diff options
| author | abarth@chromium.org <abarth@chromium.org@0039d316-1c4b-4281-b951-d872f2087c98> | 2009-03-17 18:56:23 +0000 |
|---|---|---|
| committer | abarth@chromium.org <abarth@chromium.org@0039d316-1c4b-4281-b951-d872f2087c98> | 2009-03-17 18:56:23 +0000 |
| commit | 93edf7352b4c0500d1561ab0a56034d226ead456 (patch) | |
| tree | 415241006597320384541bf1a8b5874fa71bc1fe /chrome/browser/ssl/ssl_host_state.cc | |
| parent | 7312b29f5d2fd9c2b3aa550fee009a8a2cc70826 (diff) | |
| download | chromium_src-93edf7352b4c0500d1561ab0a56034d226ead456.zip chromium_src-93edf7352b4c0500d1561ab0a56034d226ead456.tar.gz chromium_src-93edf7352b4c0500d1561ab0a56034d226ead456.tar.bz2 | |
SSLPolicy Fix: Step 6.
Merge in changes to SSLHostState. We now can store whether a specific origin is "broken," which is the key new bit of state that we need to share between tabs.
Currently, there is a naming inconsistency between the SSLManager names and the SSLHostState names. I'll clear this up when I merge in the new SSLManager.
R=jcampan
BUG=8706
Review URL: http://codereview.chromium.org/42274
git-svn-id: svn://svn.chromium.org/chrome/trunk/src@11891 0039d316-1c4b-4281-b951-d872f2087c98
Diffstat (limited to 'chrome/browser/ssl/ssl_host_state.cc')
| -rwxr-xr-x | chrome/browser/ssl/ssl_host_state.cc | 50 |
1 files changed, 45 insertions, 5 deletions
diff --git a/chrome/browser/ssl/ssl_host_state.cc b/chrome/browser/ssl/ssl_host_state.cc index 1fdf200..5a5b7ae 100755 --- a/chrome/browser/ssl/ssl_host_state.cc +++ b/chrome/browser/ssl/ssl_host_state.cc @@ -6,12 +6,40 @@ #include "base/logging.h" +namespace { + +static const char kDot = '.'; + +static bool IsIntranetHost(const std::string& host) { + const size_t dot = host.find(kDot); + return dot == std::string::npos || dot == host.length() - 1; +} + +} // namespace + SSLHostState::SSLHostState() { } SSLHostState::~SSLHostState() { } +void SSLHostState::MarkHostAsBroken(const std::string& host) { + DCHECK(CalledOnValidThread()); + + broken_hosts_.insert(host); +} + +bool SSLHostState::DidMarkHostAsBroken(const std::string& host) { + DCHECK(CalledOnValidThread()); + + // CAs issue certificate for intranet hosts to everyone. Therefore, we always + // treat intranet hosts as broken. + if (IsIntranetHost(host)) + return true; + + return (broken_hosts_.find(host) != broken_hosts_.end()); +} + void SSLHostState::DenyCertForHost(net::X509Certificate* cert, const std::string& host) { DCHECK(CalledOnValidThread()); @@ -28,6 +56,18 @@ void SSLHostState::AllowCertForHost(net::X509Certificate* cert, cert_policy_for_host_[host].Allow(cert); } +bool SSLHostState::DidAllowCertForHost(const std::string& host) { + DCHECK(CalledOnValidThread()); + + std::map<std::string, net::X509Certificate::Policy>::const_iterator iter = + cert_policy_for_host_.find(host); + + if (iter == cert_policy_for_host_.end()) + return false; + + return iter->second.HasAllowedCert(); +} + net::X509Certificate::Policy::Judgment SSLHostState::QueryPolicy( net::X509Certificate* cert, const std::string& host) { DCHECK(CalledOnValidThread()); @@ -35,15 +75,15 @@ net::X509Certificate::Policy::Judgment SSLHostState::QueryPolicy( return cert_policy_for_host_[host].Check(cert); } -bool SSLHostState::CanShowInsecureContent(const GURL& url) { +void SSLHostState::AllowMixedContentForHost(const std::string& host) { DCHECK(CalledOnValidThread()); - return (can_show_insecure_content_for_host_.find(url.host()) != - can_show_insecure_content_for_host_.end()); + allow_mixed_content_for_host_.insert(host); } -void SSLHostState::AllowShowInsecureContentForURL(const GURL& url) { +bool SSLHostState::DidAllowMixedContentForHost(const std::string& host) { DCHECK(CalledOnValidThread()); - can_show_insecure_content_for_host_.insert(url.host()); + return (allow_mixed_content_for_host_.find(host) != + allow_mixed_content_for_host_.end()); } |