Index: ios/web/net/cert_verifier_block_adapter.h |
diff --git a/ios/web/net/cert_verifier_block_adapter.h b/ios/web/net/cert_verifier_block_adapter.h |
index ee9829e68c4db76564129da3192602ef7b3d9b6c..5a7e2ab62f62eb28fd5552dbe5d3731e04818874 100644 |
--- a/ios/web/net/cert_verifier_block_adapter.h |
+++ b/ios/web/net/cert_verifier_block_adapter.h |
@@ -6,27 +6,29 @@ |
#define IOS_WEB_NET_CERT_VERIFIER_BLOCK_ADAPTER_H_ |
#include "base/memory/scoped_ptr.h" |
+#include "base/memory/scoped_vector.h" |
#include "net/cert/cert_verifier.h" |
+#include "net/cert/cert_verify_result.h" |
#include "net/log/net_log.h" |
namespace net { |
-class CertVerifyResult; |
class CRLSet; |
class X509Certificate; |
// Provides block-based interface for net::CertVerifier. |
class CertVerifierBlockAdapter { |
public: |
- CertVerifierBlockAdapter(); |
- // Constructs adapter with given |CertVerifier| which can not be null. |
- CertVerifierBlockAdapter(scoped_ptr<CertVerifier> cert_verifier); |
+ // Constructs adapter with given |CertVerifier| and |NetLog| which can not be |
+ // null. CertVerifierBlockAdapter does NOT take ownership over |cert_verifier| |
+ // and |net_log|. |
+ CertVerifierBlockAdapter(CertVerifier* cert_verifier, NetLog* net_log); |
// When the verifier is destroyed, all certificate verification requests are |
// canceled, and their completion handlers will not be called. |
~CertVerifierBlockAdapter(); |
- // Encapsulates verification parms. |cert| and |hostname| are mandatory, the |
+ // Encapsulates verification params. |cert| and |hostname| are mandatory, the |
// other params are optional. If either of mandatory arguments is null or |
// empty then verification |CompletionHandler| will be called with |
// ERR_INVALID_ARGUMENT status. |
@@ -47,27 +49,29 @@ class CertVerifierBlockAdapter { |
std::string ocsp_response; |
// Bitwise OR of CertVerifier::VerifyFlags. |
- CertVerifier::VerifyFlags flags; |
+ int flags; |
// An optional CRLSet structure which can be used to avoid revocation checks |
// over the network. |
scoped_refptr<CRLSet> crl_set; |
}; |
- // Type of verification completion block. On success CertVerifyResult is not |
- // null and status is OK, otherwise CertVerifyResult is null and status is a |
- // net error code. |
- typedef void (^CompletionHandler)(scoped_ptr<CertVerifyResult>, int status); |
+ // Type of verification completion block. On success status is OK, otherwise |
+ // status is a net error code and CertVerifyResult is not a valid object. |
+ typedef void (^CompletionHandler)(CertVerifyResult, int status); |
// Verifies certificate with given |params|. |completion_handler| must not be |
- // null and call be called either syncronously (in the same runloop) or |
- // asyncronously. |
+ // null and call be called either synchronously (in the same runloop) or |
+ // asynchronously. |
Ryan Sleevi
2015/08/07 21:52:12
Does this API requirement match SecTrust's?
If th
Eugene But (OOO till 7-30)
2015/08/12 22:00:38
SecTrustEvaluateAsync always calls block asynchron
|
void Verify(const Params& params, CompletionHandler completion_handler); |
private: |
- // Underlying CertVerifier. |
- scoped_ptr<CertVerifier> cert_verifier_; |
- // Net Log required by CertVerifier. |
+ // Pending verification requests. Request must be alive until verification is |
+ // completed, otherwise verification operation will be cancelled. |
+ ScopedVector<CertVerifier::Request> pending_requests_; |
+ // Underlying unowned CertVerifier. |
+ CertVerifier* cert_verifier_; |
+ // BoundNetLog required by CertVerifier. |
BoundNetLog net_log_; |
}; |