Home | History | Annotate | Download | only in ssl 
      1 // Copyright (c) 2010 The Chromium Authors. All rights reserved.
      2 // Use of this source code is governed by a BSD-style license that can be
      3 // found in the LICENSE file.
      4 
      5 #ifndef CHROME_BROWSER_SSL_SSL_HOST_STATE_H_
      6 #define CHROME_BROWSER_SSL_SSL_HOST_STATE_H_
      7 #pragma once
      8 
      9 #include <string>
     10 #include <map>
     11 #include <set>
     12 
     13 #include "base/basictypes.h"
     14 #include "base/threading/non_thread_safe.h"
     15 #include "googleurl/src/gurl.h"
     16 #include "net/base/x509_certificate.h"
     17 
     18 // SSLHostState
     19 //
     20 // The SSLHostState encapulates the host-specific state for SSL errors.  For
     21 // example, SSLHostState remembers whether the user has whitelisted a
     22 // particular broken cert for use with particular host.  We separate this state
     23 // from the SSLManager because this state is shared across many navigation
     24 // controllers.
     25 
     26 class SSLHostState : public base::NonThreadSafe {
     27  public:
     28   SSLHostState();
     29   ~SSLHostState();
     30 
     31   // Records that a host has run insecure content.
     32   void HostRanInsecureContent(const std::string& host, int pid);
     33 
     34   // Returns whether the specified host ran insecure content.
     35   bool DidHostRunInsecureContent(const std::string& host, int pid) const;
     36 
     37   // Records that |cert| is permitted to be used for |host| in the future.
     38   void DenyCertForHost(net::X509Certificate* cert, const std::string& host);
     39 
     40   // Records that |cert| is not permitted to be used for |host| in the future.
     41   void AllowCertForHost(net::X509Certificate* cert, const std::string& host);
     42 
     43   // Queries whether |cert| is allowed or denied for |host|.
     44   net::CertPolicy::Judgment QueryPolicy(
     45       net::X509Certificate* cert, const std::string& host);
     46 
     47  private:
     48   // A BrokenHostEntry is a pair of (host, process_id) that indicates the host
     49   // contains insecure content in that renderer process.
     50   typedef std::pair<std::string, int> BrokenHostEntry;
     51 
     52   // Hosts which have been contaminated with insecure content in the
     53   // specified process.  Note that insecure content can travel between
     54   // same-origin frames in one processs but cannot jump between processes.
     55   std::set<BrokenHostEntry> ran_insecure_content_hosts_;
     56 
     57   // Certificate policies for each host.
     58   std::map<std::string, net::CertPolicy> cert_policy_for_host_;
     59 
     60   DISALLOW_COPY_AND_ASSIGN(SSLHostState);
     61 };
     62 
     63 #endif  // CHROME_BROWSER_SSL_SSL_HOST_STATE_H_
     64