Chromium Code Reviews
chromiumcodereview-hr@appspot.gserviceaccount.com (chromiumcodereview-hr) | Please choose your nickname with Settings | Help | Chromium Project | Gerrit Changes | Sign out
(2177)

Issues Search
    My Issues | Starred     Open | Closed | All

Unified Diff: chrome/browser/ssl/chrome_ssl_host_state_delegate.cc

Issue 465133004: Remove DenyCertForHost from SSLHostStateDelegate API. (Closed) Base URL: svn://svn.chromium.org/chrome/trunk/src
Patch Set: Adressed comments from pkasting Created 6 years, 4 months ago
Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.
Jump to:
View side-by-side diff with in-line comments
Download patch
« no previous file with comments | « chrome/browser/ssl/chrome_ssl_host_state_delegate.h ('k') | chrome/browser/ssl/chrome_ssl_host_state_delegate_test.cc » ('j') | chrome/browser/ui/website_settings/website_settings.cc » ('J')
Expand Comments ('e') | Collapse Comments ('c') | Show Comments Hide Comments ('s')
Index: chrome/browser/ssl/chrome_ssl_host_state_delegate.cc
diff --git a/chrome/browser/ssl/chrome_ssl_host_state_delegate.cc b/chrome/browser/ssl/chrome_ssl_host_state_delegate.cc
index c306b22f0a9295b7f8e582a8e977fa859be4bc42..86370de7fbc65e00c831345be32e8110333907e6 100644
--- a/chrome/browser/ssl/chrome_ssl_host_state_delegate.cc
+++ b/chrome/browser/ssl/chrome_ssl_host_state_delegate.cc
@@ -262,16 +262,44 @@ ChromeSSLHostStateDelegate::~ChromeSSLHostStateDelegate() {
Clear();
}
-void ChromeSSLHostStateDelegate::DenyCert(const std::string& host,
- net::X509Certificate* cert,
- net::CertStatus error) {
- ChangeCertPolicy(host, cert, error, net::CertPolicy::DENIED);
-}
-
void ChromeSSLHostStateDelegate::AllowCert(const std::string& host,
net::X509Certificate* cert,
net::CertStatus error) {
- ChangeCertPolicy(host, cert, error, net::CertPolicy::ALLOWED);
+ GURL url = GetSecureGURLForHost(host);
+ const ContentSettingsPattern pattern =
+ ContentSettingsPattern::FromURLNoWildcard(url);
+ HostContentSettingsMap* map = profile_->GetHostContentSettingsMap();
+ scoped_ptr<base::Value> value(map->GetWebsiteSetting(
+ url, url, CONTENT_SETTINGS_TYPE_SSL_CERT_DECISIONS, std::string(), NULL));
+
+ if (!value.get() || !value->IsType(base::Value::TYPE_DICTIONARY))
+ value.reset(new base::DictionaryValue());
+
+ base::DictionaryValue* dict;
+ bool success = value->GetAsDictionary(&dict);
+ DCHECK(success);
+
+ bool expired_previous_decision; // unused value in this function
+ base::DictionaryValue* cert_dict = GetValidCertDecisionsDict(
+ dict, CreateDictionaryEntries, &expired_previous_decision);
+ // If a a valid certificate dictionary cannot be extracted from the content
+ // setting, that means it's in an unknown format. Unfortunately, there's
+ // nothing to be done in that case, so a silent fail is the only option.
+ if (!cert_dict)
+ return;
+
+ dict->SetIntegerWithoutPathExpansion(kSSLCertDecisionVersionKey,
+ kDefaultSSLCertDecisionVersion);
+ cert_dict->SetIntegerWithoutPathExpansion(GetKey(cert, error),
+ net::CertPolicy::ALLOWED);
+
+ // The map takes ownership of the value, so it is released in the call to
+ // SetWebsiteSetting.
+ map->SetWebsiteSetting(pattern,
+ pattern,
+ CONTENT_SETTINGS_TYPE_SSL_CERT_DECISIONS,
+ std::string(),
+ value.release());
}
void ChromeSSLHostStateDelegate::Clear() {
@@ -314,11 +342,12 @@ net::CertPolicy::Judgment ChromeSSLHostStateDelegate::QueryPolicy(
&policy_decision);
// If a policy decision was successfully retrieved and it's a valid value of
- // ALLOWED or DENIED, return the valid value. Otherwise, return UNKNOWN.
+ // ALLOWED, return the valid value. Otherwise, return UNKNOWN. Since the UI
+ // does not provide a way to deny certs and any DENIED value must have come
+ // from an external source, such as manually modifying the prefs file, Chrome
+ // we treats DENIED values as UNKNOWN.
if (success && policy_decision == net::CertPolicy::Judgment::ALLOWED)
return net::CertPolicy::Judgment::ALLOWED;
- else if (success && policy_decision == net::CertPolicy::Judgment::DENIED)
- return net::CertPolicy::Judgment::DENIED;
return net::CertPolicy::Judgment::UNKNOWN;
}
@@ -360,7 +389,7 @@ void ChromeSSLHostStateDelegate::RevokeUserDecisionsHard(
FROM_HERE, base::Bind(&CloseIdleConnections, getter));
}
-bool ChromeSSLHostStateDelegate::HasUserDecision(const std::string& host) {
+bool ChromeSSLHostStateDelegate::HasAllowed(const std::string& host) {
GURL url = GetSecureGURLForHost(host);
const ContentSettingsPattern pattern =
ContentSettingsPattern::FromURLNoWildcard(url);
@@ -379,8 +408,8 @@ bool ChromeSSLHostStateDelegate::HasUserDecision(const std::string& host) {
for (base::DictionaryValue::Iterator it(*dict); !it.IsAtEnd(); it.Advance()) {
int policy_decision; // Owned by dict
success = it.value().GetAsInteger(&policy_decision);
- if (success && (static_cast<net::CertPolicy::Judgment>(policy_decision) !=
- net::CertPolicy::UNKNOWN))
+ if (success && (static_cast<net::CertPolicy::Judgment>(policy_decision) ==
+ net::CertPolicy::ALLOWED))
return true;
}
@@ -400,44 +429,3 @@ bool ChromeSSLHostStateDelegate::DidHostRunInsecureContent(
void ChromeSSLHostStateDelegate::SetClock(scoped_ptr<base::Clock> clock) {
clock_.reset(clock.release());
}
-
-void ChromeSSLHostStateDelegate::ChangeCertPolicy(
- const std::string& host,
- net::X509Certificate* cert,
- net::CertStatus error,
- net::CertPolicy::Judgment judgment) {
- GURL url = GetSecureGURLForHost(host);
- const ContentSettingsPattern pattern =
- ContentSettingsPattern::FromURLNoWildcard(url);
- HostContentSettingsMap* map = profile_->GetHostContentSettingsMap();
- scoped_ptr<base::Value> value(map->GetWebsiteSetting(
- url, url, CONTENT_SETTINGS_TYPE_SSL_CERT_DECISIONS, std::string(), NULL));
-
- if (!value.get() || !value->IsType(base::Value::TYPE_DICTIONARY))
- value.reset(new base::DictionaryValue());
-
- base::DictionaryValue* dict;
- bool success = value->GetAsDictionary(&dict);
- DCHECK(success);
-
- bool expired_previous_decision; // unused value in this function
- base::DictionaryValue* cert_dict = GetValidCertDecisionsDict(
- dict, CreateDictionaryEntries, &expired_previous_decision);
- // If a a valid certificate dictionary cannot be extracted from the content
- // setting, that means it's in an unknown format. Unfortunately, there's
- // nothing to be done in that case, so a silent fail is the only option.
- if (!cert_dict)
- return;
-
- dict->SetIntegerWithoutPathExpansion(kSSLCertDecisionVersionKey,
- kDefaultSSLCertDecisionVersion);
- cert_dict->SetIntegerWithoutPathExpansion(GetKey(cert, error), judgment);
-
- // The map takes ownership of the value, so it is released in the call to
- // SetWebsiteSetting.
- map->SetWebsiteSetting(pattern,
- pattern,
- CONTENT_SETTINGS_TYPE_SSL_CERT_DECISIONS,
- std::string(),
- value.release());
-}
« no previous file with comments | « chrome/browser/ssl/chrome_ssl_host_state_delegate.h ('k') | chrome/browser/ssl/chrome_ssl_host_state_delegate_test.cc » ('j') | chrome/browser/ui/website_settings/website_settings.cc » ('J')

Powered by Google App Engine
This is Rietveld 408576698