• Home
  • Line#
  • Scopes#
  • Navigate#
  • Raw
  • Download
1 // Copyright (c) 2014 The Chromium Authors. All rights reserved.
2 // Use of this source code is governed by a BSD-style license that can be
3 // found in the LICENSE file.
4 
5 #ifndef CEF_LIBCEF_BROWSER_SSL_HOST_STATE_DELEGATE_H_
6 #define CEF_LIBCEF_BROWSER_SSL_HOST_STATE_DELEGATE_H_
7 
8 #include <map>
9 #include <string>
10 
11 #include "content/public/browser/ssl_host_state_delegate.h"
12 #include "net/base/hash_value.h"
13 #include "net/cert/x509_certificate.h"
14 
15 // Implementation based on android_webview/browser/aw_ssl_host_state_delegate.h.
16 
17 namespace internal {
18 
19 // This class maintains the policy for storing actions on certificate errors.
20 class CertPolicy {
21  public:
22   CertPolicy();
23   ~CertPolicy();
24   // Returns true if the user has decided to proceed through the ssl error
25   // before. For a certificate to be allowed, it must not have any
26   // *additional* errors from when it was allowed.
27   bool Check(const net::X509Certificate& cert, int error) const;
28 
29   // Causes the policy to allow this certificate for a given |error|. And
30   // remember the user's choice.
31   void Allow(const net::X509Certificate& cert, int error);
32 
33   // Returns true if and only if there exists a user allow exception for some
34   // certificate.
HasAllowException()35   bool HasAllowException() const { return allowed_.size() > 0; }
36 
37  private:
38   // The set of fingerprints of allowed certificates.
39   std::map<net::SHA256HashValue, int> allowed_;
40 };
41 
42 }  // namespace internal
43 
44 class CefSSLHostStateDelegate : public content::SSLHostStateDelegate {
45  public:
46   CefSSLHostStateDelegate();
47 
48   CefSSLHostStateDelegate(const CefSSLHostStateDelegate&) = delete;
49   CefSSLHostStateDelegate& operator=(const CefSSLHostStateDelegate&) = delete;
50 
51   ~CefSSLHostStateDelegate() override;
52 
53   // SSLHostStateDelegate methods:
54   void AllowCert(const std::string& host,
55                  const net::X509Certificate& cert,
56                  int error,
57                  content::WebContents* web_contents) override;
58   void Clear(const base::RepeatingCallback<bool(const std::string&)>
59                  host_filter) override;
60   content::SSLHostStateDelegate::CertJudgment QueryPolicy(
61       const std::string& host,
62       const net::X509Certificate& cert,
63       int error,
64       content::WebContents* web_contents) override;
65   void HostRanInsecureContent(const std::string& host,
66                               int child_id,
67                               InsecureContentType content_type) override;
68   bool DidHostRunInsecureContent(const std::string& host,
69                                  int child_id,
70                                  InsecureContentType content_type) override;
71   void AllowHttpForHost(const std::string& host,
72                         content::WebContents* web_content) override;
73   bool IsHttpAllowedForHost(const std::string& host,
74                             content::WebContents* web_content) override;
75   void RevokeUserAllowExceptions(const std::string& host) override;
76   bool HasAllowException(const std::string& host,
77                          content::WebContents* web_contents) override;
78 
79  private:
80   // Certificate policies for each host.
81   std::map<std::string, internal::CertPolicy> cert_policy_for_host_;
82 };
83 
84 #endif  // CEF_LIBCEF_BROWSER_SSL_HOST_STATE_DELEGATE_H_
85