OLD | NEW |
1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. | 1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. |
2 // Use of this source code is governed by a BSD-style license that can be | 2 // Use of this source code is governed by a BSD-style license that can be |
3 // found in the LICENSE file. | 3 // found in the LICENSE file. |
4 | 4 |
5 #include "content/browser/ssl/ssl_host_state.h" | 5 #include "content/browser/ssl/ssl_host_state.h" |
6 | 6 |
7 #include "base/logging.h" | 7 #include "base/logging.h" |
8 #include "base/lazy_instance.h" | 8 #include "base/lazy_instance.h" |
| 9 #include "base/pickle.h" |
9 #include "content/public/browser/browser_context.h" | 10 #include "content/public/browser/browser_context.h" |
| 11 #include "content/public/browser/ssl_host_state_decisions.h" |
| 12 #include "net/http/http_transaction_factory.h" |
| 13 #include "net/url_request/url_request_context.h" |
| 14 #include "net/url_request/url_request_context_getter.h" |
| 15 #include "url/gurl.h" |
10 | 16 |
11 const char kKeyName[] = "content_ssl_host_state"; | 17 const char kKeyName[] = "content_ssl_host_state"; |
12 | 18 |
| 19 namespace { |
| 20 |
| 21 void CloseIdleConnections( |
| 22 const std::string& host, |
| 23 scoped_refptr<net::URLRequestContextGetter> url_request_context_getter) { |
| 24 url_request_context_getter->GetURLRequestContext() |
| 25 ->http_transaction_factory() |
| 26 ->GetSession() |
| 27 ->CloseIdleConnections(); |
| 28 } |
| 29 |
| 30 } // namespace |
| 31 |
13 namespace content { | 32 namespace content { |
14 | 33 |
15 SSLHostState* SSLHostState::GetFor(BrowserContext* context) { | 34 SSLHostState* SSLHostState::GetFor(BrowserContext* context) { |
16 SSLHostState* rv = static_cast<SSLHostState*>(context->GetUserData(kKeyName)); | 35 SSLHostState* rv = static_cast<SSLHostState*>(context->GetUserData(kKeyName)); |
17 if (!rv) { | 36 if (!rv) { |
18 rv = new SSLHostState(); | 37 rv = new SSLHostState(); |
| 38 rv->browser_context_ = context; |
| 39 rv->decisions_ = context->GetSSLHostStateDecisions(); |
| 40 // All non-testing contexts need to implement a certificate decision storage |
| 41 // strategy of some sort. |
| 42 DCHECK(rv->decisions_); |
19 context->SetUserData(kKeyName, rv); | 43 context->SetUserData(kKeyName, rv); |
20 } | 44 } |
21 return rv; | 45 return rv; |
22 } | 46 } |
23 | 47 |
24 SSLHostState::SSLHostState() { | 48 SSLHostState::SSLHostState() { |
25 } | 49 } |
26 | 50 |
27 SSLHostState::~SSLHostState() { | 51 SSLHostState::~SSLHostState() { |
28 } | 52 } |
29 | 53 |
30 void SSLHostState::HostRanInsecureContent(const std::string& host, int pid) { | 54 void SSLHostState::HostRanInsecureContent(const std::string& host, int pid) { |
31 DCHECK(CalledOnValidThread()); | 55 DCHECK(CalledOnValidThread()); |
32 ran_insecure_content_hosts_.insert(BrokenHostEntry(host, pid)); | 56 ran_insecure_content_hosts_.insert(BrokenHostEntry(host, pid)); |
33 } | 57 } |
34 | 58 |
35 bool SSLHostState::DidHostRunInsecureContent(const std::string& host, | 59 bool SSLHostState::DidHostRunInsecureContent(const std::string& host, |
36 int pid) const { | 60 int pid) const { |
37 DCHECK(CalledOnValidThread()); | 61 DCHECK(CalledOnValidThread()); |
38 return !!ran_insecure_content_hosts_.count(BrokenHostEntry(host, pid)); | 62 return !!ran_insecure_content_hosts_.count(BrokenHostEntry(host, pid)); |
39 } | 63 } |
40 | 64 |
41 void SSLHostState::DenyCertForHost(net::X509Certificate* cert, | 65 void SSLHostState::DenyCertForHost(net::X509Certificate* cert, |
42 const std::string& host, | 66 const GURL& url, |
43 net::CertStatus error) { | 67 net::CertStatus error) { |
44 DCHECK(CalledOnValidThread()); | 68 DCHECK(CalledOnValidThread()); |
45 | 69 |
46 cert_policy_for_host_[host].Deny(cert, error); | 70 decisions_->DenyCert(url, cert, error); |
47 } | 71 } |
48 | 72 |
49 void SSLHostState::AllowCertForHost(net::X509Certificate* cert, | 73 void SSLHostState::AllowCertForHost(net::X509Certificate* cert, |
50 const std::string& host, | 74 const GURL& url, |
51 net::CertStatus error) { | 75 net::CertStatus error) { |
52 DCHECK(CalledOnValidThread()); | 76 DCHECK(CalledOnValidThread()); |
53 | 77 |
54 cert_policy_for_host_[host].Allow(cert, error); | 78 decisions_->AllowCert(url, cert, error); |
| 79 } |
| 80 |
| 81 void SSLHostState::RevokeAllowAndDenyPreferences(const GURL& url) { |
| 82 DCHECK(CalledOnValidThread()); |
| 83 |
| 84 decisions_->RevokeAllowAndDenyPreferences(url); |
| 85 |
| 86 scoped_refptr<net::URLRequestContextGetter> getter( |
| 87 browser_context_->GetRequestContext()); |
| 88 browser_context_->GetRequestContext()->GetNetworkTaskRunner()->PostTask( |
| 89 FROM_HERE, base::Bind(&CloseIdleConnections, url.host(), getter)); |
| 90 } |
| 91 |
| 92 bool SSLHostState::HasAllowedOrDeniedCert(const GURL& url) { |
| 93 DCHECK(CalledOnValidThread()); |
| 94 |
| 95 return decisions_->HasAllowedOrDeniedCert(url); |
55 } | 96 } |
56 | 97 |
57 void SSLHostState::Clear() { | 98 void SSLHostState::Clear() { |
58 DCHECK(CalledOnValidThread()); | 99 decisions_->Clear(); |
59 | |
60 cert_policy_for_host_.clear(); | |
61 } | 100 } |
62 | 101 |
63 net::CertPolicy::Judgment SSLHostState::QueryPolicy(net::X509Certificate* cert, | 102 net::CertPolicy::Judgment SSLHostState::QueryPolicy(net::X509Certificate* cert, |
64 const std::string& host, | 103 const GURL& url, |
65 net::CertStatus error) { | 104 net::CertStatus error) { |
66 DCHECK(CalledOnValidThread()); | 105 DCHECK(CalledOnValidThread()); |
67 | 106 |
68 return cert_policy_for_host_[host].Check(cert, error); | 107 return decisions_->QueryPolicy(url, cert, error); |
69 } | 108 } |
70 | 109 |
71 } // namespace content | 110 } // namespace content |
OLD | NEW |