Index: content/public/browser/ssl_host_state.cc |
diff --git a/content/public/browser/ssl_host_state.cc b/content/public/browser/ssl_host_state.cc |
new file mode 100644 |
index 0000000000000000000000000000000000000000..0733895515984b53364eed1b83f6fd03b4c5db8b |
--- /dev/null |
+++ b/content/public/browser/ssl_host_state.cc |
@@ -0,0 +1,80 @@ |
+// Copyright (c) 2012 The Chromium Authors. All rights reserved. |
+// Use of this source code is governed by a BSD-style license that can be |
+// found in the LICENSE file. |
+ |
+#include "content/public/browser/ssl_host_state.h" |
+ |
+#include "content/public/browser/browser_context.h" |
+#include "content/public/browser/ssl_host_state_delegate.h" |
+#include "net/http/http_transaction_factory.h" |
+#include "net/url_request/url_request_context.h" |
+#include "net/url_request/url_request_context_getter.h" |
+ |
+namespace { |
+ |
+void CloseIdleConnections( |
+ const std::string& host, |
+ scoped_refptr<net::URLRequestContextGetter> url_request_context_getter) { |
+ url_request_context_getter->GetURLRequestContext() |
+ ->http_transaction_factory() |
+ ->GetSession() |
+ ->CloseIdleConnections(); |
+} |
+ |
+} // namespace |
+ |
+namespace content { |
+ |
+SSLHostState::SSLHostState(BrowserContext* browser_context) |
+ : browser_context_(browser_context), |
+ delegate_(browser_context->GetSSLHostStateDelegate()) { |
+} |
+ |
+bool SSLHostState::HasAllowedOrDeniedCert(const std::string& host) { |
+ DCHECK(CalledOnValidThread()); |
+ |
+ if (!delegate_) |
+ return false; |
+ |
+ return delegate_->HasAllowedOrDeniedCert(host); |
+} |
+ |
+void SSLHostState::RevokeAllowAndDenyPreferences(const std::string& host) { |
+ DCHECK(CalledOnValidThread()); |
+ |
+ if (!delegate_) |
+ return; |
+ |
+ // TODO(jww): This will revoke all of the decisions in the browser context. |
+ // However, the networking stack actually keeps track of its own list of |
+ // exceptions per-HttpNetworkTransaction in the SSLConfig structure (see the |
+ // allowed_bad_certs Vector in net/ssl/ssl_config.h). This dual-tracking of |
+ // exceptions introduces a problem where the browser context can revoke a |
+ // certificate, but if a transaction reuses a cached version of the SSLConfig |
+ // (probably from a pooled socket), it may bypass the intestitial layer. |
+ // |
+ // Over time, the cached versions should expire and it should converge on |
+ // showing the interstitial. We probably need to |
+ // introduce into the networking stack a way revoke SSLConfig's |
+ // allowed_bad_certs lists per socket. |
+ // |
+ // For now, RevokeAllowAndDenyPreferencesHard is our solution for the rare |
+ // case where it is necessary to revoke the preferences immediately. It does |
+ // so by flushing idle sockets. |
+ delegate_->RevokeAllowAndDenyPreferences(host); |
+} |
+ |
+void SSLHostState::RevokeAllowAndDenyPreferencesHard(const std::string& host) { |
+ DCHECK(CalledOnValidThread()); |
+ |
+ if (!delegate_) |
+ return; |
+ |
+ delegate_->RevokeAllowAndDenyPreferences(host); |
+ scoped_refptr<net::URLRequestContextGetter> getter( |
+ browser_context_->GetRequestContext()); |
+ browser_context_->GetRequestContext()->GetNetworkTaskRunner()->PostTask( |
+ FROM_HERE, base::Bind(&CloseIdleConnections, host, getter)); |
+} |
+ |
+} // namespace content |