OLD | NEW |
| (Empty) |
1 // Copyright (c) 2006-2008 The Chromium Authors. All rights reserved. | |
2 // Use of this source code is governed by a BSD-style license that can be | |
3 // found in the LICENSE file. | |
4 | |
5 #include "net/base/cert_status_flags.h" | |
6 #include "net/http/cert_status_cache.h" | |
7 | |
8 namespace net { | |
9 | |
10 CertStatusCache::CertStatusCache() { | |
11 } | |
12 | |
13 CertStatusCache::~CertStatusCache() { | |
14 for (HostMap::iterator iter = fingerprint_to_bad_hosts_.begin(); | |
15 iter != fingerprint_to_bad_hosts_.end(); ++iter) { | |
16 delete iter->second; | |
17 } | |
18 } | |
19 | |
20 int CertStatusCache::GetCertStatus(const X509Certificate& cert, | |
21 const std::string& host) const { | |
22 StatusMap::const_iterator iter = | |
23 fingerprint_to_cert_status_.find(cert.fingerprint()); | |
24 if (iter != fingerprint_to_cert_status_.end()) { | |
25 int cert_status = iter->second; | |
26 | |
27 // We get the CERT_STATUS_COMMON_NAME_INVALID error based on the host. | |
28 HostMap::const_iterator fp_iter = | |
29 fingerprint_to_bad_hosts_.find(cert.fingerprint()); | |
30 if (fp_iter != fingerprint_to_bad_hosts_.end()) { | |
31 StringSet* bad_hosts = fp_iter->second; | |
32 StringSet::const_iterator host_iter = bad_hosts->find(host); | |
33 if (host_iter != bad_hosts->end()) | |
34 cert_status |= net::CERT_STATUS_COMMON_NAME_INVALID; | |
35 } | |
36 | |
37 return cert_status; | |
38 } | |
39 return 0; // The cert has never had errors. | |
40 } | |
41 | |
42 void CertStatusCache::SetCertStatus(const X509Certificate& cert, | |
43 const std::string& host, | |
44 int status) { | |
45 // We store the CERT_STATUS_COMMON_NAME_INVALID status separately as it is | |
46 // host related. | |
47 fingerprint_to_cert_status_[cert.fingerprint()] = | |
48 status & ~net::CERT_STATUS_COMMON_NAME_INVALID; | |
49 | |
50 if ((status & net::CERT_STATUS_COMMON_NAME_INVALID) != 0) { | |
51 StringSet* bad_hosts; | |
52 HostMap::const_iterator iter = | |
53 fingerprint_to_bad_hosts_.find(cert.fingerprint()); | |
54 if (iter == fingerprint_to_bad_hosts_.end()) { | |
55 bad_hosts = new StringSet; | |
56 fingerprint_to_bad_hosts_[cert.fingerprint()] = bad_hosts; | |
57 } else { | |
58 bad_hosts = iter->second; | |
59 } | |
60 bad_hosts->insert(host); | |
61 } | |
62 } | |
63 | |
64 } | |
65 | |
OLD | NEW |