// Copyright (c) 2015 GitHub, Inc. // Use of this source code is governed by the MIT license that can be // found in the LICENSE file. #ifndef ATOM_BROWSER_ATOM_CERT_VERIFIER_H_ #define ATOM_BROWSER_ATOM_CERT_VERIFIER_H_ #include #include #include #include "base/memory/ref_counted.h" #include "net/base/hash_value.h" #include "net/cert/cert_verifier.h" #include "net/cert/crl_set.h" #include "net/cert/x509_certificate.h" #include "net/log/net_log.h" namespace atom { class AtomCertVerifier : public net::CertVerifier { public: struct RequestParams { RequestParams( const net::SHA1HashValue cert_fingerprint, const net::SHA1HashValue ca_fingerprint, const std::string& hostname_arg, const std::string& ocsp_response, int flags); ~RequestParams() {} bool operator<(const RequestParams& other) const; std::string hostname; std::string ocsp_response; int flags; std::vector hash_values; }; class CertVerifyRequest : public base::RefCountedThreadSafe { public: CertVerifyRequest( AtomCertVerifier* cert_verifier, const RequestParams& key, scoped_refptr cert, scoped_refptr crl_set, net::CertVerifyResult* verify_result, scoped_ptr* out_req, const net::BoundNetLog& net_log) : cert_verifier_(cert_verifier), key_(key), certificate_(cert), crl_set_(crl_set), verify_result_(verify_result), out_req_(out_req), net_log_(net_log), handled_(false) { } void RunResult(int result); void DelegateToDefaultVerifier(); void ContinueWithResult(int result); void AddCompletionCallback(net::CompletionCallback callback) { callbacks_.push_back(callback); } const RequestParams key() const { return key_; } std::string hostname() const { return key_.hostname; } scoped_refptr certificate() const { return certificate_; } private: friend class base::RefCountedThreadSafe; ~CertVerifyRequest() {} AtomCertVerifier* cert_verifier_; const RequestParams key_; scoped_refptr certificate_; scoped_refptr crl_set_; net::CertVerifyResult* verify_result_; scoped_ptr* out_req_; const net::BoundNetLog net_log_; std::vector callbacks_; bool handled_; DISALLOW_COPY_AND_ASSIGN(CertVerifyRequest); }; class Delegate { public: Delegate() {} virtual ~Delegate() {} // Called on UI thread. virtual void RequestCertVerification( const scoped_refptr& request) {} }; AtomCertVerifier(); virtual ~AtomCertVerifier(); void SetDelegate(Delegate* delegate) { delegate_ = delegate; } protected: // net::CertVerifier: int Verify(net::X509Certificate* cert, const std::string& hostname, const std::string& ocsp_response, int flags, net::CRLSet* crl_set, net::CertVerifyResult* verify_result, const net::CompletionCallback& callback, scoped_ptr* out_req, const net::BoundNetLog& net_log) override; bool SupportsOCSPStapling() override; net::CertVerifier* default_cert_verifier() const { return default_cert_verifier_.get(); } private: CertVerifyRequest* FindRequest(const RequestParams& key); void RemoveRequest(CertVerifyRequest* request); struct CertVerifyRequestToRequestParamsComparator { bool operator()(const scoped_refptr request, const RequestParams& key) const { return request->key() < key; } }; struct CertVerifyRequestComparator { bool operator()(const scoped_refptr req1, const scoped_refptr req2) const { return req1->key() < req2->key(); } }; using ActiveRequestSet = std::set, CertVerifyRequestComparator>; ActiveRequestSet requests_; Delegate* delegate_; scoped_ptr default_cert_verifier_; DISALLOW_COPY_AND_ASSIGN(AtomCertVerifier); }; } // namespace atom #endif // ATOM_BROWSER_ATOM_CERT_VERIFIER_H_