android_webview/browser/aw_ssl_host_state_delegate.h

   1 // Copyright (c) 2014 The Chromium Authors. All rights reserved.
   2 // Use of this source code is governed by a BSD-style license that can be
   3 // found in the LICENSE file.
   4
   5 #ifndef ANDROID_WEBVIEW_BROWSER_AW_SSL_HOST_STATE_DELEGATE_H_
   6 #define ANDROID_WEBVIEW_BROWSER_AW_SSL_HOST_STATE_DELEGATE_H_
   7
   8 #include <map>
   9 #include <string>
  10
  11 #include "content/public/browser/ssl_host_state_delegate.h"
  12 #include "net/base/hash_value.h"
  13 #include "net/cert/cert_status_flags.h"
  14 #include "net/cert/x509_certificate.h"
  15
  16 namespace android_webview {
  17
  18 namespace internal {
  19 // This class maintains the policy for storing actions on certificate errors.
  20 class CertPolicy {
  21  public:
  22   CertPolicy();
  23   ~CertPolicy();
  24   // Returns true if the user has decided to proceed through the ssl error
  25   // before. For a certificate to be allowed, it must not have any
  26   // *additional* errors from when it was allowed.
  27   bool Check(const net::X509Certificate& cert, net::CertStatus error) const;
  28
  29   // Causes the policy to allow this certificate for a given |error|. And
  30   // remember the user's choice.
  31   void Allow(const net::X509Certificate& cert, net::CertStatus error);
  32
  33   // Returns true if and only if there exists a user allow exception for some
  34   // certificate.
  35   bool HasAllowException() const { return allowed_.size() > 0; }
  36
  37  private:
  38   // The set of fingerprints of allowed certificates.
  39   std::map<net::SHA256HashValue, net::CertStatus, net::SHA256HashValueLessThan>
  40       allowed_;
  41 };
  42
  43 }  // namespace internal
  44
  45 class AwSSLHostStateDelegate : public content::SSLHostStateDelegate {
  46  public:
  47   AwSSLHostStateDelegate();
  48   ~AwSSLHostStateDelegate() override;
  49
  50   // Records that |cert| is permitted to be used for |host| in the future, for
  51   // a specified |error| type.
  52   void AllowCert(const std::string& host,
  53                  const net::X509Certificate& cert,
  54                  net::CertStatus error) override;
  55
  56   void Clear() override;
  57
  58   // Queries whether |cert| is allowed or denied for |host| and |error|.
  59   content::SSLHostStateDelegate::CertJudgment QueryPolicy(
  60       const std::string& host,
  61       const net::X509Certificate& cert,
  62       net::CertStatus error,
  63       bool* expired_previous_decision) override;
  64
  65   // Records that a host has run insecure content.
  66   void HostRanInsecureContent(const std::string& host, int pid) override;
  67
  68   // Returns whether the specified host ran insecure content.
  69   bool DidHostRunInsecureContent(const std::string& host,
  70                                  int pid) const override;
  71
  72   // Revokes all SSL certificate error allow exceptions made by the user for
  73   // |host|.
  74   void RevokeUserAllowExceptions(const std::string& host) override;
  75
  76   // Returns whether the user has allowed a certificate error exception for
  77   // |host|. This does not mean that *all* certificate errors are allowed, just
  78   // that there exists an exception. To see if a particular certificate and
  79   // error combination exception is allowed, use QueryPolicy().
  80   bool HasAllowException(const std::string& host) const override;
  81
  82  private:
  83   // Certificate policies for each host.
  84   std::map<std::string, internal::CertPolicy> cert_policy_for_host_;
  85
  86   DISALLOW_COPY_AND_ASSIGN(AwSSLHostStateDelegate);
  87 };
  88
  89 }  // namespace android_webview
  90
  91 #endif  // ANDROID_WEBVIEW_BROWSER_AW_SSL_HOST_STATE_DELEGATE_H_