Chromium Code Reviews
chromiumcodereview-hr@appspot.gserviceaccount.com (chromiumcodereview-hr) | Please choose your nickname with Settings | Help | Chromium Project | Gerrit Changes | Sign out
(210)

Side by Side Diff: chrome/browser/ssl/ssl_host_state.cc

Issue 42274: SSLPolicy Fix: Step 6.... (Closed) Base URL: svn://svn.chromium.org/chrome/trunk/src/
Patch Set: '' Created 11 years, 9 months ago
Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.
Jump to:
View unified diff | Download patch | Annotate | Revision Log
« no previous file with comments | « chrome/browser/ssl/ssl_host_state.h ('k') | chrome/browser/ssl/ssl_manager.cc » ('j') | no next file with comments »
Toggle Intra-line Diffs ('i') | Expand Comments ('e') | Collapse Comments ('c') | Show Comments Hide Comments ('s')
OLDNEW
1 // Copyright (c) 2006-2009 The Chromium Authors. All rights reserved. 1 // Copyright (c) 2006-2009 The Chromium Authors. All rights reserved.
2 // Use of this source code is governed by a BSD-style license that can be 2 // Use of this source code is governed by a BSD-style license that can be
3 // found in the LICENSE file. 3 // found in the LICENSE file.
4 4
5 #include "chrome/browser/ssl/ssl_host_state.h" 5 #include "chrome/browser/ssl/ssl_host_state.h"
6 6
7 #include "base/logging.h" 7 #include "base/logging.h"
8 8
9 namespace {
10
11 static const char kDot = '.';
12
13 static bool IsIntranetHost(const std::string& host) {
14 const size_t dot = host.find(kDot);
15 return dot == std::string::npos || dot == host.length() - 1;
16 }
17
18 } // namespace
19
9 SSLHostState::SSLHostState() { 20 SSLHostState::SSLHostState() {
10 } 21 }
11 22
12 SSLHostState::~SSLHostState() { 23 SSLHostState::~SSLHostState() {
13 } 24 }
14 25
26 void SSLHostState::MarkHostAsBroken(const std::string& host) {
27 DCHECK(CalledOnValidThread());
28
29 broken_hosts_.insert(host);
30 }
31
32 bool SSLHostState::DidMarkHostAsBroken(const std::string& host) {
33 DCHECK(CalledOnValidThread());
34
35 // CAs issue certificate for intranet hosts to everyone. Therefore, we always
36 // treat intranet hosts as broken.
37 if (IsIntranetHost(host))
38 return true;
39
40 return (broken_hosts_.find(host) != broken_hosts_.end());
41 }
42
15 void SSLHostState::DenyCertForHost(net::X509Certificate* cert, 43 void SSLHostState::DenyCertForHost(net::X509Certificate* cert,
16 const std::string& host) { 44 const std::string& host) {
17 DCHECK(CalledOnValidThread()); 45 DCHECK(CalledOnValidThread());
18 46
19 // Remember that we don't like this cert for this host. 47 // Remember that we don't like this cert for this host.
20 cert_policy_for_host_[host].Deny(cert); 48 cert_policy_for_host_[host].Deny(cert);
21 } 49 }
22 50
23 void SSLHostState::AllowCertForHost(net::X509Certificate* cert, 51 void SSLHostState::AllowCertForHost(net::X509Certificate* cert,
24 const std::string& host) { 52 const std::string& host) {
25 DCHECK(CalledOnValidThread()); 53 DCHECK(CalledOnValidThread());
26 54
27 // Remember that we do like this cert for this host. 55 // Remember that we do like this cert for this host.
28 cert_policy_for_host_[host].Allow(cert); 56 cert_policy_for_host_[host].Allow(cert);
29 } 57 }
30 58
59 bool SSLHostState::DidAllowCertForHost(const std::string& host) {
60 DCHECK(CalledOnValidThread());
61
62 std::map<std::string, net::X509Certificate::Policy>::const_iterator iter =
63 cert_policy_for_host_.find(host);
64
65 if (iter == cert_policy_for_host_.end())
66 return false;
67
68 return iter->second.HasAllowedCert();
69 }
70
31 net::X509Certificate::Policy::Judgment SSLHostState::QueryPolicy( 71 net::X509Certificate::Policy::Judgment SSLHostState::QueryPolicy(
32 net::X509Certificate* cert, const std::string& host) { 72 net::X509Certificate* cert, const std::string& host) {
33 DCHECK(CalledOnValidThread()); 73 DCHECK(CalledOnValidThread());
34 74
35 return cert_policy_for_host_[host].Check(cert); 75 return cert_policy_for_host_[host].Check(cert);
36 } 76 }
37 77
38 bool SSLHostState::CanShowInsecureContent(const GURL& url) { 78 void SSLHostState::AllowMixedContentForHost(const std::string& host) {
39 DCHECK(CalledOnValidThread()); 79 DCHECK(CalledOnValidThread());
40 80
41 return (can_show_insecure_content_for_host_.find(url.host()) != 81 allow_mixed_content_for_host_.insert(host);
42 can_show_insecure_content_for_host_.end());
43 } 82 }
44 83
45 void SSLHostState::AllowShowInsecureContentForURL(const GURL& url) { 84 bool SSLHostState::DidAllowMixedContentForHost(const std::string& host) {
46 DCHECK(CalledOnValidThread()); 85 DCHECK(CalledOnValidThread());
47 86
48 can_show_insecure_content_for_host_.insert(url.host()); 87 return (allow_mixed_content_for_host_.find(host) !=
88 allow_mixed_content_for_host_.end());
49 } 89 }
OLDNEW
« no previous file with comments | « chrome/browser/ssl/ssl_host_state.h ('k') | chrome/browser/ssl/ssl_manager.cc » ('j') | no next file with comments »

Powered by Google App Engine
This is Rietveld 408576698