ios/web/net/crw_cert_verification_controller.mm


1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200

// Copyright 2015 The Chromium Authors. All rights reserved.
// Use of this source code is governed by a BSD-style license that can be
// found in the LICENSE file.

#import "ios/web/net/crw_cert_verification_controller.h"

#include "base/logging.h"
#include "base/mac/bind_objc_block.h"
#import "base/memory/ref_counted.h"
#import "base/memory/scoped_ptr.h"
#include "base/strings/sys_string_conversions.h"
#include "ios/web/net/cert_verifier_block_adapter.h"
#include "ios/web/public/browser_state.h"
#include "ios/web/public/web_thread.h"
#include "net/cert/cert_verify_result.h"
#include "net/ssl/ssl_config_service.h"
#include "net/url_request/url_request_context.h"
#include "net/url_request/url_request_context_getter.h"

namespace {

// This class takes ownership of block and releases it on UI thread, even if
// |BlockHolder| is destructed on a background thread.
template <class T>
class BlockHolder : public base::RefCountedThreadSafe<BlockHolder<T>> {
 public:
  // Takes ownership of |block|, which must not be null.
  explicit BlockHolder(T block) : block_([block copy]) { DCHECK(block_); }

  // Calls underlying block with the given variadic arguments.
  template <typename... Arguments>
  void call(Arguments... Args) {
    block_(Args...);
  }

 private:
  BlockHolder() = delete;
  friend class base::RefCountedThreadSafe<BlockHolder>;

  // Releases the given block, must be called on UI thread.
  static void ReleaseBlock(id block) {
    DCHECK_CURRENTLY_ON_WEB_THREAD(web::WebThread::UI);
    [block release];
  }

  // Releases underlying |block_| on UI thread.
  ~BlockHolder() {
    if (web::WebThread::CurrentlyOn(web::WebThread::UI)) {
      ReleaseBlock(block_);
    } else {
      web::WebThread::PostTask(web::WebThread::UI, FROM_HERE,
                               base::Bind(&BlockHolder::ReleaseBlock, block_));
    }
  }

  T block_;
};

}  // namespace

@interface CRWCertVerificationController () {
  // Cert verification object which wraps |net::CertVerifier|. Must be created,
  // used and destroyed on IO Thread.
  scoped_ptr<web::CertVerifierBlockAdapter> _certVerifier;

  // URLRequestContextGetter for obtaining net layer objects.
  net::URLRequestContextGetter* _contextGetter;
}

// Cert verification flags. Must be used on IO Thread.
@property(nonatomic, readonly) int certVerifyFlags;

// Creates _certVerifier object on IO thread.
- (void)createCertVerifier;

// Verifies the given |cert| for the given |host| and calls |completionHandler|
// on completion. |completionHandler| cannot be null and will be called
// synchronously or asynchronously on IO thread.
- (void)verifyCert:(const scoped_refptr<net::X509Certificate>&)cert
              forHost:(NSString*)host
    completionHandler:(void (^)(net::CertVerifyResult, int))completionHandler;

@end

@implementation CRWCertVerificationController

#pragma mark - Superclass

- (void)dealloc {
  DCHECK(!_certVerifier);
  [super dealloc];
}

#pragma mark - Public

- (instancetype)init {
  NOTREACHED();
  return nil;
}

- (instancetype)initWithBrowserState:(web::BrowserState*)browserState {
  DCHECK(browserState);
  DCHECK_CURRENTLY_ON_WEB_THREAD(web::WebThread::UI);
  self = [super init];
  if (self) {
    _contextGetter = browserState->GetRequestContext();
    DCHECK(_contextGetter);
    [self createCertVerifier];
  }
  return self;
}

- (void)decidePolicyForCert:(const scoped_refptr<net::X509Certificate>&)cert
                       host:(NSString*)host
          completionHandler:(web::PolicyDecisionHandler)handler {
  DCHECK_CURRENTLY_ON_WEB_THREAD(web::WebThread::UI);
  // completionHandler of |verifyCert:forHost:completionHandler:| is called on
  // IO thread and then bounces back to UI thread. As a result all objects
  // captured by completionHandler may be released on either UI or IO thread.
  // Since |handler| can potentially capture multiple thread unsafe objects
  // (like Web Controller) |handler| itself should never be released on
  // background thread and |BlockHolder| ensures that.
  __block scoped_refptr<BlockHolder<web::PolicyDecisionHandler>> handlerHolder(
      new BlockHolder<web::PolicyDecisionHandler>(handler));
  [self verifyCert:cert
                forHost:host
      completionHandler:^(net::CertVerifyResult result, int error) {
        web::CertAcceptPolicy policy =
            web::CERT_ACCEPT_POLICY_NON_RECOVERABLE_ERROR;
        if (error == net::OK) {
          policy = web::CERT_ACCEPT_POLICY_ALLOW;
        } else if (net::IsCertStatusError(result.cert_status)) {
          policy = net::IsCertStatusMinorError(result.cert_status)
                       ? web::CERT_ACCEPT_POLICY_ALLOW
                       : web::CERT_ACCEPT_POLICY_RECOVERABLE_ERROR;
        }

        dispatch_async(dispatch_get_main_queue(), ^{
          handlerHolder->call(policy, result.cert_status);
        });
      }];
}

- (void)shutDown {
  DCHECK_CURRENTLY_ON_WEB_THREAD(web::WebThread::UI);
  web::WebThread::PostTask(web::WebThread::IO, FROM_HERE, base::BindBlock(^{
    // This block captures |self| delaying its deallocation and causing dealloc
    // to happen on either IO or UI thread (which is fine for this class).
    _certVerifier.reset();
  }));
}

#pragma mark - Private

- (int)certVerifyFlags {
  DCHECK(web::WebThread::CurrentlyOn(web::WebThread::IO));
  DCHECK(_contextGetter);
  // |net::URLRequestContextGetter| lifetime is expected to be at least the same
  // or longer than |BrowserState| lifetime.
  net::URLRequestContext* context = _contextGetter->GetURLRequestContext();
  DCHECK(context);
  net::SSLConfigService* SSLConfigService = context->ssl_config_service();
  DCHECK(SSLConfigService);
  net::SSLConfig config;
  SSLConfigService->GetSSLConfig(&config);
  return config.GetCertVerifyFlags();
}

- (void)createCertVerifier {
  web::WebThread::PostTask(web::WebThread::IO, FROM_HERE, base::BindBlock(^{
    net::URLRequestContext* context = _contextGetter->GetURLRequestContext();
    _certVerifier.reset(new web::CertVerifierBlockAdapter(
        context->cert_verifier(), context->net_log()));
  }));
}

- (void)verifyCert:(const scoped_refptr<net::X509Certificate>&)cert
              forHost:(NSString*)host
    completionHandler:(void (^)(net::CertVerifyResult, int))completionHandler {
  DCHECK(completionHandler);
  __block scoped_refptr<net::X509Certificate> blockCert = cert;
  web::WebThread::PostTask(
      web::WebThread::IO, FROM_HERE, base::BindBlock(^{
        // WeakNSObject does not work across different threads, hence this block
        // retains self.
        if (!_certVerifier) {
          completionHandler(net::CertVerifyResult(), net::ERR_FAILED);
          return;
        }

        web::CertVerifierBlockAdapter::Params params(
            blockCert.Pass(), base::SysNSStringToUTF8(host));
        params.flags = self.certVerifyFlags;
        params.crl_set = net::SSLConfigService::GetCRLSet();
        // OCSP response is not provided by iOS API.
        _certVerifier->Verify(params, completionHandler);
      }));
}

@end