ios/web/net/cert_verifier_block_adapter.h

   1 // Copyright 2015 The Chromium Authors. All rights reserved.
   2 // Use of this source code is governed by a BSD-style license that can be
   3 // found in the LICENSE file.
   4
   5 #ifndef IOS_WEB_NET_CERT_VERIFIER_BLOCK_ADAPTER_H_
   6 #define IOS_WEB_NET_CERT_VERIFIER_BLOCK_ADAPTER_H_
   7
   8 #include "base/memory/scoped_ptr.h"
   9 #include "net/cert/cert_verifier.h"
  10 #include "net/log/net_log.h"
  11
  12 namespace net {
  13
  14 class CertVerifyResult;
  15 class CRLSet;
  16 class X509Certificate;
  17
  18 // Provides block-based interface for net::CertVerifier.
  19 class CertVerifierBlockAdapter {
  20  public:
  21   CertVerifierBlockAdapter();
  22   // Constructs adapter with given |CertVerifier| which can not be null.
  23   CertVerifierBlockAdapter(scoped_ptr<CertVerifier> cert_verifier);
  24
  25   // When the verifier is destroyed, all certificate verification requests are
  26   // canceled, and their completion handlers will not be called.
  27   ~CertVerifierBlockAdapter();
  28
  29   // Encapsulates verification parms. |cert| and |hostname| are mandatory, the
  30   // other params are optional. If either of mandatory arguments is null or
  31   // empty then verification |CompletionHandler| will be called with
  32   // ERR_INVALID_ARGUMENT status.
  33   struct Params {
  34     // Constructs Params from X509 cert and hostname, which are mandatory for
  35     // verification.
  36     Params(scoped_refptr<net::X509Certificate> cert,
  37            const std::string& hostname);
  38     ~Params();
  39
  40     // Certificate to verify, can not be null.
  41     scoped_refptr<net::X509Certificate> cert;
  42
  43     // Hostname as an SSL server, can not be empty.
  44     std::string hostname;
  45
  46     // If non-empty, is a stapled OCSP response to use.
  47     std::string ocsp_response;
  48
  49     // Bitwise OR of CertVerifier::VerifyFlags.
  50     CertVerifier::VerifyFlags flags;
  51
  52     // An optional CRLSet structure which can be used to avoid revocation checks
  53     // over the network.
  54     scoped_refptr<CRLSet> crl_set;
  55   };
  56
  57   // Type of verification completion block. On success CertVerifyResult is not
  58   // null and status is OK, otherwise CertVerifyResult is null and status is a
  59   // net error code.
  60   typedef void (^CompletionHandler)(scoped_ptr<CertVerifyResult>, int status);
  61
  62   // Verifies certificate with given |params|. |completion_handler| must not be
  63   // null and call be called either syncronously (in the same runloop) or
  64   // asyncronously.
  65   void Verify(const Params& params, CompletionHandler completion_handler);
  66
  67  private:
  68   // Underlying CertVerifier.
  69   scoped_ptr<CertVerifier> cert_verifier_;
  70   // Net Log required by CertVerifier.
  71   BoundNetLog net_log_;
  72 };
  73
  74 }  // net
  75
  76 #endif  // IOS_WEB_NET_CERT_VERIFIER_BLOCK_ADAPTER_H_