Remember that we've white listed a certificate when we switch to a new tab....

chrome/browser/ssl/ssl_manager.h

 // Copyright (c) 2006-2008 The Chromium Authors. All rights reserved.
 // Use of this source code is governed by a BSD-style license that can be
 // found in the LICENSE file.
 
-#ifndef CHROME_BROWSER_SSL_MANAGER_H_
-#define CHROME_BROWSER_SSL_MANAGER_H_
+#ifndef CHROME_BROWSER_SSL_SSL_MANAGER_H_
+#define CHROME_BROWSER_SSL_SSL_MANAGER_H_
 
 #include <string>
 #include <map>
+#include <vector>
 
 #include "base/basictypes.h"
 #include "base/observer_list.h"
 #include "base/ref_counted.h"
 #include "chrome/browser/renderer_host/resource_dispatcher_host.h"
 #include "chrome/browser/tab_contents/provisional_load_details.h"
 #include "chrome/browser/tab_contents/security_style.h"
 #include "chrome/common/notification_observer.h"
 #include "chrome/common/notification_registrar.h"
 #include "googleurl/src/gurl.h"
 #include "net/base/net_errors.h"
 #include "net/base/ssl_info.h"
 #include "net/base/x509_certificate.h"
 #include "webkit/glue/console_message_level.h"
 #include "webkit/glue/resource_type.h"
 
 class AutomationProvider;
 class NavigationEntry;
 class LoadFromMemoryCacheDetails;
 class LoadNotificationDetails;
 class NavigationController;
 class PrefService;
 class ResourceRedirectDetails;
 class ResourceRequestDetails;
 class SSLErrorInfo;
+class SSLHostState;
 class Task;
 class URLRequest;
 class WebContents;
 
 // The SSLManager SSLManager controls the SSL UI elements in a TabContents.  It
 // listens for various events that influence when these elements should or
 // should not be displayed and adjusts them accordingly.
 //
 // There is one SSLManager per tab.
 // The security state (secure/insecure) is stored in the navigation entry.
@@ skipping 19 matching lines @@
     // Find the appropriate SSLManager for the URLRequest and begin handling
     // this error.
     //
     // Call on UI thread.
     void Dispatch();
 
     // Available on either thread.
     const GURL& request_url() const { return request_url_; }
 
     // Call on the UI thread.
-    SSLManager* manager() const { return manager_; };
+    SSLManager* manager() const { return manager_; }
 
     // Returns the WebContents this object is associated with.  Should be
     // called from the UI thread.
     WebContents* GetWebContents();
 
     // Cancels the associated URLRequest.
     // This method can be called from OnDispatchFailed and OnDispatched.
     void CancelRequest();
 
     // Continue the URLRequest ignoring any previous errors.  Note that some
@@ skipping 70 matching lines @@
 
     // We use these members to find the correct SSLManager when we arrive on
     // the UI thread.
     int render_process_host_id_;
     int tab_contents_id_;
 
     // This read-only member can be accessed on any thread.
     const GURL request_url_;  // The URL that we requested.
 
     // Should only be accessed on the IO thread
-    bool request_has_been_notified_; // A flag to make sure we notify the
-                                     // URLRequest exactly once.
+    bool request_has_been_notified_;  // A flag to make sure we notify the
+                                      // URLRequest exactly once.
 
     DISALLOW_EVIL_CONSTRUCTORS(ErrorHandler);
   };
 
   // A CertError represents an error that occurred with the certificate in an
   // SSL session.  A CertError object exists both on the IO thread and on the UI
   // thread and allows us to cancel/continue a request it is associated with.
   class CertError : public ErrorHandler {
    public:
     // These accessors are available on either thread
@@ skipping 14 matching lines @@
               int cert_error,
               net::X509Certificate* cert,
               MessageLoop* ui_loop);
 
     // ErrorHandler methods
     virtual void OnDispatchFailed() { CancelRequest(); }
     virtual void OnDispatched() { manager_->OnCertError(this); }
 
     // These read-only members can be accessed on any thread.
     net::SSLInfo ssl_info_;
-    const int cert_error_; // The error we represent.
+    const int cert_error_;  // The error we represent.
 
     // What kind of resource is associated with the requested that generated
     // that error.
     ResourceType::Type resource_type_;
 
     DISALLOW_EVIL_CONSTRUCTORS(CertError);
   };
 
   // The MixedContentHandler class is used to query what to do with
   // mixed content, from the IO thread to the UI thread.
@@ skipping 118 matching lines @@
   // Called on the IO thread.
   static void OnSSLCertificateError(ResourceDispatcherHost* resource_dispatcher,
                                     URLRequest* request,
                                     int cert_error,
                                     net::X509Certificate* cert,
                                     MessageLoop* ui_loop);
 
   // Called when a mixed-content sub-resource request has been detected.  The
   // request is not started yet.  The SSLManager will make a decision on whether
   // to filter that request's content (with the filter_policy flag).
-  // TODO (jcampan): Implement a way to just cancel the request.  This is not
+  // TODO(jcampan): Implement a way to just cancel the request.  This is not
   // straight-forward as canceling a request that has not been started will
   // not remove from the pending_requests_ of the ResourceDispatcherHost.
   // Called on the IO thread.
   static void OnMixedContentRequest(ResourceDispatcherHost* resource_dispatcher,
                                     URLRequest* request,
                                     MessageLoop* ui_loop);
 
   // Called by CertError::Dispatch to kick off processing of the cert error by
   // the SSL manager.  The error originated from the ResourceDispatcherHost.
   //
@@ skipping 40 matching lines @@
   // "Verified by <issuer_organization_name>"
   static bool GetEVCertNames(const net::X509Certificate& cert,
                              std::wstring* short_name,
                              std::wstring* ca_name);
 
  private:
   // SSLMessageInfo contains the information necessary for displaying a message
   // in an info-bar.
   struct SSLMessageInfo {
    public:
-     explicit SSLMessageInfo(const std::wstring& text)
-        : message(text),
-          action(NULL) { }
-     SSLMessageInfo(const std::wstring& message,
-                    const std::wstring& link_text,
-                    Task* action)
-        : message(message), link_text(link_text), action(action) { }
+    explicit SSLMessageInfo(const std::wstring& text)
+      : message(text),

[wtc, 2009/02/12 21:41:46]

Nit: this colon should be indented 4 spaces.  See
http://google-styleguide.googlecode.com/svn/trunk/cppguide.xml#Initializer_Lists

+        action(NULL) { }
+    SSLMessageInfo(const std::wstring& message,
+                   const std::wstring& link_text,
+                   Task* action)
+      : message(message), link_text(link_text), action(action) { }
 
-     // Overridden so that std::find works.
-     bool operator==(const std::wstring& other_message) const {
-       // We are uniquing SSLMessageInfo by their message only.
-       return message == other_message;
-     }
+    // Overridden so that std::find works.
+    bool operator==(const std::wstring& other_message) const {
+      // We are uniquing SSLMessageInfo by their message only.
+      return message == other_message;
+    }
 
-     std::wstring message;
-     std::wstring link_text;
-     Task* action;
-   };
+    std::wstring message;
+    std::wstring link_text;
+    Task* action;
+  };
 
   // Entry points for notifications to which we subscribe. Note that
   // DidCommitProvisionalLoad uses the abstract NotificationDetails type since
   // the type we need is in NavigationController which would create a circular
   // header file dependency.
   void DidLoadFromMemoryCache(LoadFromMemoryCacheDetails* details);
   void DidCommitProvisionalLoad(const NotificationDetails& details);
   void DidFailProvisionalLoadWithError(ProvisionalLoadDetails* details);
   void DidStartResourceResponse(ResourceRequestDetails* details);
   void DidReceiveResourceRedirect(ResourceRedirectDetails* details);
@@ skipping 11 matching lines @@
   // Must not be NULL.
   Delegate* delegate_;
 
   // The NavigationController that owns this SSLManager.  We are responsible
   // for the security UI of this tab.
   NavigationController* controller_;
 
   // Handles registering notifications with the NotificationService.
   NotificationRegistrar registrar_;
 
-  // Certificate policies for each host.
-  std::map<std::string, net::X509Certificate::Policy> cert_policy_for_host_;
-
-  // Domains for which it is OK to show insecure content.
-  std::set<std::string> can_show_insecure_content_for_host_;
+  // SSL state specific for each host.
+  SSLHostState* ssl_host_state_;
 
   // The list of messages that should be displayed (in info bars) when the page
   // currently loading had loaded.
   std::vector<SSLMessageInfo> pending_messages_;
 
   DISALLOW_COPY_AND_ASSIGN(SSLManager);
 };
 
-#endif // CHROME_BROWSER_SSL_MANAGER_H_
-
+#endif  // CHROME_BROWSER_SSL_SSL_MANAGER_H_