Chromium Code Reviews
chromiumcodereview-hr@appspot.gserviceaccount.com (chromiumcodereview-hr) | Please choose your nickname with Settings | Help | Chromium Project | Gerrit Changes | Sign out
(320)

Side by Side Diff: chrome/browser/ssl/chrome_ssl_host_state_delegate.h

Issue 369703002: Remember user decisions on invalid certificates behind a flag (Closed) Base URL: svn://svn.chromium.org/chrome/trunk/src
Patch Set: Fixed broken include Created 6 years, 4 months ago
Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.
Jump to:
View unified diff | Download patch | Annotate | Revision Log
OLDNEW
(Empty)
1 // Copyright (c) 2014 The Chromium Authors. All rights reserved.
2 // Use of this source code is governed by a BSD-style license that can be
3 // found in the LICENSE file.
4
5 #ifndef CHROME_BROWSER_SSL_CHROME_SSL_HOST_STATE_DELEGATE_H_
6 #define CHROME_BROWSER_SSL_CHROME_SSL_HOST_STATE_DELEGATE_H_
7
8 #include "base/gtest_prod_util.h"
9 #include "base/memory/scoped_ptr.h"
10 #include "base/time/time.h"
11 #include "content/public/browser/ssl_host_state_delegate.h"
12
13 class Profile;
14
15 namespace base {
16 class Clock;
17 class DictionaryValue;
18 } // namespace base
19
20 // Implementation of the tracking of user decisions on SSL errors for sites.
21 // Tracks if the user has allowed, denied, or not seen an exception for the
22 // specified site, SSL fingerprint, and error. If the user makes a decision,
23 // stores the decision until either the session ends or for a length of time
24 // (across session restarts), based on command line flags.
25 class ChromeSSLHostStateDelegate : public content::SSLHostStateDelegate {
26 public:
27 explicit ChromeSSLHostStateDelegate(Profile* profile);
28 virtual ~ChromeSSLHostStateDelegate();
29
30 // SSLHostStateDelegate:
31 virtual void DenyCert(const std::string& host,
32 net::X509Certificate* cert,
33 net::CertStatus error) OVERRIDE;
34 virtual void AllowCert(const std::string& host,
35 net::X509Certificate* cert,
36 net::CertStatus error) OVERRIDE;
37 virtual void Clear() OVERRIDE;
38 virtual net::CertPolicy::Judgment QueryPolicy(const std::string& host,
39 net::X509Certificate* cert,
40 net::CertStatus error) OVERRIDE;
41 virtual void RevokeAllowAndDenyPreferences(const std::string& host) OVERRIDE;
42 virtual bool HasAllowedOrDeniedCert(const std::string& host) OVERRIDE;
43
44 // Called on the UI thread when the profile is about to be destroyed.
45 void ShutdownOnUIThread() {}
46
47 protected:
48 // SetClock takes ownership of the passed in clock.
49 void SetClock(scoped_ptr<base::Clock> clock);
50
51 private:
52 FRIEND_TEST_ALL_PREFIXES(ForgetInstantlySSLHostStateDelegateTest,
53 MakeAndForgetException);
54 FRIEND_TEST_ALL_PREFIXES(RememberSSLHostStateDelegateTest, AfterRestart);
55
56 // Used to specify whether new content setting entries should be created if
57 // they don't already exist when querying the user's settings.
58 enum CreateDictionaryEntriesDisposition {
59 CreateDictionaryEntries,
60 DoNotCreateDictionaryEntries
61 };
62
63 // Specifies whether user SSL error decisions should be forgetten at the end
64 // of this current session (the old style of remembering decisions), or
65 // whether they should be remembered across session restarts for a specified
66 // length of time, deteremined by
67 // |default_ssl_cert_decision_expiration_delta_|.
68 enum RememberSSLExceptionDecisionsDisposition {
69 ForgetSSLExceptionDecisionsAtSessionEnd,
70 RememberSSLExceptionDecisionsForDelta
71 };
72
73 // Modify the user's content settings to specify a judgement made for a
74 // specific site and certificate, where |url| is the site in question, |cert|
75 // is the certificate with an error, |error| is the error in the certificate,
76 // and |judgement| is the user decision to be recorded.
77 void ChangeCertPolicy(const std::string& host,
78 net::X509Certificate* cert,
79 net::CertStatus error,
80 net::CertPolicy::Judgment judgment);
81
82 // Query the content settings to retrieve a dictionary of certificate
83 // fingerprints and errors of certificates to user decisions, as set by
84 // ChangeCertPolicy. Returns NULL on a failure.
85 //
86 // |dict| specifies the user's full exceptions dictionary for a specific site
87 // in their content settings. Must be retrieved directly from a website
88 // setting in the the profile's HostContentSettingsMap.
89 //
90 // If |create_entries| specifies CreateDictionaryEntries, then
91 // GetValidCertDecisionsDict will create a new set of entries within the
92 // dictionary if they do not already exist. Otherwise will fail and return if
93 // NULL if they do not exist.
94 base::DictionaryValue* GetValidCertDecisionsDict(
95 base::DictionaryValue* dict,
96 CreateDictionaryEntriesDisposition create_entries);
97
98 scoped_ptr<base::Clock> clock_;
99 RememberSSLExceptionDecisionsDisposition should_remember_ssl_decisions_;
100 base::TimeDelta default_ssl_cert_decision_expiration_delta_;
101 Profile* profile_;
102
103 DISALLOW_COPY_AND_ASSIGN(ChromeSSLHostStateDelegate);
104 };
105
106 #endif // CHROME_BROWSER_SSL_CHROME_SSL_HOST_STATE_DELEGATE_H_
OLDNEW

Powered by Google App Engine
This is Rietveld 408576698