• Home
  • History
  • Annotate
  • Line#
  • Scopes#
  • Navigate#
  • Raw
  • Download
1 // Copyright (c) 2014 The Chromium Authors. All rights reserved.
2 // Use of this source code is governed by a BSD-style license that can be
3 // found in the LICENSE file.
4 
5 #include "android_webview/browser/aw_ssl_host_state_delegate.h"
6 
7 #include "net/base/hash_value.h"
8 
9 using content::SSLHostStateDelegate;
10 
11 namespace android_webview {
12 
13 namespace internal {
getChainFingerprint256(const net::X509Certificate & cert)14 net::SHA256HashValue getChainFingerprint256(const net::X509Certificate& cert) {
15   net::SHA256HashValue fingerprint =
16       net::X509Certificate::CalculateChainFingerprint256(
17           cert.os_cert_handle(), cert.GetIntermediateCertificates());
18   return fingerprint;
19 }
20 
CertPolicy()21 CertPolicy::CertPolicy() {
22 }
~CertPolicy()23 CertPolicy::~CertPolicy() {
24 }
25 
26 // For an allowance, we consider a given |cert| to be a match to a saved
27 // allowed cert if the |error| is an exact match to or subset of the errors
28 // in the saved CertStatus.
Check(const net::X509Certificate & cert,net::CertStatus error) const29 bool CertPolicy::Check(const net::X509Certificate& cert,
30                        net::CertStatus error) const {
31   net::SHA256HashValue fingerprint = getChainFingerprint256(cert);
32   std::map<net::SHA256HashValue, net::CertStatus,
33            net::SHA256HashValueLessThan>::const_iterator allowed_iter =
34       allowed_.find(fingerprint);
35   if ((allowed_iter != allowed_.end()) && (allowed_iter->second & error) &&
36       ((allowed_iter->second & error) == error)) {
37     return true;
38   }
39   return false;
40 }
41 
Allow(const net::X509Certificate & cert,net::CertStatus error)42 void CertPolicy::Allow(const net::X509Certificate& cert,
43                        net::CertStatus error) {
44   // If this same cert had already been saved with a different error status,
45   // this will replace it with the new error status.
46   net::SHA256HashValue fingerprint = getChainFingerprint256(cert);
47   allowed_[fingerprint] = error;
48 }
49 
50 }  // namespace internal
51 
AwSSLHostStateDelegate()52 AwSSLHostStateDelegate::AwSSLHostStateDelegate() {
53 }
54 
~AwSSLHostStateDelegate()55 AwSSLHostStateDelegate::~AwSSLHostStateDelegate() {
56 }
57 
HostRanInsecureContent(const std::string & host,int pid)58 void AwSSLHostStateDelegate::HostRanInsecureContent(const std::string& host,
59                                                     int pid) {
60   // Intentional no-op for Android WebView.
61 }
62 
DidHostRunInsecureContent(const std::string & host,int pid) const63 bool AwSSLHostStateDelegate::DidHostRunInsecureContent(const std::string& host,
64                                                        int pid) const {
65   // Intentional no-op for Android WebView.
66   return false;
67 }
68 
AllowCert(const std::string & host,const net::X509Certificate & cert,net::CertStatus error)69 void AwSSLHostStateDelegate::AllowCert(const std::string& host,
70                                        const net::X509Certificate& cert,
71                                        net::CertStatus error) {
72   cert_policy_for_host_[host].Allow(cert, error);
73 }
74 
Clear()75 void AwSSLHostStateDelegate::Clear() {
76   cert_policy_for_host_.clear();
77 }
78 
QueryPolicy(const std::string & host,const net::X509Certificate & cert,net::CertStatus error,bool * expired_previous_decision)79 SSLHostStateDelegate::CertJudgment AwSSLHostStateDelegate::QueryPolicy(
80     const std::string& host,
81     const net::X509Certificate& cert,
82     net::CertStatus error,
83     bool* expired_previous_decision) {
84   return cert_policy_for_host_[host].Check(cert, error)
85              ? SSLHostStateDelegate::ALLOWED
86              : SSLHostStateDelegate::DENIED;
87 }
88 
89 }  // namespace android_webview
90