Index: chrome/browser/ssl/chrome_ssl_host_state_decisions.h |
diff --git a/chrome/browser/ssl/chrome_ssl_host_state_decisions.h b/chrome/browser/ssl/chrome_ssl_host_state_decisions.h |
new file mode 100644 |
index 0000000000000000000000000000000000000000..db85a69c034af96a6276faac8cc1481244b8b72d |
--- /dev/null |
+++ b/chrome/browser/ssl/chrome_ssl_host_state_decisions.h |
@@ -0,0 +1,114 @@ |
+// Copyright (c) 2014 The Chromium Authors. All rights reserved. |
+// Use of this source code is governed by a BSD-style license that can be |
+// found in the LICENSE file. |
+ |
+#ifndef CHROME_BROWSER_SSL_CHROME_SSL_HOST_STATE_DECISIONS_H_ |
+#define CHROME_BROWSER_SSL_CHROME_SSL_HOST_STATE_DECISIONS_H_ |
+ |
+#include "base/scoped_ptr.h" |
+#include "base/time/clock.h" |
Ryan Sleevi
2014/07/31 00:31:28
Can forward declare clock if you move line 56 to t
jww
2014/07/31 05:57:00
Done.
|
+#include "base/time/time.h" |
+#include "content/public/browser/ssl_host_state_decisions.h" |
+ |
+class GURL; |
+class Profile; |
+ |
+namespace base { |
+ |
+class DictionaryValue; |
+ |
Ryan Sleevi
2014/07/31 00:31:28
can nuke the newlines on 17/19
jww
2014/07/31 05:57:00
Done.
|
+} // namespace base |
+ |
+// Implementation of the tracking of user decisions on SSL errors for sites. |
+// Tracks if the user has allowed, denied, or not seen an exception for the |
+// specified site, SSL fingerprint, and error. If the user makes a decision, |
+// stores the decision until either the session ends or for a length of time |
+// (across session restarts), based on command line flags. |
+// |
+// The various methods take GURLs as arguments but the path will be ignored for |
+// all GURL arguments. SSL certificate decisions are on a per scheme/host/port |
+// basis. |
+class ChromeSSLHostStateDecisions : public content::SSLHostStateDecisions { |
+ public: |
+ explicit ChromeSSLHostStateDecisions(Profile* profile); |
+ virtual ~ChromeSSLHostStateDecisions(); |
+ |
+ // SSLHostStateDecisions: |
+ virtual void DenyCert(const GURL& url, |
+ net::X509Certificate* cert, |
+ net::CertStatus error) OVERRIDE; |
+ virtual void AllowCert(const GURL& url, |
+ net::X509Certificate* cert, |
+ net::CertStatus error) OVERRIDE; |
+ virtual void Clear() OVERRIDE; |
+ virtual net::CertPolicy::Judgment QueryPolicy(const GURL& url, |
+ net::X509Certificate* cert, |
+ net::CertStatus error) OVERRIDE; |
+ virtual void RevokeAllowAndDenyPreferences(const GURL& url) OVERRIDE; |
+ virtual bool HasAllowedOrDeniedCert(const GURL& url) OVERRIDE; |
+ |
+ // Called on the UI thread when the profile is about to be destroyed. |
+ void ShutdownOnUIThread() {} |
+ |
+ protected: |
+ // SetClock takes ownership of the passed in clock. |
+ void SetClock(scoped_ptr<base::Clock> clock) { |
+ clock_.reset(clock.release()); |
+ } |
+ |
+ private: |
+ FRIEND_TEST_ALL_PREFIXES(ForgetInstantlySSLHostStateDecisionsTest, |
+ MakeAndForgetException); |
+ FRIEND_TEST_ALL_PREFIXES(RememberSSLHostStateDecisionsTest, AfterRestart); |
Ryan Sleevi
2014/07/31 00:31:28
IWYU:
#include "base/gtest_prod_util.h"
jww
2014/07/31 05:57:00
Done.
|
+ |
+ // Used to specify whether new content setting entries should be created if |
+ // they don't already exist when querying the user's settings. |
+ enum CreateDictionaryEntriesDisposition { |
+ CreateDictionaryEntries, |
+ DoNotCreateDictionaryEntries |
+ }; |
+ |
+ // Specifies whether user SSL error decisions should be forgetten at the end |
+ // of this current session (the old style of remembering decisions), or |
+ // whether they should be remembered across session restarts for a specified |
+ // length of time, deteremined by |
+ // |default_ssl_cert_decision_expiration_delta_|. |
+ enum RememberSSLExceptionDecisionsDisposition { |
+ ForgetSSLExceptionDecisionsAtSessionEnd, |
+ RememberSSLExceptionDecisionsForDelta |
+ }; |
+ |
+ // Modify the user's content settings to specify a judgement made for a |
+ // specific site and certificate, where |url| is the site in question, |cert| |
+ // is the certificate with an error, |error| is the error in the certificate, |
+ // and |judgement| is the user decision to be recorded. |
+ void ChangeCertPolicy(const GURL& url, |
+ net::X509Certificate* cert, |
+ net::CertStatus error, |
+ net::CertPolicy::Judgment judgment); |
+ |
+ // Query the content settings to retrieve a dictionary of certificate |
+ // fingerprints and errors of certificates to user decisions, as set by |
+ // ChangeCertPolicy. Returns NULL on a failure. |
+ // |
+ // |dict| specifies the user's full exceptions dictionary for a specific site |
+ // in their content settings. Must be retrieved directly from a website |
+ // setting in the the profile's HostContentSettingsMap. |
+ // |
+ // If |create_entries| specifies CreateDictionaryEntries, then |
+ // GetValidCertDecisionsDict will create a new set of entries within the |
+ // dictionary if they do not already exist. Otherwise will fail and return if |
+ // NULL if they do not exist. |
+ base::DictionaryValue* GetValidCertDecisionsDict( |
+ base::DictionaryValue* dict, |
+ CreateDictionaryEntriesDisposition create_entries); |
+ |
+ scoped_ptr<base::Clock> clock_; |
+ RememberSSLExceptionDecisionsDisposition should_remember_ssl_decisions_; |
+ base::TimeDelta default_ssl_cert_decision_expiration_delta_; |
+ Profile* profile_; |
+ |
+ DISALLOW_COPY_AND_ASSIGN(ChromeSSLHostStateDecisions); |
+}; |
+ |
+#endif // CHROME_BROWSER_SSL_CHROME_SSL_HOST_STATE_DECISIONS_H_ |