Chromium Code Reviews Chromium Code Reviews
Issue 1230033005:
WKWebView: Added cert verification API to web controller. (Closed)
Base URL: https://chromium.googlesource.com/chromium/src.git@master| Index: ios/web/net/cert_verifier_block_adapter.h |
| diff --git a/ios/web/net/cert_verifier_block_adapter.h b/ios/web/net/cert_verifier_block_adapter.h |
| index ee9829e68c4db76564129da3192602ef7b3d9b6c..5a7e2ab62f62eb28fd5552dbe5d3731e04818874 100644 |
| --- a/ios/web/net/cert_verifier_block_adapter.h |
| +++ b/ios/web/net/cert_verifier_block_adapter.h |
| @@ -6,27 +6,29 @@ |
| #define IOS_WEB_NET_CERT_VERIFIER_BLOCK_ADAPTER_H_ |
| #include "base/memory/scoped_ptr.h" |
| +#include "base/memory/scoped_vector.h" |
| #include "net/cert/cert_verifier.h" |
| +#include "net/cert/cert_verify_result.h" |
| #include "net/log/net_log.h" |
| namespace net { |
| -class CertVerifyResult; |
| class CRLSet; |
| class X509Certificate; |
| // Provides block-based interface for net::CertVerifier. |
| class CertVerifierBlockAdapter { |
| public: |
| - CertVerifierBlockAdapter(); |
| - // Constructs adapter with given |CertVerifier| which can not be null. |
| - CertVerifierBlockAdapter(scoped_ptr<CertVerifier> cert_verifier); |
| + // Constructs adapter with given |CertVerifier| and |NetLog| which can not be |
| + // null. CertVerifierBlockAdapter does NOT take ownership over |cert_verifier| |
| + // and |net_log|. |
| + CertVerifierBlockAdapter(CertVerifier* cert_verifier, NetLog* net_log); |
| // When the verifier is destroyed, all certificate verification requests are |
| // canceled, and their completion handlers will not be called. |
| ~CertVerifierBlockAdapter(); |
| - // Encapsulates verification parms. |cert| and |hostname| are mandatory, the |
| + // Encapsulates verification params. |cert| and |hostname| are mandatory, the |
| // other params are optional. If either of mandatory arguments is null or |
| // empty then verification |CompletionHandler| will be called with |
| // ERR_INVALID_ARGUMENT status. |
| @@ -47,27 +49,29 @@ class CertVerifierBlockAdapter { |
| std::string ocsp_response; |
| // Bitwise OR of CertVerifier::VerifyFlags. |
| - CertVerifier::VerifyFlags flags; |
| + int flags; |
| // An optional CRLSet structure which can be used to avoid revocation checks |
| // over the network. |
| scoped_refptr<CRLSet> crl_set; |
| }; |
| - // Type of verification completion block. On success CertVerifyResult is not |
| - // null and status is OK, otherwise CertVerifyResult is null and status is a |
| - // net error code. |
| - typedef void (^CompletionHandler)(scoped_ptr<CertVerifyResult>, int status); |
| + // Type of verification completion block. On success status is OK, otherwise |
| + // status is a net error code and CertVerifyResult is not a valid object. |
| + typedef void (^CompletionHandler)(CertVerifyResult, int status); |
| // Verifies certificate with given |params|. |completion_handler| must not be |
| - // null and call be called either syncronously (in the same runloop) or |
| - // asyncronously. |
| + // null and call be called either synchronously (in the same runloop) or |
| + // asynchronously. |
|
Ryan Sleevi
2015/08/07 21:52:12
Does this API requirement match SecTrust's?
If th
Eugene But (OOO till 7-30)
2015/08/12 22:00:38
SecTrustEvaluateAsync always calls block asynchron
|
| void Verify(const Params& params, CompletionHandler completion_handler); |
| private: |
| - // Underlying CertVerifier. |
| - scoped_ptr<CertVerifier> cert_verifier_; |
| - // Net Log required by CertVerifier. |
| + // Pending verification requests. Request must be alive until verification is |
| + // completed, otherwise verification operation will be cancelled. |
| + ScopedVector<CertVerifier::Request> pending_requests_; |
| + // Underlying unowned CertVerifier. |
| + CertVerifier* cert_verifier_; |
| + // BoundNetLog required by CertVerifier. |
| BoundNetLog net_log_; |
| }; |
