OLD | NEW |
1 // Copyright 2015 The Chromium Authors. All rights reserved. | 1 // Copyright 2015 The Chromium Authors. All rights reserved. |
2 // Use of this source code is governed by a BSD-style license that can be | 2 // Use of this source code is governed by a BSD-style license that can be |
3 // found in the LICENSE file. | 3 // found in the LICENSE file. |
4 | 4 |
5 #import "ios/web/net/crw_cert_verification_controller.h" | 5 #import "ios/web/net/crw_cert_verification_controller.h" |
6 | 6 |
7 #include <memory> | 7 #include <memory> |
8 | 8 |
9 #include "base/ios/block_types.h" | 9 #include "base/ios/block_types.h" |
10 #include "base/logging.h" | 10 #include "base/logging.h" |
(...skipping 111 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
122 // Store user decisions with the leaf cert, ignoring any intermediates. | 122 // Store user decisions with the leaf cert, ignoring any intermediates. |
123 // This is because WKWebView returns the verified certificate chain in | 123 // This is because WKWebView returns the verified certificate chain in |
124 // |webView:didReceiveAuthenticationChallenge:completionHandler:|, | 124 // |webView:didReceiveAuthenticationChallenge:completionHandler:|, |
125 // but the server-supplied chain in | 125 // but the server-supplied chain in |
126 // |webView:didFailProvisionalNavigation:withError:|. | 126 // |webView:didFailProvisionalNavigation:withError:|. |
127 if (!cert->GetIntermediateCertificates().empty()) { | 127 if (!cert->GetIntermediateCertificates().empty()) { |
128 cert = net::X509Certificate::CreateFromHandle( | 128 cert = net::X509Certificate::CreateFromHandle( |
129 cert->os_cert_handle(), net::X509Certificate::OSCertHandles()); | 129 cert->os_cert_handle(), net::X509Certificate::OSCertHandles()); |
130 } | 130 } |
131 DCHECK(cert->GetIntermediateCertificates().empty()); | 131 DCHECK(cert->GetIntermediateCertificates().empty()); |
132 web::WebThread::PostTask(web::WebThread::IO, FROM_HERE, base::BindBlock(^{ | 132 web::WebThread::PostTask(web::WebThread::IO, FROM_HERE, base::BindBlockArc(^{ |
133 _certPolicyCache->AllowCertForHost( | 133 _certPolicyCache->AllowCertForHost( |
134 cert.get(), base::SysNSStringToUTF8(host), status); | 134 cert.get(), base::SysNSStringToUTF8(host), |
135 })); | 135 status); |
| 136 })); |
136 } | 137 } |
137 | 138 |
138 #pragma mark - Private | 139 #pragma mark - Private |
139 | 140 |
140 - (net::CertStatus)certStatusFromTrustResult:(SecTrustResultType)trustResult | 141 - (net::CertStatus)certStatusFromTrustResult:(SecTrustResultType)trustResult |
141 serverTrust: | 142 serverTrust: |
142 (base::ScopedCFTypeRef<SecTrustRef>)trust { | 143 (base::ScopedCFTypeRef<SecTrustRef>)trust { |
143 net::CertStatus certStatus = net::CertStatus(); | 144 net::CertStatus certStatus = net::CertStatus(); |
144 switch (trustResult) { | 145 switch (trustResult) { |
145 case kSecTrustResultProceed: | 146 case kSecTrustResultProceed: |
(...skipping 12 matching lines...) Expand all Loading... |
158 return certStatus; | 159 return certStatus; |
159 } | 160 } |
160 | 161 |
161 - (void) | 162 - (void) |
162 decideLoadPolicyForRejectedTrustResult:(SecTrustResultType)trustResult | 163 decideLoadPolicyForRejectedTrustResult:(SecTrustResultType)trustResult |
163 serverTrust:(base::ScopedCFTypeRef<SecTrustRef>)trust | 164 serverTrust:(base::ScopedCFTypeRef<SecTrustRef>)trust |
164 host:(NSString*)host | 165 host:(NSString*)host |
165 completionHandler:(web::PolicyDecisionHandler)handler { | 166 completionHandler:(web::PolicyDecisionHandler)handler { |
166 DCHECK_CURRENTLY_ON(web::WebThread::UI); | 167 DCHECK_CURRENTLY_ON(web::WebThread::UI); |
167 DCHECK(handler); | 168 DCHECK(handler); |
168 web::WebThread::PostTask(web::WebThread::IO, FROM_HERE, base::BindBlock(^{ | 169 web::WebThread::PostTask( |
169 // |loadPolicyForRejectedTrustResult:certStatus:serverTrust:host:| can | 170 web::WebThread::IO, FROM_HERE, base::BindBlockArc(^{ |
170 // only be called on IO thread. | 171 // |loadPolicyForRejectedTrustResult:certStatus:serverTrust:host:| can |
171 net::CertStatus certStatus = | 172 // only be called on IO thread. |
172 [self certStatusFromTrustResult:trustResult serverTrust:trust]; | 173 net::CertStatus certStatus = |
| 174 [self certStatusFromTrustResult:trustResult serverTrust:trust]; |
173 | 175 |
174 web::CertAcceptPolicy policy = | 176 web::CertAcceptPolicy policy = |
175 [self loadPolicyForRejectedTrustResult:trustResult | 177 [self loadPolicyForRejectedTrustResult:trustResult |
176 certStatus:certStatus | 178 certStatus:certStatus |
177 serverTrust:trust.get() | 179 serverTrust:trust.get() |
178 host:host]; | 180 host:host]; |
179 | 181 |
180 web::WebThread::PostTask(web::WebThread::UI, FROM_HERE, base::BindBlock(^{ | 182 web::WebThread::PostTask(web::WebThread::UI, FROM_HERE, |
181 handler(policy, certStatus); | 183 base::BindBlockArc(^{ |
182 })); | 184 handler(policy, certStatus); |
183 })); | 185 })); |
| 186 })); |
184 } | 187 } |
185 | 188 |
186 - (void)verifyTrust:(base::ScopedCFTypeRef<SecTrustRef>)trust | 189 - (void)verifyTrust:(base::ScopedCFTypeRef<SecTrustRef>)trust |
187 completionHandler:(void (^)(SecTrustResultType))completionHandler { | 190 completionHandler:(void (^)(SecTrustResultType))completionHandler { |
188 DCHECK_CURRENTLY_ON(web::WebThread::UI); | 191 DCHECK_CURRENTLY_ON(web::WebThread::UI); |
189 DCHECK(completionHandler); | 192 DCHECK(completionHandler); |
190 // SecTrustEvaluate performs trust evaluation synchronously, possibly making | 193 // SecTrustEvaluate performs trust evaluation synchronously, possibly making |
191 // network requests. The UI thread should not be blocked by that operation. | 194 // network requests. The UI thread should not be blocked by that operation. |
192 base::WorkerPool::PostTask(FROM_HERE, base::BindBlock(^{ | 195 base::WorkerPool::PostTask( |
193 SecTrustResultType trustResult = kSecTrustResultInvalid; | 196 FROM_HERE, base::BindBlockArc(^{ |
194 if (SecTrustEvaluate(trust.get(), &trustResult) != errSecSuccess) { | 197 SecTrustResultType trustResult = kSecTrustResultInvalid; |
195 trustResult = kSecTrustResultInvalid; | 198 if (SecTrustEvaluate(trust.get(), &trustResult) != errSecSuccess) { |
196 } | 199 trustResult = kSecTrustResultInvalid; |
197 web::WebThread::PostTask(web::WebThread::UI, FROM_HERE, base::BindBlock(^{ | 200 } |
198 completionHandler(trustResult); | 201 web::WebThread::PostTask(web::WebThread::UI, FROM_HERE, |
199 })); | 202 base::BindBlockArc(^{ |
200 }), false /* task_is_slow */); | 203 completionHandler(trustResult); |
| 204 })); |
| 205 }), |
| 206 false /* task_is_slow */); |
201 } | 207 } |
202 | 208 |
203 - (web::CertAcceptPolicy) | 209 - (web::CertAcceptPolicy) |
204 loadPolicyForRejectedTrustResult:(SecTrustResultType)trustResult | 210 loadPolicyForRejectedTrustResult:(SecTrustResultType)trustResult |
205 certStatus:(net::CertStatus)certStatus | 211 certStatus:(net::CertStatus)certStatus |
206 serverTrust:(SecTrustRef)trust | 212 serverTrust:(SecTrustRef)trust |
207 host:(NSString*)host { | 213 host:(NSString*)host { |
208 DCHECK_CURRENTLY_ON(web::WebThread::IO); | 214 DCHECK_CURRENTLY_ON(web::WebThread::IO); |
209 DCHECK_NE(web::SECURITY_STYLE_AUTHENTICATED, | 215 DCHECK_NE(web::SECURITY_STYLE_AUTHENTICATED, |
210 web::GetSecurityStyleFromTrustResult(trustResult)); | 216 web::GetSecurityStyleFromTrustResult(trustResult)); |
(...skipping 12 matching lines...) Expand all Loading... |
223 | 229 |
224 web::CertPolicy::Judgment judgment = _certPolicyCache->QueryPolicy( | 230 web::CertPolicy::Judgment judgment = _certPolicyCache->QueryPolicy( |
225 leafCert.get(), base::SysNSStringToUTF8(host), certStatus); | 231 leafCert.get(), base::SysNSStringToUTF8(host), certStatus); |
226 | 232 |
227 return (judgment == web::CertPolicy::ALLOWED) | 233 return (judgment == web::CertPolicy::ALLOWED) |
228 ? web::CERT_ACCEPT_POLICY_RECOVERABLE_ERROR_ACCEPTED_BY_USER | 234 ? web::CERT_ACCEPT_POLICY_RECOVERABLE_ERROR_ACCEPTED_BY_USER |
229 : web::CERT_ACCEPT_POLICY_RECOVERABLE_ERROR_UNDECIDED_BY_USER; | 235 : web::CERT_ACCEPT_POLICY_RECOVERABLE_ERROR_UNDECIDED_BY_USER; |
230 } | 236 } |
231 | 237 |
232 @end | 238 @end |
OLD | NEW |