| Index: content/browser/ssl/ssl_host_state.cc
|
| diff --git a/content/browser/ssl/ssl_host_state.cc b/content/browser/ssl/ssl_host_state.cc
|
| index 06c600205fa8b1277b5252e91cbbf56580320c21..6e61d4d8b0de3817da2793980ae8db511e2dbe60 100644
|
| --- a/content/browser/ssl/ssl_host_state.cc
|
| +++ b/content/browser/ssl/ssl_host_state.cc
|
| @@ -6,16 +6,40 @@
|
|
|
| #include "base/logging.h"
|
| #include "base/lazy_instance.h"
|
| +#include "base/pickle.h"
|
| #include "content/public/browser/browser_context.h"
|
| +#include "content/public/browser/ssl_host_state_decisions.h"
|
| +#include "net/http/http_transaction_factory.h"
|
| +#include "net/url_request/url_request_context.h"
|
| +#include "net/url_request/url_request_context_getter.h"
|
| +#include "url/gurl.h"
|
|
|
| const char kKeyName[] = "content_ssl_host_state";
|
|
|
| +namespace {
|
| +
|
| +void CloseIdleConnections(
|
| + const std::string& host,
|
| + scoped_refptr<net::URLRequestContextGetter> url_request_context_getter) {
|
| + url_request_context_getter->GetURLRequestContext()
|
| + ->http_transaction_factory()
|
| + ->GetSession()
|
| + ->CloseIdleConnections();
|
| +}
|
| +
|
| +} // namespace
|
| +
|
| namespace content {
|
|
|
| SSLHostState* SSLHostState::GetFor(BrowserContext* context) {
|
| SSLHostState* rv = static_cast<SSLHostState*>(context->GetUserData(kKeyName));
|
| if (!rv) {
|
| rv = new SSLHostState();
|
| + rv->browser_context_ = context;
|
| + rv->decisions_ = context->GetSSLHostStateDecisions();
|
| + // All non-testing contexts need to implement a certificate decision storage
|
| + // strategy of some sort.
|
| + DCHECK(rv->decisions_);
|
| context->SetUserData(kKeyName, rv);
|
| }
|
| return rv;
|
| @@ -39,33 +63,48 @@ bool SSLHostState::DidHostRunInsecureContent(const std::string& host,
|
| }
|
|
|
| void SSLHostState::DenyCertForHost(net::X509Certificate* cert,
|
| - const std::string& host,
|
| + const GURL& url,
|
| net::CertStatus error) {
|
| DCHECK(CalledOnValidThread());
|
|
|
| - cert_policy_for_host_[host].Deny(cert, error);
|
| + decisions_->DenyCert(url, cert, error);
|
| }
|
|
|
| void SSLHostState::AllowCertForHost(net::X509Certificate* cert,
|
| - const std::string& host,
|
| + const GURL& url,
|
| net::CertStatus error) {
|
| DCHECK(CalledOnValidThread());
|
|
|
| - cert_policy_for_host_[host].Allow(cert, error);
|
| + decisions_->AllowCert(url, cert, error);
|
| }
|
|
|
| -void SSLHostState::Clear() {
|
| +void SSLHostState::RevokeAllowAndDenyPreferences(const GURL& url) {
|
| DCHECK(CalledOnValidThread());
|
|
|
| - cert_policy_for_host_.clear();
|
| + decisions_->RevokeAllowAndDenyPreferences(url);
|
| +
|
| + scoped_refptr<net::URLRequestContextGetter> getter(
|
| + browser_context_->GetRequestContext());
|
| + browser_context_->GetRequestContext()->GetNetworkTaskRunner()->PostTask(
|
| + FROM_HERE, base::Bind(&CloseIdleConnections, url.host(), getter));
|
| +}
|
| +
|
| +bool SSLHostState::HasAllowedOrDeniedCert(const GURL& url) {
|
| + DCHECK(CalledOnValidThread());
|
| +
|
| + return decisions_->HasAllowedOrDeniedCert(url);
|
| +}
|
| +
|
| +void SSLHostState::Clear() {
|
| + decisions_->Clear();
|
| }
|
|
|
| net::CertPolicy::Judgment SSLHostState::QueryPolicy(net::X509Certificate* cert,
|
| - const std::string& host,
|
| + const GURL& url,
|
| net::CertStatus error) {
|
| DCHECK(CalledOnValidThread());
|
|
|
| - return cert_policy_for_host_[host].Check(cert, error);
|
| + return decisions_->QueryPolicy(url, cert, error);
|
| }
|
|
|
| } // namespace content
|
|
|
Chromium Code Reviews
Issue 369703002:
Remember user decisions on invalid certificates behind a flag (Closed)
Base URL: svn://svn.chromium.org/chrome/trunk/src