OLD | NEW |
1 // Copyright 2014 The Chromium Authors. All rights reserved. | 1 // Copyright 2014 The Chromium Authors. All rights reserved. |
2 // Use of this source code is governed by a BSD-style license that can be | 2 // Use of this source code is governed by a BSD-style license that can be |
3 // found in the LICENSE file. | 3 // found in the LICENSE file. |
4 | 4 |
5 #include "chrome/browser/ssl/chrome_ssl_host_state_delegate.h" | 5 #include "chrome/browser/ssl/chrome_ssl_host_state_delegate.h" |
6 | 6 |
| 7 #include <stdint.h> |
| 8 |
7 #include <set> | 9 #include <set> |
8 | 10 |
9 #include "base/base64.h" | 11 #include "base/base64.h" |
10 #include "base/bind.h" | 12 #include "base/bind.h" |
11 #include "base/command_line.h" | 13 #include "base/command_line.h" |
12 #include "base/guid.h" | 14 #include "base/guid.h" |
13 #include "base/logging.h" | 15 #include "base/logging.h" |
14 #include "base/metrics/field_trial.h" | 16 #include "base/metrics/field_trial.h" |
15 #include "base/strings/string_number_conversions.h" | 17 #include "base/strings/string_number_conversions.h" |
16 #include "base/time/clock.h" | 18 #include "base/time/clock.h" |
(...skipping 163 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
180 | 182 |
181 // Extract the certificate decision's expiration time from the content | 183 // Extract the certificate decision's expiration time from the content |
182 // setting. If there is no expiration time, that means it should never expire | 184 // setting. If there is no expiration time, that means it should never expire |
183 // and it should reset only at session restart, so skip all of the expiration | 185 // and it should reset only at session restart, so skip all of the expiration |
184 // checks. | 186 // checks. |
185 bool expired = false; | 187 bool expired = false; |
186 base::Time now = clock_->Now(); | 188 base::Time now = clock_->Now(); |
187 base::Time decision_expiration; | 189 base::Time decision_expiration; |
188 if (dict->HasKey(kSSLCertDecisionExpirationTimeKey)) { | 190 if (dict->HasKey(kSSLCertDecisionExpirationTimeKey)) { |
189 std::string decision_expiration_string; | 191 std::string decision_expiration_string; |
190 int64 decision_expiration_int64; | 192 int64_t decision_expiration_int64; |
191 success = dict->GetString(kSSLCertDecisionExpirationTimeKey, | 193 success = dict->GetString(kSSLCertDecisionExpirationTimeKey, |
192 &decision_expiration_string); | 194 &decision_expiration_string); |
193 if (!base::StringToInt64(base::StringPiece(decision_expiration_string), | 195 if (!base::StringToInt64(base::StringPiece(decision_expiration_string), |
194 &decision_expiration_int64)) { | 196 &decision_expiration_int64)) { |
195 LOG(ERROR) << "Failed to parse a certificate error exception that has a " | 197 LOG(ERROR) << "Failed to parse a certificate error exception that has a " |
196 << "bad value for an expiration time: " | 198 << "bad value for an expiration time: " |
197 << decision_expiration_string; | 199 << decision_expiration_string; |
198 return NULL; | 200 return NULL; |
199 } | 201 } |
200 decision_expiration = | 202 decision_expiration = |
201 base::Time::FromInternalValue(decision_expiration_int64); | 203 base::Time::FromInternalValue(decision_expiration_int64); |
202 } | 204 } |
203 | 205 |
204 // Check to see if the user's certificate decision has expired. | 206 // Check to see if the user's certificate decision has expired. |
205 // - Expired and |create_entries| is DO_NOT_CREATE_DICTIONARY_ENTRIES, return | 207 // - Expired and |create_entries| is DO_NOT_CREATE_DICTIONARY_ENTRIES, return |
206 // NULL. | 208 // NULL. |
207 // - Expired and |create_entries| is CREATE_DICTIONARY_ENTRIES, update the | 209 // - Expired and |create_entries| is CREATE_DICTIONARY_ENTRIES, update the |
208 // expiration time. | 210 // expiration time. |
209 if (should_remember_ssl_decisions_ != | 211 if (should_remember_ssl_decisions_ != |
210 FORGET_SSL_EXCEPTION_DECISIONS_AT_SESSION_END && | 212 FORGET_SSL_EXCEPTION_DECISIONS_AT_SESSION_END && |
211 decision_expiration.ToInternalValue() <= now.ToInternalValue()) { | 213 decision_expiration.ToInternalValue() <= now.ToInternalValue()) { |
212 *expired_previous_decision = true; | 214 *expired_previous_decision = true; |
213 | 215 |
214 if (create_entries == DO_NOT_CREATE_DICTIONARY_ENTRIES) | 216 if (create_entries == DO_NOT_CREATE_DICTIONARY_ENTRIES) |
215 return NULL; | 217 return NULL; |
216 | 218 |
217 expired = true; | 219 expired = true; |
218 base::Time expiration_time = | 220 base::Time expiration_time = |
219 now + base::TimeDelta::FromSeconds(kDeltaDefaultExpirationInSeconds); | 221 now + base::TimeDelta::FromSeconds(kDeltaDefaultExpirationInSeconds); |
220 // Unfortunately, JSON (and thus content settings) doesn't support int64 | 222 // Unfortunately, JSON (and thus content settings) doesn't support int64_t |
221 // values, only doubles. Since this mildly depends on precision, it is | 223 // values, only doubles. Since this mildly depends on precision, it is |
222 // better to store the value as a string. | 224 // better to store the value as a string. |
223 dict->SetString(kSSLCertDecisionExpirationTimeKey, | 225 dict->SetString(kSSLCertDecisionExpirationTimeKey, |
224 base::Int64ToString(expiration_time.ToInternalValue())); | 226 base::Int64ToString(expiration_time.ToInternalValue())); |
225 } else if (should_remember_ssl_decisions_ == | 227 } else if (should_remember_ssl_decisions_ == |
226 FORGET_SSL_EXCEPTION_DECISIONS_AT_SESSION_END) { | 228 FORGET_SSL_EXCEPTION_DECISIONS_AT_SESSION_END) { |
227 if (dict->HasKey(kSSLCertDecisionGUIDKey)) { | 229 if (dict->HasKey(kSSLCertDecisionGUIDKey)) { |
228 std::string old_expiration_guid; | 230 std::string old_expiration_guid; |
229 success = dict->GetString(kSSLCertDecisionGUIDKey, &old_expiration_guid); | 231 success = dict->GetString(kSSLCertDecisionGUIDKey, &old_expiration_guid); |
230 if (old_expiration_guid.compare(current_expiration_guid_) != 0) { | 232 if (old_expiration_guid.compare(current_expiration_guid_) != 0) { |
(...skipping 204 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
435 } | 437 } |
436 | 438 |
437 bool ChromeSSLHostStateDelegate::DidHostRunInsecureContent( | 439 bool ChromeSSLHostStateDelegate::DidHostRunInsecureContent( |
438 const std::string& host, | 440 const std::string& host, |
439 int pid) const { | 441 int pid) const { |
440 return !!ran_insecure_content_hosts_.count(BrokenHostEntry(host, pid)); | 442 return !!ran_insecure_content_hosts_.count(BrokenHostEntry(host, pid)); |
441 } | 443 } |
442 void ChromeSSLHostStateDelegate::SetClock(scoped_ptr<base::Clock> clock) { | 444 void ChromeSSLHostStateDelegate::SetClock(scoped_ptr<base::Clock> clock) { |
443 clock_.reset(clock.release()); | 445 clock_.reset(clock.release()); |
444 } | 446 } |
OLD | NEW |