| Index: chrome/browser/ssl/ssl_host_state.h
|
| ===================================================================
|
| --- chrome/browser/ssl/ssl_host_state.h (revision 11853)
|
| +++ chrome/browser/ssl/ssl_host_state.h (working copy)
|
| @@ -17,7 +17,7 @@
|
| // SSLHostState
|
| //
|
| // The SSLHostState encapulates the host-specific state for SSL errors. For
|
| -// example, SSLHostState rememebers whether the user has whitelisted a
|
| +// example, SSLHostState remembers whether the user has whitelisted a
|
| // particular broken cert for use with particular host. We separate this state
|
| // from the SSLManager because this state is shared across many navigation
|
| // controllers.
|
| @@ -27,31 +27,43 @@
|
| SSLHostState();
|
| ~SSLHostState();
|
|
|
| + // Records that a host is "broken," that is, the origin for that host has been
|
| + // contaminated with insecure content, either via HTTP or via HTTPS with a
|
| + // bad certificate.
|
| + void MarkHostAsBroken(const std::string& host);
|
| +
|
| + // Returns whether the specified host was marked as broken.
|
| + bool DidMarkHostAsBroken(const std::string& host);
|
| +
|
| // Records that |cert| is permitted to be used for |host| in the future.
|
| void DenyCertForHost(net::X509Certificate* cert, const std::string& host);
|
|
|
| // Records that |cert| is not permitted to be used for |host| in the future.
|
| void AllowCertForHost(net::X509Certificate* cert, const std::string& host);
|
|
|
| + // Queries whether there is at least one certificate that has been manually
|
| + // allowed for this host.
|
| + bool DidAllowCertForHost(const std::string& host);
|
| +
|
| // Queries whether |cert| is allowed or denied for |host|.
|
| net::X509Certificate::Policy::Judgment QueryPolicy(
|
| net::X509Certificate* cert, const std::string& host);
|
|
|
| - // Allow mixed/unsafe content to be visible (non filtered) for the specified
|
| - // URL.
|
| - // Note that the current implementation allows on a host name basis.
|
| - void AllowShowInsecureContentForURL(const GURL& url);
|
| + // Allows mixed content to be visible (non filtered).
|
| + void AllowMixedContentForHost(const std::string& host);
|
|
|
| - // Returns whether the specified URL is allowed to show insecure (mixed or
|
| - // unsafe) content.
|
| - bool CanShowInsecureContent(const GURL& url);
|
| + // Returns whether the specified host is allowed to show mixed content.
|
| + bool DidAllowMixedContentForHost(const std::string& host);
|
|
|
| private:
|
| + // Hosts which have been contaminated with unsafe content.
|
| + std::set<std::string> broken_hosts_;
|
| +
|
| // Certificate policies for each host.
|
| std::map<std::string, net::X509Certificate::Policy> cert_policy_for_host_;
|
|
|
| - // Domains for which it is OK to show insecure content.
|
| - std::set<std::string> can_show_insecure_content_for_host_;
|
| + // Hosts for which we are allowed to show mixed content.
|
| + std::set<std::string> allow_mixed_content_for_host_;
|
|
|
| DISALLOW_COPY_AND_ASSIGN(SSLHostState);
|
| };
|
|
|