ios/web/net/cert_verifier_block_adapter.h

   1 // Copyright 2015 The Chromium Authors. All rights reserved.
   2 // Use of this source code is governed by a BSD-style license that can be
   3 // found in the LICENSE file.
   4
   5 #ifndef IOS_WEB_NET_CERT_VERIFIER_BLOCK_ADAPTER_H_
   6 #define IOS_WEB_NET_CERT_VERIFIER_BLOCK_ADAPTER_H_
   7
   8 #include "base/memory/scoped_ptr.h"
   9 #include "base/memory/scoped_vector.h"
  10 #include "base/threading/thread_checker.h"
  11 #include "net/cert/cert_verifier.h"
  12 #include "net/cert/cert_verify_result.h"
  13
  14 namespace net {
  15 class CRLSet;
  16 class NetLog;
  17 class X509Certificate;
  18 }  // namespace net
  19
  20 namespace web {
  21
  22 // Provides block-based interface for |net::CertVerifier|. This class must be
  23 // created and used on the same thread where the |net::CertVerifier| was
  24 // created.
  25 class CertVerifierBlockAdapter {
  26  public:
  27   // Constructs adapter with given |CertVerifier| and |NetLog|, both can not be
  28   // null. CertVerifierBlockAdapter does NOT take ownership of |cert_verifier|
  29   // and |net_log|.
  30   CertVerifierBlockAdapter(net::CertVerifier* cert_verifier,
  31                            net::NetLog* net_log);
  32
  33   // When the verifier is destroyed, all certificate verification requests are
  34   // canceled, and their completion handlers will not be called.
  35   ~CertVerifierBlockAdapter();
  36
  37   // Encapsulates verification params. |cert| and |hostname| are mandatory, the
  38   // other params are optional. If either of mandatory arguments is null or
  39   // empty then verification |CompletionHandler| will be called with
  40   // ERR_INVALID_ARGUMENT |error|.
  41   struct Params {
  42     // Constructs Params from X509 cert and hostname, which are mandatory for
  43     // verification.
  44     Params(const scoped_refptr<net::X509Certificate>& cert,
  45            const std::string& hostname);
  46     ~Params();
  47
  48     // Certificate to verify, can not be null.
  49     scoped_refptr<net::X509Certificate> cert;
  50
  51     // Hostname as an SSL server, can not be empty.
  52     std::string hostname;
  53
  54     // If non-empty, is a stapled OCSP response to use.
  55     std::string ocsp_response;
  56
  57     // Bitwise OR of |net::CertVerifier::VerifyFlags|.
  58     int flags;
  59
  60     // An optional |net::CRLSet| structure which can be used to avoid revocation
  61     // checks over the network.
  62     scoped_refptr<net::CRLSet> crl_set;
  63   };
  64
  65   // Type of verification completion block. If cert is successfully validated
  66   // |error| is OK, otherwise |error| is a net error code.
  67   typedef void (^CompletionHandler)(net::CertVerifyResult result, int error);
  68
  69   // Verifies certificate with given |params|. |completion_handler| must not be
  70   // null and can be called either synchronously (in the same runloop) or
  71   // asynchronously.
  72   void Verify(const Params& params, CompletionHandler completion_handler);
  73
  74  private:
  75   // Pending verification requests. Request must be alive until verification is
  76   // completed, otherwise verification operation will be cancelled.
  77   ScopedVector<net::CertVerifier::Request> pending_requests_;
  78   // Underlying unowned CertVerifier.
  79   net::CertVerifier* cert_verifier_;
  80   // Unowned NetLog required by CertVerifier.
  81   net::NetLog* net_log_;
  82   // CertVerifierBlockAdapter should be used on the same thread where it was
  83   // created.
  84   base::ThreadChecker thread_checker_;
  85 };
  86
  87 }  // namespace web
  88
  89 #endif  // IOS_WEB_NET_CERT_VERIFIER_BLOCK_ADAPTER_H_