| OLD | NEW |
|---|
| (Empty) | |
| 1 // Copyright (c) 2014 The Chromium Authors. All rights reserved. |
| 2 // Use of this source code is governed by a BSD-style license that can be |
| 3 // found in the LICENSE file. |
| 4 |
| 5 #ifndef CHROME_BROWSER_SSL_CHROME_SSL_HOST_STATE_DECISIONS_H_ |
| 6 #define CHROME_BROWSER_SSL_CHROME_SSL_HOST_STATE_DECISIONS_H_ |
| 7 |
| 8 #include "base/gtest_prod_util.h" |
| 9 #include "base/scoped_ptr.h" |
| 10 #include "base/time/time.h" |
| 11 #include "content/public/browser/ssl_host_state_decisions.h" |
| 12 |
| 13 class GURL; |
| 14 class Profile; |
| 15 |
| 16 namespace base { |
| 17 class Clock; |
| 18 class DictionaryValue; |
| 19 } // namespace base |
| 20 |
| 21 // Implementation of the tracking of user decisions on SSL errors for sites. |
| 22 // Tracks if the user has allowed, denied, or not seen an exception for the |
| 23 // specified site, SSL fingerprint, and error. If the user makes a decision, |
| 24 // stores the decision until either the session ends or for a length of time |
| 25 // (across session restarts), based on command line flags. |
| 26 // |
| 27 // The various methods take GURLs as arguments but the path will be ignored for |
| 28 // all GURL arguments. SSL certificate decisions are on a per scheme/host/port |
| 29 // basis. |
| 30 class ChromeSSLHostStateDecisions : public content::SSLHostStateDecisions { |
| 31 public: |
| 32 explicit ChromeSSLHostStateDecisions(Profile* profile); |
| 33 virtual ~ChromeSSLHostStateDecisions(); |
| 34 |
| 35 // SSLHostStateDecisions: |
| 36 virtual void DenyCert(const GURL& url, |
| 37 net::X509Certificate* cert, |
| 38 net::CertStatus error) OVERRIDE; |
| 39 virtual void AllowCert(const GURL& url, |
| 40 net::X509Certificate* cert, |
| 41 net::CertStatus error) OVERRIDE; |
| 42 virtual void Clear() OVERRIDE; |
| 43 virtual net::CertPolicy::Judgment QueryPolicy(const GURL& url, |
| 44 net::X509Certificate* cert, |
| 45 net::CertStatus error) OVERRIDE; |
| 46 virtual void RevokeAllowAndDenyPreferences(const GURL& url) OVERRIDE; |
| 47 virtual bool HasAllowedOrDeniedCert(const GURL& url) OVERRIDE; |
| 48 |
| 49 // Called on the UI thread when the profile is about to be destroyed. |
| 50 void ShutdownOnUIThread() {} |
| 51 |
| 52 protected: |
| 53 // SetClock takes ownership of the passed in clock. |
| 54 void SetClock(scoped_ptr<base::Clock> clock); |
| 55 |
| 56 private: |
| 57 FRIEND_TEST_ALL_PREFIXES(ForgetInstantlySSLHostStateDecisionsTest, |
| 58 MakeAndForgetException); |
| 59 FRIEND_TEST_ALL_PREFIXES(RememberSSLHostStateDecisionsTest, AfterRestart); |
| 60 |
| 61 // Used to specify whether new content setting entries should be created if |
| 62 // they don't already exist when querying the user's settings. |
| 63 enum CreateDictionaryEntriesDisposition { |
| 64 CreateDictionaryEntries, |
| 65 DoNotCreateDictionaryEntries |
| 66 }; |
| 67 |
| 68 // Specifies whether user SSL error decisions should be forgetten at the end |
| 69 // of this current session (the old style of remembering decisions), or |
| 70 // whether they should be remembered across session restarts for a specified |
| 71 // length of time, deteremined by |
| 72 // |default_ssl_cert_decision_expiration_delta_|. |
| 73 enum RememberSSLExceptionDecisionsDisposition { |
| 74 ForgetSSLExceptionDecisionsAtSessionEnd, |
| 75 RememberSSLExceptionDecisionsForDelta |
| 76 }; |
| 77 |
| 78 // Modify the user's content settings to specify a judgement made for a |
| 79 // specific site and certificate, where |url| is the site in question, |cert| |
| 80 // is the certificate with an error, |error| is the error in the certificate, |
| 81 // and |judgement| is the user decision to be recorded. |
| 82 void ChangeCertPolicy(const GURL& url, |
| 83 net::X509Certificate* cert, |
| 84 net::CertStatus error, |
| 85 net::CertPolicy::Judgment judgment); |
| 86 |
| 87 // Query the content settings to retrieve a dictionary of certificate |
| 88 // fingerprints and errors of certificates to user decisions, as set by |
| 89 // ChangeCertPolicy. Returns NULL on a failure. |
| 90 // |
| 91 // |dict| specifies the user's full exceptions dictionary for a specific site |
| 92 // in their content settings. Must be retrieved directly from a website |
| 93 // setting in the the profile's HostContentSettingsMap. |
| 94 // |
| 95 // If |create_entries| specifies CreateDictionaryEntries, then |
| 96 // GetValidCertDecisionsDict will create a new set of entries within the |
| 97 // dictionary if they do not already exist. Otherwise will fail and return if |
| 98 // NULL if they do not exist. |
| 99 base::DictionaryValue* GetValidCertDecisionsDict( |
| 100 base::DictionaryValue* dict, |
| 101 CreateDictionaryEntriesDisposition create_entries); |
| 102 |
| 103 scoped_ptr<base::Clock> clock_; |
| 104 RememberSSLExceptionDecisionsDisposition should_remember_ssl_decisions_; |
| 105 base::TimeDelta default_ssl_cert_decision_expiration_delta_; |
| 106 Profile* profile_; |
| 107 |
| 108 DISALLOW_COPY_AND_ASSIGN(ChromeSSLHostStateDecisions); |
| 109 }; |
| 110 |
| 111 #endif // CHROME_BROWSER_SSL_CHROME_SSL_HOST_STATE_DECISIONS_H_ |
| OLD | NEW |
|---|
Chromium Code Reviews
Issue 369703002:
Remember user decisions on invalid certificates behind a flag (Closed)
Base URL: svn://svn.chromium.org/chrome/trunk/src