Remember user decisions on invalid certificates behind a flag

chrome/browser/ssl/chrome_ssl_host_state_decisions.h

Index: chrome/browser/ssl/chrome_ssl_host_state_decisions.h
diff --git a/chrome/browser/ssl/chrome_ssl_host_state_decisions.h b/chrome/browser/ssl/chrome_ssl_host_state_decisions.h
new file mode 100644
index 0000000000000000000000000000000000000000..16cc681ed69246b8a1fd7846b378c5cfd4d4619a
--- /dev/null
+++ b/chrome/browser/ssl/chrome_ssl_host_state_decisions.h
@@ -0,0 +1,73 @@
+// Copyright (c) 2014 The Chromium Authors. All rights reserved.
+// Use of this source code is governed by a BSD-style license that can be
+// found in the LICENSE file.
+
+#ifndef CHROME_BROWSER_SSL_CHROME_SSL_HOST_STATE_DECISIONS_H_
+#define CHROME_BROWSER_SSL_CHROME_SSL_HOST_STATE_DECISIONS_H_
+
+#include "base/time/clock.h"
+#include "content/public/browser/ssl_host_state_decisions.h"
+
+class GURL;
+class Profile;
+
+namespace base {
+
+class DictionaryValue;
+
+}  //  namespace base
+
+class ChromeSSLHostStateDecisions : public content::SSLHostStateDecisions {

[Ryan Sleevi, 2014/07/08 23:53:28]

Document

[jww, 2014/07/11 00:08:41]

Done.

+ public:
+  explicit ChromeSSLHostStateDecisions(Profile* profile);
+
+  // SSLHostStateDecisions:
+  virtual void DenyCert(const GURL& url,
+                        net::X509Certificate* cert,
+                        net::CertStatus error) OVERRIDE;
+  virtual void AllowCert(const GURL& url,
+                         net::X509Certificate* cert,
+                         net::CertStatus error) OVERRIDE;
+  virtual void Clear() OVERRIDE;
+  virtual net::CertPolicy::Judgment QueryPolicy(const GURL& url,
+                                                net::X509Certificate* cert,
+                                                net::CertStatus error) OVERRIDE;
+  virtual void RevokeAllowAndDenyPreferences(const GURL& url) OVERRIDE;
+  virtual bool HasAllowedOrDeniedCert(const GURL& url) OVERRIDE;
+
+  // Called on the UI thread when the profile is about to be destroyed.
+  void ShutdownOnUIThread() {}
+
+ protected:
+  virtual ~ChromeSSLHostStateDecisions();
+
+  // SetClock takes ownership of the passed in clock.
+  void SetClock(scoped_ptr<base::Clock> clock) {

[Ryan Sleevi, 2014/07/08 23:53:29]

IWYU: You need to include the base::Clock header
IWYU: You need to include base/memory/scoped_ptr.h

[jww, 2014/07/11 00:08:41]

Done.

+    clock_.reset(clock.release());
+  }
+
+ private:
+  enum CreateDictionaryEntriesDisposition {
+    CreateDictionaryEntries,
+    DoNotCreateDictionaryEntries

[Ryan Sleevi, 2014/07/08 23:53:29]

Document

[jww, 2014/07/11 00:08:41]

Done.

+  };
+
+  void ChangeCertPolicy(const GURL& url,
+                        net::X509Certificate* cert,
+                        net::CertStatus error,
+                        net::CertPolicy::Judgment judgment);

[Ryan Sleevi, 2014/07/08 23:53:29]

Document

[jww, 2014/07/11 00:08:41]

Done.

+  base::DictionaryValue* GetValidCertDecisionsDict(
+      base::DictionaryValue* dict,
+      CreateDictionaryEntriesDisposition create_entries);

[Ryan Sleevi, 2014/07/08 23:53:29]

Document

[jww, 2014/07/11 00:08:41]

Done.

+
+  scoped_ptr<base::Clock> clock_;
+  const base::TimeDelta defaultSSLCertDecisionExpirationDelta_;

[Ryan Sleevi, 2014/07/08 23:53:29]

IWYU: base/time.h

[jww, 2014/07/11 00:08:41]

Done.

+  Profile* profile_;
+
+  friend class RememberSSLHostStateDecisionsTest;

[Ryan Sleevi, 2014/07/08 23:53:29]

As in life, it's good to put our friends first. (This is a common Chromium
idiom, at least)

It serves as a reminder that everything that follows the "private" will be a
dirty rotten lie in some cases (hopefully only tests) :)

[jww, 2014/07/11 00:08:41]

Done.

+  FRIEND_TEST_ALL_PREFIXES(RememberSSLHostStateDecisionsTest, AfterRestart);
+
+  DISALLOW_COPY_AND_ASSIGN(ChromeSSLHostStateDecisions);
+};
+
+#endif  // CHROME_BROWSER_SSL_CHROME_SSL_HOST_STATE_DECISIONS_H_