Home | History | Annotate | Download | only in browser 
      1 // Copyright (c) 2014 The Chromium Authors. All rights reserved.
      2 // Use of this source code is governed by a BSD-style license that can be
      3 // found in the LICENSE file.
      4 
      5 #ifndef ANDROID_WEBVIEW_BROWSER_AW_SSL_HOST_STATE_DELEGATE_H_
      6 #define ANDROID_WEBVIEW_BROWSER_AW_SSL_HOST_STATE_DELEGATE_H_
      7 
      8 #include <map>
      9 #include <string>
     10 
     11 #include "content/public/browser/ssl_host_state_delegate.h"
     12 #include "net/base/hash_value.h"
     13 #include "net/cert/cert_status_flags.h"
     14 #include "net/cert/x509_certificate.h"
     15 
     16 namespace android_webview {
     17 
     18 namespace internal {
     19 // This class maintains the policy for storing actions on certificate errors.
     20 class CertPolicy {
     21  public:
     22   CertPolicy();
     23   ~CertPolicy();
     24   // Returns true if the user has decided to proceed through the ssl error
     25   // before. For a certificate to be allowed, it must not have any
     26   // *additional* errors from when it was allowed.
     27   bool Check(const net::X509Certificate& cert, net::CertStatus error) const;
     28 
     29   // Causes the policy to allow this certificate for a given |error|. And
     30   // remember the user's choice.
     31   void Allow(const net::X509Certificate& cert, net::CertStatus error);
     32 
     33  private:
     34   // The set of fingerprints of allowed certificates.
     35   std::map<net::SHA256HashValue, net::CertStatus, net::SHA256HashValueLessThan>
     36       allowed_;
     37 };
     38 
     39 }  // namespace internal
     40 
     41 class AwSSLHostStateDelegate : public content::SSLHostStateDelegate {
     42  public:
     43   AwSSLHostStateDelegate();
     44   virtual ~AwSSLHostStateDelegate();
     45 
     46   // Records that |cert| is permitted to be used for |host| in the future, for
     47   // a specified |error| type.
     48   void AllowCert(const std::string& host,
     49                  const net::X509Certificate& cert,
     50                  net::CertStatus error) override;
     51 
     52   void Clear() override;
     53 
     54   // Queries whether |cert| is allowed or denied for |host| and |error|.
     55   content::SSLHostStateDelegate::CertJudgment QueryPolicy(
     56       const std::string& host,
     57       const net::X509Certificate& cert,
     58       net::CertStatus error,
     59       bool* expired_previous_decision) override;
     60 
     61   // Records that a host has run insecure content.
     62   void HostRanInsecureContent(const std::string& host, int pid) override;
     63 
     64   // Returns whether the specified host ran insecure content.
     65   bool DidHostRunInsecureContent(const std::string& host,
     66                                  int pid) const override;
     67 
     68  private:
     69   // Certificate policies for each host.
     70   std::map<std::string, internal::CertPolicy> cert_policy_for_host_;
     71 
     72   DISALLOW_COPY_AND_ASSIGN(AwSSLHostStateDelegate);
     73 };
     74 
     75 }  // namespace android_webview
     76 
     77 #endif  // ANDROID_WEBVIEW_BROWSER_AW_SSL_HOST_STATE_DELEGATE_H_
     78