OLD | NEW |
| (Empty) |
1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. | |
2 // Use of this source code is governed by a BSD-style license that can be | |
3 // found in the LICENSE file. | |
4 | |
5 #include "content/browser/ssl/ssl_host_state.h" | |
6 | |
7 #include "base/logging.h" | |
8 #include "base/lazy_instance.h" | |
9 #include "content/public/browser/browser_context.h" | |
10 #include "content/public/browser/ssl_host_state_delegate.h" | |
11 #include "net/http/http_transaction_factory.h" | |
12 #include "net/url_request/url_request_context.h" | |
13 #include "net/url_request/url_request_context_getter.h" | |
14 | |
15 const char kKeyName[] = "content_ssl_host_state"; | |
16 | |
17 namespace content { | |
18 | |
19 SSLHostState* SSLHostState::GetFor(BrowserContext* context) { | |
20 SSLHostState* rv = static_cast<SSLHostState*>(context->GetUserData(kKeyName)); | |
21 if (!rv) { | |
22 rv = new SSLHostState(); | |
23 rv->delegate_ = context->GetSSLHostStateDelegate(); | |
24 // |context| may be NULL, implementing the default storage strategy. | |
25 if (context) | |
26 context->SetUserData(kKeyName, rv); | |
27 } | |
28 return rv; | |
29 } | |
30 | |
31 SSLHostState::SSLHostState() { | |
32 } | |
33 | |
34 SSLHostState::~SSLHostState() { | |
35 } | |
36 | |
37 void SSLHostState::HostRanInsecureContent(const std::string& host, int pid) { | |
38 DCHECK(CalledOnValidThread()); | |
39 ran_insecure_content_hosts_.insert(BrokenHostEntry(host, pid)); | |
40 } | |
41 | |
42 bool SSLHostState::DidHostRunInsecureContent(const std::string& host, | |
43 int pid) const { | |
44 DCHECK(CalledOnValidThread()); | |
45 return !!ran_insecure_content_hosts_.count(BrokenHostEntry(host, pid)); | |
46 } | |
47 | |
48 void SSLHostState::DenyCertForHost(net::X509Certificate* cert, | |
49 const std::string& host, | |
50 net::CertStatus error) { | |
51 DCHECK(CalledOnValidThread()); | |
52 | |
53 if (!delegate_) | |
54 return; | |
55 | |
56 delegate_->DenyCert(host, cert, error); | |
57 } | |
58 | |
59 void SSLHostState::AllowCertForHost(net::X509Certificate* cert, | |
60 const std::string& host, | |
61 net::CertStatus error) { | |
62 DCHECK(CalledOnValidThread()); | |
63 | |
64 if (!delegate_) | |
65 return; | |
66 | |
67 delegate_->AllowCert(host, cert, error); | |
68 } | |
69 | |
70 void SSLHostState::RevokeAllowAndDenyPreferences(const std::string& host) { | |
71 DCHECK(CalledOnValidThread()); | |
72 | |
73 if (!delegate_) | |
74 return; | |
75 | |
76 // TODO(jww): This will revoke all of the decisions in the browser context. | |
77 // However, the networking stack actually keeps track of its own list of | |
78 // exceptions per-HttpNetworkTransaction in the SSLConfig structure (see the | |
79 // allowed_bad_certs Vector in net/ssl/ssl_config.h). This dual-tracking of | |
80 // exceptions introduces a problem where the browser context can revoke a | |
81 // certificate, but if a transaction reuses a cached version of the SSLConfig | |
82 // (probably from a pooled socket), it may bypass the intestitial layer. | |
83 // | |
84 // Over time, the cached versions should expire and it should converge on | |
85 // showing the interstitial. We probably need to | |
86 // introduce into the networking stack a way revoke SSLConfig's | |
87 // allowed_bad_certs lists per socket. | |
88 delegate_->RevokeAllowAndDenyPreferences(host); | |
89 } | |
90 | |
91 bool SSLHostState::HasAllowedOrDeniedCert(const std::string& host) { | |
92 DCHECK(CalledOnValidThread()); | |
93 | |
94 if (!delegate_) | |
95 return false; | |
96 | |
97 return delegate_->HasAllowedOrDeniedCert(host); | |
98 } | |
99 | |
100 void SSLHostState::Clear() { | |
101 if (!delegate_) | |
102 return; | |
103 | |
104 delegate_->Clear(); | |
105 } | |
106 | |
107 net::CertPolicy::Judgment SSLHostState::QueryPolicy(net::X509Certificate* cert, | |
108 const std::string& host, | |
109 net::CertStatus error) { | |
110 DCHECK(CalledOnValidThread()); | |
111 | |
112 if (!delegate_) | |
113 return net::CertPolicy::Judgment::UNKNOWN; | |
114 | |
115 return delegate_->QueryPolicy(host, cert, error); | |
116 } | |
117 | |
118 } // namespace content | |
OLD | NEW |