1 // Copyright 2014 The Chromium Authors. All rights reserved.
2 // Use of this source code is governed by a BSD-style license that can be
3 // found in the LICENSE file.
5 #ifndef CHROME_BROWSER_SSL_CHROME_SSL_HOST_STATE_DELEGATE_H_
6 #define CHROME_BROWSER_SSL_CHROME_SSL_HOST_STATE_DELEGATE_H_
8 #include "base/gtest_prod_util.h"
9 #include "base/memory/scoped_ptr.h"
10 #include "base/time/time.h"
11 #include "content/public/browser/ssl_host_state_delegate.h"
17 class DictionaryValue;
20 // Implementation of the tracking of user decisions on SSL errors for sites.
21 // Tracks if the user has allowed, denied, or not seen an exception for the
22 // specified site, SSL fingerprint, and error. If the user makes a decision,
23 // stores the decision until either the session ends or for a length of time
24 // (across session restarts), based on command line flags.
25 class ChromeSSLHostStateDelegate : public content::SSLHostStateDelegate {
27 explicit ChromeSSLHostStateDelegate(Profile* profile);
28 virtual ~ChromeSSLHostStateDelegate();
30 // SSLHostStateDelegate:
31 virtual void DenyCert(const std::string& host,
32 net::X509Certificate* cert,
33 net::CertStatus error) OVERRIDE;
34 virtual void AllowCert(const std::string& host,
35 net::X509Certificate* cert,
36 net::CertStatus error) OVERRIDE;
37 virtual void Clear() OVERRIDE;
38 virtual net::CertPolicy::Judgment QueryPolicy(
39 const std::string& host,
40 net::X509Certificate* cert,
41 net::CertStatus error,
42 bool* expired_previous_decision) OVERRIDE;
43 virtual void HostRanInsecureContent(const std::string& host,
45 virtual bool DidHostRunInsecureContent(const std::string& host,
46 int pid) const OVERRIDE;
48 // ChromeSSLHostStateDelegate implementation:
49 // Revoke all user decisions for |host| in the given Profile. The
50 // RevokeUserDecisionsHard version may close idle connections in the process.
51 // This version should be used *only* for rare events, such as a user
52 // controlled button, as it may be very disruptive to the networking stack.
53 virtual void RevokeUserDecisions(const std::string& host);
54 virtual void RevokeUserDecisionsHard(const std::string& host);
56 // Returns true if any decisions has been recorded for |host| for the given
57 // Profile, otherwise false.
58 virtual bool HasUserDecision(const std::string& host);
60 // Called on the UI thread when the profile is about to be destroyed.
61 void ShutdownOnUIThread() {}
64 // SetClock takes ownership of the passed in clock.
65 void SetClock(scoped_ptr<base::Clock> clock);
68 FRIEND_TEST_ALL_PREFIXES(ForgetInstantlySSLHostStateDelegateTest,
69 MakeAndForgetException);
70 FRIEND_TEST_ALL_PREFIXES(RememberSSLHostStateDelegateTest, AfterRestart);
71 FRIEND_TEST_ALL_PREFIXES(RememberSSLHostStateDelegateTest,
74 // Used to specify whether new content setting entries should be created if
75 // they don't already exist when querying the user's settings.
76 enum CreateDictionaryEntriesDisposition {
77 CreateDictionaryEntries,
78 DoNotCreateDictionaryEntries
81 // Specifies whether user SSL error decisions should be forgetten at the end
82 // of this current session (the old style of remembering decisions), or
83 // whether they should be remembered across session restarts for a specified
84 // length of time, deteremined by
85 // |default_ssl_cert_decision_expiration_delta_|.
86 enum RememberSSLExceptionDecisionsDisposition {
87 ForgetSSLExceptionDecisionsAtSessionEnd,
88 RememberSSLExceptionDecisionsForDelta
91 // Modify the user's content settings to specify a judgement made for a
92 // specific site and certificate, where |url| is the site in question, |cert|
93 // is the certificate with an error, |error| is the error in the certificate,
94 // and |judgement| is the user decision to be recorded.
95 void ChangeCertPolicy(const std::string& host,
96 net::X509Certificate* cert,
97 net::CertStatus error,
98 net::CertPolicy::Judgment judgment);
100 // Query the content settings to retrieve a dictionary of certificate
101 // fingerprints and errors of certificates to user decisions, as set by
102 // ChangeCertPolicy. Returns NULL on a failure.
104 // |dict| specifies the user's full exceptions dictionary for a specific site
105 // in their content settings. Must be retrieved directly from a website
106 // setting in the the profile's HostContentSettingsMap.
108 // If |create_entries| specifies CreateDictionaryEntries, then
109 // GetValidCertDecisionsDict will create a new set of entries within the
110 // dictionary if they do not already exist. Otherwise will fail and return if
111 // NULL if they do not exist.
113 // |expired_previous_decision| is set to true if there had been a previous
114 // decision made by the user but it has expired. Otherwise it is set to false.
115 base::DictionaryValue* GetValidCertDecisionsDict(
116 base::DictionaryValue* dict,
117 CreateDictionaryEntriesDisposition create_entries,
118 bool* expired_previous_decision);
120 scoped_ptr<base::Clock> clock_;
121 RememberSSLExceptionDecisionsDisposition should_remember_ssl_decisions_;
122 base::TimeDelta default_ssl_cert_decision_expiration_delta_;
125 // A BrokenHostEntry is a pair of (host, process_id) that indicates the host
126 // contains insecure content in that renderer process.
127 typedef std::pair<std::string, int> BrokenHostEntry;
129 // Hosts which have been contaminated with insecure content in the
130 // specified process. Note that insecure content can travel between
131 // same-origin frames in one processs but cannot jump between processes.
132 std::set<BrokenHostEntry> ran_insecure_content_hosts_;
134 DISALLOW_COPY_AND_ASSIGN(ChromeSSLHostStateDelegate);
137 #endif // CHROME_BROWSER_SSL_CHROME_SSL_HOST_STATE_DELEGATE_H_