Chromium Code Reviews
chromiumcodereview-hr@appspot.gserviceaccount.com (chromiumcodereview-hr) | Please choose your nickname with Settings | Help | Chromium Project | Gerrit Changes | Sign out
(190)

Issues Search
    My Issues | Starred     Open | Closed | All

Unified Diff: ios/web/web_state/ui/crw_wk_web_view_web_controller.mm

Issue 1230033005: WKWebView: Added cert verification API to web controller. (Closed) Base URL: https://chromium.googlesource.com/chromium/src.git@master
Patch Set: Created 5 years, 5 months ago
Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.
Jump to:
View side-by-side diff with in-line comments
Download patch
« no previous file with comments | « no previous file | no next file » | no next file with comments »
Expand Comments ('e') | Collapse Comments ('c') | Show Comments Hide Comments ('s')
Index: ios/web/web_state/ui/crw_wk_web_view_web_controller.mm
diff --git a/ios/web/web_state/ui/crw_wk_web_view_web_controller.mm b/ios/web/web_state/ui/crw_wk_web_view_web_controller.mm
index 92841bc329fbb04fcbab4a3bc5a7ca8168c20ef1..14995f27e3316a0c062ea0191b0e1a1372766ba6 100644
--- a/ios/web/web_state/ui/crw_wk_web_view_web_controller.mm
+++ b/ios/web/web_state/ui/crw_wk_web_view_web_controller.mm
@@ -17,6 +17,7 @@
#import "ios/web/crw_network_activity_indicator_manager.h"
#import "ios/web/navigation/crw_session_controller.h"
#include "ios/web/navigation/web_load_params.h"
+#include "ios/web/net/cert_verifier_block_adapter.h"
#include "ios/web/public/web_client.h"
#import "ios/web/public/web_state/js/crw_js_injection_manager.h"
#import "ios/web/public/web_state/ui/crw_native_content_provider.h"
@@ -35,6 +36,8 @@
#import "ios/web/web_state/web_view_internal_creation_util.h"
#import "ios/web/webui/crw_web_ui_manager.h"
#import "net/base/mac/url_conversions.h"
+#include "net/cert/cert_verify_result.h"
+#include "net/ssl/ssl_config_service.h"
#if !defined(ENABLE_CHROME_NET_STACK_FOR_WKWEBVIEW)
#include "ios/web/public/cert_store.h"
@@ -124,6 +127,9 @@ WKWebViewErrorSource WKWebViewErrorSourceFromError(NSError* error) {
// CRWWebUIManager object for loading WebUI pages.
base::scoped_nsobject<CRWWebUIManager> _webUIManager;
+
+ // Cert verification object which wraps net::CertVerifier.
+ net::CertVerifierBlockAdapter _certVerifier;
}
// Response's MIME type of the last known navigation.
@@ -226,6 +232,13 @@ WKWebViewErrorSource WKWebViewErrorSourceFromError(NSError* error) {
// Attempts to handle a script message. Returns YES on success, NO otherwise.
- (BOOL)respondToWKScriptMessage:(WKScriptMessage*)scriptMessage;
+// Verifies the given |cert| for the given |host| and calls |block| on
+// completion. |block| can not be null and may be called either synchronously or
+// asynchronously.
+- (void)verifyCert:(scoped_refptr<net::X509Certificate>)cert
+ forHost:(NSString*)host
+ completionHandler:(void (^)(scoped_ptr<net::CertVerifyResult>, int))block;
+
#if !defined(ENABLE_CHROME_NET_STACK_FOR_WKWEBVIEW)
// Called when WKWebView estimatedProgress has been changed.
- (void)webViewEstimatedProgressDidChange;
@@ -808,6 +821,18 @@ WKWebViewErrorSource WKWebViewErrorSourceFromError(NSError* error) {
: [super selectorToHandleJavaScriptCommand:command];
}
+- (void)verifyCert:(scoped_refptr<net::X509Certificate>)cert
+ forHost:(NSString*)host
+ completionHandler:(void (^)(scoped_ptr<net::CertVerifyResult>, int))block {
+ DCHECK(block);
+ std::string hostname = base::SysNSStringToUTF8(host);
+ net::CertVerifierBlockAdapter::Params params(cert, hostname);
+ params.ocsp_response == ""; // Not provided by iOS API.
+ params.flags = net::CertVerifier::VERIFY_CERT_IO_ENABLED;
+ params.crl_set = net::SSLConfigService::GetCRLSet().Pass();
+ _certVerifier.Verify(params, block);
+}
+
#pragma mark -
#pragma mark JavaScript message handlers
@@ -1114,8 +1139,21 @@ WKWebViewErrorSource WKWebViewErrorSourceFromError(NSError* error) {
completionHandler:
(void (^)(NSURLSessionAuthChallengeDisposition disposition,
NSURLCredential *credential))completionHandler {
- NOTIMPLEMENTED();
- completionHandler(NSURLSessionAuthChallengeRejectProtectionSpace, nil);
+ SecTrustRef trust = challenge.protectionSpace.serverTrust;
+ scoped_refptr<net::X509Certificate> cert = web::CreateCertFromTrust(trust);
+ [self verifyCert:cert
Eugene But (OOO till 7-30) 2015/07/10 19:42:02 At the moment CertVerifier DCHECKs on null cert or
Eugene But (OOO till 7-30) 2015/07/13 16:49:51 Please ignore this comment. cl/1231783003 has land
+ forHost:challenge.protectionSpace.host
+ completionHandler:^(scoped_ptr<net::CertVerifyResult> result,
+ int status) {
+ DCHECK(result || status);
+ if (result && !net::IsCertStatusError(result->cert_status)) {
+ // Cert is valid.
+ } else {
+ // Cert is invalid.
+ }
+ NOTIMPLEMENTED();
+ completionHandler(NSURLSessionAuthChallengeRejectProtectionSpace, nil);
+ }];
}
- (void)webViewWebContentProcessDidTerminate:(WKWebView*)webView {
« no previous file with comments | « no previous file | no next file » | no next file with comments »

Powered by Google App Engine
This is Rietveld 408576698