Chromium Code Reviews
chromiumcodereview-hr@appspot.gserviceaccount.com (chromiumcodereview-hr) | Please choose your nickname with Settings | Help | Chromium Project | Gerrit Changes | Sign out
(7831)

Unified Diff: chrome/browser/ssl/chrome_ssl_host_state_decisions.h

Issue 369703002: Remember user decisions on invalid certificates behind a flag (Closed) Base URL: svn://svn.chromium.org/chrome/trunk/src
Patch Set: Updated with experimental groups Created 6 years, 5 months ago
Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.
Jump to:
View side-by-side diff with in-line comments
Download patch
Index: chrome/browser/ssl/chrome_ssl_host_state_decisions.h
diff --git a/chrome/browser/ssl/chrome_ssl_host_state_decisions.h b/chrome/browser/ssl/chrome_ssl_host_state_decisions.h
new file mode 100644
index 0000000000000000000000000000000000000000..db85a69c034af96a6276faac8cc1481244b8b72d
--- /dev/null
+++ b/chrome/browser/ssl/chrome_ssl_host_state_decisions.h
@@ -0,0 +1,114 @@
+// Copyright (c) 2014 The Chromium Authors. All rights reserved.
+// Use of this source code is governed by a BSD-style license that can be
+// found in the LICENSE file.
+
+#ifndef CHROME_BROWSER_SSL_CHROME_SSL_HOST_STATE_DECISIONS_H_
+#define CHROME_BROWSER_SSL_CHROME_SSL_HOST_STATE_DECISIONS_H_
+
+#include "base/scoped_ptr.h"
+#include "base/time/clock.h"
Ryan Sleevi 2014/07/31 00:31:28 Can forward declare clock if you move line 56 to t
jww 2014/07/31 05:57:00 Done.
+#include "base/time/time.h"
+#include "content/public/browser/ssl_host_state_decisions.h"
+
+class GURL;
+class Profile;
+
+namespace base {
+
+class DictionaryValue;
+
Ryan Sleevi 2014/07/31 00:31:28 can nuke the newlines on 17/19
jww 2014/07/31 05:57:00 Done.
+} // namespace base
+
+// Implementation of the tracking of user decisions on SSL errors for sites.
+// Tracks if the user has allowed, denied, or not seen an exception for the
+// specified site, SSL fingerprint, and error. If the user makes a decision,
+// stores the decision until either the session ends or for a length of time
+// (across session restarts), based on command line flags.
+//
+// The various methods take GURLs as arguments but the path will be ignored for
+// all GURL arguments. SSL certificate decisions are on a per scheme/host/port
+// basis.
+class ChromeSSLHostStateDecisions : public content::SSLHostStateDecisions {
+ public:
+ explicit ChromeSSLHostStateDecisions(Profile* profile);
+ virtual ~ChromeSSLHostStateDecisions();
+
+ // SSLHostStateDecisions:
+ virtual void DenyCert(const GURL& url,
+ net::X509Certificate* cert,
+ net::CertStatus error) OVERRIDE;
+ virtual void AllowCert(const GURL& url,
+ net::X509Certificate* cert,
+ net::CertStatus error) OVERRIDE;
+ virtual void Clear() OVERRIDE;
+ virtual net::CertPolicy::Judgment QueryPolicy(const GURL& url,
+ net::X509Certificate* cert,
+ net::CertStatus error) OVERRIDE;
+ virtual void RevokeAllowAndDenyPreferences(const GURL& url) OVERRIDE;
+ virtual bool HasAllowedOrDeniedCert(const GURL& url) OVERRIDE;
+
+ // Called on the UI thread when the profile is about to be destroyed.
+ void ShutdownOnUIThread() {}
+
+ protected:
+ // SetClock takes ownership of the passed in clock.
+ void SetClock(scoped_ptr<base::Clock> clock) {
+ clock_.reset(clock.release());
+ }
+
+ private:
+ FRIEND_TEST_ALL_PREFIXES(ForgetInstantlySSLHostStateDecisionsTest,
+ MakeAndForgetException);
+ FRIEND_TEST_ALL_PREFIXES(RememberSSLHostStateDecisionsTest, AfterRestart);
Ryan Sleevi 2014/07/31 00:31:28 IWYU: #include "base/gtest_prod_util.h"
jww 2014/07/31 05:57:00 Done.
+
+ // Used to specify whether new content setting entries should be created if
+ // they don't already exist when querying the user's settings.
+ enum CreateDictionaryEntriesDisposition {
+ CreateDictionaryEntries,
+ DoNotCreateDictionaryEntries
+ };
+
+ // Specifies whether user SSL error decisions should be forgetten at the end
+ // of this current session (the old style of remembering decisions), or
+ // whether they should be remembered across session restarts for a specified
+ // length of time, deteremined by
+ // |default_ssl_cert_decision_expiration_delta_|.
+ enum RememberSSLExceptionDecisionsDisposition {
+ ForgetSSLExceptionDecisionsAtSessionEnd,
+ RememberSSLExceptionDecisionsForDelta
+ };
+
+ // Modify the user's content settings to specify a judgement made for a
+ // specific site and certificate, where |url| is the site in question, |cert|
+ // is the certificate with an error, |error| is the error in the certificate,
+ // and |judgement| is the user decision to be recorded.
+ void ChangeCertPolicy(const GURL& url,
+ net::X509Certificate* cert,
+ net::CertStatus error,
+ net::CertPolicy::Judgment judgment);
+
+ // Query the content settings to retrieve a dictionary of certificate
+ // fingerprints and errors of certificates to user decisions, as set by
+ // ChangeCertPolicy. Returns NULL on a failure.
+ //
+ // |dict| specifies the user's full exceptions dictionary for a specific site
+ // in their content settings. Must be retrieved directly from a website
+ // setting in the the profile's HostContentSettingsMap.
+ //
+ // If |create_entries| specifies CreateDictionaryEntries, then
+ // GetValidCertDecisionsDict will create a new set of entries within the
+ // dictionary if they do not already exist. Otherwise will fail and return if
+ // NULL if they do not exist.
+ base::DictionaryValue* GetValidCertDecisionsDict(
+ base::DictionaryValue* dict,
+ CreateDictionaryEntriesDisposition create_entries);
+
+ scoped_ptr<base::Clock> clock_;
+ RememberSSLExceptionDecisionsDisposition should_remember_ssl_decisions_;
+ base::TimeDelta default_ssl_cert_decision_expiration_delta_;
+ Profile* profile_;
+
+ DISALLOW_COPY_AND_ASSIGN(ChromeSSLHostStateDecisions);
+};
+
+#endif // CHROME_BROWSER_SSL_CHROME_SSL_HOST_STATE_DECISIONS_H_

Powered by Google App Engine
This is Rietveld 408576698