Remember user decisions on invalid certificates behind a flag

chrome/browser/ssl/chrome_ssl_host_state_decisions.h

Index: chrome/browser/ssl/chrome_ssl_host_state_decisions.h
diff --git a/chrome/browser/ssl/chrome_ssl_host_state_decisions.h b/chrome/browser/ssl/chrome_ssl_host_state_decisions.h
new file mode 100644
index 0000000000000000000000000000000000000000..413ccbc4fa8d15651df22b5dd7f9ba143064180d
--- /dev/null
+++ b/chrome/browser/ssl/chrome_ssl_host_state_decisions.h
@@ -0,0 +1,81 @@
+// Copyright (c) 2014 The Chromium Authors. All rights reserved.
+// Use of this source code is governed by a BSD-style license that can be
+// found in the LICENSE file.
+
+#ifndef CHROME_BROWSER_SSL_CHROME_SSL_HOST_STATE_DECISIONS_H_
+#define CHROME_BROWSER_SSL_CHROME_SSL_HOST_STATE_DECISIONS_H_
+
+#include "base/time/clock.h"
+#include "content/public/browser/ssl_host_state_decisions.h"
+
+class GURL;
+class Profile;
+
+namespace base {
+
+class DictionaryValue;
+
+}  //  namespace base
+
+class ChromeSSLHostStateDecisions : public content::SSLHostStateDecisions {
+ public:
+  explicit ChromeSSLHostStateDecisions(Profile* profile);
+
+  // SSLHostStateDecisions:
+  virtual void DenyCert(const GURL& url,
+                        net::X509Certificate* cert,
+                        net::CertStatus error) OVERRIDE;
+  virtual void AllowCert(const GURL& url,
+                         net::X509Certificate* cert,
+                         net::CertStatus error) OVERRIDE;
+  virtual void Clear() OVERRIDE;
+  virtual net::CertPolicy::Judgment QueryPolicy(const GURL& url,
+                                                net::X509Certificate* cert,
+                                                net::CertStatus error) OVERRIDE;
+  virtual void RevokeAllowAndDenyPreferences(const GURL& url) OVERRIDE;
+  virtual bool HasAllowedOrDeniedCert(const GURL& url) OVERRIDE;
+
+  // Called on the UI thread when the profile is about to be destroyed.
+  void ShutdownOnUIThread() {}
+
+ protected:
+  virtual ~ChromeSSLHostStateDecisions();
+
+  // SetClock takes ownership of the passed in clock.
+  void SetClock(scoped_ptr<base::Clock> clock) {
+    clock_.reset(clock.release());
+  }
+
+ private:
+  enum CreateDictionaryEntriesDisposition {
+    CreateDictionaryEntries,
+    DoNotCreateDictionaryEntries
+  };
+  enum RememberSSLExceptionDecisionsDisposition {
+    ForgetSSLExceptionDecisionsAtSessionEnd,
+    RememberSSLExceptionDecisionsForDelta
+  };
+
+  void ChangeCertPolicy(const GURL& url,
+                        net::X509Certificate* cert,
+                        net::CertStatus error,
+                        net::CertPolicy::Judgment judgment);
+  base::DictionaryValue* GetValidCertDecisionsDict(
+      base::DictionaryValue* dict,
+      CreateDictionaryEntriesDisposition create_entries);
+
+  scoped_ptr<base::Clock> clock_;
+  RememberSSLExceptionDecisionsDisposition shouldRememberSSLDecisions_;
+  base::TimeDelta defaultSSLCertDecisionExpirationDelta_;
+  Profile* profile_;
+
+  friend class ForgetInstantlySSLHostStateDecisionsTest;
+  friend class RememberSSLHostStateDecisionsTest;
+  FRIEND_TEST_ALL_PREFIXES(ForgetInstantlySSLHostStateDecisionsTest,
+                           MakeAndForgetException);
+  FRIEND_TEST_ALL_PREFIXES(RememberSSLHostStateDecisionsTest, AfterRestart);
+
+  DISALLOW_COPY_AND_ASSIGN(ChromeSSLHostStateDecisions);
+};
+
+#endif  // CHROME_BROWSER_SSL_CHROME_SSL_HOST_STATE_DECISIONS_H_