Remember user's decisions on SSL errors.

android_webview/browser/aw_ssl_host_state_delegate.cc

Index: android_webview/browser/aw_ssl_host_state_delegate.cc
diff --git a/android_webview/browser/aw_ssl_host_state_delegate.cc b/android_webview/browser/aw_ssl_host_state_delegate.cc
new file mode 100644
index 0000000000000000000000000000000000000000..f90d31da8c5fe5d9564984d0a0daf84161be5376
--- /dev/null
+++ b/android_webview/browser/aw_ssl_host_state_delegate.cc
@@ -0,0 +1,88 @@
+// Copyright (c) 2014 The Chromium Authors. All rights reserved.
+// Use of this source code is governed by a BSD-style license that can be
+// found in the LICENSE file.
+
+#include "android_webview/browser/aw_ssl_host_state_delegate.h"
+
+#include "net/base/hash_value.h"
+
+using content::SSLHostStateDelegate;
+
+namespace android_webview {
+namespace internal {

[sgurun-gerrit only, 2014/12/12 04:23:09]

nit: add a line between namespaces

[hush (inactive), 2014/12/12 19:43:39]

Done.

+net::SHA256HashValue getChainFingerprint256(const net::X509Certificate& cert) {
+  net::SHA256HashValue fingerprint =
+      net::X509Certificate::CalculateChainFingerprint256(
+          cert.os_cert_handle(), cert.GetIntermediateCertificates());
+  return fingerprint;
+}
+
+CertPolicy::CertPolicy() {
+}
+CertPolicy::~CertPolicy() {
+}
+
+// For an allowance, we consider a given |cert| to be a match to a saved
+// allowed cert if the |error| is an exact match to or subset of the errors
+// in the saved CertStatus.
+bool CertPolicy::Check(const net::X509Certificate& cert,
+                       net::CertStatus error) const {
+  net::SHA256HashValue fingerprint = getChainFingerprint256(cert);
+  std::map<net::SHA256HashValue, net::CertStatus,
+           net::SHA256HashValueLessThan>::const_iterator allowed_iter =
+      allowed_.find(fingerprint);
+  if ((allowed_iter != allowed_.end()) && (allowed_iter->second & error) &&
+      !(~(allowed_iter->second & error) ^ ~error)) {

[hush (inactive), 2014/12/12 19:43:39]

I copied this if statement from m37 code, and I think it is equivalent to
(allowed_iter->second & error) == error

+    return true;
+  }
+

[sgurun-gerrit only, 2014/12/12 04:23:09]

nit: remove the empty line

[hush (inactive), 2014/12/12 19:43:39]

Done.

+  return false;
+}
+
+void CertPolicy::Allow(const net::X509Certificate& cert,
+                       net::CertStatus error) {
+  // If this same cert had already been saved with a different error status,
+  // this will replace it with the new error status.
+  net::SHA256HashValue fingerprint = getChainFingerprint256(cert);
+

[sgurun-gerrit only, 2014/12/12 04:23:09]

nit: remove the empty line

[hush (inactive), 2014/12/12 19:43:39]

Done.

+  allowed_[fingerprint] = error;
+}
+}  // namespace internal
+
+AwSSLHostStateDelegate::AwSSLHostStateDelegate() {
+}
+
+AwSSLHostStateDelegate::~AwSSLHostStateDelegate() {
+}
+
+void AwSSLHostStateDelegate::HostRanInsecureContent(const std::string& host,
+                                                    int pid) {
+  ran_insecure_content_hosts_.insert(BrokenHostEntry(host, pid));
+}
+
+bool AwSSLHostStateDelegate::DidHostRunInsecureContent(const std::string& host,
+                                                       int pid) const {
+  return !!ran_insecure_content_hosts_.count(BrokenHostEntry(host, pid));

[sgurun-gerrit only, 2014/12/12 04:23:09]

We are changing behavior here compared to  returning a null delegate, Further
looking at the code of how it is used in content and net layer, I don't think it
is meaningful for webview. jww can correct me but I think you can return plain
false here and drop any baggage that comes with it.

[hush (inactive), 2014/12/12 19:43:39]

Yes. I did some investigations too. This method is only used here:
https://code.google.com/p/chromium/codesearch#chromium/src/content/browser/ss...
which updates the entry with the flags: SECURITY_STYLE_AUTHENTICATION_BROKEN and
SSLStatus::RAN_INSECURE_CONTENT.
These 2 flags are only read by chrome/ layer, so probably not related to
WebView.

I will just go ahead and remove this thing.

[jww, 2014/12/12 20:02:50]

I'm surprised there's no way to extract this information from a WebView. That
is, it seems like an embedder of a WebView might want to know if the HTTPS
content inside the WebView ran insecure content. That having been said, it does
seem that that's not possible with WebView, so if you never expect it to be
present, then indeed this is not useful information to store.

+}
+
+void AwSSLHostStateDelegate::AllowCert(const std::string& host,
+                                       const net::X509Certificate& cert,
+                                       net::CertStatus error) {
+  cert_policy_for_host_[host].Allow(cert, error);
+}
+
+void AwSSLHostStateDelegate::Clear() {
+  cert_policy_for_host_.clear();
+}
+
+SSLHostStateDelegate::CertJudgment AwSSLHostStateDelegate::QueryPolicy(
+    const std::string& host,
+    const net::X509Certificate& cert,
+    net::CertStatus error,
+    bool* expired_previous_decision) {
+  return cert_policy_for_host_[host].Check(cert, error)
+             ? SSLHostStateDelegate::ALLOWED
+             : SSLHostStateDelegate::DENIED;
+}
+
+}  // namespace android_webview