing you're using the iOS > terminology. Good catch. Changed to "unowned", because this is not a weak pointer even by iOS terminology.
69 scoped_ptr<CertVerifier> cert_verifier_;	68 CertVerifier* cert_verifier_;

70 // Net Log required by CertVerifier.	69 // Net Log required by CertVerifier.
	Ryan Sleevi 2015/08/06 03:07:09 This comment doesn't seem to help documentation mu This comment doesn't seem to help documentation much :/ Why are you creating your own NetLog? Why is the adapter-caller not supplying it as part of the Params / Verify call?
71 BoundNetLog net_log_;	70 BoundNetLog net_log_;

72 };	71 };

73	72

74 } // net	73 } // net

75	74

76 #endif // IOS_WEB_NET_CERT_VERIFIER_BLOCK_ADAPTER_H_	75 #endif // IOS_WEB_NET_CERT_VERIFIER_BLOCK_ADAPTER_H_

OLD	NEW

« no previous file with comments | « no previous file | ios/web/net/cert_verifier_block_adapter.cc » ('j') | ios/web/net/cert_verifier_block_adapter.cc » ('J')