| OLD | NEW |
|---|
| 1 // Copyright 2014 The Chromium Authors. All rights reserved. | 1 // Copyright 2014 The Chromium Authors. All rights reserved. |
| 2 // Use of this source code is governed by a BSD-style license that can be | 2 // Use of this source code is governed by a BSD-style license that can be |
| 3 // found in the LICENSE file. | 3 // found in the LICENSE file. |
| 4 | 4 |
| 5 #include "chrome/browser/ssl/chrome_ssl_host_state_delegate.h" | 5 #include "chrome/browser/ssl/chrome_ssl_host_state_delegate.h" |
| 6 | 6 |
| 7 #include <stdint.h> | 7 #include <stdint.h> |
| 8 | 8 |
| 9 #include <set> | 9 #include <set> |
| 10 #include <string> |
| 10 | 11 |
| 11 #include "base/base64.h" | 12 #include "base/base64.h" |
| 12 #include "base/bind.h" | 13 #include "base/bind.h" |
| 14 #include "base/callback.h" |
| 13 #include "base/command_line.h" | 15 #include "base/command_line.h" |
| 14 #include "base/guid.h" | 16 #include "base/guid.h" |
| 15 #include "base/logging.h" | 17 #include "base/logging.h" |
| 16 #include "base/metrics/field_trial.h" | 18 #include "base/metrics/field_trial.h" |
| 17 #include "base/strings/string_number_conversions.h" | 19 #include "base/strings/string_number_conversions.h" |
| 18 #include "base/time/clock.h" | 20 #include "base/time/clock.h" |
| 19 #include "base/time/default_clock.h" | 21 #include "base/time/default_clock.h" |
| 20 #include "base/time/time.h" | 22 #include "base/time/time.h" |
| 21 #include "base/values.h" | 23 #include "base/values.h" |
| 22 #include "chrome/browser/content_settings/host_content_settings_map_factory.h" | 24 #include "chrome/browser/content_settings/host_content_settings_map_factory.h" |
| (...skipping 109 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 132 // Set the new pattern. | 134 // Set the new pattern. |
| 133 if (value) { | 135 if (value) { |
| 134 map->SetWebsiteSettingDefaultScope( | 136 map->SetWebsiteSettingDefaultScope( |
| 135 url, GURL(), CONTENT_SETTINGS_TYPE_SSL_CERT_DECISIONS, | 137 url, GURL(), CONTENT_SETTINGS_TYPE_SSL_CERT_DECISIONS, |
| 136 std::string(), std::move(value)); | 138 std::string(), std::move(value)); |
| 137 } | 139 } |
| 138 } | 140 } |
| 139 } | 141 } |
| 140 } | 142 } |
| 141 | 143 |
| 144 bool HostFilterToPatternFilter( |
| 145 const base::Callback<bool(const std::string&)>& host_filter, |
| 146 const ContentSettingsPattern& primary_pattern, |
| 147 const ContentSettingsPattern& secondary_pattern) { |
| 148 // We only ever set origin-scoped exceptions which are of the form |
| 149 // "https://<host>:443". That is a valid URL, so we can compare |host_filter| |
| 150 // against its host. |
| 151 GURL url = GURL(primary_pattern.ToString()); |
| 152 DCHECK(url.is_valid()); |
| 153 return host_filter.Run(url.host()); |
| 154 } |
| 155 |
| 142 } // namespace | 156 } // namespace |
| 143 | 157 |
| 144 // This helper function gets the dictionary of certificate fingerprints to | 158 // This helper function gets the dictionary of certificate fingerprints to |
| 145 // errors of certificates that have been accepted by the user from the content | 159 // errors of certificates that have been accepted by the user from the content |
| 146 // dictionary that has been passed in. The returned pointer is owned by the the | 160 // dictionary that has been passed in. The returned pointer is owned by the the |
| 147 // argument dict that is passed in. | 161 // argument dict that is passed in. |
| 148 // | 162 // |
| 149 // If create_entries is set to |DO_NOT_CREATE_DICTIONARY_ENTRIES|, | 163 // If create_entries is set to |DO_NOT_CREATE_DICTIONARY_ENTRIES|, |
| 150 // GetValidCertDecisionsDict will return NULL if there is anything invalid about | 164 // GetValidCertDecisionsDict will return NULL if there is anything invalid about |
| 151 // the setting, such as an invalid version or invalid value types (in addition | 165 // the setting, such as an invalid version or invalid value types (in addition |
| (...skipping 154 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 306 kDefaultSSLCertDecisionVersion); | 320 kDefaultSSLCertDecisionVersion); |
| 307 cert_dict->SetIntegerWithoutPathExpansion(GetKey(cert, error), ALLOWED); | 321 cert_dict->SetIntegerWithoutPathExpansion(GetKey(cert, error), ALLOWED); |
| 308 | 322 |
| 309 // The map takes ownership of the value, so it is released in the call to | 323 // The map takes ownership of the value, so it is released in the call to |
| 310 // SetWebsiteSettingDefaultScope. | 324 // SetWebsiteSettingDefaultScope. |
| 311 map->SetWebsiteSettingDefaultScope(url, GURL(), | 325 map->SetWebsiteSettingDefaultScope(url, GURL(), |
| 312 CONTENT_SETTINGS_TYPE_SSL_CERT_DECISIONS, | 326 CONTENT_SETTINGS_TYPE_SSL_CERT_DECISIONS, |
| 313 std::string(), std::move(value)); | 327 std::string(), std::move(value)); |
| 314 } | 328 } |
| 315 | 329 |
| 316 void ChromeSSLHostStateDelegate::Clear() { | 330 void ChromeSSLHostStateDelegate::Clear( |
| 331 const base::Callback<bool(const std::string&)>& host_filter) { |
| 332 // Convert host matching to content settings pattern matching. Content |
| 333 // settings deletion is done synchronously on the UI thread, so we can use |
| 334 // |host_filter| by reference. |
| 335 base::Callback<bool(const ContentSettingsPattern& primary_pattern, |
| 336 const ContentSettingsPattern& secondary_pattern)> |
| 337 pattern_filter; |
| 338 if (!host_filter.is_null()) { |
| 339 pattern_filter = |
| 340 base::Bind(&HostFilterToPatternFilter, base::ConstRef(host_filter)); |
| 341 } |
| 342 |
| 317 HostContentSettingsMapFactory::GetForProfile(profile_) | 343 HostContentSettingsMapFactory::GetForProfile(profile_) |
| 318 ->ClearSettingsForOneType(CONTENT_SETTINGS_TYPE_SSL_CERT_DECISIONS); | 344 ->ClearSettingsForOneTypeWithPredicate( |
| 345 CONTENT_SETTINGS_TYPE_SSL_CERT_DECISIONS, pattern_filter); |
| 319 } | 346 } |
| 320 | 347 |
| 321 content::SSLHostStateDelegate::CertJudgment | 348 content::SSLHostStateDelegate::CertJudgment |
| 322 ChromeSSLHostStateDelegate::QueryPolicy(const std::string& host, | 349 ChromeSSLHostStateDelegate::QueryPolicy(const std::string& host, |
| 323 const net::X509Certificate& cert, | 350 const net::X509Certificate& cert, |
| 324 net::CertStatus error, | 351 net::CertStatus error, |
| 325 bool* expired_previous_decision) { | 352 bool* expired_previous_decision) { |
| 326 HostContentSettingsMap* map = | 353 HostContentSettingsMap* map = |
| 327 HostContentSettingsMapFactory::GetForProfile(profile_); | 354 HostContentSettingsMapFactory::GetForProfile(profile_); |
| 328 GURL url = GetSecureGURLForHost(host); | 355 GURL url = GetSecureGURLForHost(host); |
| (...skipping 130 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 459 case CERT_ERRORS_CONTENT: | 486 case CERT_ERRORS_CONTENT: |
| 460 return !!ran_content_with_cert_errors_hosts_.count( | 487 return !!ran_content_with_cert_errors_hosts_.count( |
| 461 BrokenHostEntry(host, child_id)); | 488 BrokenHostEntry(host, child_id)); |
| 462 } | 489 } |
| 463 NOTREACHED(); | 490 NOTREACHED(); |
| 464 return false; | 491 return false; |
| 465 } | 492 } |
| 466 void ChromeSSLHostStateDelegate::SetClock(std::unique_ptr<base::Clock> clock) { | 493 void ChromeSSLHostStateDelegate::SetClock(std::unique_ptr<base::Clock> clock) { |
| 467 clock_.reset(clock.release()); | 494 clock_.reset(clock.release()); |
| 468 } | 495 } |
| OLD | NEW |
|---|
Chromium Code Reviews
Issue 2292443003:
Support host-based deletion for SSLHostStateDelegate (Closed)
