| Index: ios/web/net/cert_verifier_block_adapter.cc
|
| diff --git a/ios/web/net/cert_verifier_block_adapter.cc b/ios/web/net/cert_verifier_block_adapter.cc
|
| index 31901000e9552f2f347735e6937008c50289b3e9..4c5b8bfbba7cac5dfea5541c0be1b653aeedc795 100644
|
| --- a/ios/web/net/cert_verifier_block_adapter.cc
|
| +++ b/ios/web/net/cert_verifier_block_adapter.cc
|
| @@ -6,90 +6,100 @@
|
|
|
| #include "base/mac/bind_objc_block.h"
|
| #include "net/base/net_errors.h"
|
| -#include "net/cert/cert_verify_result.h"
|
| #include "net/cert/crl_set.h"
|
| #include "net/cert/x509_certificate.h"
|
| +#include "net/log/net_log.h"
|
|
|
| -namespace net {
|
| +namespace web {
|
|
|
| namespace {
|
|
|
| -// Resource manager which keeps CertVerifier::Request, CertVerifyResult and
|
| -// X509Certificate alive until verification is completed.
|
| -struct VerificationContext : public base::RefCounted<VerificationContext> {
|
| - VerificationContext(scoped_refptr<net::X509Certificate> cert) : cert(cert) {
|
| - result.cert_status = CERT_STATUS_INVALID;
|
| - }
|
| - // Verification request. Must be alive until verification is completed,
|
| - // otherwise it will be cancelled.
|
| - scoped_ptr<CertVerifier::Request> request;
|
| +// Resource manager which keeps CertVerifyResult, X509Certificate and
|
| +// BoundNetLog alive until verification is completed. Also holds unowned pointer
|
| +// to |net::CertVerifier::Request|.
|
| +struct VerificationContext
|
| + : public base::RefCountedThreadSafe<VerificationContext> {
|
| + VerificationContext(scoped_refptr<net::X509Certificate> cert,
|
| + net::NetLog* net_log)
|
| + : request(nullptr),
|
| + cert(cert.Pass()),
|
| + net_log(net::BoundNetLog::Make(
|
| + net_log,
|
| + net::NetLog::SOURCE_IOS_WEB_VIEW_CERT_VERIFIER)) {}
|
| + // Unowned verification request.
|
| + net::CertVerifier::Request* request;
|
| // The result of certificate verification.
|
| - CertVerifyResult result;
|
| - // Certificate being verificated.
|
| + net::CertVerifyResult result;
|
| + // Certificate being verified.
|
| scoped_refptr<net::X509Certificate> cert;
|
| -
|
| - // Copies CertVerifyResult and wraps it into a scoped_ptr.
|
| - scoped_ptr<CertVerifyResult> scoped_result() {
|
| - scoped_ptr<CertVerifyResult> scoped_result(new CertVerifyResult());
|
| - scoped_result->CopyFrom(result);
|
| - return scoped_result.Pass();
|
| - }
|
| + // BoundNetLog required by CertVerifier.
|
| + net::BoundNetLog net_log;
|
|
|
| private:
|
| + friend class base::RefCountedThreadSafe<VerificationContext>;
|
| VerificationContext() = delete;
|
| - // Required by base::RefCounted.
|
| - friend class base::RefCounted<VerificationContext>;
|
| ~VerificationContext() {}
|
| };
|
| }
|
|
|
| -CertVerifierBlockAdapter::CertVerifierBlockAdapter()
|
| - : CertVerifierBlockAdapter(
|
| - scoped_ptr<CertVerifier>(CertVerifier::CreateDefault())) {
|
| -}
|
| -
|
| CertVerifierBlockAdapter::CertVerifierBlockAdapter(
|
| - scoped_ptr<CertVerifier> cert_verifier)
|
| - : cert_verifier_(cert_verifier.Pass()) {
|
| + net::CertVerifier* cert_verifier,
|
| + net::NetLog* net_log)
|
| + : cert_verifier_(cert_verifier), net_log_(net_log) {
|
| DCHECK(cert_verifier_);
|
| + DCHECK(net_log_);
|
| }
|
|
|
| CertVerifierBlockAdapter::~CertVerifierBlockAdapter() {
|
| + DCHECK(thread_checker_.CalledOnValidThread());
|
| }
|
|
|
| -CertVerifierBlockAdapter::Params::Params(scoped_refptr<X509Certificate> cert,
|
| - const std::string& hostname)
|
| - : cert(cert),
|
| - hostname(hostname),
|
| - flags(static_cast<CertVerifier::VerifyFlags>(0)) {
|
| -}
|
| +CertVerifierBlockAdapter::Params::Params(
|
| + const scoped_refptr<net::X509Certificate>& cert,
|
| + const std::string& hostname)
|
| + : cert(cert), hostname(hostname), flags(0) {}
|
|
|
| CertVerifierBlockAdapter::Params::~Params() {
|
| }
|
|
|
| void CertVerifierBlockAdapter::Verify(
|
| const Params& params,
|
| - void (^completion_handler)(scoped_ptr<CertVerifyResult>, int)) {
|
| + void (^completion_handler)(net::CertVerifyResult, int)) {
|
| + DCHECK(thread_checker_.CalledOnValidThread());
|
| DCHECK(completion_handler);
|
| + if (!params.cert || params.hostname.empty()) {
|
| + completion_handler(net::CertVerifyResult(), net::ERR_INVALID_ARGUMENT);
|
| + return;
|
| + }
|
|
|
| scoped_refptr<VerificationContext> context(
|
| - new VerificationContext(params.cert));
|
| - CompletionCallback callback = base::BindBlock(^(int) {
|
| - completion_handler(context->scoped_result(), 0);
|
| + new VerificationContext(params.cert, net_log_));
|
| + net::CompletionCallback callback = base::BindBlock(^(int error) {
|
| + // Remove pending request.
|
| + auto request_iterator = std::find(
|
| + pending_requests_.begin(), pending_requests_.end(), context->request);
|
| + DCHECK(pending_requests_.end() != request_iterator);
|
| + pending_requests_.erase(request_iterator);
|
| +
|
| + completion_handler(context->result, error);
|
| });
|
| - int status = cert_verifier_->Verify(params.cert.get(), params.hostname,
|
| - params.ocsp_response, params.flags,
|
| - params.crl_set.get(), &(context->result),
|
| - callback, &(context->request), net_log_);
|
| -
|
| - if (status == ERR_IO_PENDING) {
|
| + scoped_ptr<net::CertVerifier::Request> request;
|
| + int error = cert_verifier_->Verify(params.cert.get(), params.hostname,
|
| + params.ocsp_response, params.flags,
|
| + params.crl_set.get(), &(context->result),
|
| + callback, &request, context->net_log);
|
| + if (error == net::ERR_IO_PENDING) {
|
| + // Make sure that |net::CertVerifier::Request| is alive until either
|
| + // verification is completed or CertVerifierBlockAdapter is destroyed.
|
| + pending_requests_.push_back(request.Pass());
|
| + context->request = pending_requests_.back();
|
| // Completion handler will be called from |callback| when verification
|
| // request is completed.
|
| return;
|
| }
|
|
|
| // Verification has either failed or result was retrieved from the cache.
|
| - completion_handler(status ? nullptr : context->scoped_result(), status);
|
| + completion_handler(context->result, error);
|
| }
|
|
|
| -} // net
|
| +} // namespace web
|
|
|
Chromium Code Reviews
Issue 1230033005:
WKWebView: Added cert verification API to web controller. (Closed)
Base URL: https://chromium.googlesource.com/chromium/src.git@master