OLD | NEW |
(Empty) | |
| 1 // Copyright (c) 2014 The Chromium Authors. All rights reserved. |
| 2 // Use of this source code is governed by a BSD-style license that can be |
| 3 // found in the LICENSE file. |
| 4 |
| 5 #ifndef CHROME_BROWSER_SSL_CHROME_SSL_HOST_STATE_DELEGATE_H_ |
| 6 #define CHROME_BROWSER_SSL_CHROME_SSL_HOST_STATE_DELEGATE_H_ |
| 7 |
| 8 #include "base/gtest_prod_util.h" |
| 9 #include "base/memory/scoped_ptr.h" |
| 10 #include "base/time/time.h" |
| 11 #include "content/public/browser/ssl_host_state_delegate.h" |
| 12 |
| 13 class Profile; |
| 14 |
| 15 namespace base { |
| 16 class Clock; |
| 17 class DictionaryValue; |
| 18 } // namespace base |
| 19 |
| 20 // Implementation of the tracking of user decisions on SSL errors for sites. |
| 21 // Tracks if the user has allowed, denied, or not seen an exception for the |
| 22 // specified site, SSL fingerprint, and error. If the user makes a decision, |
| 23 // stores the decision until either the session ends or for a length of time |
| 24 // (across session restarts), based on command line flags. |
| 25 class ChromeSSLHostStateDelegate : public content::SSLHostStateDelegate { |
| 26 public: |
| 27 explicit ChromeSSLHostStateDelegate(Profile* profile); |
| 28 virtual ~ChromeSSLHostStateDelegate(); |
| 29 |
| 30 // SSLHostStateDelegate: |
| 31 virtual void DenyCert(const std::string& host, |
| 32 net::X509Certificate* cert, |
| 33 net::CertStatus error) OVERRIDE; |
| 34 virtual void AllowCert(const std::string& host, |
| 35 net::X509Certificate* cert, |
| 36 net::CertStatus error) OVERRIDE; |
| 37 virtual void Clear() OVERRIDE; |
| 38 virtual net::CertPolicy::Judgment QueryPolicy(const std::string& host, |
| 39 net::X509Certificate* cert, |
| 40 net::CertStatus error) OVERRIDE; |
| 41 virtual void RevokeAllowAndDenyPreferences(const std::string& host) OVERRIDE; |
| 42 virtual bool HasAllowedOrDeniedCert(const std::string& host) OVERRIDE; |
| 43 |
| 44 // Called on the UI thread when the profile is about to be destroyed. |
| 45 void ShutdownOnUIThread() {} |
| 46 |
| 47 protected: |
| 48 // SetClock takes ownership of the passed in clock. |
| 49 void SetClock(scoped_ptr<base::Clock> clock); |
| 50 |
| 51 private: |
| 52 FRIEND_TEST_ALL_PREFIXES(ForgetInstantlySSLHostStateDelegateTest, |
| 53 MakeAndForgetException); |
| 54 FRIEND_TEST_ALL_PREFIXES(RememberSSLHostStateDelegateTest, AfterRestart); |
| 55 |
| 56 // Used to specify whether new content setting entries should be created if |
| 57 // they don't already exist when querying the user's settings. |
| 58 enum CreateDictionaryEntriesDisposition { |
| 59 CreateDictionaryEntries, |
| 60 DoNotCreateDictionaryEntries |
| 61 }; |
| 62 |
| 63 // Specifies whether user SSL error decisions should be forgetten at the end |
| 64 // of this current session (the old style of remembering decisions), or |
| 65 // whether they should be remembered across session restarts for a specified |
| 66 // length of time, deteremined by |
| 67 // |default_ssl_cert_decision_expiration_delta_|. |
| 68 enum RememberSSLExceptionDecisionsDisposition { |
| 69 ForgetSSLExceptionDecisionsAtSessionEnd, |
| 70 RememberSSLExceptionDecisionsForDelta |
| 71 }; |
| 72 |
| 73 // Modify the user's content settings to specify a judgement made for a |
| 74 // specific site and certificate, where |url| is the site in question, |cert| |
| 75 // is the certificate with an error, |error| is the error in the certificate, |
| 76 // and |judgement| is the user decision to be recorded. |
| 77 void ChangeCertPolicy(const std::string& host, |
| 78 net::X509Certificate* cert, |
| 79 net::CertStatus error, |
| 80 net::CertPolicy::Judgment judgment); |
| 81 |
| 82 // Query the content settings to retrieve a dictionary of certificate |
| 83 // fingerprints and errors of certificates to user decisions, as set by |
| 84 // ChangeCertPolicy. Returns NULL on a failure. |
| 85 // |
| 86 // |dict| specifies the user's full exceptions dictionary for a specific site |
| 87 // in their content settings. Must be retrieved directly from a website |
| 88 // setting in the the profile's HostContentSettingsMap. |
| 89 // |
| 90 // If |create_entries| specifies CreateDictionaryEntries, then |
| 91 // GetValidCertDecisionsDict will create a new set of entries within the |
| 92 // dictionary if they do not already exist. Otherwise will fail and return if |
| 93 // NULL if they do not exist. |
| 94 base::DictionaryValue* GetValidCertDecisionsDict( |
| 95 base::DictionaryValue* dict, |
| 96 CreateDictionaryEntriesDisposition create_entries); |
| 97 |
| 98 scoped_ptr<base::Clock> clock_; |
| 99 RememberSSLExceptionDecisionsDisposition should_remember_ssl_decisions_; |
| 100 base::TimeDelta default_ssl_cert_decision_expiration_delta_; |
| 101 Profile* profile_; |
| 102 |
| 103 DISALLOW_COPY_AND_ASSIGN(ChromeSSLHostStateDelegate); |
| 104 }; |
| 105 |
| 106 #endif // CHROME_BROWSER_SSL_CHROME_SSL_HOST_STATE_DELEGATE_H_ |
OLD | NEW |