OLD | NEW |
1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. | 1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. |
2 // Use of this source code is governed by a BSD-style license that can be | 2 // Use of this source code is governed by a BSD-style license that can be |
3 // found in the LICENSE file. | 3 // found in the LICENSE file. |
4 | 4 |
5 #include "content/browser/ssl/ssl_policy.h" | 5 #include "content/browser/ssl/ssl_policy.h" |
6 | 6 |
7 #include "base/base_switches.h" | 7 #include "base/base_switches.h" |
8 #include "base/bind.h" | 8 #include "base/bind.h" |
9 #include "base/command_line.h" | 9 #include "base/command_line.h" |
10 #include "base/memory/singleton.h" | 10 #include "base/memory/singleton.h" |
(...skipping 15 matching lines...) Expand all Loading... |
26 | 26 |
27 namespace content { | 27 namespace content { |
28 | 28 |
29 SSLPolicy::SSLPolicy(SSLPolicyBackend* backend) | 29 SSLPolicy::SSLPolicy(SSLPolicyBackend* backend) |
30 : backend_(backend) { | 30 : backend_(backend) { |
31 DCHECK(backend_); | 31 DCHECK(backend_); |
32 } | 32 } |
33 | 33 |
34 void SSLPolicy::OnCertError(SSLCertErrorHandler* handler) { | 34 void SSLPolicy::OnCertError(SSLCertErrorHandler* handler) { |
35 // First we check if we know the policy for this error. | 35 // First we check if we know the policy for this error. |
36 net::CertPolicy::Judgment judgment = backend_->QueryPolicy( | 36 net::CertPolicy::Judgment judgment = |
37 handler->ssl_info().cert.get(), | 37 backend_->QueryPolicy(handler->ssl_info().cert.get(), |
38 handler->request_url().host(), | 38 handler->request_url(), |
39 handler->cert_error()); | 39 handler->cert_error()); |
40 | 40 |
41 if (judgment == net::CertPolicy::ALLOWED) { | 41 if (judgment == net::CertPolicy::ALLOWED) { |
42 handler->ContinueRequest(); | 42 handler->ContinueRequest(); |
43 return; | 43 return; |
44 } | 44 } |
45 | 45 |
46 // The judgment is either DENIED or UNKNOWN. | 46 // The judgment is either DENIED or UNKNOWN. |
47 // For now we handle the DENIED as the UNKNOWN, which means a blocking | 47 // For now we handle the DENIED as the UNKNOWN, which means a blocking |
48 // page is shown to the user every time he comes back to the page. | 48 // page is shown to the user every time he comes back to the page. |
49 | 49 |
(...skipping 105 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
155 // Note that we should not call SetMaxSecurityStyle here, because the active | 155 // Note that we should not call SetMaxSecurityStyle here, because the active |
156 // NavigationEntry has just been deleted (in HideInterstitialPage) and the | 156 // NavigationEntry has just been deleted (in HideInterstitialPage) and the |
157 // new NavigationEntry will not be set until DidNavigate. This is ok, | 157 // new NavigationEntry will not be set until DidNavigate. This is ok, |
158 // because the new NavigationEntry will have its max security style set | 158 // because the new NavigationEntry will have its max security style set |
159 // within DidNavigate. | 159 // within DidNavigate. |
160 // | 160 // |
161 // While AllowCertForHost() executes synchronously on this thread, | 161 // While AllowCertForHost() executes synchronously on this thread, |
162 // ContinueRequest() gets posted to a different thread. Calling | 162 // ContinueRequest() gets posted to a different thread. Calling |
163 // AllowCertForHost() first ensures deterministic ordering. | 163 // AllowCertForHost() first ensures deterministic ordering. |
164 backend_->AllowCertForHost(handler->ssl_info().cert.get(), | 164 backend_->AllowCertForHost(handler->ssl_info().cert.get(), |
165 handler->request_url().host(), | 165 handler->request_url(), |
166 handler->cert_error()); | 166 handler->cert_error()); |
167 handler->ContinueRequest(); | 167 handler->ContinueRequest(); |
168 } else { | 168 } else { |
169 // Default behavior for rejecting a certificate. | 169 // Default behavior for rejecting a certificate. |
170 // | 170 // |
171 // While DenyCertForHost() executes synchronously on this thread, | 171 // While DenyCertForHost() executes synchronously on this thread, |
172 // CancelRequest() gets posted to a different thread. Calling | 172 // CancelRequest() gets posted to a different thread. Calling |
173 // DenyCertForHost() first ensures deterministic ordering. | 173 // DenyCertForHost() first ensures deterministic ordering. |
174 backend_->DenyCertForHost(handler->ssl_info().cert.get(), | 174 backend_->DenyCertForHost(handler->ssl_info().cert.get(), |
175 handler->request_url().host(), | 175 handler->request_url(), |
176 handler->cert_error()); | 176 handler->cert_error()); |
177 handler->CancelRequest(); | 177 handler->CancelRequest(); |
178 } | 178 } |
179 } | 179 } |
180 | 180 |
181 //////////////////////////////////////////////////////////////////////////////// | 181 //////////////////////////////////////////////////////////////////////////////// |
182 // Certificate Error Routines | 182 // Certificate Error Routines |
183 | 183 |
184 void SSLPolicy::OnCertErrorInternal(SSLCertErrorHandler* handler, | 184 void SSLPolicy::OnCertErrorInternal(SSLCertErrorHandler* handler, |
185 bool overridable, | 185 bool overridable, |
(...skipping 34 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
220 SECURITY_STYLE_AUTHENTICATED : SECURITY_STYLE_UNAUTHENTICATED; | 220 SECURITY_STYLE_AUTHENTICATED : SECURITY_STYLE_UNAUTHENTICATED; |
221 } | 221 } |
222 | 222 |
223 void SSLPolicy::OriginRanInsecureContent(const std::string& origin, int pid) { | 223 void SSLPolicy::OriginRanInsecureContent(const std::string& origin, int pid) { |
224 GURL parsed_origin(origin); | 224 GURL parsed_origin(origin); |
225 if (parsed_origin.SchemeIsSecure()) | 225 if (parsed_origin.SchemeIsSecure()) |
226 backend_->HostRanInsecureContent(parsed_origin.host(), pid); | 226 backend_->HostRanInsecureContent(parsed_origin.host(), pid); |
227 } | 227 } |
228 | 228 |
229 } // namespace content | 229 } // namespace content |
OLD | NEW |