Chromium Code Reviews Chromium Code Reviews
Issue 794023002:
Remember user's decisions on SSL errors. (Closed)
Base URL: https://chromium.googlesource.com/chromium/src.git@master| Index: android_webview/browser/aw_ssl_host_state_delegate.cc |
| diff --git a/android_webview/browser/aw_ssl_host_state_delegate.cc b/android_webview/browser/aw_ssl_host_state_delegate.cc |
| new file mode 100644 |
| index 0000000000000000000000000000000000000000..1bee2b6d0fefbc4100ada0b269d5ece5e08c62f1 |
| --- /dev/null |
| +++ b/android_webview/browser/aw_ssl_host_state_delegate.cc |
| @@ -0,0 +1,79 @@ |
| +// Copyright (c) 2012 The Chromium Authors. All rights reserved. |
|
jww
2014/12/12 01:48:41
See comment on Copyright in aw_ssl_host_state_dele
hush (inactive)
2014/12/12 02:42:37
Done.
|
| +// Use of this source code is governed by a BSD-style license that can be |
| +// found in the LICENSE file. |
| + |
| +#include "android_webview/browser/aw_ssl_host_state_delegate.h" |
| + |
| +#include "net/base/hash_value.h" |
| + |
| +using content::SSLHostStateDelegate; |
| + |
| +namespace android_webview { |
| +namespace { |
| +CertPolicy::CertPolicy() { |
| +} |
| + |
| +CertPolicy::~CertPolicy() { |
| +} |
| + |
| +// For an allowance, we consider a given |cert| to be a match to a saved |
| +// allowed cert if the |error| is an exact match to or subset of the errors |
| +// in the saved CertStatus. |
| +bool CertPolicy::Check(const net::X509Certificate& cert, |
| + net::CertStatus error) const { |
| + std::map<net::SHA1HashValue, net::CertStatus, |
| + net::SHA1HashValueLessThan>::const_iterator allowed_iter = |
| + allowed_.find(cert.fingerprint()); |
| + if ((allowed_iter != allowed_.end()) && (allowed_iter->second & error) && |
| + !(~(allowed_iter->second & error) ^ ~error)) { |
| + return true; |
| + } |
| + |
| + return false; |
| +} |
| + |
| +void CertPolicy::Allow(const net::X509Certificate& cert, |
| + net::CertStatus error) { |
| + // If this same cert had already been saved with a different error status, |
| + // this will replace it with the new error status. |
| + allowed_[cert.fingerprint()] = error; |
|
jww
2014/12/12 01:48:41
This should store the entire chain, not just the e
hush (inactive)
2014/12/12 02:42:37
I just used "CalculateChainFingerprint256" to get
jww
2014/12/12 02:56:47
Yup, sounds great (And I misspoke in my original c
|
| +} |
| +} // namespace |
| + |
| +AwSSLHostStateDelegate::AwSSLHostStateDelegate() { |
|
jww
2014/12/12 01:48:41
Nit: This constructor and destructor be inline in
hush (inactive)
2014/12/12 02:42:37
Sorry, I tried to do this. But I got a compiler er
jww
2014/12/12 02:56:47
Okay, my bad.
|
| +} |
| + |
| +AwSSLHostStateDelegate::~AwSSLHostStateDelegate() { |
| +} |
| + |
| +void AwSSLHostStateDelegate::HostRanInsecureContent(const std::string& host, |
| + int pid) { |
| + ran_insecure_content_hosts_.insert(BrokenHostEntry(host, pid)); |
| +} |
| + |
| +bool AwSSLHostStateDelegate::DidHostRunInsecureContent(const std::string& host, |
| + int pid) const { |
| + return !!ran_insecure_content_hosts_.count(BrokenHostEntry(host, pid)); |
| +} |
| + |
| +void AwSSLHostStateDelegate::AllowCert(const std::string& host, |
| + const net::X509Certificate& cert, |
| + net::CertStatus error) { |
| + cert_policy_for_host_[host].Allow(cert, error); |
| +} |
| + |
| +void AwSSLHostStateDelegate::Clear() { |
| + cert_policy_for_host_.clear(); |
| +} |
| + |
| +SSLHostStateDelegate::CertJudgment AwSSLHostStateDelegate::QueryPolicy( |
| + const std::string& host, |
| + const net::X509Certificate& cert, |
| + net::CertStatus error, |
| + bool* expired_previous_decision) { |
| + return cert_policy_for_host_[host].Check(cert, error) |
| + ? SSLHostStateDelegate::ALLOWED |
| + : SSLHostStateDelegate::DENIED; |
| +} |
| + |
| +} // namespace android_webview |
