summaryrefslogtreecommitdiffstats
path: root/content/browser/ssl
diff options
context:
space:
mode:
authorjww@chromium.org <jww@chromium.org@0039d316-1c4b-4281-b951-d872f2087c98>2014-08-13 21:22:04 +0000
committerjww@chromium.org <jww@chromium.org@0039d316-1c4b-4281-b951-d872f2087c98>2014-08-13 21:24:11 +0000
commit71cd5ef79d5561fbc1c258c216151ef0cbe201cc (patch)
tree1307794ab575aaad71b02ed146116c420a34a168 /content/browser/ssl
parentebc614b5655481c553e0259fdc3e69e7789df107 (diff)
downloadchromium_src-71cd5ef79d5561fbc1c258c216151ef0cbe201cc.zip
chromium_src-71cd5ef79d5561fbc1c258c216151ef0cbe201cc.tar.gz
chromium_src-71cd5ef79d5561fbc1c258c216151ef0cbe201cc.tar.bz2
Add button to page info to revoke user certificate decisions.
(Re-commit of https://codereview.chromium.org/418133012/) Currently, if a user clicks 'proceed' through an SSL interstitial, their only way to revoke this decision is to restart their browser session. This commit provides an explicit button in the page info to revoke this decision if the user is using the remember certificate error decisions experiment. Since decisions are remembered across browser restarts for these users, it's important to provide them with a mechanism to revoke their decision later. BUG=262615 NOTRY=true TBR=tedchoc@chromium.org,rsesek@chromium.org,jam@chromium.org,pkasting@chromium.org Review URL: https://codereview.chromium.org/473643002 Cr-Commit-Position: refs/heads/master@{#289382} git-svn-id: svn://svn.chromium.org/chrome/trunk/src@289382 0039d316-1c4b-4281-b951-d872f2087c98
Diffstat (limited to 'content/browser/ssl')
-rw-r--r--content/browser/ssl/ssl_host_state.cc118
-rw-r--r--content/browser/ssl/ssl_host_state.h94
-rw-r--r--content/browser/ssl/ssl_policy_backend.cc24
-rw-r--r--content/browser/ssl/ssl_policy_backend.h6
4 files changed, 20 insertions, 222 deletions
diff --git a/content/browser/ssl/ssl_host_state.cc b/content/browser/ssl/ssl_host_state.cc
deleted file mode 100644
index 15edabb..0000000
--- a/content/browser/ssl/ssl_host_state.cc
+++ /dev/null
@@ -1,118 +0,0 @@
-// Copyright 2014 The Chromium Authors. All rights reserved.
-// Use of this source code is governed by a BSD-style license that can be
-// found in the LICENSE file.
-
-#include "content/browser/ssl/ssl_host_state.h"
-
-#include "base/logging.h"
-#include "base/lazy_instance.h"
-#include "content/public/browser/browser_context.h"
-#include "content/public/browser/ssl_host_state_delegate.h"
-#include "net/http/http_transaction_factory.h"
-#include "net/url_request/url_request_context.h"
-#include "net/url_request/url_request_context_getter.h"
-
-const char kKeyName[] = "content_ssl_host_state";
-
-namespace content {
-
-SSLHostState* SSLHostState::GetFor(BrowserContext* context) {
- SSLHostState* rv = static_cast<SSLHostState*>(context->GetUserData(kKeyName));
- if (!rv) {
- rv = new SSLHostState();
- rv->delegate_ = context->GetSSLHostStateDelegate();
- // |context| may be NULL, implementing the default storage strategy.
- if (context)
- context->SetUserData(kKeyName, rv);
- }
- return rv;
-}
-
-SSLHostState::SSLHostState() {
-}
-
-SSLHostState::~SSLHostState() {
-}
-
-void SSLHostState::HostRanInsecureContent(const std::string& host, int pid) {
- DCHECK(CalledOnValidThread());
- ran_insecure_content_hosts_.insert(BrokenHostEntry(host, pid));
-}
-
-bool SSLHostState::DidHostRunInsecureContent(const std::string& host,
- int pid) const {
- DCHECK(CalledOnValidThread());
- return !!ran_insecure_content_hosts_.count(BrokenHostEntry(host, pid));
-}
-
-void SSLHostState::DenyCertForHost(net::X509Certificate* cert,
- const std::string& host,
- net::CertStatus error) {
- DCHECK(CalledOnValidThread());
-
- if (!delegate_)
- return;
-
- delegate_->DenyCert(host, cert, error);
-}
-
-void SSLHostState::AllowCertForHost(net::X509Certificate* cert,
- const std::string& host,
- net::CertStatus error) {
- DCHECK(CalledOnValidThread());
-
- if (!delegate_)
- return;
-
- delegate_->AllowCert(host, cert, error);
-}
-
-void SSLHostState::RevokeAllowAndDenyPreferences(const std::string& host) {
- DCHECK(CalledOnValidThread());
-
- if (!delegate_)
- return;
-
- // TODO(jww): This will revoke all of the decisions in the browser context.
- // However, the networking stack actually keeps track of its own list of
- // exceptions per-HttpNetworkTransaction in the SSLConfig structure (see the
- // allowed_bad_certs Vector in net/ssl/ssl_config.h). This dual-tracking of
- // exceptions introduces a problem where the browser context can revoke a
- // certificate, but if a transaction reuses a cached version of the SSLConfig
- // (probably from a pooled socket), it may bypass the intestitial layer.
- //
- // Over time, the cached versions should expire and it should converge on
- // showing the interstitial. We probably need to
- // introduce into the networking stack a way revoke SSLConfig's
- // allowed_bad_certs lists per socket.
- delegate_->RevokeAllowAndDenyPreferences(host);
-}
-
-bool SSLHostState::HasAllowedOrDeniedCert(const std::string& host) {
- DCHECK(CalledOnValidThread());
-
- if (!delegate_)
- return false;
-
- return delegate_->HasAllowedOrDeniedCert(host);
-}
-
-void SSLHostState::Clear() {
- if (!delegate_)
- return;
-
- delegate_->Clear();
-}
-
-net::CertPolicy::Judgment SSLHostState::QueryPolicy(net::X509Certificate* cert,
- const std::string& host,
- net::CertStatus error) {
- DCHECK(CalledOnValidThread());
-
- if (!delegate_)
- return net::CertPolicy::Judgment::UNKNOWN;
-
- return delegate_->QueryPolicy(host, cert, error);
-}
-
-} // namespace content
diff --git a/content/browser/ssl/ssl_host_state.h b/content/browser/ssl/ssl_host_state.h
deleted file mode 100644
index 49ca8d2..0000000
--- a/content/browser/ssl/ssl_host_state.h
+++ /dev/null
@@ -1,94 +0,0 @@
-// Copyright 2014 The Chromium Authors. All rights reserved.
-// Use of this source code is governed by a BSD-style license that can be
-// found in the LICENSE file.
-
-#ifndef CONTENT_BROWSER_SSL_SSL_HOST_STATE_H_
-#define CONTENT_BROWSER_SSL_SSL_HOST_STATE_H_
-
-#include <map>
-#include <set>
-#include <string>
-
-#include "base/basictypes.h"
-#include "base/compiler_specific.h"
-#include "base/supports_user_data.h"
-#include "base/threading/non_thread_safe.h"
-#include "content/common/content_export.h"
-#include "net/cert/cert_status_flags.h"
-#include "net/cert/x509_certificate.h"
-
-namespace content {
-class BrowserContext;
-class SSLHostStateDelegate;
-
-// SSLHostState
-//
-// The SSLHostState encapulates the host-specific state for SSL errors. For
-// example, SSLHostState remembers whether the user has whitelisted a
-// particular broken cert for use with particular host. We separate this state
-// from the SSLManager because this state is shared across many navigation
-// controllers.
-class CONTENT_EXPORT SSLHostState
- : NON_EXPORTED_BASE(base::SupportsUserData::Data),
- NON_EXPORTED_BASE(public base::NonThreadSafe) {
- public:
- // Contexts may specify a NULL certificate decision storage strategy. In that
- // case, the returned SSLHostState from GetFor() will implement a default
- // strategy of ignoring all exception requests and returning
- // net::QueryPolicy::Judgment::UNKOWN from QueryPolicy().
- static SSLHostState* GetFor(BrowserContext* browser_context);
-
- SSLHostState();
- virtual ~SSLHostState();
-
- // Records that a host has run insecure content.
- void HostRanInsecureContent(const std::string& host, int pid);
-
- // Returns whether the specified host ran insecure content.
- bool DidHostRunInsecureContent(const std::string& host, int pid) const;
-
- // Records that |cert| is not permitted to be used for |url| in the future,
- // for a specified |error| type.
- void DenyCertForHost(net::X509Certificate* cert,
- const std::string& host,
- net::CertStatus error);
-
- // Records that |cert| is permitted to be used for |url| in the future, for
- // a specified |error| type.
- void AllowCertForHost(net::X509Certificate* cert,
- const std::string& host,
- net::CertStatus error);
-
- // Revoke all allow/deny preferences for |url|.
- void RevokeAllowAndDenyPreferences(const std::string& host);
-
- bool HasAllowedOrDeniedCert(const std::string& host);
-
- // Clear all allow/deny preferences.
- void Clear();
-
- // Queries whether |cert| is allowed or denied for |url| and |error|.
- net::CertPolicy::Judgment QueryPolicy(net::X509Certificate* cert,
- const std::string& host,
- net::CertStatus error);
-
- private:
- // A BrokenHostEntry is a pair of (host, process_id) that indicates the host
- // contains insecure content in that renderer process.
- typedef std::pair<std::string, int> BrokenHostEntry;
-
- // Hosts which have been contaminated with insecure content in the
- // specified process. Note that insecure content can travel between
- // same-origin frames in one processs but cannot jump between processes.
- std::set<BrokenHostEntry> ran_insecure_content_hosts_;
-
- // The certificate decision store. It may be NULL, depending on the browsing
- // context. This is owned by the browsing context.
- SSLHostStateDelegate* delegate_;
-
- DISALLOW_COPY_AND_ASSIGN(SSLHostState);
-};
-
-} // namespace content
-
-#endif // CONTENT_BROWSER_SSL_SSL_HOST_STATE_H_
diff --git a/content/browser/ssl/ssl_policy_backend.cc b/content/browser/ssl/ssl_policy_backend.cc
index 3eb4f46..3d0ea01 100644
--- a/content/browser/ssl/ssl_policy_backend.cc
+++ b/content/browser/ssl/ssl_policy_backend.cc
@@ -5,44 +5,54 @@
#include "content/browser/ssl/ssl_policy_backend.h"
#include "content/browser/frame_host/navigation_controller_impl.h"
-#include "content/browser/ssl/ssl_host_state.h"
#include "content/public/browser/browser_context.h"
+#include "content/public/browser/ssl_host_state_delegate.h"
namespace content {
SSLPolicyBackend::SSLPolicyBackend(NavigationControllerImpl* controller)
- : ssl_host_state_(SSLHostState::GetFor(controller->GetBrowserContext())),
+ : ssl_host_state_delegate_(
+ controller->GetBrowserContext()->GetSSLHostStateDelegate()),
controller_(controller) {
DCHECK(controller_);
}
void SSLPolicyBackend::HostRanInsecureContent(const std::string& host, int id) {
- ssl_host_state_->HostRanInsecureContent(host, id);
+ if (ssl_host_state_delegate_)
+ ssl_host_state_delegate_->HostRanInsecureContent(host, id);
SSLManager::NotifySSLInternalStateChanged(controller_->GetBrowserContext());
}
bool SSLPolicyBackend::DidHostRunInsecureContent(const std::string& host,
int pid) const {
- return ssl_host_state_->DidHostRunInsecureContent(host, pid);
+ if (!ssl_host_state_delegate_)
+ return false;
+
+ return ssl_host_state_delegate_->DidHostRunInsecureContent(host, pid);
}
void SSLPolicyBackend::DenyCertForHost(net::X509Certificate* cert,
const std::string& host,
net::CertStatus error) {
- ssl_host_state_->DenyCertForHost(cert, host, error);
+ if (ssl_host_state_delegate_)
+ ssl_host_state_delegate_->DenyCert(host, cert, error);
}
void SSLPolicyBackend::AllowCertForHost(net::X509Certificate* cert,
const std::string& host,
net::CertStatus error) {
- ssl_host_state_->AllowCertForHost(cert, host, error);
+ if (ssl_host_state_delegate_)
+ ssl_host_state_delegate_->AllowCert(host, cert, error);
}
net::CertPolicy::Judgment SSLPolicyBackend::QueryPolicy(
net::X509Certificate* cert,
const std::string& host,
net::CertStatus error) {
- return ssl_host_state_->QueryPolicy(cert, host, error);
+ if (!ssl_host_state_delegate_)
+ return net::CertPolicy::UNKNOWN;
+
+ return ssl_host_state_delegate_->QueryPolicy(host, cert, error);
}
} // namespace content
diff --git a/content/browser/ssl/ssl_policy_backend.h b/content/browser/ssl/ssl_policy_backend.h
index 06ea23e..a5222e9 100644
--- a/content/browser/ssl/ssl_policy_backend.h
+++ b/content/browser/ssl/ssl_policy_backend.h
@@ -15,7 +15,7 @@
namespace content {
class NavigationControllerImpl;
-class SSLHostState;
+class SSLHostStateDelegate;
class SSLPolicyBackend {
public:
@@ -45,8 +45,8 @@ class SSLPolicyBackend {
net::CertStatus error);
private:
- // SSL state specific for each host.
- SSLHostState* ssl_host_state_;
+ // SSL state delegate specific for each host.
+ SSLHostStateDelegate* ssl_host_state_delegate_;
NavigationControllerImpl* controller_;
generated by cgit v1.1 at 2025-03-31 17:46:12 +0000