OLD | NEW |
1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. | 1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. |
2 // Use of this source code is governed by a BSD-style license that can be | 2 // Use of this source code is governed by a BSD-style license that can be |
3 // found in the LICENSE file. | 3 // found in the LICENSE file. |
4 | 4 |
5 #include "content/browser/ssl/ssl_host_state.h" | 5 #include "content/browser/ssl/ssl_host_state.h" |
6 | 6 |
7 #include "base/logging.h" | 7 #include "base/logging.h" |
8 #include "base/lazy_instance.h" | 8 #include "base/lazy_instance.h" |
| 9 #include "base/pickle.h" |
9 #include "content/public/browser/browser_context.h" | 10 #include "content/public/browser/browser_context.h" |
| 11 #include "content/public/browser/ssl_host_state_decisions.h" |
| 12 #include "net/http/http_transaction_factory.h" |
| 13 #include "net/url_request/url_request_context.h" |
| 14 #include "net/url_request/url_request_context_getter.h" |
| 15 #include "url/gurl.h" |
10 | 16 |
11 const char kKeyName[] = "content_ssl_host_state"; | 17 const char kKeyName[] = "content_ssl_host_state"; |
12 | 18 |
13 namespace content { | 19 namespace content { |
14 | 20 |
15 SSLHostState* SSLHostState::GetFor(BrowserContext* context) { | 21 SSLHostState* SSLHostState::GetFor(BrowserContext* context) { |
16 SSLHostState* rv = static_cast<SSLHostState*>(context->GetUserData(kKeyName)); | 22 SSLHostState* rv = static_cast<SSLHostState*>(context->GetUserData(kKeyName)); |
17 if (!rv) { | 23 if (!rv) { |
18 rv = new SSLHostState(); | 24 rv = new SSLHostState(); |
| 25 rv->decisions_ = context->GetSSLHostStateDecisions(); |
| 26 // All non-testing contexts need to implement a certificate decision storage |
| 27 // strategy of some sort. |
| 28 DCHECK(rv->decisions_); |
19 context->SetUserData(kKeyName, rv); | 29 context->SetUserData(kKeyName, rv); |
20 } | 30 } |
21 return rv; | 31 return rv; |
22 } | 32 } |
23 | 33 |
24 SSLHostState::SSLHostState() { | 34 SSLHostState::SSLHostState() { |
25 } | 35 } |
26 | 36 |
27 SSLHostState::~SSLHostState() { | 37 SSLHostState::~SSLHostState() { |
28 } | 38 } |
29 | 39 |
30 void SSLHostState::HostRanInsecureContent(const std::string& host, int pid) { | 40 void SSLHostState::HostRanInsecureContent(const std::string& host, int pid) { |
31 DCHECK(CalledOnValidThread()); | 41 DCHECK(CalledOnValidThread()); |
32 ran_insecure_content_hosts_.insert(BrokenHostEntry(host, pid)); | 42 ran_insecure_content_hosts_.insert(BrokenHostEntry(host, pid)); |
33 } | 43 } |
34 | 44 |
35 bool SSLHostState::DidHostRunInsecureContent(const std::string& host, | 45 bool SSLHostState::DidHostRunInsecureContent(const std::string& host, |
36 int pid) const { | 46 int pid) const { |
37 DCHECK(CalledOnValidThread()); | 47 DCHECK(CalledOnValidThread()); |
38 return !!ran_insecure_content_hosts_.count(BrokenHostEntry(host, pid)); | 48 return !!ran_insecure_content_hosts_.count(BrokenHostEntry(host, pid)); |
39 } | 49 } |
40 | 50 |
41 void SSLHostState::DenyCertForHost(net::X509Certificate* cert, | 51 void SSLHostState::DenyCertForHost(net::X509Certificate* cert, |
42 const std::string& host, | 52 const GURL& url, |
43 net::CertStatus error) { | 53 net::CertStatus error) { |
44 DCHECK(CalledOnValidThread()); | 54 DCHECK(CalledOnValidThread()); |
45 | 55 |
46 cert_policy_for_host_[host].Deny(cert, error); | 56 decisions_->DenyCert(url, cert, error); |
47 } | 57 } |
48 | 58 |
49 void SSLHostState::AllowCertForHost(net::X509Certificate* cert, | 59 void SSLHostState::AllowCertForHost(net::X509Certificate* cert, |
50 const std::string& host, | 60 const GURL& url, |
51 net::CertStatus error) { | 61 net::CertStatus error) { |
52 DCHECK(CalledOnValidThread()); | 62 DCHECK(CalledOnValidThread()); |
53 | 63 |
54 cert_policy_for_host_[host].Allow(cert, error); | 64 decisions_->AllowCert(url, cert, error); |
| 65 } |
| 66 |
| 67 void SSLHostState::RevokeAllowAndDenyPreferences(const GURL& url) { |
| 68 DCHECK(CalledOnValidThread()); |
| 69 |
| 70 // TODO(jww): This will revoke all of the decisions in the browser context. |
| 71 // However, the networking stack actually keeps track of its own list of |
| 72 // exceptions per-HttpNetworkTransaction in the SSLConfig structure (see the |
| 73 // allowed_bad_certs Vector in net/ssl/ssl_config.h). This dual-tracking of |
| 74 // exceptions introduces a problem where the browser context can revoke a |
| 75 // certificate, but if a transaction reuses a cached version of the SSLConfig |
| 76 // (probably from a pooled socket), it may bypass the intestitial layer. |
| 77 // |
| 78 // Over time, the cached versions should expire and it should converge on |
| 79 // showing the interstitial. We probably need to |
| 80 // introduce into the networking stack a way revoke SSLConfig's |
| 81 // allowed_bad_certs lists per socket. |
| 82 decisions_->RevokeAllowAndDenyPreferences(url); |
| 83 } |
| 84 |
| 85 bool SSLHostState::HasAllowedOrDeniedCert(const GURL& url) { |
| 86 DCHECK(CalledOnValidThread()); |
| 87 |
| 88 return decisions_->HasAllowedOrDeniedCert(url); |
55 } | 89 } |
56 | 90 |
57 void SSLHostState::Clear() { | 91 void SSLHostState::Clear() { |
58 DCHECK(CalledOnValidThread()); | 92 decisions_->Clear(); |
59 | |
60 cert_policy_for_host_.clear(); | |
61 } | 93 } |
62 | 94 |
63 net::CertPolicy::Judgment SSLHostState::QueryPolicy(net::X509Certificate* cert, | 95 net::CertPolicy::Judgment SSLHostState::QueryPolicy(net::X509Certificate* cert, |
64 const std::string& host, | 96 const GURL& url, |
65 net::CertStatus error) { | 97 net::CertStatus error) { |
66 DCHECK(CalledOnValidThread()); | 98 DCHECK(CalledOnValidThread()); |
67 | 99 |
68 return cert_policy_for_host_[host].Check(cert, error); | 100 return decisions_->QueryPolicy(url, cert, error); |
69 } | 101 } |
70 | 102 |
71 } // namespace content | 103 } // namespace content |
OLD | NEW |