Chromium Code Reviews
chromiumcodereview-hr@appspot.gserviceaccount.com (chromiumcodereview-hr) | Please choose your nickname with Settings | Help | Chromium Project | Gerrit Changes | Sign out
(158)

Side by Side Diff: chrome/browser/ssl/ssl_host_state.h

Issue 42274: SSLPolicy Fix: Step 6.... (Closed) Base URL: svn://svn.chromium.org/chrome/trunk/src/
Patch Set: '' Created 11 years, 9 months ago
Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.
Jump to:
View unified diff | Download patch | Annotate | Revision Log
« no previous file with comments | « no previous file | chrome/browser/ssl/ssl_host_state.cc » ('j') | no next file with comments »
Toggle Intra-line Diffs ('i') | Expand Comments ('e') | Collapse Comments ('c') | Show Comments Hide Comments ('s')
OLDNEW
1 // Copyright (c) 2006-2009 The Chromium Authors. All rights reserved. 1 // Copyright (c) 2006-2009 The Chromium Authors. All rights reserved.
2 // Use of this source code is governed by a BSD-style license that can be 2 // Use of this source code is governed by a BSD-style license that can be
3 // found in the LICENSE file. 3 // found in the LICENSE file.
4 4
5 #ifndef CHROME_BROWSER_SSL_SSL_HOST_STATE_H_ 5 #ifndef CHROME_BROWSER_SSL_SSL_HOST_STATE_H_
6 #define CHROME_BROWSER_SSL_SSL_HOST_STATE_H_ 6 #define CHROME_BROWSER_SSL_SSL_HOST_STATE_H_
7 7
8 #include <string> 8 #include <string>
9 #include <map> 9 #include <map>
10 #include <set> 10 #include <set>
11 11
12 #include "base/basictypes.h" 12 #include "base/basictypes.h"
13 #include "base/non_thread_safe.h" 13 #include "base/non_thread_safe.h"
14 #include "googleurl/src/gurl.h" 14 #include "googleurl/src/gurl.h"
15 #include "net/base/x509_certificate.h" 15 #include "net/base/x509_certificate.h"
16 16
17 // SSLHostState 17 // SSLHostState
18 // 18 //
19 // The SSLHostState encapulates the host-specific state for SSL errors. For 19 // The SSLHostState encapulates the host-specific state for SSL errors. For
20 // example, SSLHostState rememebers whether the user has whitelisted a 20 // example, SSLHostState remembers whether the user has whitelisted a
21 // particular broken cert for use with particular host. We separate this state 21 // particular broken cert for use with particular host. We separate this state
22 // from the SSLManager because this state is shared across many navigation 22 // from the SSLManager because this state is shared across many navigation
23 // controllers. 23 // controllers.
24 24
25 class SSLHostState : public NonThreadSafe { 25 class SSLHostState : public NonThreadSafe {
26 public: 26 public:
27 SSLHostState(); 27 SSLHostState();
28 ~SSLHostState(); 28 ~SSLHostState();
29 29
30 // Records that a host is "broken," that is, the origin for that host has been
31 // contaminated with insecure content, either via HTTP or via HTTPS with a
32 // bad certificate.
33 void MarkHostAsBroken(const std::string& host);
34
35 // Returns whether the specified host was marked as broken.
36 bool DidMarkHostAsBroken(const std::string& host);
37
30 // Records that |cert| is permitted to be used for |host| in the future. 38 // Records that |cert| is permitted to be used for |host| in the future.
31 void DenyCertForHost(net::X509Certificate* cert, const std::string& host); 39 void DenyCertForHost(net::X509Certificate* cert, const std::string& host);
32 40
33 // Records that |cert| is not permitted to be used for |host| in the future. 41 // Records that |cert| is not permitted to be used for |host| in the future.
34 void AllowCertForHost(net::X509Certificate* cert, const std::string& host); 42 void AllowCertForHost(net::X509Certificate* cert, const std::string& host);
35 43
44 // Queries whether there is at least one certificate that has been manually
45 // allowed for this host.
46 bool DidAllowCertForHost(const std::string& host);
47
36 // Queries whether |cert| is allowed or denied for |host|. 48 // Queries whether |cert| is allowed or denied for |host|.
37 net::X509Certificate::Policy::Judgment QueryPolicy( 49 net::X509Certificate::Policy::Judgment QueryPolicy(
38 net::X509Certificate* cert, const std::string& host); 50 net::X509Certificate* cert, const std::string& host);
39 51
40 // Allow mixed/unsafe content to be visible (non filtered) for the specified 52 // Allows mixed content to be visible (non filtered).
41 // URL. 53 void AllowMixedContentForHost(const std::string& host);
42 // Note that the current implementation allows on a host name basis.
43 void AllowShowInsecureContentForURL(const GURL& url);
44 54
45 // Returns whether the specified URL is allowed to show insecure (mixed or 55 // Returns whether the specified host is allowed to show mixed content.
46 // unsafe) content. 56 bool DidAllowMixedContentForHost(const std::string& host);
47 bool CanShowInsecureContent(const GURL& url);
48 57
49 private: 58 private:
59 // Hosts which have been contaminated with unsafe content.
60 std::set<std::string> broken_hosts_;
61
50 // Certificate policies for each host. 62 // Certificate policies for each host.
51 std::map<std::string, net::X509Certificate::Policy> cert_policy_for_host_; 63 std::map<std::string, net::X509Certificate::Policy> cert_policy_for_host_;
52 64
53 // Domains for which it is OK to show insecure content. 65 // Hosts for which we are allowed to show mixed content.
54 std::set<std::string> can_show_insecure_content_for_host_; 66 std::set<std::string> allow_mixed_content_for_host_;
55 67
56 DISALLOW_COPY_AND_ASSIGN(SSLHostState); 68 DISALLOW_COPY_AND_ASSIGN(SSLHostState);
57 }; 69 };
58 70
59 #endif // CHROME_BROWSER_SSL_SSL_HOST_STATE_H_ 71 #endif // CHROME_BROWSER_SSL_SSL_HOST_STATE_H_
OLDNEW
« no previous file with comments | « no previous file | chrome/browser/ssl/ssl_host_state.cc » ('j') | no next file with comments »

Powered by Google App Engine
This is Rietveld 408576698