OLD | NEW |
1 // Copyright 2015 The Chromium Authors. All rights reserved. | 1 // Copyright 2015 The Chromium Authors. All rights reserved. |
2 // Use of this source code is governed by a BSD-style license that can be | 2 // Use of this source code is governed by a BSD-style license that can be |
3 // found in the LICENSE file. | 3 // found in the LICENSE file. |
4 | 4 |
5 #ifndef IOS_WEB_NET_CERT_VERIFIER_BLOCK_ADAPTER_H_ | 5 #ifndef IOS_WEB_NET_CERT_VERIFIER_BLOCK_ADAPTER_H_ |
6 #define IOS_WEB_NET_CERT_VERIFIER_BLOCK_ADAPTER_H_ | 6 #define IOS_WEB_NET_CERT_VERIFIER_BLOCK_ADAPTER_H_ |
7 | 7 |
8 #include "base/memory/scoped_ptr.h" | 8 #include "base/memory/scoped_ptr.h" |
9 #include "base/memory/scoped_vector.h" | |
10 #include "base/threading/thread_checker.h" | |
11 #include "net/cert/cert_verifier.h" | 9 #include "net/cert/cert_verifier.h" |
12 #include "net/cert/cert_verify_result.h" | 10 #include "net/log/net_log.h" |
13 | 11 |
14 namespace net { | 12 namespace net { |
| 13 |
| 14 class CertVerifyResult; |
15 class CRLSet; | 15 class CRLSet; |
16 class NetLog; | |
17 class X509Certificate; | 16 class X509Certificate; |
18 } // namespace net | |
19 | 17 |
20 namespace web { | 18 // Provides block-based interface for net::CertVerifier. |
21 | |
22 // Provides block-based interface for |net::CertVerifier|. This class must be | |
23 // created and used on the same thread where the |net::CertVerifier| was | |
24 // created. | |
25 class CertVerifierBlockAdapter { | 19 class CertVerifierBlockAdapter { |
26 public: | 20 public: |
27 // Constructs adapter with given |CertVerifier| and |NetLog|, both can not be | 21 CertVerifierBlockAdapter(); |
28 // null. CertVerifierBlockAdapter does NOT take ownership of |cert_verifier| | 22 // Constructs adapter with given |CertVerifier| which can not be null. |
29 // and |net_log|. | 23 CertVerifierBlockAdapter(scoped_ptr<CertVerifier> cert_verifier); |
30 CertVerifierBlockAdapter(net::CertVerifier* cert_verifier, | |
31 net::NetLog* net_log); | |
32 | 24 |
33 // When the verifier is destroyed, all certificate verification requests are | 25 // When the verifier is destroyed, all certificate verification requests are |
34 // canceled, and their completion handlers will not be called. | 26 // canceled, and their completion handlers will not be called. |
35 ~CertVerifierBlockAdapter(); | 27 ~CertVerifierBlockAdapter(); |
36 | 28 |
37 // Encapsulates verification params. |cert| and |hostname| are mandatory, the | 29 // Encapsulates verification parms. |cert| and |hostname| are mandatory, the |
38 // other params are optional. If either of mandatory arguments is null or | 30 // other params are optional. If either of mandatory arguments is null or |
39 // empty then verification |CompletionHandler| will be called with | 31 // empty then verification |CompletionHandler| will be called with |
40 // ERR_INVALID_ARGUMENT |error|. | 32 // ERR_INVALID_ARGUMENT status. |
41 struct Params { | 33 struct Params { |
42 // Constructs Params from X509 cert and hostname, which are mandatory for | 34 // Constructs Params from X509 cert and hostname, which are mandatory for |
43 // verification. | 35 // verification. |
44 Params(const scoped_refptr<net::X509Certificate>& cert, | 36 Params(scoped_refptr<net::X509Certificate> cert, |
45 const std::string& hostname); | 37 const std::string& hostname); |
46 ~Params(); | 38 ~Params(); |
47 | 39 |
48 // Certificate to verify, can not be null. | 40 // Certificate to verify, can not be null. |
49 scoped_refptr<net::X509Certificate> cert; | 41 scoped_refptr<net::X509Certificate> cert; |
50 | 42 |
51 // Hostname as an SSL server, can not be empty. | 43 // Hostname as an SSL server, can not be empty. |
52 std::string hostname; | 44 std::string hostname; |
53 | 45 |
54 // If non-empty, is a stapled OCSP response to use. | 46 // If non-empty, is a stapled OCSP response to use. |
55 std::string ocsp_response; | 47 std::string ocsp_response; |
56 | 48 |
57 // Bitwise OR of |net::CertVerifier::VerifyFlags|. | 49 // Bitwise OR of CertVerifier::VerifyFlags. |
58 int flags; | 50 CertVerifier::VerifyFlags flags; |
59 | 51 |
60 // An optional |net::CRLSet| structure which can be used to avoid revocation | 52 // An optional CRLSet structure which can be used to avoid revocation checks |
61 // checks over the network. | 53 // over the network. |
62 scoped_refptr<net::CRLSet> crl_set; | 54 scoped_refptr<CRLSet> crl_set; |
63 }; | 55 }; |
64 | 56 |
65 // Type of verification completion block. If cert is successfully validated | 57 // Type of verification completion block. On success CertVerifyResult is not |
66 // |error| is OK, otherwise |error| is a net error code. | 58 // null and status is OK, otherwise CertVerifyResult is null and status is a |
67 typedef void (^CompletionHandler)(net::CertVerifyResult result, int error); | 59 // net error code. |
| 60 typedef void (^CompletionHandler)(scoped_ptr<CertVerifyResult>, int status); |
68 | 61 |
69 // Verifies certificate with given |params|. |completion_handler| must not be | 62 // Verifies certificate with given |params|. |completion_handler| must not be |
70 // null and can be called either synchronously (in the same runloop) or | 63 // null and call be called either syncronously (in the same runloop) or |
71 // asynchronously. | 64 // asyncronously. |
72 void Verify(const Params& params, CompletionHandler completion_handler); | 65 void Verify(const Params& params, CompletionHandler completion_handler); |
73 | 66 |
74 private: | 67 private: |
75 // Pending verification requests. Request must be alive until verification is | 68 // Underlying CertVerifier. |
76 // completed, otherwise verification operation will be cancelled. | 69 scoped_ptr<CertVerifier> cert_verifier_; |
77 ScopedVector<net::CertVerifier::Request> pending_requests_; | 70 // Net Log required by CertVerifier. |
78 // Underlying unowned CertVerifier. | 71 BoundNetLog net_log_; |
79 net::CertVerifier* cert_verifier_; | |
80 // Unowned NetLog required by CertVerifier. | |
81 net::NetLog* net_log_; | |
82 // CertVerifierBlockAdapter should be used on the same thread where it was | |
83 // created. | |
84 base::ThreadChecker thread_checker_; | |
85 }; | 72 }; |
86 | 73 |
87 } // namespace web | 74 } // net |
88 | 75 |
89 #endif // IOS_WEB_NET_CERT_VERIFIER_BLOCK_ADAPTER_H_ | 76 #endif // IOS_WEB_NET_CERT_VERIFIER_BLOCK_ADAPTER_H_ |
OLD | NEW |