Add button to page info to revoke user certificate decisions.

chrome/browser/ssl/chrome_ssl_host_state_delegate.cc

 // Copyright 2014 The Chromium Authors. All rights reserved.
 // Use of this source code is governed by a BSD-style license that can be
 // found in the LICENSE file.
 
 #include "chrome/browser/ssl/chrome_ssl_host_state_delegate.h"
 
 #include "base/base64.h"
 #include "base/command_line.h"
 #include "base/logging.h"
 #include "base/metrics/field_trial.h"
 #include "base/strings/string_number_conversions.h"
+#include "base/threading/non_thread_safe.h"
 #include "base/time/clock.h"
 #include "base/time/default_clock.h"
 #include "base/time/time.h"
 #include "chrome/browser/content_settings/host_content_settings_map.h"
 #include "chrome/browser/profiles/profile.h"
 #include "chrome/common/chrome_switches.h"
 #include "components/content_settings/core/common/content_settings_types.h"
 #include "components/variations/variations_associated_data.h"
 #include "net/base/hash_value.h"
 #include "net/cert/x509_certificate.h"
@@ skipping 211 matching lines @@
 }
 
 ChromeSSLHostStateDelegate::~ChromeSSLHostStateDelegate() {
   if (should_remember_ssl_decisions_ == ForgetSSLExceptionDecisionsAtSessionEnd)
     Clear();
 }
 
 void ChromeSSLHostStateDelegate::DenyCert(const std::string& host,
                                           net::X509Certificate* cert,
                                           net::CertStatus error) {
+  DCHECK(CalledOnValidThread());
   ChangeCertPolicy(host, cert, error, net::CertPolicy::DENIED);
 }
 
 void ChromeSSLHostStateDelegate::AllowCert(const std::string& host,
                                            net::X509Certificate* cert,
                                            net::CertStatus error) {
+  DCHECK(CalledOnValidThread());
   ChangeCertPolicy(host, cert, error, net::CertPolicy::ALLOWED);
 }
 
 void ChromeSSLHostStateDelegate::Clear() {
+  DCHECK(CalledOnValidThread());
   profile_->GetHostContentSettingsMap()->ClearSettingsForOneType(
       CONTENT_SETTINGS_TYPE_SSL_CERT_DECISIONS);
 }
 
 net::CertPolicy::Judgment ChromeSSLHostStateDelegate::QueryPolicy(
     const std::string& host,
     net::X509Certificate* cert,
     net::CertStatus error) {
+  DCHECK(CalledOnValidThread());
   HostContentSettingsMap* map = profile_->GetHostContentSettingsMap();
   GURL url = GetSecureGURLForHost(host);
   scoped_ptr<base::Value> value(map->GetWebsiteSetting(
       url, url, CONTENT_SETTINGS_TYPE_SSL_CERT_DECISIONS, std::string(), NULL));
 
   if (!value.get() || !value->IsType(base::Value::TYPE_DICTIONARY))
     return net::CertPolicy::UNKNOWN;
 
   base::DictionaryValue* dict;  // Owned by value
   int policy_decision;
@@ skipping 14 matching lines @@
   if (success && policy_decision == net::CertPolicy::Judgment::ALLOWED)
     return net::CertPolicy::Judgment::ALLOWED;
   else if (success && policy_decision == net::CertPolicy::Judgment::DENIED)
     return net::CertPolicy::Judgment::DENIED;
 
   return net::CertPolicy::Judgment::UNKNOWN;
 }
 
 void ChromeSSLHostStateDelegate::RevokeAllowAndDenyPreferences(
     const std::string& host) {
+  DCHECK(CalledOnValidThread());
   GURL url = GetSecureGURLForHost(host);
   const ContentSettingsPattern pattern =
       ContentSettingsPattern::FromURLNoWildcard(url);
   HostContentSettingsMap* map = profile_->GetHostContentSettingsMap();
 
   map->SetWebsiteSetting(pattern,
                          pattern,
                          CONTENT_SETTINGS_TYPE_SSL_CERT_DECISIONS,
                          std::string(),
                          NULL);
 }
 
 bool ChromeSSLHostStateDelegate::HasAllowedOrDeniedCert(
     const std::string& host) {
+  DCHECK(CalledOnValidThread());
   GURL url = GetSecureGURLForHost(host);
   const ContentSettingsPattern pattern =
       ContentSettingsPattern::FromURLNoWildcard(url);
   HostContentSettingsMap* map = profile_->GetHostContentSettingsMap();
 
   scoped_ptr<base::Value> value(map->GetWebsiteSetting(
       url, url, CONTENT_SETTINGS_TYPE_SSL_CERT_DECISIONS, std::string(), NULL));
 
   if (!value.get() || !value->IsType(base::Value::TYPE_DICTIONARY))
     return false;
 
   base::DictionaryValue* dict;  // Owned by value
   bool success = value->GetAsDictionary(&dict);
   DCHECK(success);
 
   for (base::DictionaryValue::Iterator it(*dict); !it.IsAtEnd(); it.Advance()) {
     int policy_decision;  // Owned by dict
     success = it.value().GetAsInteger(&policy_decision);
     if (success && (static_cast<net::CertPolicy::Judgment>(policy_decision) !=
                     net::CertPolicy::UNKNOWN))
       return true;
   }
 
   return false;
 }
 
+void ChromeSSLHostStateDelegate::HostRanInsecureContent(const std::string& host,
+                                                        int pid) {
+  DCHECK(CalledOnValidThread());
+  ran_insecure_content_hosts_.insert(BrokenHostEntry(host, pid));
+}
+
+bool ChromeSSLHostStateDelegate::DidHostRunInsecureContent(
+    const std::string& host,
+    int pid) const {
+  DCHECK(CalledOnValidThread());
+  return !!ran_insecure_content_hosts_.count(BrokenHostEntry(host, pid));
+}
 void ChromeSSLHostStateDelegate::SetClock(scoped_ptr<base::Clock> clock) {
+  DCHECK(CalledOnValidThread());
   clock_.reset(clock.release());
 }
 
 void ChromeSSLHostStateDelegate::ChangeCertPolicy(
     const std::string& host,
     net::X509Certificate* cert,
     net::CertStatus error,
     net::CertPolicy::Judgment judgment) {
   GURL url = GetSecureGURLForHost(host);
   const ContentSettingsPattern pattern =
@@ skipping 22 matching lines @@
   cert_dict->SetIntegerWithoutPathExpansion(GetKey(cert, error), judgment);
 
   // The map takes ownership of the value, so it is released in the call to
   // SetWebsiteSetting.
   map->SetWebsiteSetting(pattern,
                          pattern,
                          CONTENT_SETTINGS_TYPE_SSL_CERT_DECISIONS,
                          std::string(),
                          value.release());
 }