2015-05-19 19:55:58 +02:00
|
|
|
// Copyright (c) 2014 The Chromium Authors. All rights reserved.
|
|
|
|
// Use of this source code is governed by a BSD-style license that can be
|
|
|
|
// found in the LICENSE file.
|
|
|
|
|
|
|
|
#ifndef CEF_LIBCEF_BROWSER_SSL_HOST_STATE_DELEGATE_H_
|
|
|
|
#define CEF_LIBCEF_BROWSER_SSL_HOST_STATE_DELEGATE_H_
|
|
|
|
|
|
|
|
#include <map>
|
|
|
|
#include <string>
|
|
|
|
|
|
|
|
#include "content/public/browser/ssl_host_state_delegate.h"
|
|
|
|
#include "net/base/hash_value.h"
|
|
|
|
#include "net/cert/x509_certificate.h"
|
|
|
|
|
2015-06-06 00:06:48 +02:00
|
|
|
// Implementation based on android_webview/browser/aw_ssl_host_state_delegate.h.
|
|
|
|
|
2015-05-19 19:55:58 +02:00
|
|
|
namespace internal {
|
|
|
|
|
|
|
|
// This class maintains the policy for storing actions on certificate errors.
|
|
|
|
class CertPolicy {
|
|
|
|
public:
|
|
|
|
CertPolicy();
|
|
|
|
~CertPolicy();
|
|
|
|
// Returns true if the user has decided to proceed through the ssl error
|
|
|
|
// before. For a certificate to be allowed, it must not have any
|
|
|
|
// *additional* errors from when it was allowed.
|
2018-06-19 00:08:20 +02:00
|
|
|
bool Check(const net::X509Certificate& cert, int error) const;
|
2015-05-19 19:55:58 +02:00
|
|
|
|
|
|
|
// Causes the policy to allow this certificate for a given |error|. And
|
|
|
|
// remember the user's choice.
|
2018-06-19 00:08:20 +02:00
|
|
|
void Allow(const net::X509Certificate& cert, int error);
|
2015-05-19 19:55:58 +02:00
|
|
|
|
2015-06-06 00:06:48 +02:00
|
|
|
// Returns true if and only if there exists a user allow exception for some
|
|
|
|
// certificate.
|
|
|
|
bool HasAllowException() const { return allowed_.size() > 0; }
|
|
|
|
|
2015-05-19 19:55:58 +02:00
|
|
|
private:
|
|
|
|
// The set of fingerprints of allowed certificates.
|
2018-06-19 00:08:20 +02:00
|
|
|
std::map<net::SHA256HashValue, int> allowed_;
|
2015-05-19 19:55:58 +02:00
|
|
|
};
|
|
|
|
|
|
|
|
} // namespace internal
|
|
|
|
|
|
|
|
class CefSSLHostStateDelegate : public content::SSLHostStateDelegate {
|
|
|
|
public:
|
|
|
|
CefSSLHostStateDelegate();
|
|
|
|
~CefSSLHostStateDelegate() override;
|
|
|
|
|
2015-06-06 00:06:48 +02:00
|
|
|
// SSLHostStateDelegate methods:
|
2015-05-19 19:55:58 +02:00
|
|
|
void AllowCert(const std::string& host,
|
|
|
|
const net::X509Certificate& cert,
|
2018-06-19 00:08:20 +02:00
|
|
|
int error) override;
|
2016-10-17 20:14:44 +02:00
|
|
|
void Clear(
|
|
|
|
const base::Callback<bool(const std::string&)>& host_filter) override;
|
2015-05-19 19:55:58 +02:00
|
|
|
content::SSLHostStateDelegate::CertJudgment QueryPolicy(
|
|
|
|
const std::string& host,
|
|
|
|
const net::X509Certificate& cert,
|
2019-10-01 15:55:16 +02:00
|
|
|
int error) override;
|
2016-08-31 13:25:56 +02:00
|
|
|
void HostRanInsecureContent(const std::string& host,
|
|
|
|
int child_id,
|
|
|
|
InsecureContentType content_type) override;
|
2019-09-04 17:13:32 +02:00
|
|
|
bool DidHostRunInsecureContent(const std::string& host,
|
|
|
|
int child_id,
|
|
|
|
InsecureContentType content_type) override;
|
2015-06-06 00:06:48 +02:00
|
|
|
void RevokeUserAllowExceptions(const std::string& host) override;
|
2019-09-04 17:13:32 +02:00
|
|
|
bool HasAllowException(const std::string& host) override;
|
2015-05-19 19:55:58 +02:00
|
|
|
|
|
|
|
private:
|
|
|
|
// Certificate policies for each host.
|
|
|
|
std::map<std::string, internal::CertPolicy> cert_policy_for_host_;
|
|
|
|
|
|
|
|
DISALLOW_COPY_AND_ASSIGN(CefSSLHostStateDelegate);
|
|
|
|
};
|
|
|
|
|
|
|
|
#endif // CEF_LIBCEF_BROWSER_SSL_HOST_STATE_DELEGATE_H_
|