diff options
| author | rch@chromium.org <rch@chromium.org@0039d316-1c4b-4281-b951-d872f2087c98> | 2012-02-29 05:42:09 +0000 |
|---|---|---|
| committer | rch@chromium.org <rch@chromium.org@0039d316-1c4b-4281-b951-d872f2087c98> | 2012-02-29 05:42:09 +0000 |
| commit | fbda95d8bff725d3433047fbef0f3ff068d2dd9f (patch) | |
| tree | d154692a8b6d03104c2508d8b353aee066bdc766 /net | |
| parent | 3b61c3085cceb0d6905e5b47da7b59b82ee3f164 (diff) | |
| download | chromium_src-fbda95d8bff725d3433047fbef0f3ff068d2dd9f.zip chromium_src-fbda95d8bff725d3433047fbef0f3ff068d2dd9f.tar.gz chromium_src-fbda95d8bff725d3433047fbef0f3ff068d2dd9f.tar.bz2 | |
Add a new static GetDomainForOrigin method to OriginBoundCertService for determining the scope of an "Origin" Bound Certificate.
TEST=OriginBoundCertServiceTest.GetDomainForOrigin
Review URL: http://codereview.chromium.org/9500004
git-svn-id: svn://svn.chromium.org/chrome/trunk/src@124123 0039d316-1c4b-4281-b951-d872f2087c98
Diffstat (limited to 'net')
| -rw-r--r-- | net/base/origin_bound_cert_service.cc | 10 | ||||
| -rw-r--r-- | net/base/origin_bound_cert_service.h | 5 | ||||
| -rw-r--r-- | net/base/origin_bound_cert_service_unittest.cc | 18 |
3 files changed, 33 insertions, 0 deletions
diff --git a/net/base/origin_bound_cert_service.cc b/net/base/origin_bound_cert_service.cc index 1edf9c0..3cab29e 100644 --- a/net/base/origin_bound_cert_service.cc +++ b/net/base/origin_bound_cert_service.cc @@ -22,6 +22,7 @@ #include "crypto/rsa_private_key.h" #include "net/base/net_errors.h" #include "net/base/origin_bound_cert_store.h" +#include "net/base/registry_controlled_domain.h" #include "net/base/x509_certificate.h" #include "net/base/x509_util.h" @@ -295,6 +296,15 @@ OriginBoundCertService::~OriginBoundCertService() { STLDeleteValues(&inflight_); } +//static +std::string OriginBoundCertService::GetDomainForHost(const std::string& host) { + std::string domain = + RegistryControlledDomainService::GetDomainAndRegistry(host); + if (domain.empty()) + return host; + return domain; +} + int OriginBoundCertService::GetOriginBoundCert( const std::string& origin, const std::vector<uint8>& requested_types, diff --git a/net/base/origin_bound_cert_service.h b/net/base/origin_bound_cert_service.h index 298c3e9..d9096df 100644 --- a/net/base/origin_bound_cert_service.h +++ b/net/base/origin_bound_cert_service.h @@ -44,6 +44,11 @@ class NET_EXPORT OriginBoundCertService ~OriginBoundCertService(); + // Returns the domain to be used for |host|. The domain is the + // "registry controlled domain", or the "ETLD + 1" where one exists, or + // the origin otherwise. + static std::string GetDomainForHost(const std::string& host); + // Fetches the origin bound cert for the specified origin of the specified // type if one exists and creates one otherwise. Returns OK if successful or // an error code upon failure. diff --git a/net/base/origin_bound_cert_service_unittest.cc b/net/base/origin_bound_cert_service_unittest.cc index 6c0d264..a005fae 100644 --- a/net/base/origin_bound_cert_service_unittest.cc +++ b/net/base/origin_bound_cert_service_unittest.cc @@ -26,6 +26,24 @@ void FailTest(int /* result */) { FAIL(); } +TEST(OriginBoundCertServiceTest, GetDomainForHost) { + EXPECT_EQ("google.com", + OriginBoundCertService::GetDomainForHost("google.com")); + EXPECT_EQ("google.com", + OriginBoundCertService::GetDomainForHost("www.google.com")); + // NOTE(rch): we would like to segregate cookies and certificates for + // *.appspot.com, but currently we can not do that becaues we want to + // allow direct navigation to appspot.com. + EXPECT_EQ("appspot.com", + OriginBoundCertService::GetDomainForHost("foo.appspot.com")); + EXPECT_EQ("google.com", + OriginBoundCertService::GetDomainForHost("www.mail.google.com")); + EXPECT_EQ("goto", + OriginBoundCertService::GetDomainForHost("goto")); + EXPECT_EQ("127.0.0.1", + OriginBoundCertService::GetDomainForHost("127.0.0.1")); +} + // See http://crbug.com/91512 - implement OpenSSL version of CreateSelfSigned. #if !defined(USE_OPENSSL) |