OLD | NEW |
(Empty) | |
| 1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. |
| 2 // Use of this source code is governed by a BSD-style license that can be |
| 3 // found in the LICENSE file. |
| 4 |
| 5 #include "content/public/browser/ssl_host_state.h" |
| 6 |
| 7 #include "content/public/browser/browser_context.h" |
| 8 #include "content/public/browser/ssl_host_state_delegate.h" |
| 9 #include "net/http/http_transaction_factory.h" |
| 10 #include "net/url_request/url_request_context.h" |
| 11 #include "net/url_request/url_request_context_getter.h" |
| 12 |
| 13 namespace { |
| 14 |
| 15 void CloseIdleConnections( |
| 16 const std::string& host, |
| 17 scoped_refptr<net::URLRequestContextGetter> url_request_context_getter) { |
| 18 url_request_context_getter->GetURLRequestContext() |
| 19 ->http_transaction_factory() |
| 20 ->GetSession() |
| 21 ->CloseIdleConnections(); |
| 22 } |
| 23 |
| 24 } // namespace |
| 25 |
| 26 namespace content { |
| 27 |
| 28 SSLHostState::SSLHostState(BrowserContext* browser_context) |
| 29 : browser_context_(browser_context), |
| 30 delegate_(browser_context->GetSSLHostStateDelegate()) { |
| 31 } |
| 32 |
| 33 bool SSLHostState::HasAllowedOrDeniedCert(const std::string& host) { |
| 34 DCHECK(CalledOnValidThread()); |
| 35 |
| 36 if (!delegate_) |
| 37 return false; |
| 38 |
| 39 return delegate_->HasAllowedOrDeniedCert(host); |
| 40 } |
| 41 |
| 42 void SSLHostState::RevokeAllowAndDenyPreferences(const std::string& host) { |
| 43 DCHECK(CalledOnValidThread()); |
| 44 |
| 45 if (!delegate_) |
| 46 return; |
| 47 |
| 48 // TODO(jww): This will revoke all of the decisions in the browser context. |
| 49 // However, the networking stack actually keeps track of its own list of |
| 50 // exceptions per-HttpNetworkTransaction in the SSLConfig structure (see the |
| 51 // allowed_bad_certs Vector in net/ssl/ssl_config.h). This dual-tracking of |
| 52 // exceptions introduces a problem where the browser context can revoke a |
| 53 // certificate, but if a transaction reuses a cached version of the SSLConfig |
| 54 // (probably from a pooled socket), it may bypass the intestitial layer. |
| 55 // |
| 56 // Over time, the cached versions should expire and it should converge on |
| 57 // showing the interstitial. We probably need to |
| 58 // introduce into the networking stack a way revoke SSLConfig's |
| 59 // allowed_bad_certs lists per socket. |
| 60 // |
| 61 // For now, RevokeAllowAndDenyPreferencesHard is our solution for the rare |
| 62 // case where it is necessary to revoke the preferences immediately. It does |
| 63 // so by flushing idle sockets. |
| 64 delegate_->RevokeAllowAndDenyPreferences(host); |
| 65 } |
| 66 |
| 67 void SSLHostState::RevokeAllowAndDenyPreferencesHard(const std::string& host) { |
| 68 DCHECK(CalledOnValidThread()); |
| 69 |
| 70 if (!delegate_) |
| 71 return; |
| 72 |
| 73 delegate_->RevokeAllowAndDenyPreferences(host); |
| 74 scoped_refptr<net::URLRequestContextGetter> getter( |
| 75 browser_context_->GetRequestContext()); |
| 76 browser_context_->GetRequestContext()->GetNetworkTaskRunner()->PostTask( |
| 77 FROM_HERE, base::Bind(&CloseIdleConnections, host, getter)); |
| 78 } |
| 79 |
| 80 } // namespace content |
OLD | NEW |