| OLD | NEW |
|---|
| 1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. | 1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. |
| 2 // Use of this source code is governed by a BSD-style license that can be | 2 // Use of this source code is governed by a BSD-style license that can be |
| 3 // found in the LICENSE file. | 3 // found in the LICENSE file. |
| 4 | 4 |
| 5 #include "content/browser/ssl/ssl_host_state.h" | 5 #include "content/browser/ssl/ssl_host_state.h" |
| 6 | 6 |
| 7 #include "base/logging.h" | 7 #include "base/logging.h" |
| 8 #include "base/lazy_instance.h" | 8 #include "base/lazy_instance.h" |
| 9 #include "base/pickle.h" |
| 9 #include "content/public/browser/browser_context.h" | 10 #include "content/public/browser/browser_context.h" |
| 11 #include "content/public/browser/ssl_host_state_decisions.h" |
| 12 #include "net/http/http_transaction_factory.h" |
| 13 #include "net/url_request/url_request_context.h" |
| 14 #include "net/url_request/url_request_context_getter.h" |
| 15 #include "url/gurl.h" |
| 10 | 16 |
| 11 const char kKeyName[] = "content_ssl_host_state"; | 17 const char kKeyName[] = "content_ssl_host_state"; |
| 12 | 18 |
| 19 namespace { |
| 20 |
| 21 void CloseIdleConnections( |
| 22 const std::string& host, |
| 23 scoped_refptr<net::URLRequestContextGetter> url_request_context_getter) { |
| 24 url_request_context_getter->GetURLRequestContext() |
| 25 ->http_transaction_factory() |
| 26 ->GetSession() |
| 27 ->CloseIdleConnections(); |
| 28 } |
| 29 |
| 30 } // namespace |
| 31 |
| 13 namespace content { | 32 namespace content { |
| 14 | 33 |
| 15 SSLHostState* SSLHostState::GetFor(BrowserContext* context) { | 34 SSLHostState* SSLHostState::GetFor(BrowserContext* context) { |
| 16 SSLHostState* rv = static_cast<SSLHostState*>(context->GetUserData(kKeyName)); | 35 SSLHostState* rv = static_cast<SSLHostState*>(context->GetUserData(kKeyName)); |
| 17 if (!rv) { | 36 if (!rv) { |
| 18 rv = new SSLHostState(); | 37 rv = new SSLHostState(); |
| 38 rv->browser_context_ = context; |
| 39 rv->decisions_ = context->GetSSLHostStateDecisions(); |
| 40 // All non-testing contexts need to implement a certificate decision storage |
| 41 // strategy of some sort. |
| 42 DCHECK(rv->decisions_); |
| 19 context->SetUserData(kKeyName, rv); | 43 context->SetUserData(kKeyName, rv); |
| 20 } | 44 } |
| 21 return rv; | 45 return rv; |
| 22 } | 46 } |
| 23 | 47 |
| 24 SSLHostState::SSLHostState() { | 48 SSLHostState::SSLHostState() { |
| 25 } | 49 } |
| 26 | 50 |
| 27 SSLHostState::~SSLHostState() { | 51 SSLHostState::~SSLHostState() { |
| 28 } | 52 } |
| 29 | 53 |
| 30 void SSLHostState::HostRanInsecureContent(const std::string& host, int pid) { | 54 void SSLHostState::HostRanInsecureContent(const std::string& host, int pid) { |
| 31 DCHECK(CalledOnValidThread()); | 55 DCHECK(CalledOnValidThread()); |
| 32 ran_insecure_content_hosts_.insert(BrokenHostEntry(host, pid)); | 56 ran_insecure_content_hosts_.insert(BrokenHostEntry(host, pid)); |
| 33 } | 57 } |
| 34 | 58 |
| 35 bool SSLHostState::DidHostRunInsecureContent(const std::string& host, | 59 bool SSLHostState::DidHostRunInsecureContent(const std::string& host, |
| 36 int pid) const { | 60 int pid) const { |
| 37 DCHECK(CalledOnValidThread()); | 61 DCHECK(CalledOnValidThread()); |
| 38 return !!ran_insecure_content_hosts_.count(BrokenHostEntry(host, pid)); | 62 return !!ran_insecure_content_hosts_.count(BrokenHostEntry(host, pid)); |
| 39 } | 63 } |
| 40 | 64 |
| 41 void SSLHostState::DenyCertForHost(net::X509Certificate* cert, | 65 void SSLHostState::DenyCertForHost(net::X509Certificate* cert, |
| 42 const std::string& host, | 66 const GURL& url, |
| 43 net::CertStatus error) { | 67 net::CertStatus error) { |
| 44 DCHECK(CalledOnValidThread()); | 68 DCHECK(CalledOnValidThread()); |
| 45 | 69 |
| 46 cert_policy_for_host_[host].Deny(cert, error); | 70 decisions_->DenyCert(url, cert, error); |
| 47 } | 71 } |
| 48 | 72 |
| 49 void SSLHostState::AllowCertForHost(net::X509Certificate* cert, | 73 void SSLHostState::AllowCertForHost(net::X509Certificate* cert, |
| 50 const std::string& host, | 74 const GURL& url, |
| 51 net::CertStatus error) { | 75 net::CertStatus error) { |
| 52 DCHECK(CalledOnValidThread()); | 76 DCHECK(CalledOnValidThread()); |
| 53 | 77 |
| 54 cert_policy_for_host_[host].Allow(cert, error); | 78 decisions_->AllowCert(url, cert, error); |
| 79 } |
| 80 |
| 81 void SSLHostState::RevokeAllowAndDenyPreferences(const GURL& url) { |
| 82 DCHECK(CalledOnValidThread()); |
| 83 |
| 84 decisions_->RevokeAllowAndDenyPreferences(url); |
| 85 |
| 86 scoped_refptr<net::URLRequestContextGetter> getter( |
| 87 browser_context_->GetRequestContext()); |
| 88 browser_context_->GetRequestContext()->GetNetworkTaskRunner()->PostTask( |
| 89 FROM_HERE, base::Bind(&CloseIdleConnections, url.host(), getter)); |
| 90 } |
| 91 |
| 92 bool SSLHostState::HasAllowedOrDeniedCert(const GURL& url) { |
| 93 DCHECK(CalledOnValidThread()); |
| 94 |
| 95 return decisions_->HasAllowedOrDeniedCert(url); |
| 55 } | 96 } |
| 56 | 97 |
| 57 void SSLHostState::Clear() { | 98 void SSLHostState::Clear() { |
| 58 DCHECK(CalledOnValidThread()); | 99 decisions_->Clear(); |
| 59 | |
| 60 cert_policy_for_host_.clear(); | |
| 61 } | 100 } |
| 62 | 101 |
| 63 net::CertPolicy::Judgment SSLHostState::QueryPolicy(net::X509Certificate* cert, | 102 net::CertPolicy::Judgment SSLHostState::QueryPolicy(net::X509Certificate* cert, |
| 64 const std::string& host, | 103 const GURL& url, |
| 65 net::CertStatus error) { | 104 net::CertStatus error) { |
| 66 DCHECK(CalledOnValidThread()); | 105 DCHECK(CalledOnValidThread()); |
| 67 | 106 |
| 68 return cert_policy_for_host_[host].Check(cert, error); | 107 return decisions_->QueryPolicy(url, cert, error); |
| 69 } | 108 } |
| 70 | 109 |
| 71 } // namespace content | 110 } // namespace content |
| OLD | NEW |
|---|
Chromium Code Reviews
Issue 369703002:
Remember user decisions on invalid certificates behind a flag (Closed)
Base URL: svn://svn.chromium.org/chrome/trunk/src