| OLD | NEW |
|---|
| 1 // Copyright 2015 The Chromium Authors. All rights reserved. | 1 // Copyright 2015 The Chromium Authors. All rights reserved. |
| 2 // Use of this source code is governed by a BSD-style license that can be | 2 // Use of this source code is governed by a BSD-style license that can be |
| 3 // found in the LICENSE file. | 3 // found in the LICENSE file. |
| 4 | 4 |
| 5 #import "ios/web/net/crw_cert_verification_controller.h" | 5 #import "ios/web/net/crw_cert_verification_controller.h" |
| 6 | 6 |
| 7 #include <memory> | 7 #include <memory> |
| 8 | 8 |
| 9 #include "base/ios/block_types.h" | 9 #include "base/ios/block_types.h" |
| 10 #include "base/logging.h" | 10 #include "base/logging.h" |
| (...skipping 111 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 122 // Store user decisions with the leaf cert, ignoring any intermediates. | 122 // Store user decisions with the leaf cert, ignoring any intermediates. |
| 123 // This is because WKWebView returns the verified certificate chain in | 123 // This is because WKWebView returns the verified certificate chain in |
| 124 // |webView:didReceiveAuthenticationChallenge:completionHandler:|, | 124 // |webView:didReceiveAuthenticationChallenge:completionHandler:|, |
| 125 // but the server-supplied chain in | 125 // but the server-supplied chain in |
| 126 // |webView:didFailProvisionalNavigation:withError:|. | 126 // |webView:didFailProvisionalNavigation:withError:|. |
| 127 if (!cert->GetIntermediateCertificates().empty()) { | 127 if (!cert->GetIntermediateCertificates().empty()) { |
| 128 cert = net::X509Certificate::CreateFromHandle( | 128 cert = net::X509Certificate::CreateFromHandle( |
| 129 cert->os_cert_handle(), net::X509Certificate::OSCertHandles()); | 129 cert->os_cert_handle(), net::X509Certificate::OSCertHandles()); |
| 130 } | 130 } |
| 131 DCHECK(cert->GetIntermediateCertificates().empty()); | 131 DCHECK(cert->GetIntermediateCertificates().empty()); |
| 132 web::WebThread::PostTask(web::WebThread::IO, FROM_HERE, base::BindBlock(^{ | 132 web::WebThread::PostTask(web::WebThread::IO, FROM_HERE, base::BindBlockArc(^{ |
| 133 _certPolicyCache->AllowCertForHost( | 133 _certPolicyCache->AllowCertForHost( |
| 134 cert.get(), base::SysNSStringToUTF8(host), status); | 134 cert.get(), base::SysNSStringToUTF8(host), |
| 135 })); | 135 status); |
| 136 })); |
| 136 } | 137 } |
| 137 | 138 |
| 138 #pragma mark - Private | 139 #pragma mark - Private |
| 139 | 140 |
| 140 - (net::CertStatus)certStatusFromTrustResult:(SecTrustResultType)trustResult | 141 - (net::CertStatus)certStatusFromTrustResult:(SecTrustResultType)trustResult |
| 141 serverTrust: | 142 serverTrust: |
| 142 (base::ScopedCFTypeRef<SecTrustRef>)trust { | 143 (base::ScopedCFTypeRef<SecTrustRef>)trust { |
| 143 net::CertStatus certStatus = net::CertStatus(); | 144 net::CertStatus certStatus = net::CertStatus(); |
| 144 switch (trustResult) { | 145 switch (trustResult) { |
| 145 case kSecTrustResultProceed: | 146 case kSecTrustResultProceed: |
| (...skipping 12 matching lines...) Expand all Loading... |
| 158 return certStatus; | 159 return certStatus; |
| 159 } | 160 } |
| 160 | 161 |
| 161 - (void) | 162 - (void) |
| 162 decideLoadPolicyForRejectedTrustResult:(SecTrustResultType)trustResult | 163 decideLoadPolicyForRejectedTrustResult:(SecTrustResultType)trustResult |
| 163 serverTrust:(base::ScopedCFTypeRef<SecTrustRef>)trust | 164 serverTrust:(base::ScopedCFTypeRef<SecTrustRef>)trust |
| 164 host:(NSString*)host | 165 host:(NSString*)host |
| 165 completionHandler:(web::PolicyDecisionHandler)handler { | 166 completionHandler:(web::PolicyDecisionHandler)handler { |
| 166 DCHECK_CURRENTLY_ON(web::WebThread::UI); | 167 DCHECK_CURRENTLY_ON(web::WebThread::UI); |
| 167 DCHECK(handler); | 168 DCHECK(handler); |
| 168 web::WebThread::PostTask(web::WebThread::IO, FROM_HERE, base::BindBlock(^{ | 169 web::WebThread::PostTask( |
| 169 // |loadPolicyForRejectedTrustResult:certStatus:serverTrust:host:| can | 170 web::WebThread::IO, FROM_HERE, base::BindBlockArc(^{ |
| 170 // only be called on IO thread. | 171 // |loadPolicyForRejectedTrustResult:certStatus:serverTrust:host:| can |
| 171 net::CertStatus certStatus = | 172 // only be called on IO thread. |
| 172 [self certStatusFromTrustResult:trustResult serverTrust:trust]; | 173 net::CertStatus certStatus = |
| 174 [self certStatusFromTrustResult:trustResult serverTrust:trust]; |
| 173 | 175 |
| 174 web::CertAcceptPolicy policy = | 176 web::CertAcceptPolicy policy = |
| 175 [self loadPolicyForRejectedTrustResult:trustResult | 177 [self loadPolicyForRejectedTrustResult:trustResult |
| 176 certStatus:certStatus | 178 certStatus:certStatus |
| 177 serverTrust:trust.get() | 179 serverTrust:trust.get() |
| 178 host:host]; | 180 host:host]; |
| 179 | 181 |
| 180 web::WebThread::PostTask(web::WebThread::UI, FROM_HERE, base::BindBlock(^{ | 182 web::WebThread::PostTask(web::WebThread::UI, FROM_HERE, |
| 181 handler(policy, certStatus); | 183 base::BindBlockArc(^{ |
| 182 })); | 184 handler(policy, certStatus); |
| 183 })); | 185 })); |
| 186 })); |
| 184 } | 187 } |
| 185 | 188 |
| 186 - (void)verifyTrust:(base::ScopedCFTypeRef<SecTrustRef>)trust | 189 - (void)verifyTrust:(base::ScopedCFTypeRef<SecTrustRef>)trust |
| 187 completionHandler:(void (^)(SecTrustResultType))completionHandler { | 190 completionHandler:(void (^)(SecTrustResultType))completionHandler { |
| 188 DCHECK_CURRENTLY_ON(web::WebThread::UI); | 191 DCHECK_CURRENTLY_ON(web::WebThread::UI); |
| 189 DCHECK(completionHandler); | 192 DCHECK(completionHandler); |
| 190 // SecTrustEvaluate performs trust evaluation synchronously, possibly making | 193 // SecTrustEvaluate performs trust evaluation synchronously, possibly making |
| 191 // network requests. The UI thread should not be blocked by that operation. | 194 // network requests. The UI thread should not be blocked by that operation. |
| 192 base::WorkerPool::PostTask(FROM_HERE, base::BindBlock(^{ | 195 base::WorkerPool::PostTask( |
| 193 SecTrustResultType trustResult = kSecTrustResultInvalid; | 196 FROM_HERE, base::BindBlockArc(^{ |
| 194 if (SecTrustEvaluate(trust.get(), &trustResult) != errSecSuccess) { | 197 SecTrustResultType trustResult = kSecTrustResultInvalid; |
| 195 trustResult = kSecTrustResultInvalid; | 198 if (SecTrustEvaluate(trust.get(), &trustResult) != errSecSuccess) { |
| 196 } | 199 trustResult = kSecTrustResultInvalid; |
| 197 web::WebThread::PostTask(web::WebThread::UI, FROM_HERE, base::BindBlock(^{ | 200 } |
| 198 completionHandler(trustResult); | 201 web::WebThread::PostTask(web::WebThread::UI, FROM_HERE, |
| 199 })); | 202 base::BindBlockArc(^{ |
| 200 }), false /* task_is_slow */); | 203 completionHandler(trustResult); |
| 204 })); |
| 205 }), |
| 206 false /* task_is_slow */); |
| 201 } | 207 } |
| 202 | 208 |
| 203 - (web::CertAcceptPolicy) | 209 - (web::CertAcceptPolicy) |
| 204 loadPolicyForRejectedTrustResult:(SecTrustResultType)trustResult | 210 loadPolicyForRejectedTrustResult:(SecTrustResultType)trustResult |
| 205 certStatus:(net::CertStatus)certStatus | 211 certStatus:(net::CertStatus)certStatus |
| 206 serverTrust:(SecTrustRef)trust | 212 serverTrust:(SecTrustRef)trust |
| 207 host:(NSString*)host { | 213 host:(NSString*)host { |
| 208 DCHECK_CURRENTLY_ON(web::WebThread::IO); | 214 DCHECK_CURRENTLY_ON(web::WebThread::IO); |
| 209 DCHECK_NE(web::SECURITY_STYLE_AUTHENTICATED, | 215 DCHECK_NE(web::SECURITY_STYLE_AUTHENTICATED, |
| 210 web::GetSecurityStyleFromTrustResult(trustResult)); | 216 web::GetSecurityStyleFromTrustResult(trustResult)); |
| (...skipping 12 matching lines...) Expand all Loading... |
| 223 | 229 |
| 224 web::CertPolicy::Judgment judgment = _certPolicyCache->QueryPolicy( | 230 web::CertPolicy::Judgment judgment = _certPolicyCache->QueryPolicy( |
| 225 leafCert.get(), base::SysNSStringToUTF8(host), certStatus); | 231 leafCert.get(), base::SysNSStringToUTF8(host), certStatus); |
| 226 | 232 |
| 227 return (judgment == web::CertPolicy::ALLOWED) | 233 return (judgment == web::CertPolicy::ALLOWED) |
| 228 ? web::CERT_ACCEPT_POLICY_RECOVERABLE_ERROR_ACCEPTED_BY_USER | 234 ? web::CERT_ACCEPT_POLICY_RECOVERABLE_ERROR_ACCEPTED_BY_USER |
| 229 : web::CERT_ACCEPT_POLICY_RECOVERABLE_ERROR_UNDECIDED_BY_USER; | 235 : web::CERT_ACCEPT_POLICY_RECOVERABLE_ERROR_UNDECIDED_BY_USER; |
| 230 } | 236 } |
| 231 | 237 |
| 232 @end | 238 @end |
| OLD | NEW |
|---|
Chromium Code Reviews
Issue 2522943003:
[iOS/ARC] Fix a violation of ODR in base::BindBlock under ARC. (Closed)
