OLD | NEW |
---|---|
(Empty) | |
1 // Copyright (c) 2014 The Chromium Authors. All rights reserved. | |
2 // Use of this source code is governed by a BSD-style license that can be | |
3 // found in the LICENSE file. | |
4 | |
5 #ifndef CHROME_BROWSER_SSL_CHROME_SSL_HOST_STATE_DECISIONS_H_ | |
6 #define CHROME_BROWSER_SSL_CHROME_SSL_HOST_STATE_DECISIONS_H_ | |
7 | |
8 #include "base/scoped_ptr.h" | |
9 #include "base/time/clock.h" | |
Ryan Sleevi
2014/07/31 00:31:28
Can forward declare clock if you move line 56 to t
jww
2014/07/31 05:57:00
Done.
| |
10 #include "base/time/time.h" | |
11 #include "content/public/browser/ssl_host_state_decisions.h" | |
12 | |
13 class GURL; | |
14 class Profile; | |
15 | |
16 namespace base { | |
17 | |
18 class DictionaryValue; | |
19 | |
Ryan Sleevi
2014/07/31 00:31:28
can nuke the newlines on 17/19
jww
2014/07/31 05:57:00
Done.
| |
20 } // namespace base | |
21 | |
22 // Implementation of the tracking of user decisions on SSL errors for sites. | |
23 // Tracks if the user has allowed, denied, or not seen an exception for the | |
24 // specified site, SSL fingerprint, and error. If the user makes a decision, | |
25 // stores the decision until either the session ends or for a length of time | |
26 // (across session restarts), based on command line flags. | |
27 // | |
28 // The various methods take GURLs as arguments but the path will be ignored for | |
29 // all GURL arguments. SSL certificate decisions are on a per scheme/host/port | |
30 // basis. | |
31 class ChromeSSLHostStateDecisions : public content::SSLHostStateDecisions { | |
32 public: | |
33 explicit ChromeSSLHostStateDecisions(Profile* profile); | |
34 virtual ~ChromeSSLHostStateDecisions(); | |
35 | |
36 // SSLHostStateDecisions: | |
37 virtual void DenyCert(const GURL& url, | |
38 net::X509Certificate* cert, | |
39 net::CertStatus error) OVERRIDE; | |
40 virtual void AllowCert(const GURL& url, | |
41 net::X509Certificate* cert, | |
42 net::CertStatus error) OVERRIDE; | |
43 virtual void Clear() OVERRIDE; | |
44 virtual net::CertPolicy::Judgment QueryPolicy(const GURL& url, | |
45 net::X509Certificate* cert, | |
46 net::CertStatus error) OVERRIDE; | |
47 virtual void RevokeAllowAndDenyPreferences(const GURL& url) OVERRIDE; | |
48 virtual bool HasAllowedOrDeniedCert(const GURL& url) OVERRIDE; | |
49 | |
50 // Called on the UI thread when the profile is about to be destroyed. | |
51 void ShutdownOnUIThread() {} | |
52 | |
53 protected: | |
54 // SetClock takes ownership of the passed in clock. | |
55 void SetClock(scoped_ptr<base::Clock> clock) { | |
56 clock_.reset(clock.release()); | |
57 } | |
58 | |
59 private: | |
60 FRIEND_TEST_ALL_PREFIXES(ForgetInstantlySSLHostStateDecisionsTest, | |
61 MakeAndForgetException); | |
62 FRIEND_TEST_ALL_PREFIXES(RememberSSLHostStateDecisionsTest, AfterRestart); | |
Ryan Sleevi
2014/07/31 00:31:28
IWYU:
#include "base/gtest_prod_util.h"
jww
2014/07/31 05:57:00
Done.
| |
63 | |
64 // Used to specify whether new content setting entries should be created if | |
65 // they don't already exist when querying the user's settings. | |
66 enum CreateDictionaryEntriesDisposition { | |
67 CreateDictionaryEntries, | |
68 DoNotCreateDictionaryEntries | |
69 }; | |
70 | |
71 // Specifies whether user SSL error decisions should be forgetten at the end | |
72 // of this current session (the old style of remembering decisions), or | |
73 // whether they should be remembered across session restarts for a specified | |
74 // length of time, deteremined by | |
75 // |default_ssl_cert_decision_expiration_delta_|. | |
76 enum RememberSSLExceptionDecisionsDisposition { | |
77 ForgetSSLExceptionDecisionsAtSessionEnd, | |
78 RememberSSLExceptionDecisionsForDelta | |
79 }; | |
80 | |
81 // Modify the user's content settings to specify a judgement made for a | |
82 // specific site and certificate, where |url| is the site in question, |cert| | |
83 // is the certificate with an error, |error| is the error in the certificate, | |
84 // and |judgement| is the user decision to be recorded. | |
85 void ChangeCertPolicy(const GURL& url, | |
86 net::X509Certificate* cert, | |
87 net::CertStatus error, | |
88 net::CertPolicy::Judgment judgment); | |
89 | |
90 // Query the content settings to retrieve a dictionary of certificate | |
91 // fingerprints and errors of certificates to user decisions, as set by | |
92 // ChangeCertPolicy. Returns NULL on a failure. | |
93 // | |
94 // |dict| specifies the user's full exceptions dictionary for a specific site | |
95 // in their content settings. Must be retrieved directly from a website | |
96 // setting in the the profile's HostContentSettingsMap. | |
97 // | |
98 // If |create_entries| specifies CreateDictionaryEntries, then | |
99 // GetValidCertDecisionsDict will create a new set of entries within the | |
100 // dictionary if they do not already exist. Otherwise will fail and return if | |
101 // NULL if they do not exist. | |
102 base::DictionaryValue* GetValidCertDecisionsDict( | |
103 base::DictionaryValue* dict, | |
104 CreateDictionaryEntriesDisposition create_entries); | |
105 | |
106 scoped_ptr<base::Clock> clock_; | |
107 RememberSSLExceptionDecisionsDisposition should_remember_ssl_decisions_; | |
108 base::TimeDelta default_ssl_cert_decision_expiration_delta_; | |
109 Profile* profile_; | |
110 | |
111 DISALLOW_COPY_AND_ASSIGN(ChromeSSLHostStateDecisions); | |
112 }; | |
113 | |
114 #endif // CHROME_BROWSER_SSL_CHROME_SSL_HOST_STATE_DECISIONS_H_ | |
OLD | NEW |