From fbda95d8bff725d3433047fbef0f3ff068d2dd9f Mon Sep 17 00:00:00 2001 From: "rch@chromium.org" Date: Wed, 29 Feb 2012 05:42:09 +0000 Subject: Add a new static GetDomainForOrigin method to OriginBoundCertService for determining the scope of an "Origin" Bound Certificate. TEST=OriginBoundCertServiceTest.GetDomainForOrigin Review URL: http://codereview.chromium.org/9500004 git-svn-id: svn://svn.chromium.org/chrome/trunk/src@124123 0039d316-1c4b-4281-b951-d872f2087c98 --- net/base/origin_bound_cert_service.cc | 10 ++++++++++ net/base/origin_bound_cert_service.h | 5 +++++ net/base/origin_bound_cert_service_unittest.cc | 18 ++++++++++++++++++ 3 files changed, 33 insertions(+) (limited to 'net') diff --git a/net/base/origin_bound_cert_service.cc b/net/base/origin_bound_cert_service.cc index 1edf9c0..3cab29e 100644 --- a/net/base/origin_bound_cert_service.cc +++ b/net/base/origin_bound_cert_service.cc @@ -22,6 +22,7 @@ #include "crypto/rsa_private_key.h" #include "net/base/net_errors.h" #include "net/base/origin_bound_cert_store.h" +#include "net/base/registry_controlled_domain.h" #include "net/base/x509_certificate.h" #include "net/base/x509_util.h" @@ -295,6 +296,15 @@ OriginBoundCertService::~OriginBoundCertService() { STLDeleteValues(&inflight_); } +//static +std::string OriginBoundCertService::GetDomainForHost(const std::string& host) { + std::string domain = + RegistryControlledDomainService::GetDomainAndRegistry(host); + if (domain.empty()) + return host; + return domain; +} + int OriginBoundCertService::GetOriginBoundCert( const std::string& origin, const std::vector& requested_types, diff --git a/net/base/origin_bound_cert_service.h b/net/base/origin_bound_cert_service.h index 298c3e9..d9096df 100644 --- a/net/base/origin_bound_cert_service.h +++ b/net/base/origin_bound_cert_service.h @@ -44,6 +44,11 @@ class NET_EXPORT OriginBoundCertService ~OriginBoundCertService(); + // Returns the domain to be used for |host|. The domain is the + // "registry controlled domain", or the "ETLD + 1" where one exists, or + // the origin otherwise. + static std::string GetDomainForHost(const std::string& host); + // Fetches the origin bound cert for the specified origin of the specified // type if one exists and creates one otherwise. Returns OK if successful or // an error code upon failure. diff --git a/net/base/origin_bound_cert_service_unittest.cc b/net/base/origin_bound_cert_service_unittest.cc index 6c0d264..a005fae 100644 --- a/net/base/origin_bound_cert_service_unittest.cc +++ b/net/base/origin_bound_cert_service_unittest.cc @@ -26,6 +26,24 @@ void FailTest(int /* result */) { FAIL(); } +TEST(OriginBoundCertServiceTest, GetDomainForHost) { + EXPECT_EQ("google.com", + OriginBoundCertService::GetDomainForHost("google.com")); + EXPECT_EQ("google.com", + OriginBoundCertService::GetDomainForHost("www.google.com")); + // NOTE(rch): we would like to segregate cookies and certificates for + // *.appspot.com, but currently we can not do that becaues we want to + // allow direct navigation to appspot.com. + EXPECT_EQ("appspot.com", + OriginBoundCertService::GetDomainForHost("foo.appspot.com")); + EXPECT_EQ("google.com", + OriginBoundCertService::GetDomainForHost("www.mail.google.com")); + EXPECT_EQ("goto", + OriginBoundCertService::GetDomainForHost("goto")); + EXPECT_EQ("127.0.0.1", + OriginBoundCertService::GetDomainForHost("127.0.0.1")); +} + // See http://crbug.com/91512 - implement OpenSSL version of CreateSelfSigned. #if !defined(USE_OPENSSL) -- cgit v1.1