Add button to page info to revoke user certificate decisions.

chrome/browser/ssl/chrome_ssl_host_state_delegate.cc

 // Copyright 2014 The Chromium Authors. All rights reserved.
 // Use of this source code is governed by a BSD-style license that can be
 // found in the LICENSE file.
 
 #include "chrome/browser/ssl/chrome_ssl_host_state_delegate.h"
 
 #include "base/base64.h"
+#include "base/bind.h"
 #include "base/command_line.h"
 #include "base/logging.h"
 #include "base/metrics/field_trial.h"
 #include "base/strings/string_number_conversions.h"
 #include "base/time/clock.h"
 #include "base/time/default_clock.h"
 #include "base/time/time.h"
 #include "chrome/browser/content_settings/host_content_settings_map.h"
 #include "chrome/browser/profiles/profile.h"
 #include "chrome/common/chrome_switches.h"
 #include "components/content_settings/core/common/content_settings_types.h"
 #include "components/variations/variations_associated_data.h"
 #include "net/base/hash_value.h"
 #include "net/cert/x509_certificate.h"
+#include "net/http/http_transaction_factory.h"
+#include "net/url_request/url_request_context.h"
+#include "net/url_request/url_request_context_getter.h"
 #include "url/gurl.h"
 
 namespace {
 
 // Switch value that specifies that certificate decisions should be forgotten at
 // the end of the current session.
 const int64 kForgetAtSessionEndSwitchValue = -1;
 
 // Experiment information
 const char kRememberCertificateErrorDecisionsFieldTrialName[] =
     "RememberCertificateErrorDecisions";
 const char kRememberCertificateErrorDecisionsFieldTrialDefaultGroup[] =
     "Default";
 const char kRememberCertificateErrorDecisionsFieldTrialLengthParam[] = "length";
 
 // Keys for the per-site error + certificate finger to judgement content
 // settings map.
 const char kSSLCertDecisionCertErrorMapKey[] = "cert_exceptions_map";
 const char kSSLCertDecisionExpirationTimeKey[] = "decision_expiration_time";
 const char kSSLCertDecisionVersionKey[] = "version";
 
 const int kDefaultSSLCertDecisionVersion = 1;
 
+// Closes all idle network connections for the given URLRequestContext. This is
+// a big hammer and should be wielded with extreme caution as it can have a big,
+// negative impact on network performance. In this case, it is used by
+// RevokeUserDecisionsHard, which should only be called by rare, user initiated
+// events. See the comment before RevokeUserDecisionsHard implementation for
+// more information.
+void CloseIdleConnections(
+    scoped_refptr<net::URLRequestContextGetter> url_request_context_getter) {
+  url_request_context_getter->
+      GetURLRequestContext()->
+      http_transaction_factory()->
+      GetSession()->
+      CloseIdleConnections();
+}
+
 // All SSL decisions are per host (and are shared arcoss schemes), so this
 // canonicalizes all hosts into a secure scheme GURL to use with content
 // settings. The returned GURL will be the passed in host with an empty path and
 // https:// as the scheme.
 GURL GetSecureGURLForHost(const std::string& host) {
   std::string url = "https://" + host;
   return GURL(url);
 }
 
 // This is a helper function that returns the length of time before a
@@ skipping 228 matching lines @@
   // If a policy decision was successfully retrieved and it's a valid value of
   // ALLOWED or DENIED, return the valid value. Otherwise, return UNKNOWN.
   if (success && policy_decision == net::CertPolicy::Judgment::ALLOWED)
     return net::CertPolicy::Judgment::ALLOWED;
   else if (success && policy_decision == net::CertPolicy::Judgment::DENIED)
     return net::CertPolicy::Judgment::DENIED;
 
   return net::CertPolicy::Judgment::UNKNOWN;
 }
 
-void ChromeSSLHostStateDelegate::RevokeAllowAndDenyPreferences(
-    const std::string& host) {
+void ChromeSSLHostStateDelegate::RevokeUserDecisions(const std::string& host) {
   GURL url = GetSecureGURLForHost(host);
   const ContentSettingsPattern pattern =
       ContentSettingsPattern::FromURLNoWildcard(url);
   HostContentSettingsMap* map = profile_->GetHostContentSettingsMap();
 
   map->SetWebsiteSetting(pattern,
                          pattern,
                          CONTENT_SETTINGS_TYPE_SSL_CERT_DECISIONS,
                          std::string(),
                          NULL);
 }
 
-bool ChromeSSLHostStateDelegate::HasAllowedOrDeniedCert(
+// TODO(jww): This will revoke all of the decisions in the browser context.
+// However, the networking stack actually keeps track of its own list of
+// exceptions per-HttpNetworkTransaction in the SSLConfig structure (see the
+// allowed_bad_certs Vector in net/ssl/ssl_config.h). This dual-tracking of
+// exceptions introduces a problem where the browser context can revoke a
+// certificate, but if a transaction reuses a cached version of the SSLConfig
+// (probably from a pooled socket), it may bypass the intestitial layer.
+//
+// Over time, the cached versions should expire and it should converge on
+// showing the interstitial. We probably need to introduce into the networking
+// stack a way revoke SSLConfig's allowed_bad_certs lists per socket.
+//
+// For now, RevokeUserDecisionsHard is our solution for the rare case where it
+// is necessary to revoke the preferences immediately. It does so by flushing
+// idle sockets.
+void ChromeSSLHostStateDelegate::RevokeUserDecisionsHard(
     const std::string& host) {
+  RevokeUserDecisions(host);
+  scoped_refptr<net::URLRequestContextGetter> getter(
+      profile_->GetRequestContext());
+  profile_->GetRequestContext()->GetNetworkTaskRunner()->PostTask(
+      FROM_HERE, base::Bind(&CloseIdleConnections, getter));
+}
+
+bool ChromeSSLHostStateDelegate::HasUserDecision(const std::string& host) {
   GURL url = GetSecureGURLForHost(host);
   const ContentSettingsPattern pattern =
       ContentSettingsPattern::FromURLNoWildcard(url);
   HostContentSettingsMap* map = profile_->GetHostContentSettingsMap();
 
   scoped_ptr<base::Value> value(map->GetWebsiteSetting(
       url, url, CONTENT_SETTINGS_TYPE_SSL_CERT_DECISIONS, std::string(), NULL));
 
   if (!value.get() || !value->IsType(base::Value::TYPE_DICTIONARY))
     return false;
 
   base::DictionaryValue* dict;  // Owned by value
   bool success = value->GetAsDictionary(&dict);
   DCHECK(success);
 
   for (base::DictionaryValue::Iterator it(*dict); !it.IsAtEnd(); it.Advance()) {
     int policy_decision;  // Owned by dict
     success = it.value().GetAsInteger(&policy_decision);
     if (success && (static_cast<net::CertPolicy::Judgment>(policy_decision) !=
                     net::CertPolicy::UNKNOWN))
       return true;
   }
 
   return false;
 }
 
+void ChromeSSLHostStateDelegate::HostRanInsecureContent(const std::string& host,
+                                                        int pid) {
+  ran_insecure_content_hosts_.insert(BrokenHostEntry(host, pid));
+}
+
+bool ChromeSSLHostStateDelegate::DidHostRunInsecureContent(
+    const std::string& host,
+    int pid) const {
+  return !!ran_insecure_content_hosts_.count(BrokenHostEntry(host, pid));
+}
 void ChromeSSLHostStateDelegate::SetClock(scoped_ptr<base::Clock> clock) {
   clock_.reset(clock.release());
 }
 
 void ChromeSSLHostStateDelegate::ChangeCertPolicy(
     const std::string& host,
     net::X509Certificate* cert,
     net::CertStatus error,
     net::CertPolicy::Judgment judgment) {
   GURL url = GetSecureGURLForHost(host);
@@ skipping 23 matching lines @@
   cert_dict->SetIntegerWithoutPathExpansion(GetKey(cert, error), judgment);
 
   // The map takes ownership of the value, so it is released in the call to
   // SetWebsiteSetting.
   map->SetWebsiteSetting(pattern,
                          pattern,
                          CONTENT_SETTINGS_TYPE_SSL_CERT_DECISIONS,
                          std::string(),
                          value.release());
 }