OLD | NEW |
1 // Copyright (c) 2010 The Chromium Authors. All rights reserved. | 1 // Copyright (c) 2010 The Chromium Authors. All rights reserved. |
2 // Use of this source code is governed by a BSD-style license that can be | 2 // Use of this source code is governed by a BSD-style license that can be |
3 // found in the LICENSE file. | 3 // found in the LICENSE file. |
4 | 4 |
5 #include "chrome/browser/ssl/ssl_host_state.h" | 5 #include "chrome/browser/ssl/ssl_host_state.h" |
6 | 6 |
7 #include "base/logging.h" | 7 #include "base/logging.h" |
8 | 8 |
9 namespace { | |
10 | |
11 static const char kDot = '.'; | |
12 | |
13 static bool IsIntranetHost(const std::string& host) { | |
14 const size_t dot = host.find(kDot); | |
15 return dot == std::string::npos || dot == host.length() - 1; | |
16 } | |
17 | |
18 } // namespace | |
19 | |
20 SSLHostState::SSLHostState() { | 9 SSLHostState::SSLHostState() { |
21 } | 10 } |
22 | 11 |
23 SSLHostState::~SSLHostState() { | 12 SSLHostState::~SSLHostState() { |
24 } | 13 } |
25 | 14 |
26 void SSLHostState::HostRanInsecureContent(const std::string& host, int pid) { | 15 void SSLHostState::HostRanInsecureContent(const std::string& host, int pid) { |
27 DCHECK(CalledOnValidThread()); | 16 DCHECK(CalledOnValidThread()); |
28 ran_insecure_content_hosts_.insert(BrokenHostEntry(host, pid)); | 17 ran_insecure_content_hosts_.insert(BrokenHostEntry(host, pid)); |
29 } | 18 } |
30 | 19 |
31 bool SSLHostState::DidHostRunInsecureContent(const std::string& host, | 20 bool SSLHostState::DidHostRunInsecureContent(const std::string& host, |
32 int pid) const { | 21 int pid) const { |
33 DCHECK(CalledOnValidThread()); | 22 DCHECK(CalledOnValidThread()); |
34 | |
35 // CAs issue certificates for intranet hosts to everyone. Therefore, we | |
36 // always treat intranet hosts as having run insecure content. | |
37 if (IsIntranetHost(host)) | |
38 return true; | |
39 | |
40 return !!ran_insecure_content_hosts_.count(BrokenHostEntry(host, pid)); | 23 return !!ran_insecure_content_hosts_.count(BrokenHostEntry(host, pid)); |
41 } | 24 } |
42 | 25 |
43 void SSLHostState::DenyCertForHost(net::X509Certificate* cert, | 26 void SSLHostState::DenyCertForHost(net::X509Certificate* cert, |
44 const std::string& host) { | 27 const std::string& host) { |
45 DCHECK(CalledOnValidThread()); | 28 DCHECK(CalledOnValidThread()); |
46 | 29 |
47 cert_policy_for_host_[host].Deny(cert); | 30 cert_policy_for_host_[host].Deny(cert); |
48 } | 31 } |
49 | 32 |
50 void SSLHostState::AllowCertForHost(net::X509Certificate* cert, | 33 void SSLHostState::AllowCertForHost(net::X509Certificate* cert, |
51 const std::string& host) { | 34 const std::string& host) { |
52 DCHECK(CalledOnValidThread()); | 35 DCHECK(CalledOnValidThread()); |
53 | 36 |
54 cert_policy_for_host_[host].Allow(cert); | 37 cert_policy_for_host_[host].Allow(cert); |
55 } | 38 } |
56 | 39 |
57 net::CertPolicy::Judgment SSLHostState::QueryPolicy( | 40 net::CertPolicy::Judgment SSLHostState::QueryPolicy( |
58 net::X509Certificate* cert, const std::string& host) { | 41 net::X509Certificate* cert, const std::string& host) { |
59 DCHECK(CalledOnValidThread()); | 42 DCHECK(CalledOnValidThread()); |
60 | 43 |
61 return cert_policy_for_host_[host].Check(cert); | 44 return cert_policy_for_host_[host].Check(cert); |
62 } | 45 } |
OLD | NEW |