1 // Copyright (c) 2014 The Chromium Authors. All rights reserved. 2 // Use of this source code is governed by a BSD-style license that can be 3 // found in the LICENSE file. 4 5 #ifndef ANDROID_WEBVIEW_BROWSER_AW_SSL_HOST_STATE_DELEGATE_H_ 6 #define ANDROID_WEBVIEW_BROWSER_AW_SSL_HOST_STATE_DELEGATE_H_ 7 8 #include <map> 9 #include <string> 10 11 #include "content/public/browser/ssl_host_state_delegate.h" 12 #include "net/base/hash_value.h" 13 #include "net/cert/cert_status_flags.h" 14 #include "net/cert/x509_certificate.h" 15 16 namespace android_webview { 17 18 namespace internal { 19 // This class maintains the policy for storing actions on certificate errors. 20 class CertPolicy { 21 public: 22 CertPolicy(); 23 ~CertPolicy(); 24 // Returns true if the user has decided to proceed through the ssl error 25 // before. For a certificate to be allowed, it must not have any 26 // *additional* errors from when it was allowed. 27 bool Check(const net::X509Certificate& cert, net::CertStatus error) const; 28 29 // Causes the policy to allow this certificate for a given |error|. And 30 // remember the user's choice. 31 void Allow(const net::X509Certificate& cert, net::CertStatus error); 32 33 private: 34 // The set of fingerprints of allowed certificates. 35 std::map<net::SHA256HashValue, net::CertStatus, net::SHA256HashValueLessThan> 36 allowed_; 37 }; 38 39 } // namespace internal 40 41 class AwSSLHostStateDelegate : public content::SSLHostStateDelegate { 42 public: 43 AwSSLHostStateDelegate(); 44 virtual ~AwSSLHostStateDelegate(); 45 46 // Records that |cert| is permitted to be used for |host| in the future, for 47 // a specified |error| type. 48 void AllowCert(const std::string& host, 49 const net::X509Certificate& cert, 50 net::CertStatus error) override; 51 52 void Clear() override; 53 54 // Queries whether |cert| is allowed or denied for |host| and |error|. 55 content::SSLHostStateDelegate::CertJudgment QueryPolicy( 56 const std::string& host, 57 const net::X509Certificate& cert, 58 net::CertStatus error, 59 bool* expired_previous_decision) override; 60 61 // Records that a host has run insecure content. 62 void HostRanInsecureContent(const std::string& host, int pid) override; 63 64 // Returns whether the specified host ran insecure content. 65 bool DidHostRunInsecureContent(const std::string& host, 66 int pid) const override; 67 68 private: 69 // Certificate policies for each host. 70 std::map<std::string, internal::CertPolicy> cert_policy_for_host_; 71 72 DISALLOW_COPY_AND_ASSIGN(AwSSLHostStateDelegate); 73 }; 74 75 } // namespace android_webview 76 77 #endif // ANDROID_WEBVIEW_BROWSER_AW_SSL_HOST_STATE_DELEGATE_H_ 78