| OLD | NEW |
|---|
| 1 // Copyright 2015 The Chromium Authors. All rights reserved. | 1 // Copyright 2015 The Chromium Authors. All rights reserved. |
| 2 // Use of this source code is governed by a BSD-style license that can be | 2 // Use of this source code is governed by a BSD-style license that can be |
| 3 // found in the LICENSE file. | 3 // found in the LICENSE file. |
| 4 | 4 |
| 5 #ifndef IOS_WEB_NET_CRW_CERT_VERIFICATION_CONTROLLER_H_ | 5 #ifndef IOS_WEB_NET_CRW_CERT_VERIFICATION_CONTROLLER_H_ |
| 6 #define IOS_WEB_NET_CRW_CERT_VERIFICATION_CONTROLLER_H_ | 6 #define IOS_WEB_NET_CRW_CERT_VERIFICATION_CONTROLLER_H_ |
| 7 | 7 |
| 8 #import <Foundation/Foundation.h> | 8 #import <Foundation/Foundation.h> |
| 9 | 9 |
| 10 #import "base/memory/ref_counted.h" | 10 #import "base/memory/ref_counted.h" |
| 11 #include "ios/web/public/security_style.h" | 11 #include "ios/web/public/security_style.h" |
| 12 #include "net/cert/cert_status_flags.h" | 12 #include "net/cert/cert_status_flags.h" |
| 13 | 13 |
| 14 namespace net { | 14 namespace net { |
| 15 class X509Certificate; | 15 class X509Certificate; |
| 16 } | 16 } |
| 17 | 17 |
| 18 namespace web { | 18 namespace web { |
| 19 | 19 |
| 20 class BrowserState; | 20 class BrowserState; |
| 21 | 21 |
| 22 // Accept policy for valid or invalid SSL cert. | 22 // Accept policy for valid or invalid SSL cert. |
| 23 typedef NS_ENUM(NSInteger, CertAcceptPolicy) { | 23 typedef NS_ENUM(NSInteger, CertAcceptPolicy) { |
| 24 // Cert status can't be determined due to an error. Caller should not proceed | 24 // Cert status can't be determined due to an error. Caller should not proceed |
| 25 // with the load, but show net error page instead. | 25 // with the load, but show net error page instead. |
| 26 CERT_ACCEPT_POLICY_NON_RECOVERABLE_ERROR = 0, | 26 CERT_ACCEPT_POLICY_NON_RECOVERABLE_ERROR = 0, |
| 27 // Cert is not valid. Caller may present SSL warning and ask user if they | 27 // Cert is not valid. Caller may present SSL warning and ask user if they |
| 28 // want to proceed with the load. | 28 // want to proceed with the load. |
| 29 CERT_ACCEPT_POLICY_RECOVERABLE_ERROR, | 29 CERT_ACCEPT_POLICY_RECOVERABLE_ERROR_NOT_ACCEPTED_BY_USER, |
| 30 // Cert is not valid. However caller should proceed with the load, because |
| 31 // user has decided to proceed with this invalid cert. |
| 32 CERT_ACCEPT_POLICY_RECOVERABLE_ERROR_ACCEPTED_BY_USER, |
| 30 // Cert is valid. Caller should proceed with the load. | 33 // Cert is valid. Caller should proceed with the load. |
| 31 CERT_ACCEPT_POLICY_ALLOW, | 34 CERT_ACCEPT_POLICY_ALLOW, |
| 32 }; | 35 }; |
| 33 | 36 |
| 34 // Completion handler called by decidePolicyForCert:host:completionHandler:. | 37 // Completion handler called by decideLoadPolicyForTrust:host:completionHandler. |
| 35 typedef void (^PolicyDecisionHandler)(web::CertAcceptPolicy, net::CertStatus); | 38 typedef void (^PolicyDecisionHandler)(web::CertAcceptPolicy, net::CertStatus); |
| 36 // Completion handler called by decidePolicyForCert:host:completionHandler:. | 39 // Completion handler called by decidePolicyForCert:host:completionHandler:. |
| 37 typedef void (^StatusQueryHandler)(web::SecurityStyle, net::CertStatus); | 40 typedef void (^StatusQueryHandler)(web::SecurityStyle, net::CertStatus); |
| 38 | 41 |
| 39 } // namespace web | 42 } // namespace web |
| 40 | 43 |
| 41 // Provides various cert verification API that can be used for blocking requests | 44 // Provides various cert verification API that can be used for blocking requests |
| 42 // with bad SSL cert, presenting SSL interstitials and determining SSL status | 45 // with bad SSL cert, presenting SSL interstitials and determining SSL status |
| 43 // for Navigation Items. Must be used on UI thread. | 46 // for Navigation Items. Must be used on UI thread. |
| 44 @interface CRWCertVerificationController : NSObject | 47 @interface CRWCertVerificationController : NSObject |
| 45 | 48 |
| 46 - (instancetype)init NS_UNAVAILABLE; | 49 - (instancetype)init NS_UNAVAILABLE; |
| 47 | 50 |
| 48 // Initializes CRWCertVerificationController with the given |browserState| which | 51 // Initializes CRWCertVerificationController with the given |browserState| which |
| 49 // cannot be null and must outlive CRWCertVerificationController. | 52 // cannot be null and must outlive CRWCertVerificationController. |
| 50 - (instancetype)initWithBrowserState:(web::BrowserState*)browserState | 53 - (instancetype)initWithBrowserState:(web::BrowserState*)browserState |
| 51 NS_DESIGNATED_INITIALIZER; | 54 NS_DESIGNATED_INITIALIZER; |
| 52 | 55 |
| 53 // TODO(eugenebut): add API for: | 56 // Decides the policy for the given |serverTrust| and the given |host| and calls |
| 54 // - accepting bad SSL cert using CertPolicyCache | 57 // |completionHandler| on completion. |host| should be in DNS form |
| 55 | |
| 56 // Decides the policy for the given |cert| for the given |host| and calls | |
| 57 // |completionHandler| on completion. |host| should be in DNS form | |
| 58 // (f.e. for "http://名がドメイン.com", it should be "xn--v8jxj3d1dzdz08w.com"). | 58 // (f.e. for "http://名がドメイン.com", it should be "xn--v8jxj3d1dzdz08w.com"). |
| 59 // |completionHandler| cannot be null and will be called synchronously or | 59 // |completionHandler| cannot be null and will be called synchronously or |
| 60 // asynchronously on UI thread. | 60 // asynchronously on UI thread. |
| 61 - (void)decidePolicyForCert:(const scoped_refptr<net::X509Certificate>&)cert | 61 - (void)decideLoadPolicyForTrust:(SecTrustRef)serverTrust |
| 62 host:(NSString*)host | 62 host:(NSString*)host |
| 63 completionHandler:(web::PolicyDecisionHandler)completionHandler; | 63 completionHandler:(web::PolicyDecisionHandler)completionHandler; |
| 64 | 64 |
| 65 // Asynchronously returns web::SecurityStyle and net::CertStatus for the given | 65 // Asynchronously returns web::SecurityStyle and net::CertStatus for the given |
| 66 // |certificateChain| (an NSArray of SecSertificateRef objects) and |host|. | 66 // |certificateChain| (an NSArray of SecSertificateRef objects) and |host|. |
| 67 // |certificateChain| cannot be null or empty. |host| should be in DNS form. | 67 // |certificateChain| cannot be null or empty. |host| should be in DNS form. |
| 68 - (void)querySSLStatusForCertChain:(NSArray*)certChain | 68 - (void)querySSLStatusForCertChain:(NSArray*)certChain |
| 69 host:(NSString*)host | 69 host:(NSString*)host |
| 70 completionHandler:(web::StatusQueryHandler)completionHandler; | 70 completionHandler:(web::StatusQueryHandler)completionHandler; |
| 71 | 71 |
| 72 // Records that |leafCert| is permitted to be used for |host| in the future. |
| 73 // |host| should be in DNS form. |leafCert| must not contain any intermidiate |
| 74 // certs. |
| 75 - (void)allowCert:(scoped_refptr<net::X509Certificate>)leafCert |
| 76 forHost:(NSString*)host |
| 77 status:(net::CertStatus)status; |
| 78 |
| 72 // Cancels all pending verification requests. Completion handlers will not be | 79 // Cancels all pending verification requests. Completion handlers will not be |
| 73 // called after |shutDown| call. Must always be called before object's | 80 // called after |shutDown| call. Must always be called before object's |
| 74 // deallocation. | 81 // deallocation. |
| 75 - (void)shutDown; | 82 - (void)shutDown; |
| 76 | 83 |
| 77 @end | 84 @end |
| 78 | 85 |
| 79 #endif // IOS_WEB_NET_CRW_CERT_VERIFICATION_CONTROLLER_H_ | 86 #endif // IOS_WEB_NET_CRW_CERT_VERIFICATION_CONTROLLER_H_ |
| OLD | NEW |
|---|
Chromium Code Reviews
Issue 1357773002:
WKWebView: Implemented recoverable SSL interstitials. (Closed)
Base URL: https://chromium.googlesource.com/chromium/src.git@lock_coloring