OLD | NEW |
---|---|
(Empty) | |
1 // Copyright (c) 2014 The Chromium Authors. All rights reserved. | |
2 // Use of this source code is governed by a BSD-style license that can be | |
3 // found in the LICENSE file. | |
4 | |
5 #ifndef CHROME_BROWSER_SSL_CHROME_SSL_HOST_STATE_DECISIONS_H_ | |
6 #define CHROME_BROWSER_SSL_CHROME_SSL_HOST_STATE_DECISIONS_H_ | |
7 | |
8 #include "base/scoped_ptr.h" | |
9 #include "base/time/clock.h" | |
10 #include "base/time/time.h" | |
11 #include "content/public/browser/ssl_host_state_decisions.h" | |
12 | |
13 class GURL; | |
14 class Profile; | |
15 | |
16 namespace base { | |
17 | |
18 class DictionaryValue; | |
19 | |
20 } // namespace base | |
21 | |
22 // Implementation of the tracking of user decisions on SSL errors for sites. | |
23 // Tracks in the user has allowed, denied, or not seen an exception for the | |
Ryan Sleevi
2014/07/17 23:19:35
typo, s/in/if/
jww
2014/07/21 23:39:33
Done.
| |
24 // specified cite, SSL fingerprint, and error. If the user makes a decision, | |
Ryan Sleevi
2014/07/17 23:19:36
typo, s/cite/site/
jww
2014/07/21 23:39:33
Done.
| |
25 // stores the decision until either the session ends or for a length of time | |
26 // (across session restarts), based on Chrome flags. | |
Ryan Sleevi
2014/07/17 23:19:35
s/Chrome/command line/ ?
Or perhaps
s/Chrome/prefe
jww
2014/07/21 23:39:33
Done.
| |
27 class ChromeSSLHostStateDecisions : public content::SSLHostStateDecisions { | |
Ryan Sleevi
2014/07/17 23:19:35
Does this belong in namespace chrome? Do we do tha
jww
2014/07/21 23:39:33
It appears there's a variety of different ways its
| |
28 public: | |
29 explicit ChromeSSLHostStateDecisions(Profile* profile); | |
30 virtual ~ChromeSSLHostStateDecisions(); | |
31 | |
32 // SSLHostStateDecisions: | |
33 virtual void DenyCert(const GURL& url, | |
34 net::X509Certificate* cert, | |
35 net::CertStatus error) OVERRIDE; | |
36 virtual void AllowCert(const GURL& url, | |
37 net::X509Certificate* cert, | |
38 net::CertStatus error) OVERRIDE; | |
39 virtual void Clear() OVERRIDE; | |
40 virtual net::CertPolicy::Judgment QueryPolicy(const GURL& url, | |
41 net::X509Certificate* cert, | |
42 net::CertStatus error) OVERRIDE; | |
43 virtual void RevokeAllowAndDenyPreferences(const GURL& url) OVERRIDE; | |
44 virtual bool HasAllowedOrDeniedCert(const GURL& url) OVERRIDE; | |
45 | |
46 // Called on the UI thread when the profile is about to be destroyed. | |
47 void ShutdownOnUIThread() {} | |
48 | |
49 protected: | |
50 // SetClock takes ownership of the passed in clock. | |
51 void SetClock(scoped_ptr<base::Clock> clock) { | |
52 clock_.reset(clock.release()); | |
53 } | |
54 | |
55 private: | |
56 friend class ForgetInstantlySSLHostStateDecisionsTest; | |
57 friend class RememberSSLHostStateDecisionsTest; | |
Ryan Sleevi
2014/07/17 23:19:35
Prefer one or the other. Feels weird to friend the
jww
2014/07/21 23:39:33
Whoops, my misunderstanding (I thought both were n
| |
58 FRIEND_TEST_ALL_PREFIXES(ForgetInstantlySSLHostStateDecisionsTest, | |
59 MakeAndForgetException); | |
60 FRIEND_TEST_ALL_PREFIXES(RememberSSLHostStateDecisionsTest, AfterRestart); | |
61 | |
62 // Used to specify whether new content setting entries should be created if | |
63 // they don't already exist when querying the user's settings. | |
64 enum CreateDictionaryEntriesDisposition { | |
65 CreateDictionaryEntries, | |
66 DoNotCreateDictionaryEntries | |
67 }; | |
68 // Specifies whether user SSL error decisions should be forgetten at the end | |
Ryan Sleevi
2014/07/17 23:19:35
linebreak
jww
2014/07/21 23:39:33
Done.
| |
69 // of this current session (the "old style" of remembering decisions), or | |
Ryan Sleevi
2014/07/17 23:19:36
s/"old style"/"old" style
Or just drop the quotes
jww
2014/07/21 23:39:33
Done.
| |
70 // whether they should be remembered across session restarts for a specified | |
71 // length of time, deteremined by default_ssl_cert_decision_expiration_delta_. | |
Ryan Sleevi
2014/07/17 23:19:36
add |foo_| around the variable.
jww
2014/07/21 23:39:33
Done.
| |
72 enum RememberSSLExceptionDecisionsDisposition { | |
73 ForgetSSLExceptionDecisionsAtSessionEnd, | |
74 RememberSSLExceptionDecisionsForDelta | |
75 }; | |
76 | |
77 // Modify the user's content settings to specify a judgement made for a | |
78 // specific site and certificate, where |url| is the site in question, |cert| | |
79 // is the certificate with an error, |error| is the error in the certificate, | |
80 // and |judgement| is the user decision to be recorded. | |
81 void ChangeCertPolicy(const GURL& url, | |
82 net::X509Certificate* cert, | |
83 net::CertStatus error, | |
84 net::CertPolicy::Judgment judgment); | |
85 | |
86 // Query the content settings to retrieve a dictionary of certificate | |
87 // fingerprints and errors of certificates to user decisions, as set by | |
88 // ChangeCertPolicy. Returns NULL on a failure. | |
89 // | |
90 // |dict| specifies the user's full exceptions dictionary for a specific site | |
91 // in their content settings. Must be retrieved directly from a website | |
92 // setting in the the profile's HostContentSettingsMap. | |
93 // | |
94 // If |create_entries| specifies CreateDictionaryEntries, then | |
95 // GetValidCertDecisionsDict will create a new set of entries within the | |
96 // dictionary if they do not already exist. Otherwise will fail and return if | |
97 // NULL if they do not exist. | |
98 base::DictionaryValue* GetValidCertDecisionsDict( | |
99 base::DictionaryValue* dict, | |
100 CreateDictionaryEntriesDisposition create_entries); | |
101 | |
102 scoped_ptr<base::Clock> clock_; | |
103 RememberSSLExceptionDecisionsDisposition should_remember_ssl_decisions_; | |
104 base::TimeDelta default_ssl_cert_decision_expiration_delta_; | |
105 Profile* profile_; | |
106 | |
107 DISALLOW_COPY_AND_ASSIGN(ChromeSSLHostStateDecisions); | |
108 }; | |
109 | |
110 #endif // CHROME_BROWSER_SSL_CHROME_SSL_HOST_STATE_DECISIONS_H_ | |
OLD | NEW |