Fix SslCertLookupTable to correctly determine whether we have a valid cached decision

We should only re-use a cached 'allow' decision if the decision ... - is for the same host - is for an error which is at least as severe as the current error Bug: 5409251 Change-Id: Id8516f58c8d23de44e80539ffeaf945be3d2914a
author: Steve Block <steveblock@google.com> 2011-10-04 17:00:58 +0100
committer: Steve Block <steveblock@google.com> 2011-10-05 18:01:54 +0100
commit: f219f23aec8ef65cca70cd038cb9b77212cf9435 (patch)
tree: 94cf0aaddd702448616eb9ffa6b575bbb81177ac
parent: 4198627a284a9dbdd7a16f98c4fbcf5032c6020f (diff)
1 files changed, 16 insertions, 19 deletions
diff --git a/core/java/android/webkit/SslCertLookupTable.java b/core/java/android/webkit/SslCertLookupTable.java
index a06836cfaa68..98ace4f5d64e 100644
--- a/core/java/android/webkit/SslCertLookupTable.java
+++ b/core/java/android/webkit/SslCertLookupTable.java
@@ -30,6 +30,7 @@ import java.net.URL;
  */
 final class SslCertLookupTable {
     private static SslCertLookupTable sTable;
+    // We store the most severe error we're willing to allow for each host.
     private final Bundle table;
 
     public static SslCertLookupTable getInstance() {
@@ -44,32 +45,28 @@ final class SslCertLookupTable {
     }
 
     public void setIsAllowed(SslError sslError) {
-        // TODO: We should key on just the host. See http://b/5409251.
-        String errorString = sslErrorToString(sslError);
-        if (errorString != null) {
-            table.putBoolean(errorString, true);
+        String host;
+        try {
+            host = new URL(sslError.getUrl()).getHost();
+        } catch(MalformedURLException e) {
+            return;
         }
+        table.putInt(host, sslError.getPrimaryError());
     }
 
+    // We allow the decision to be re-used if it's for the same host and is for
+    // an error of equal or greater severity than this error.
     public boolean isAllowed(SslError sslError) {
-        // TODO: We should key on just the host. See http://b/5409251.
-        String errorString = sslErrorToString(sslError);
-        return errorString == null ? false : table.getBoolean(errorString);
-    }
-
-    public void clear() {
-        table.clear();
-    }
-
-    private static String sslErrorToString(SslError error) {
         String host;
         try {
-            host = new URL(error.getUrl()).getHost();
+            host = new URL(sslError.getUrl()).getHost();
         } catch(MalformedURLException e) {
-            return null;
+            return false;
         }
-        return "primary error: " + error.getPrimaryError() +
-                " certificate: " + error.getCertificate() +
-                " on host: " + host;
+        return table.containsKey(host) && sslError.getPrimaryError() <= table.getInt(host);
+    }
+
+    public void clear() {
+        table.clear();
     }
 }
author	Steve Block <steveblock@google.com>	2011-10-04 17:00:58 +0100
committer	Steve Block <steveblock@google.com>	2011-10-05 18:01:54 +0100
commit	f219f23aec8ef65cca70cd038cb9b77212cf9435 (patch)
tree	94cf0aaddd702448616eb9ffa6b575bbb81177ac
parent	4198627a284a9dbdd7a16f98c4fbcf5032c6020f (diff)