Add button to page info to revoke user certificate decisions.

content/public/browser/ssl_host_state.h

+// Copyright (c) 2012 The Chromium Authors. All rights reserved.
+// Use of this source code is governed by a BSD-style license that can be
+// found in the LICENSE file.
+
+#ifndef CONTENT_PUBLIC_BROWSER_SSL_SSL_HOST_STATE_H_
+#define CONTENT_PUBLIC_BROWSER_SSL_SSL_HOST_STATE_H_
+
+#include <map>
+#include <set>
+#include <string>
+
+#include "base/basictypes.h"
+#include "base/compiler_specific.h"
+#include "base/supports_user_data.h"
+#include "base/threading/non_thread_safe.h"
+#include "content/common/content_export.h"
+#include "net/cert/cert_status_flags.h"
+#include "net/cert/x509_certificate.h"
+
+namespace content {
+class BrowserContext;
+
+// SSLHostState
+//
+// The SSLHostState encapulates the host-specific state for SSL errors.  For
+// example, SSLHostState remembers whether the user has whitelisted a
+// particular broken cert for use with particular host.  We separate this state
+// from the SSLManager because this state is shared across many navigation
+// controllers.
+
+class SSLHostState : NON_EXPORTED_BASE(base::SupportsUserData::Data),

[Charlie Reis, 2014/07/28 20:16:24]

We're generally very stingy with adding new concepts and APIs to the public
content API, so I'm skeptical about moving this whole class into content/public.

Are all of these methods needed outside content?  Can we limit the public
interface to the bare minimum?

[jam, 2014/07/28 23:06:20]

correct, Joe: see http://www.chromium.org/developers/content-module/content-api
for the guidelines
it looks like only RevokeAllowAndDenyPreferences and HasAllowedOrDeniedCert are
called. Do you expect to use more from SSLHostState? If so, then having an
interface (with only the called methods being public) is ok. However if it's
just these two, perhaps they can be static methods inside BrowserContext?

[jww, 2014/08/06 00:51:47]

I particularly like the BrowserContext suggestion; I'll add the methods there.

+                     NON_EXPORTED_BASE(public base::NonThreadSafe) {
+ public:
+  CONTENT_EXPORT static SSLHostState* GetFor(BrowserContext* browser_context);
+
+  SSLHostState() {}
+  virtual ~SSLHostState() {}
+
+  // Records that a host has run insecure content.
+  virtual void HostRanInsecureContent(const std::string& host, int pid) = 0;
+
+  // Returns whether the specified host ran insecure content.
+  virtual bool DidHostRunInsecureContent(const std::string& host,
+                                         int pid) const = 0;
+
+  // Records that |cert| is not permitted to be used for |host| in the future,
+  // for a specified |error| type.
+  virtual void DenyCertForHost(net::X509Certificate* cert,
+                               const std::string& host,
+                               net::CertStatus error) = 0;
+
+  // Records that |cert| is permitted to be used for |host| in the future, for
+  // a specified |error| type.
+  virtual void AllowCertForHost(net::X509Certificate* cert,
+                                const std::string& host,
+                                net::CertStatus error) = 0;
+
+  // Clear all allow/deny preferences.
+  virtual void Clear() = 0;
+
+  // Revoke all allow/deny preferences for a given host. May close idle
+  // HTTP/HTTPS connections in the process.
+  virtual void RevokeAllowAndDenyPreferences(const std::string& host) = 0;
+
+  virtual bool HasAllowedOrDeniedCert(const std::string& host) = 0;
+
+  // Queries whether |cert| is allowed or denied for |host| and |error|.
+  virtual net::CertPolicy::Judgment QueryPolicy(net::X509Certificate* cert,
+                                                const std::string& host,
+                                                net::CertStatus error) = 0;
+
+ private:
+  DISALLOW_COPY_AND_ASSIGN(SSLHostState);
+};
+
+}  // namespace content
+
+#endif  // CONTENT_PUBLIC_BROWSER_SSL_SSL_HOST_STATE_H_