1 // Copyright (c) 2014 The Chromium Authors. All rights reserved.
2 // Use of this source code is governed by a BSD-style license that can be
3 // found in the LICENSE file.
5 #include "android_webview/browser/aw_ssl_host_state_delegate.h"
7 #include "net/base/hash_value.h"
9 using content::SSLHostStateDelegate
;
11 namespace android_webview
{
14 net::SHA256HashValue
getChainFingerprint256(const net::X509Certificate
& cert
) {
15 net::SHA256HashValue fingerprint
=
16 net::X509Certificate::CalculateChainFingerprint256(
17 cert
.os_cert_handle(), cert
.GetIntermediateCertificates());
21 CertPolicy::CertPolicy() {
23 CertPolicy::~CertPolicy() {
26 // For an allowance, we consider a given |cert| to be a match to a saved
27 // allowed cert if the |error| is an exact match to or subset of the errors
28 // in the saved CertStatus.
29 bool CertPolicy::Check(const net::X509Certificate
& cert
,
30 net::CertStatus error
) const {
31 net::SHA256HashValue fingerprint
= getChainFingerprint256(cert
);
32 std::map
<net::SHA256HashValue
, net::CertStatus
,
33 net::SHA256HashValueLessThan
>::const_iterator allowed_iter
=
34 allowed_
.find(fingerprint
);
35 if ((allowed_iter
!= allowed_
.end()) && (allowed_iter
->second
& error
) &&
36 ((allowed_iter
->second
& error
) == error
)) {
42 void CertPolicy::Allow(const net::X509Certificate
& cert
,
43 net::CertStatus error
) {
44 // If this same cert had already been saved with a different error status,
45 // this will replace it with the new error status.
46 net::SHA256HashValue fingerprint
= getChainFingerprint256(cert
);
47 allowed_
[fingerprint
] = error
;
50 } // namespace internal
52 AwSSLHostStateDelegate::AwSSLHostStateDelegate() {
55 AwSSLHostStateDelegate::~AwSSLHostStateDelegate() {
58 void AwSSLHostStateDelegate::HostRanInsecureContent(const std::string
& host
,
60 // Intentional no-op for Android WebView.
63 bool AwSSLHostStateDelegate::DidHostRunInsecureContent(const std::string
& host
,
65 // Intentional no-op for Android WebView.
69 void AwSSLHostStateDelegate::AllowCert(const std::string
& host
,
70 const net::X509Certificate
& cert
,
71 net::CertStatus error
) {
72 cert_policy_for_host_
[host
].Allow(cert
, error
);
75 void AwSSLHostStateDelegate::Clear() {
76 cert_policy_for_host_
.clear();
79 SSLHostStateDelegate::CertJudgment
AwSSLHostStateDelegate::QueryPolicy(
80 const std::string
& host
,
81 const net::X509Certificate
& cert
,
82 net::CertStatus error
,
83 bool* expired_previous_decision
) {
84 return cert_policy_for_host_
[host
].Check(cert
, error
)
85 ? SSLHostStateDelegate::ALLOWED
86 : SSLHostStateDelegate::DENIED
;
89 } // namespace android_webview