Chromium Code Reviews
chromiumcodereview-hr@appspot.gserviceaccount.com (chromiumcodereview-hr) | Please choose your nickname with Settings | Help | Chromium Project | Gerrit Changes | Sign out
(252)

Side by Side Diff: chrome/browser/ssl/chrome_ssl_host_state_decisions.h

Issue 369703002: Remember user decisions on invalid certificates behind a flag (Closed) Base URL: svn://svn.chromium.org/chrome/trunk/src
Patch Set: Updated with experimental groups Created 6 years, 4 months ago
Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.
Jump to:
View unified diff | Download patch | Annotate | Revision Log
OLDNEW
(Empty)
1 // Copyright (c) 2014 The Chromium Authors. All rights reserved.
2 // Use of this source code is governed by a BSD-style license that can be
3 // found in the LICENSE file.
4
5 #ifndef CHROME_BROWSER_SSL_CHROME_SSL_HOST_STATE_DECISIONS_H_
6 #define CHROME_BROWSER_SSL_CHROME_SSL_HOST_STATE_DECISIONS_H_
7
8 #include "base/scoped_ptr.h"
9 #include "base/time/clock.h"
Ryan Sleevi 2014/07/31 00:31:28 Can forward declare clock if you move line 56 to t
jww 2014/07/31 05:57:00 Done.
10 #include "base/time/time.h"
11 #include "content/public/browser/ssl_host_state_decisions.h"
12
13 class GURL;
14 class Profile;
15
16 namespace base {
17
18 class DictionaryValue;
19
Ryan Sleevi 2014/07/31 00:31:28 can nuke the newlines on 17/19
jww 2014/07/31 05:57:00 Done.
20 } // namespace base
21
22 // Implementation of the tracking of user decisions on SSL errors for sites.
23 // Tracks if the user has allowed, denied, or not seen an exception for the
24 // specified site, SSL fingerprint, and error. If the user makes a decision,
25 // stores the decision until either the session ends or for a length of time
26 // (across session restarts), based on command line flags.
27 //
28 // The various methods take GURLs as arguments but the path will be ignored for
29 // all GURL arguments. SSL certificate decisions are on a per scheme/host/port
30 // basis.
31 class ChromeSSLHostStateDecisions : public content::SSLHostStateDecisions {
32 public:
33 explicit ChromeSSLHostStateDecisions(Profile* profile);
34 virtual ~ChromeSSLHostStateDecisions();
35
36 // SSLHostStateDecisions:
37 virtual void DenyCert(const GURL& url,
38 net::X509Certificate* cert,
39 net::CertStatus error) OVERRIDE;
40 virtual void AllowCert(const GURL& url,
41 net::X509Certificate* cert,
42 net::CertStatus error) OVERRIDE;
43 virtual void Clear() OVERRIDE;
44 virtual net::CertPolicy::Judgment QueryPolicy(const GURL& url,
45 net::X509Certificate* cert,
46 net::CertStatus error) OVERRIDE;
47 virtual void RevokeAllowAndDenyPreferences(const GURL& url) OVERRIDE;
48 virtual bool HasAllowedOrDeniedCert(const GURL& url) OVERRIDE;
49
50 // Called on the UI thread when the profile is about to be destroyed.
51 void ShutdownOnUIThread() {}
52
53 protected:
54 // SetClock takes ownership of the passed in clock.
55 void SetClock(scoped_ptr<base::Clock> clock) {
56 clock_.reset(clock.release());
57 }
58
59 private:
60 FRIEND_TEST_ALL_PREFIXES(ForgetInstantlySSLHostStateDecisionsTest,
61 MakeAndForgetException);
62 FRIEND_TEST_ALL_PREFIXES(RememberSSLHostStateDecisionsTest, AfterRestart);
Ryan Sleevi 2014/07/31 00:31:28 IWYU: #include "base/gtest_prod_util.h"
jww 2014/07/31 05:57:00 Done.
63
64 // Used to specify whether new content setting entries should be created if
65 // they don't already exist when querying the user's settings.
66 enum CreateDictionaryEntriesDisposition {
67 CreateDictionaryEntries,
68 DoNotCreateDictionaryEntries
69 };
70
71 // Specifies whether user SSL error decisions should be forgetten at the end
72 // of this current session (the old style of remembering decisions), or
73 // whether they should be remembered across session restarts for a specified
74 // length of time, deteremined by
75 // |default_ssl_cert_decision_expiration_delta_|.
76 enum RememberSSLExceptionDecisionsDisposition {
77 ForgetSSLExceptionDecisionsAtSessionEnd,
78 RememberSSLExceptionDecisionsForDelta
79 };
80
81 // Modify the user's content settings to specify a judgement made for a
82 // specific site and certificate, where |url| is the site in question, |cert|
83 // is the certificate with an error, |error| is the error in the certificate,
84 // and |judgement| is the user decision to be recorded.
85 void ChangeCertPolicy(const GURL& url,
86 net::X509Certificate* cert,
87 net::CertStatus error,
88 net::CertPolicy::Judgment judgment);
89
90 // Query the content settings to retrieve a dictionary of certificate
91 // fingerprints and errors of certificates to user decisions, as set by
92 // ChangeCertPolicy. Returns NULL on a failure.
93 //
94 // |dict| specifies the user's full exceptions dictionary for a specific site
95 // in their content settings. Must be retrieved directly from a website
96 // setting in the the profile's HostContentSettingsMap.
97 //
98 // If |create_entries| specifies CreateDictionaryEntries, then
99 // GetValidCertDecisionsDict will create a new set of entries within the
100 // dictionary if they do not already exist. Otherwise will fail and return if
101 // NULL if they do not exist.
102 base::DictionaryValue* GetValidCertDecisionsDict(
103 base::DictionaryValue* dict,
104 CreateDictionaryEntriesDisposition create_entries);
105
106 scoped_ptr<base::Clock> clock_;
107 RememberSSLExceptionDecisionsDisposition should_remember_ssl_decisions_;
108 base::TimeDelta default_ssl_cert_decision_expiration_delta_;
109 Profile* profile_;
110
111 DISALLOW_COPY_AND_ASSIGN(ChromeSSLHostStateDecisions);
112 };
113
114 #endif // CHROME_BROWSER_SSL_CHROME_SSL_HOST_STATE_DECISIONS_H_
OLDNEW

Powered by Google App Engine
This is Rietveld 408576698