blob: 4569caee9afe9744e299206aac56e5829cf6ca7f [file] [log] [blame]
// Copyright 2015 The Chromium Authors. All rights reserved.
// Use of this source code is governed by a BSD-style license that can be
// found in the LICENSE file.
#include "base/memory/scoped_vector.h"
#include "base/threading/thread_checker.h"
#include "net/cert/cert_verifier.h"
#include "net/cert/cert_verify_result.h"
namespace net {
class CRLSet;
class NetLog;
class X509Certificate;
} // namespace net
namespace web {
// Provides block-based interface for |net::CertVerifier|. This class must be
// created and used on the same thread where the |net::CertVerifier| was
// created.
class CertVerifierBlockAdapter {
// Constructs adapter with given |CertVerifier| and |NetLog|, both can not be
// null. CertVerifierBlockAdapter does NOT take ownership of |cert_verifier|
// and |net_log|.
CertVerifierBlockAdapter(net::CertVerifier* cert_verifier,
net::NetLog* net_log);
// When the verifier is destroyed, certificate verification requests are not
// canceled, and their completion handlers are guaranteed to be called.
// Encapsulates verification params. |cert| and |hostname| are mandatory, the
// other params are optional. If either of mandatory arguments is null or
// empty then verification |CompletionHandler| will be called with
struct Params {
// Constructs Params from X509 cert and hostname, which are mandatory for
// verification.
Params(const scoped_refptr<net::X509Certificate>& cert,
const std::string& hostname);
Params(const Params& other);
// Certificate to verify, can not be null.
scoped_refptr<net::X509Certificate> cert;
// Hostname as an SSL server, can not be empty.
std::string hostname;
// If non-empty, is a stapled OCSP response to use.
std::string ocsp_response;
// Bitwise OR of |net::CertVerifier::VerifyFlags|.
int flags;
// An optional |net::CRLSet| structure which can be used to avoid revocation
// checks over the network.
scoped_refptr<net::CRLSet> crl_set;
// Type of verification completion block. If cert is successfully validated
// |error| is OK, otherwise |error| is a net error code.
typedef void (^CompletionHandler)(net::CertVerifyResult result, int error);
// Verifies certificate with given |params|. |completion_handler| must not be
// null and can be called either synchronously (in the same runloop) or
// asynchronously.
// Note: |completion_handler| is guaranteed to be called, even if the instance
// |Verify()| was called on is destroyed.
void Verify(const Params& params, CompletionHandler completion_handler);
// Underlying unowned CertVerifier.
net::CertVerifier* cert_verifier_;
// Unowned NetLog required by CertVerifier.
net::NetLog* net_log_;
// CertVerifierBlockAdapter should be used on the same thread where it was
// created.
base::ThreadChecker thread_checker_;
} // namespace web