SSLPolicy Fix: Step 6.

Merge in changes to SSLHostState. We now can store whether a specific origin is "broken," which is the key new bit of state that we need to share between tabs. Currently, there is a naming inconsistency between the SSLManager names and the SSLHostState names. I'll clear this up when I merge in the new SSLManager. R=jcampan BUG=8706 Review URL: http://codereview.chromium.org/42274 git-svn-id: svn://svn.chromium.org/chrome/trunk/src@11891 0039d316-1c4b-4281-b951-d872f2087c98
author: abarth@chromium.org <abarth@chromium.org@0039d316-1c4b-4281-b951-d872f2087c98> 2009-03-17 18:56:23 +0000
committer: abarth@chromium.org <abarth@chromium.org@0039d316-1c4b-4281-b951-d872f2087c98> 2009-03-17 18:56:23 +0000
commit: 93edf7352b4c0500d1561ab0a56034d226ead456 (patch)
tree: 415241006597320384541bf1a8b5874fa71bc1fe /chrome
parent: 7312b29f5d2fd9c2b3aa550fee009a8a2cc70826 (diff)
download: chromium_src-93edf7352b4c0500d1561ab0a56034d226ead456.zip
chromium_src-93edf7352b4c0500d1561ab0a56034d226ead456.tar.gz
chromium_src-93edf7352b4c0500d1561ab0a56034d226ead456.tar.bz2
3 files changed, 69 insertions, 17 deletions
diff --git a/chrome/browser/ssl/ssl_host_state.cc b/chrome/browser/ssl/ssl_host_state.cc
index 1fdf200..5a5b7ae 100755
--- a/chrome/browser/ssl/ssl_host_state.cc
+++ b/chrome/browser/ssl/ssl_host_state.cc
@@ -6,12 +6,40 @@
 
 #include "base/logging.h"
 
+namespace {
+
+static const char kDot = '.';
+
+static bool IsIntranetHost(const std::string& host) {
+  const size_t dot = host.find(kDot);
+  return dot == std::string::npos || dot == host.length() - 1;
+}
+
+}  // namespace
+
 SSLHostState::SSLHostState() {
 }
 
 SSLHostState::~SSLHostState() {
 }
 
+void SSLHostState::MarkHostAsBroken(const std::string& host) {
+  DCHECK(CalledOnValidThread());
+
+  broken_hosts_.insert(host);
+}
+
+bool SSLHostState::DidMarkHostAsBroken(const std::string& host) {
+  DCHECK(CalledOnValidThread());
+
+  // CAs issue certificate for intranet hosts to everyone.  Therefore, we always
+  // treat intranet hosts as broken.
+  if (IsIntranetHost(host))
+    return true;
+
+  return (broken_hosts_.find(host) != broken_hosts_.end());
+}
+
 void SSLHostState::DenyCertForHost(net::X509Certificate* cert,
                                    const std::string& host) {
   DCHECK(CalledOnValidThread());
@@ -28,6 +56,18 @@ void SSLHostState::AllowCertForHost(net::X509Certificate* cert,
   cert_policy_for_host_[host].Allow(cert);
 }
 
+bool SSLHostState::DidAllowCertForHost(const std::string& host) {
+  DCHECK(CalledOnValidThread());
+
+  std::map<std::string, net::X509Certificate::Policy>::const_iterator iter =
+      cert_policy_for_host_.find(host);
+  
+  if (iter == cert_policy_for_host_.end())
+    return false;
+
+  return iter->second.HasAllowedCert();
+}
+
 net::X509Certificate::Policy::Judgment SSLHostState::QueryPolicy(
     net::X509Certificate* cert, const std::string& host) {
   DCHECK(CalledOnValidThread());
@@ -35,15 +75,15 @@ net::X509Certificate::Policy::Judgment SSLHostState::QueryPolicy(
   return cert_policy_for_host_[host].Check(cert);
 }
 
-bool SSLHostState::CanShowInsecureContent(const GURL& url) {
+void SSLHostState::AllowMixedContentForHost(const std::string& host) {
   DCHECK(CalledOnValidThread());
 
-  return (can_show_insecure_content_for_host_.find(url.host()) !=
-      can_show_insecure_content_for_host_.end());
+  allow_mixed_content_for_host_.insert(host);
 }
 
-void SSLHostState::AllowShowInsecureContentForURL(const GURL& url) {
+bool SSLHostState::DidAllowMixedContentForHost(const std::string& host) {
   DCHECK(CalledOnValidThread());
 
-  can_show_insecure_content_for_host_.insert(url.host());
+  return (allow_mixed_content_for_host_.find(host) !=
+      allow_mixed_content_for_host_.end());
 }
diff --git a/chrome/browser/ssl/ssl_host_state.h b/chrome/browser/ssl/ssl_host_state.h
index 6d0194f..d8cbeff 100755
--- a/chrome/browser/ssl/ssl_host_state.h
+++ b/chrome/browser/ssl/ssl_host_state.h
@@ -17,7 +17,7 @@
 // SSLHostState
 //
 // The SSLHostState encapulates the host-specific state for SSL errors.  For
-// example, SSLHostState rememebers whether the user has whitelisted a
+// example, SSLHostState remembers whether the user has whitelisted a
 // particular broken cert for use with particular host.  We separate this state
 // from the SSLManager because this state is shared across many navigation
 // controllers.
@@ -27,31 +27,43 @@ class SSLHostState : public NonThreadSafe {
   SSLHostState();
   ~SSLHostState();
 
+  // Records that a host is "broken," that is, the origin for that host has been
+  // contaminated with insecure content, either via HTTP or via HTTPS with a
+  // bad certificate.
+  void MarkHostAsBroken(const std::string& host);
+
+  // Returns whether the specified host was marked as broken.
+  bool DidMarkHostAsBroken(const std::string& host);
+
   // Records that |cert| is permitted to be used for |host| in the future.
   void DenyCertForHost(net::X509Certificate* cert, const std::string& host);
 
   // Records that |cert| is not permitted to be used for |host| in the future.
   void AllowCertForHost(net::X509Certificate* cert, const std::string& host);
 
+  // Queries whether there is at least one certificate that has been manually
+  // allowed for this host.
+  bool DidAllowCertForHost(const std::string& host);
+
   // Queries whether |cert| is allowed or denied for |host|.
   net::X509Certificate::Policy::Judgment QueryPolicy(
       net::X509Certificate* cert, const std::string& host);
 
-  // Allow mixed/unsafe content to be visible (non filtered) for the specified
-  // URL.
-  // Note that the current implementation allows on a host name basis.
-  void AllowShowInsecureContentForURL(const GURL& url);
+  // Allows mixed content to be visible (non filtered).
+  void AllowMixedContentForHost(const std::string& host);
 
-  // Returns whether the specified URL is allowed to show insecure (mixed or
-  // unsafe) content.
-  bool CanShowInsecureContent(const GURL& url);
+  // Returns whether the specified host is allowed to show mixed content.
+  bool DidAllowMixedContentForHost(const std::string& host);
 
  private:
+  // Hosts which have been contaminated with unsafe content.
+  std::set<std::string> broken_hosts_;
+
   // Certificate policies for each host.
   std::map<std::string, net::X509Certificate::Policy> cert_policy_for_host_;
 
-  // Domains for which it is OK to show insecure content.
-  std::set<std::string> can_show_insecure_content_for_host_;
+  // Hosts for which we are allowed to show mixed content.
+  std::set<std::string> allow_mixed_content_for_host_;
 
   DISALLOW_COPY_AND_ASSIGN(SSLHostState);
 };
diff --git a/chrome/browser/ssl/ssl_manager.cc b/chrome/browser/ssl/ssl_manager.cc
index f10a344..095e07d 100644
--- a/chrome/browser/ssl/ssl_manager.cc
+++ b/chrome/browser/ssl/ssl_manager.cc
@@ -208,11 +208,11 @@ net::X509Certificate::Policy::Judgment SSLManager::QueryPolicy(
 }
 
 bool SSLManager::CanShowInsecureContent(const GURL& url) {
-  return ssl_host_state_->CanShowInsecureContent(url);
+  return ssl_host_state_->DidAllowMixedContentForHost(url.host());
 }
 
 void SSLManager::AllowShowInsecureContentForURL(const GURL& url) {
-  ssl_host_state_->AllowShowInsecureContentForURL(url);
+  ssl_host_state_->AllowMixedContentForHost(url.host());
 }
 
 bool SSLManager::ProcessedSSLErrorFromRequest() const {
author	abarth@chromium.org <abarth@chromium.org@0039d316-1c4b-4281-b951-d872f2087c98>	2009-03-17 18:56:23 +0000
committer	abarth@chromium.org <abarth@chromium.org@0039d316-1c4b-4281-b951-d872f2087c98>	2009-03-17 18:56:23 +0000
commit	93edf7352b4c0500d1561ab0a56034d226ead456 (patch)
tree	415241006597320384541bf1a8b5874fa71bc1fe /chrome
parent	7312b29f5d2fd9c2b3aa550fee009a8a2cc70826 (diff)
download	chromium_src-93edf7352b4c0500d1561ab0a56034d226ead456.zip chromium_src-93edf7352b4c0500d1561ab0a56034d226ead456.tar.gz chromium_src-93edf7352b4c0500d1561ab0a56034d226ead456.tar.bz2