Add button to page info to revoke user certificate decisions.

content/public/browser/ssl_host_state_delegate.h

 // Copyright 2014 The Chromium Authors. All rights reserved.
 // Use of this source code is governed by a BSD-style license that can be
 // found in the LICENSE file.
 
 #ifndef CONTENT_PUBLIC_BROWSER_SSL_HOST_STATE_DELEGATE_H_
 #define CONTENT_PUBLIC_BROWSER_SSL_HOST_STATE_DELEGATE_H_
 
 #include "base/memory/ref_counted.h"
 #include "base/memory/scoped_ptr.h"
+#include "base/threading/non_thread_safe.h"
 #include "content/common/content_export.h"
 #include "net/cert/x509_certificate.h"
 
 namespace content {
 
+// The SSLHostStateDelegate encapulates the host-specific state for SSL errors.
+// For example, SSLHostStateDelegate remembers whether the user has whitelisted
+// a particular broken cert for use with particular host.  We separate this
+// state from the SSLManager because this state is shared across many navigation
+// controllers.
+//
 // SSLHostStateDelegate may be implemented by the embedder to provide a storage
-// strategy for certificate decisions.
-class SSLHostStateDelegate {
+// strategy for certificate decisions or it may be left unimplemented to use a
+// default strategy of not remembering decisions at all.
+class SSLHostStateDelegate : NON_EXPORTED_BASE(public base::NonThreadSafe) {

[jam, 2014/08/06 21:27:26]

remove the NonThreadSafe part, we don't put that on public interface. they're
all assumed to be used on the UI thread unless otherwise mentioned. also, the
embedder shouldn't double check that content is calling it on the right thread

[jww, 2014/08/08 16:48:50]

Done.
To clarify, are you saying that in, chrome_ssl_host_state_delegate.h the
implementation should *not* call DCHECK(CalledOnValidThread())?

  public:
+  SSLHostStateDelegate() {}

[jam, 2014/08/06 21:27:26]

nit: not needed

[jww, 2014/08/08 16:48:50]

Done.

+
   // Records that |cert| is not permitted to be used for |host| in the future,
   // for a specified |error| type.
   virtual void DenyCert(const std::string& host,
                         net::X509Certificate* cert,
                         net::CertStatus error) = 0;
 
   // Records that |cert| is permitted to be used for |host| in the future, for
   // a specified |error| type.
   virtual void AllowCert(const std::string&,
                          net::X509Certificate* cert,
                          net::CertStatus error) = 0;
 
   // Clear all allow/deny preferences.
   virtual void Clear() = 0;
 
   // Queries whether |cert| is allowed or denied for |host| and |error|.
   virtual net::CertPolicy::Judgment QueryPolicy(const std::string& host,
                                                 net::X509Certificate* cert,
                                                 net::CertStatus error) = 0;
 
   // Revoke all allow/deny preferences for |host|.
   virtual void RevokeAllowAndDenyPreferences(const std::string& host) = 0;
 
   // Returns true if any decisions has been recorded for |host|, otherwise
   // false.
   virtual bool HasAllowedOrDeniedCert(const std::string& host) = 0;
 
+  // Records that a host has run insecure content.
+  virtual void HostRanInsecureContent(const std::string& host, int pid) = 0;
+
+  // Returns whether the specified host ran insecure content.
+  virtual bool DidHostRunInsecureContent(const std::string& host,
+                                         int pid) const = 0;
+
  protected:
   virtual ~SSLHostStateDelegate() {}
+
+ private:
+  DISALLOW_COPY_AND_ASSIGN(SSLHostStateDelegate);

[jam, 2014/08/06 21:27:26]

nit:not needed on an abstract interface..

[jww, 2014/08/08 16:48:50]

Done.

 };
 
 }  // namespace content
 
 #endif  // CONTENT_PUBLIC_BROWSER_SSL_HOST_STATE_DELEGATE_H_