Forget SSL error exceptions when good certs seen for regular requests.

content/browser/ssl/ssl_policy.cc

 // Copyright (c) 2012 The Chromium Authors. All rights reserved.
 // Use of this source code is governed by a BSD-style license that can be
 // found in the LICENSE file.
 
 #include "content/browser/ssl/ssl_policy.h"
 
 #include "base/base_switches.h"
 #include "base/bind.h"
 #include "base/command_line.h"
 #include "base/memory/singleton.h"
+#include "base/metrics/histogram_macros.h"
 #include "base/strings/string_piece.h"
 #include "base/strings/string_util.h"
 #include "content/browser/frame_host/navigation_entry_impl.h"
 #include "content/browser/renderer_host/render_process_host_impl.h"
 #include "content/browser/renderer_host/render_view_host_impl.h"
 #include "content/browser/site_instance_impl.h"
 #include "content/browser/ssl/ssl_cert_error_handler.h"
 #include "content/browser/ssl/ssl_request_info.h"
 #include "content/browser/web_contents/web_contents_impl.h"
 #include "content/public/browser/content_browser_client.h"
 #include "content/public/common/resource_type.h"
 #include "content/public/common/ssl_status.h"
 #include "content/public/common/url_constants.h"
 #include "net/ssl/ssl_info.h"
 
 
 namespace content {
 
+namespace {
+
+// Events for UMA. Do not reorder or change!
+enum SSLGoodCertSeenEvent {
+  NO_PREVIOUS_EXCEPTION = 0,
+  HAD_PREVIOUS_EXCEPTION = 1,
+  END_OF_SSL_GOOD_CERT_SEEN_EVENT = 2
+};
+
+}
+
 SSLPolicy::SSLPolicy(SSLPolicyBackend* backend)
     : backend_(backend) {
   DCHECK(backend_);
 }
 
 void SSLPolicy::OnCertError(SSLCertErrorHandler* handler) {
   bool expired_previous_decision;
   // First we check if we know the policy for this error.
   DCHECK(handler->ssl_info().is_valid());
   SSLHostStateDelegate::CertJudgment judgment =
@@ skipping 64 matching lines @@
 
   backend_->HostRanInsecureContent(GURL(security_origin).host(),
                                    site_instance->GetProcess()->GetID());
 }
 
 void SSLPolicy::OnRequestStarted(SSLRequestInfo* info) {
   // TODO(abarth): This mechanism is wrong.  What we should be doing is sending
   // this information back through WebKit and out some FrameLoaderClient
   // methods.
 
-  if (net::IsCertStatusError(info->ssl_cert_status()))
+  if (net::IsCertStatusError(info->ssl_cert_status())) {
     backend_->HostRanInsecureContent(info->url().host(), info->child_id());
+  } else {
+    SSLGoodCertSeenEvent event = NO_PREVIOUS_EXCEPTION;
+    if (backend_->HasAllowException(info->url().host()))
+      event = HAD_PREVIOUS_EXCEPTION;
+    UMA_HISTOGRAM_ENUMERATION("interstitial.ssl.good_cert_seen", event,
+                              END_OF_SSL_GOOD_CERT_SEEN_EVENT);
+
+    // If there's no certificate error, a good certificate has been seen, so
+    // clear out any exceptions that were made by the user for bad certificates.
+    backend_->RevokeUserAllowExceptions(info->url().host());

[felt, 2015/04/17 19:58:03]

is there a specific reason why this needs to be done regardless of the
HasAllowException return value?

[jww, 2015/04/17 20:16:06]

Nope. Moved into the if block.

+  }
 }
 
 void SSLPolicy::UpdateEntry(NavigationEntryImpl* entry,
                             WebContentsImpl* web_contents) {
   DCHECK(entry);
 
   InitializeEntryIfNeeded(entry);
 
   if (!entry->GetURL().SchemeIsSecure())
     return;
@@ skipping 107 matching lines @@
       SECURITY_STYLE_AUTHENTICATED : SECURITY_STYLE_UNAUTHENTICATED;
 }
 
 void SSLPolicy::OriginRanInsecureContent(const std::string& origin, int pid) {
   GURL parsed_origin(origin);
   if (parsed_origin.SchemeIsSecure())
     backend_->HostRanInsecureContent(parsed_origin.host(), pid);
 }
 
 }  // namespace content