OLD | NEW |
---|---|
1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. | 1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. |
2 // Use of this source code is governed by a BSD-style license that can be | 2 // Use of this source code is governed by a BSD-style license that can be |
3 // found in the LICENSE file. | 3 // found in the LICENSE file. |
4 | 4 |
5 #include "content/browser/ssl/ssl_host_state.h" | 5 #include "content/browser/ssl/ssl_host_state.h" |
6 | 6 |
7 #include "base/logging.h" | 7 #include "base/logging.h" |
8 #include "base/lazy_instance.h" | 8 #include "base/lazy_instance.h" |
9 #include "base/pickle.h" | |
9 #include "content/public/browser/browser_context.h" | 10 #include "content/public/browser/browser_context.h" |
11 #include "content/public/browser/ssl_host_state_decisions.h" | |
12 #include "net/http/http_transaction_factory.h" | |
13 #include "net/url_request/url_request_context.h" | |
14 #include "net/url_request/url_request_context_getter.h" | |
15 #include "url/gurl.h" | |
10 | 16 |
11 const char kKeyName[] = "content_ssl_host_state"; | 17 const char kKeyName[] = "content_ssl_host_state"; |
12 | 18 |
19 namespace { | |
20 | |
21 void CloseIdleConnections( | |
22 const std::string& host, | |
23 scoped_refptr<net::URLRequestContextGetter> url_request_context_getter) { | |
24 url_request_context_getter->GetURLRequestContext() | |
25 ->http_transaction_factory() | |
26 ->GetSession() | |
27 ->CloseIdleConnections(); | |
Ryan Sleevi
2014/07/08 23:53:29
I really, really, really don't like this being cal
jww
2014/07/11 00:08:42
This was suggested by willchan (who I'm CC'ing in
Ryan Sleevi
2014/07/11 00:48:49
I'm aware of the potential for bugs, I'm not aware
jww
2014/07/11 01:52:07
Sorry, I'm confused about the action to take at th
Ryan Sleevi
2014/07/11 19:43:27
Don't use the heavy hammer here.
Yes, it has the
jww
2014/07/14 21:21:15
Okay, sounds good. However, just to be explicit: t
| |
28 } | |
29 | |
30 } // namespace | |
31 | |
13 namespace content { | 32 namespace content { |
14 | 33 |
15 SSLHostState* SSLHostState::GetFor(BrowserContext* context) { | 34 SSLHostState* SSLHostState::GetFor(BrowserContext* context) { |
16 SSLHostState* rv = static_cast<SSLHostState*>(context->GetUserData(kKeyName)); | 35 SSLHostState* rv = static_cast<SSLHostState*>(context->GetUserData(kKeyName)); |
17 if (!rv) { | 36 if (!rv) { |
18 rv = new SSLHostState(); | 37 rv = new SSLHostState(); |
38 rv->browser_context_ = context; | |
39 rv->decisions_ = context->GetSSLHostStateDecisions(); | |
40 // All non-testing contexts need to implement a certificate decision storage | |
41 // strategy of some sort. | |
42 DCHECK(rv->decisions_); | |
19 context->SetUserData(kKeyName, rv); | 43 context->SetUserData(kKeyName, rv); |
20 } | 44 } |
21 return rv; | 45 return rv; |
22 } | 46 } |
23 | 47 |
24 SSLHostState::SSLHostState() { | 48 SSLHostState::SSLHostState() { |
25 } | 49 } |
26 | 50 |
27 SSLHostState::~SSLHostState() { | 51 SSLHostState::~SSLHostState() { |
28 } | 52 } |
29 | 53 |
30 void SSLHostState::HostRanInsecureContent(const std::string& host, int pid) { | 54 void SSLHostState::HostRanInsecureContent(const std::string& host, int pid) { |
31 DCHECK(CalledOnValidThread()); | 55 DCHECK(CalledOnValidThread()); |
32 ran_insecure_content_hosts_.insert(BrokenHostEntry(host, pid)); | 56 ran_insecure_content_hosts_.insert(BrokenHostEntry(host, pid)); |
33 } | 57 } |
34 | 58 |
35 bool SSLHostState::DidHostRunInsecureContent(const std::string& host, | 59 bool SSLHostState::DidHostRunInsecureContent(const std::string& host, |
36 int pid) const { | 60 int pid) const { |
37 DCHECK(CalledOnValidThread()); | 61 DCHECK(CalledOnValidThread()); |
38 return !!ran_insecure_content_hosts_.count(BrokenHostEntry(host, pid)); | 62 return !!ran_insecure_content_hosts_.count(BrokenHostEntry(host, pid)); |
39 } | 63 } |
40 | 64 |
41 void SSLHostState::DenyCertForHost(net::X509Certificate* cert, | 65 void SSLHostState::DenyCertForHost(net::X509Certificate* cert, |
42 const std::string& host, | 66 const GURL& url, |
43 net::CertStatus error) { | 67 net::CertStatus error) { |
44 DCHECK(CalledOnValidThread()); | 68 DCHECK(CalledOnValidThread()); |
45 | 69 |
46 cert_policy_for_host_[host].Deny(cert, error); | 70 decisions_->DenyCert(url, cert, error); |
47 } | 71 } |
48 | 72 |
49 void SSLHostState::AllowCertForHost(net::X509Certificate* cert, | 73 void SSLHostState::AllowCertForHost(net::X509Certificate* cert, |
50 const std::string& host, | 74 const GURL& url, |
51 net::CertStatus error) { | 75 net::CertStatus error) { |
52 DCHECK(CalledOnValidThread()); | 76 DCHECK(CalledOnValidThread()); |
53 | 77 |
54 cert_policy_for_host_[host].Allow(cert, error); | 78 decisions_->AllowCert(url, cert, error); |
79 } | |
80 | |
81 void SSLHostState::RevokeAllowAndDenyPreferences(const GURL& url) { | |
82 DCHECK(CalledOnValidThread()); | |
83 | |
84 decisions_->RevokeAllowAndDenyPreferences(url); | |
85 | |
86 scoped_refptr<net::URLRequestContextGetter> getter( | |
87 browser_context_->GetRequestContext()); | |
88 browser_context_->GetRequestContext()->GetNetworkTaskRunner()->PostTask( | |
89 FROM_HERE, base::Bind(&CloseIdleConnections, url.host(), getter)); | |
90 } | |
91 | |
92 bool SSLHostState::HasAllowedOrDeniedCert(const GURL& url) { | |
93 DCHECK(CalledOnValidThread()); | |
94 | |
95 return decisions_->HasAllowedOrDeniedCert(url); | |
55 } | 96 } |
56 | 97 |
57 void SSLHostState::Clear() { | 98 void SSLHostState::Clear() { |
58 DCHECK(CalledOnValidThread()); | 99 decisions_->Clear(); |
59 | |
60 cert_policy_for_host_.clear(); | |
61 } | 100 } |
62 | 101 |
63 net::CertPolicy::Judgment SSLHostState::QueryPolicy(net::X509Certificate* cert, | 102 net::CertPolicy::Judgment SSLHostState::QueryPolicy(net::X509Certificate* cert, |
64 const std::string& host, | 103 const GURL& url, |
65 net::CertStatus error) { | 104 net::CertStatus error) { |
66 DCHECK(CalledOnValidThread()); | 105 DCHECK(CalledOnValidThread()); |
67 | 106 |
68 return cert_policy_for_host_[host].Check(cert, error); | 107 return decisions_->QueryPolicy(url, cert, error); |
69 } | 108 } |
70 | 109 |
71 } // namespace content | 110 } // namespace content |
OLD | NEW |