Supervised user whitelists: Cleanup
[chromium-blink-merge.git] / android_webview / browser / aw_ssl_host_state_delegate.cc
blob1da47472fb4b38f3fed193c2e519d409fdfbfd40
1 // Copyright (c) 2014 The Chromium Authors. All rights reserved.
2 // Use of this source code is governed by a BSD-style license that can be
3 // found in the LICENSE file.
5 #include "android_webview/browser/aw_ssl_host_state_delegate.h"
7 #include "net/base/hash_value.h"
9 using content::SSLHostStateDelegate;
11 namespace android_webview {
13 namespace internal {
14 net::SHA256HashValue getChainFingerprint256(const net::X509Certificate& cert) {
15 net::SHA256HashValue fingerprint =
16 net::X509Certificate::CalculateChainFingerprint256(
17 cert.os_cert_handle(), cert.GetIntermediateCertificates());
18 return fingerprint;
21 CertPolicy::CertPolicy() {
23 CertPolicy::~CertPolicy() {
26 // For an allowance, we consider a given |cert| to be a match to a saved
27 // allowed cert if the |error| is an exact match to or subset of the errors
28 // in the saved CertStatus.
29 bool CertPolicy::Check(const net::X509Certificate& cert,
30 net::CertStatus error) const {
31 net::SHA256HashValue fingerprint = getChainFingerprint256(cert);
32 std::map<net::SHA256HashValue, net::CertStatus,
33 net::SHA256HashValueLessThan>::const_iterator allowed_iter =
34 allowed_.find(fingerprint);
35 if ((allowed_iter != allowed_.end()) && (allowed_iter->second & error) &&
36 ((allowed_iter->second & error) == error)) {
37 return true;
39 return false;
42 void CertPolicy::Allow(const net::X509Certificate& cert,
43 net::CertStatus error) {
44 // If this same cert had already been saved with a different error status,
45 // this will replace it with the new error status.
46 net::SHA256HashValue fingerprint = getChainFingerprint256(cert);
47 allowed_[fingerprint] = error;
50 } // namespace internal
52 AwSSLHostStateDelegate::AwSSLHostStateDelegate() {
55 AwSSLHostStateDelegate::~AwSSLHostStateDelegate() {
58 void AwSSLHostStateDelegate::HostRanInsecureContent(const std::string& host,
59 int pid) {
60 // Intentional no-op for Android WebView.
63 bool AwSSLHostStateDelegate::DidHostRunInsecureContent(const std::string& host,
64 int pid) const {
65 // Intentional no-op for Android WebView.
66 return false;
69 void AwSSLHostStateDelegate::AllowCert(const std::string& host,
70 const net::X509Certificate& cert,
71 net::CertStatus error) {
72 cert_policy_for_host_[host].Allow(cert, error);
75 void AwSSLHostStateDelegate::Clear() {
76 cert_policy_for_host_.clear();
79 SSLHostStateDelegate::CertJudgment AwSSLHostStateDelegate::QueryPolicy(
80 const std::string& host,
81 const net::X509Certificate& cert,
82 net::CertStatus error,
83 bool* expired_previous_decision) {
84 return cert_policy_for_host_[host].Check(cert, error)
85 ? SSLHostStateDelegate::ALLOWED
86 : SSLHostStateDelegate::DENIED;
89 void AwSSLHostStateDelegate::RevokeUserAllowExceptions(
90 const std::string& host) {
91 cert_policy_for_host_.erase(host);
94 bool AwSSLHostStateDelegate::HasAllowException(const std::string& host) const {
95 auto policy_iterator = cert_policy_for_host_.find(host);
96 return policy_iterator != cert_policy_for_host_.end() &&
97 policy_iterator->second.HasAllowException();
100 } // namespace android_webview