chrome/browser/ssl/chrome_ssl_host_state_delegate.h - Issue 465133004: Remove DenyCertForHost from SSLHostStateDelegate API.

Side by Side Diff: chrome/browser/ssl/chrome_ssl_host_state_delegate.h

Issue 465133004: Remove DenyCertForHost from SSLHostStateDelegate API. (Closed) Base URL: svn://svn.chromium.org/chrome/trunk/src

Patch Set: Created 6 years, 4 months ago

Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.

Jump to:

View unified diff | Download patch | Annotate | Revision Log

OLD	NEW
1 // Copyright 2014 The Chromium Authors. All rights reserved.	1 // Copyright 2014 The Chromium Authors. All rights reserved.

2 // Use of this source code is governed by a BSD-style license that can be	2 // Use of this source code is governed by a BSD-style license that can be

3 // found in the LICENSE file.	3 // found in the LICENSE file.

4	4

5 #ifndef CHROME_BROWSER_SSL_CHROME_SSL_HOST_STATE_DELEGATE_H_	5 #ifndef CHROME_BROWSER_SSL_CHROME_SSL_HOST_STATE_DELEGATE_H_

6 #define CHROME_BROWSER_SSL_CHROME_SSL_HOST_STATE_DELEGATE_H_	6 #define CHROME_BROWSER_SSL_CHROME_SSL_HOST_STATE_DELEGATE_H_

7	7

8 #include "base/gtest_prod_util.h"	8 #include "base/gtest_prod_util.h"

9 #include "base/memory/scoped_ptr.h"	9 #include "base/memory/scoped_ptr.h"

10 #include "base/time/time.h"	10 #include "base/time/time.h"

11 #include "content/public/browser/ssl_host_state_delegate.h"	11 #include "content/public/browser/ssl_host_state_delegate.h"

12	12

13 class Profile;	13 class Profile;

14	14

15 namespace base {	15 namespace base {

16 class Clock;	16 class Clock;

17 class DictionaryValue;	17 class DictionaryValue;

18 } // namespace base	18 } // namespace base

19	19

20 // Implementation of the tracking of user decisions on SSL errors for sites.	20 // Implementation of the tracking of user decisions on SSL errors for sites.

21 // Tracks if the user has allowed, denied, or not seen an exception for the	21 // Tracks if the user has allowed or has not seen an exception for the specified

22 // specified site, SSL fingerprint, and error. If the user makes a decision,	22 // site, SSL fingerprint, and error. If the user makes a decision, stores the

23 // stores the decision until either the session ends or for a length of time	23 // decision until either the session ends or for a length of time (across

24 // (across session restarts), based on command line flags.	24 // session restarts), based on command line flags.
	Peter Kasting 2014/08/22 00:57:52 Nit: How about this comment: Tracks whether the u Nit: How about this comment: Tracks whether the user has allowed a certificate error exception for a specific site, SSL fingerprint, and error. Based on command-line flags, remembers this decision either until end-of-session or for a particular length of time. jww 2014/08/22 03:49:35 Done, with slight addition of "...and experimental Show quoted text On 2014/08/22 00:57:52, Peter Kasting wrote: > Nit: How about this comment: > > Tracks whether the user has allowed a certificate error exception for a specific > site, SSL fingerprint, and error. Based on command-line flags, remembers this > decision either until end-of-session or for a particular length of time. Done, with slight addition of "...and experimental group..."
25 class ChromeSSLHostStateDelegate : public content::SSLHostStateDelegate {	25 class ChromeSSLHostStateDelegate : public content::SSLHostStateDelegate {

26 public:	26 public:

27 explicit ChromeSSLHostStateDelegate(Profile* profile);	27 explicit ChromeSSLHostStateDelegate(Profile* profile);

28 virtual ~ChromeSSLHostStateDelegate();	28 virtual ~ChromeSSLHostStateDelegate();

29	29

30 // SSLHostStateDelegate:	30 // SSLHostStateDelegate:

31 virtual void DenyCert(const std::string& host,

32 net::X509Certificate* cert,

33 net::CertStatus error) OVERRIDE;

34 virtual void AllowCert(const std::string& host,	31 virtual void AllowCert(const std::string& host,

35 net::X509Certificate* cert,	32 net::X509Certificate* cert,

36 net::CertStatus error) OVERRIDE;	33 net::CertStatus error) OVERRIDE;

37 virtual void Clear() OVERRIDE;	34 virtual void Clear() OVERRIDE;

38 virtual net::CertPolicy::Judgment QueryPolicy(	35 virtual net::CertPolicy::Judgment QueryPolicy(

39 const std::string& host,	36 const std::string& host,

40 net::X509Certificate* cert,	37 net::X509Certificate* cert,

41 net::CertStatus error,	38 net::CertStatus error,

42 bool* expired_previous_decision) OVERRIDE;	39 bool* expired_previous_decision) OVERRIDE;

43 virtual void HostRanInsecureContent(const std::string& host,	40 virtual void HostRanInsecureContent(const std::string& host,

44 int pid) OVERRIDE;	41 int pid) OVERRIDE;

45 virtual bool DidHostRunInsecureContent(const std::string& host,	42 virtual bool DidHostRunInsecureContent(const std::string& host,

46 int pid) const OVERRIDE;	43 int pid) const OVERRIDE;

47	44

48 // ChromeSSLHostStateDelegate implementation:	45 // ChromeSSLHostStateDelegate implementation:

49 // Revoke all user decisions for \|host\| in the given Profile. The	46 // Revoke all user decisions for \|host\| in the given Profile. The
	Peter Kasting 2014/08/22 00:57:52 Nit: While here: Revoke -> Revokes; consider chang Nit: While here: Revoke -> Revokes; consider changing names/comments to be less vague than "user decision" jww 2014/08/22 03:49:35 Revoke -> Revokes done. I took a whack at improvin Show quoted text On 2014/08/22 00:57:52, Peter Kasting wrote: > Nit: While here: Revoke -> Revokes; consider changing names/comments to be less > vague than "user decision" Revoke -> Revokes done. I took a whack at improving the comment; let me know what you think.
50 // RevokeUserDecisionsHard version may close idle connections in the process.	47 // RevokeUserDecisionsHard version may close idle connections in the process.

51 // This version should be used only for rare events, such as a user	48 // This version should be used only for rare events, such as a user

52 // controlled button, as it may be very disruptive to the networking stack.	49 // controlled button, as it may be very disruptive to the networking stack.

53 virtual void RevokeUserDecisions(const std::string& host);	50 virtual void RevokeUserDecisions(const std::string& host);

54 virtual void RevokeUserDecisionsHard(const std::string& host);	51 virtual void RevokeUserDecisionsHard(const std::string& host);

55	52

56 // Returns true if any decisions has been recorded for \|host\| for the given	53 // Returns true if the user has allowed any certificate error exceptions for

57 // Profile, otherwise false.	54 // \|host\|, otherwise false.
	Peter Kasting 2014/08/22 00:57:53 Nit: How about: Returns whether the user has allo Nit: How about: Returns whether the user has allowed a certificate error exception for \|host\|. jww 2014/08/22 03:49:35 Done. Show quoted text On 2014/08/22 00:57:53, Peter Kasting wrote: > Nit: How about: > > Returns whether the user has allowed a certificate error exception for \|host\|. Done.
58 virtual bool HasUserDecision(const std::string& host);	55 virtual bool HasAllowed(const std::string& host);

59	56

60 // Called on the UI thread when the profile is about to be destroyed.	57 // Called on the UI thread when the profile is about to be destroyed.

61 void ShutdownOnUIThread() {}	58 void ShutdownOnUIThread() {}

62	59

63 protected:	60 protected:

64 // SetClock takes ownership of the passed in clock.	61 // SetClock takes ownership of the passed in clock.

65 void SetClock(scoped_ptr<base::Clock> clock);	62 void SetClock(scoped_ptr<base::Clock> clock);

66	63

67 private:	64 private:

68 FRIEND_TEST_ALL_PREFIXES(ForgetInstantlySSLHostStateDelegateTest,	65 FRIEND_TEST_ALL_PREFIXES(ForgetInstantlySSLHostStateDelegateTest,

(...skipping 12 matching lines...) Expand all Loading...
81 // Specifies whether user SSL error decisions should be forgetten at the end	78 // Specifies whether user SSL error decisions should be forgetten at the end

82 // of this current session (the old style of remembering decisions), or	79 // of this current session (the old style of remembering decisions), or

83 // whether they should be remembered across session restarts for a specified	80 // whether they should be remembered across session restarts for a specified

84 // length of time, deteremined by	81 // length of time, deteremined by

85 // \|default_ssl_cert_decision_expiration_delta_\|.	82 // \|default_ssl_cert_decision_expiration_delta_\|.

86 enum RememberSSLExceptionDecisionsDisposition {	83 enum RememberSSLExceptionDecisionsDisposition {

87 ForgetSSLExceptionDecisionsAtSessionEnd,	84 ForgetSSLExceptionDecisionsAtSessionEnd,

88 RememberSSLExceptionDecisionsForDelta	85 RememberSSLExceptionDecisionsForDelta

89 };	86 };

90	87

91 // Modify the user's content settings to specify a judgement made for a

92 // specific site and certificate, where \|url\| is the site in question, \|cert\|

93 // is the certificate with an error, \|error\| is the error in the certificate,

94 // and \|judgement\| is the user decision to be recorded.

95 void ChangeCertPolicy(const std::string& host,

96 net::X509Certificate* cert,

97 net::CertStatus error,

98 net::CertPolicy::Judgment judgment);

99

100 // Query the content settings to retrieve a dictionary of certificate	88 // Query the content settings to retrieve a dictionary of certificate
	Peter Kasting 2014/08/22 00:57:52 Nit: Same sorts of comments as above. Nit: Same sorts of comments as above. jww 2014/08/22 03:49:35 Done. Show quoted text On 2014/08/22 00:57:52, Peter Kasting wrote: > Nit: Same sorts of comments as above. Done.
101 // fingerprints and errors of certificates to user decisions, as set by	89 // fingerprints and errors of certificates to user decisions. Returns NULL on

102 // ChangeCertPolicy. Returns NULL on a failure.	90 // a failure.

103 //	91 //

104 // \|dict\| specifies the user's full exceptions dictionary for a specific site	92 // \|dict\| specifies the user's full exceptions dictionary for a specific site

105 // in their content settings. Must be retrieved directly from a website	93 // in their content settings. Must be retrieved directly from a website

106 // setting in the the profile's HostContentSettingsMap.	94 // setting in the the profile's HostContentSettingsMap.

107 //	95 //

108 // If \|create_entries\| specifies CreateDictionaryEntries, then	96 // If \|create_entries\| specifies CreateDictionaryEntries, then

109 // GetValidCertDecisionsDict will create a new set of entries within the	97 // GetValidCertDecisionsDict will create a new set of entries within the

110 // dictionary if they do not already exist. Otherwise will fail and return if	98 // dictionary if they do not already exist. Otherwise will fail and return if

111 // NULL if they do not exist.	99 // NULL if they do not exist.

112 //	100 //

(...skipping 15 matching lines...) Expand all Loading...
128	116

129 // Hosts which have been contaminated with insecure content in the	117 // Hosts which have been contaminated with insecure content in the

130 // specified process. Note that insecure content can travel between	118 // specified process. Note that insecure content can travel between

131 // same-origin frames in one processs but cannot jump between processes.	119 // same-origin frames in one processs but cannot jump between processes.

132 std::set<BrokenHostEntry> ran_insecure_content_hosts_;	120 std::set<BrokenHostEntry> ran_insecure_content_hosts_;

133	121

134 DISALLOW_COPY_AND_ASSIGN(ChromeSSLHostStateDelegate);	122 DISALLOW_COPY_AND_ASSIGN(ChromeSSLHostStateDelegate);

135 };	123 };

136	124

137 #endif // CHROME_BROWSER_SSL_CHROME_SSL_HOST_STATE_DELEGATE_H_	125 #endif // CHROME_BROWSER_SSL_CHROME_SSL_HOST_STATE_DELEGATE_H_

OLD	NEW

« no previous file with comments | « no previous file | chrome/browser/ssl/chrome_ssl_host_state_delegate.cc » ('j') | chrome/browser/ssl/chrome_ssl_host_state_delegate.cc » ('J')