blob: 83c7f196b92b164623a0c120ec39040929507105 [file] [log] [blame]
// Copyright 2016 Google Inc. All Rights Reserved.
//
// Licensed under the Apache License, Version 2.0 (the "License");
// you may not use this file except in compliance with the License.
// You may obtain a copy of the License at
//
// http://www.apache.org/licenses/LICENSE-2.0
//
// Unless required by applicable law or agreed to in writing, software
// distributed under the License is distributed on an "AS IS" BASIS,
// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
// See the License for the specific language governing permissions and
// limitations under the License.
#include "cobalt/dom/csp_delegate_factory.h"
#include "base/lazy_instance.h"
#include "base/logging.h"
#include "base/threading/thread_local.h"
#include "cobalt/dom/csp_delegate.h"
namespace cobalt {
namespace dom {
namespace {
#if !defined(COBALT_FORCE_CSP)
// 32-bit random number.
// Not exactly cryptographically secure, but hopefully enough to stop us
// mistakenly allowing insecure access.
const int kInsecureAllowedToken = 0x5b38b65b;
// static
bool InsecureAllowed(int token) {
if (token == kInsecureAllowedToken) {
return true;
} else {
LOG(FATAL) << "Not permitted to create insecure CSP delegates. "
"To allow this, get a token from a call to "
"GetInsecureAllowedToken and pass as the last argument to "
"the CspDelegateFactory::Create function.";
return false;
}
}
CspDelegate* CreateInsecureDelegate(
scoped_ptr<CspViolationReporter> /*violation_reporter*/,
const GURL& /*url*/, csp::CSPHeaderPolicy /*requre_csp*/,
const base::Closure& /*policy_changed_callback*/,
int insecure_allowed_token) {
if (InsecureAllowed(insecure_allowed_token)) {
return new CspDelegateInsecure();
} else {
return NULL;
}
}
#endif // !defined(COBALT_FORCE_CSP)
CspDelegate* CreateSecureDelegate(
scoped_ptr<CspViolationReporter> violation_reporter, const GURL& url,
csp::CSPHeaderPolicy require_csp,
const base::Closure& policy_changed_callback,
int /*insecure_allowed_token*/) {
return new CspDelegateSecure(violation_reporter.Pass(), url, require_csp,
policy_changed_callback);
}
} // namespace
#if !defined(COBALT_FORCE_CSP)
int CspDelegateFactory::GetInsecureAllowedToken() {
return kInsecureAllowedToken;
}
#endif // !defined(COBALT_FORCE_CSP)
CspDelegateFactory* CspDelegateFactory::GetInstance() {
return Singleton<CspDelegateFactory>::get();
}
CspDelegateFactory::CspDelegateFactory() {
method_[kCspEnforcementEnable] = CreateSecureDelegate;
#if !defined(COBALT_FORCE_CSP)
method_[kCspEnforcementDisable] = CreateInsecureDelegate;
#endif // !defined(COBALT_FORCE_CSP)
}
scoped_ptr<CspDelegate> CspDelegateFactory::Create(
CspEnforcementType type,
scoped_ptr<CspViolationReporter> violation_reporter, const GURL& url,
csp::CSPHeaderPolicy require_csp,
const base::Closure& policy_changed_callback, int insecure_allowed_token) {
scoped_ptr<CspDelegate> delegate(
method_[type](violation_reporter.Pass(), url, require_csp,
policy_changed_callback, insecure_allowed_token));
return delegate.Pass();
}
#if !defined(COBALT_FORCE_CSP)
// For use by tests.
void CspDelegateFactory::OverrideCreator(CspEnforcementType type,
CspDelegateCreator creator) {
DCHECK_LT(type, kCspEnforcementCount);
method_[type] = creator;
}
#endif // !defined(COBALT_FORCE_CSP)
} // namespace dom
} // namespace cobalt