class DictionaryValue;
} // namespace base
-// Implementation of the tracking of user decisions on SSL errors for sites.
-// Tracks if the user has allowed, denied, or not seen an exception for the
-// specified site, SSL fingerprint, and error. If the user makes a decision,
-// stores the decision until either the session ends or for a length of time
-// (across session restarts), based on command line flags.
+// Tracks whether the user has allowed a certificate error exception for a
+// specific site, SSL fingerprint, and error. Based on command-line flags and
+// experimental group, remembers this decision either until end-of-session or
+// for a particular length of time.
class ChromeSSLHostStateDelegate : public content::SSLHostStateDelegate {
public:
explicit ChromeSSLHostStateDelegate(Profile* profile);
virtual ~ChromeSSLHostStateDelegate();
// SSLHostStateDelegate:
- virtual void DenyCert(const std::string& host,
- net::X509Certificate* cert,
- net::CertStatus error) OVERRIDE;
virtual void AllowCert(const std::string& host,
- net::X509Certificate* cert,
+ const net::X509Certificate& cert,
net::CertStatus error) OVERRIDE;
virtual void Clear() OVERRIDE;
- virtual net::CertPolicy::Judgment QueryPolicy(
- const std::string& host,
- net::X509Certificate* cert,
- net::CertStatus error,
- bool* expired_previous_decision) OVERRIDE;
+ virtual CertJudgment QueryPolicy(const std::string& host,
+ const net::X509Certificate& cert,
+ net::CertStatus error,
+ bool* expired_previous_decision) OVERRIDE;
virtual void HostRanInsecureContent(const std::string& host,
int pid) OVERRIDE;
virtual bool DidHostRunInsecureContent(const std::string& host,
int pid) const OVERRIDE;
- // ChromeSSLHostStateDelegate implementation:
- // Revoke all user decisions for |host| in the given Profile. The
- // RevokeUserDecisionsHard version may close idle connections in the process.
- // This version should be used *only* for rare events, such as a user
- // controlled button, as it may be very disruptive to the networking stack.
- virtual void RevokeUserDecisions(const std::string& host);
- virtual void RevokeUserDecisionsHard(const std::string& host);
+ // Revokes all SSL certificate error allow exceptions made by the user for
+ // |host| in the given Profile.
+ virtual void RevokeUserAllowExceptions(const std::string& host);
- // Returns true if any decisions has been recorded for |host| for the given
- // Profile, otherwise false.
- virtual bool HasUserDecision(const std::string& host);
+ // RevokeUserAllowExceptionsHard is the same as RevokeUserAllowExceptions but
+ // additionally may close idle connections in the process. This should be used
+ // *only* for rare events, such as a user controlled button, as it may be very
+ // disruptive to the networking stack.
+ virtual void RevokeUserAllowExceptionsHard(const std::string& host);
- // Called on the UI thread when the profile is about to be destroyed.
- void ShutdownOnUIThread() {}
+ // Returns whether the user has allowed a certificate error exception for
+ // |host|. This does not mean that *all* certificate errors are allowed, just
+ // that there exists an exception. To see if a particular certificate and
+ // error combination exception is allowed, use QueryPolicy().
+ virtual bool HasAllowException(const std::string& host) const;
protected:
// SetClock takes ownership of the passed in clock.
// Used to specify whether new content setting entries should be created if
// they don't already exist when querying the user's settings.
enum CreateDictionaryEntriesDisposition {
- CreateDictionaryEntries,
- DoNotCreateDictionaryEntries
+ CREATE_DICTIONARY_ENTRIES,
+ DO_NOT_CREATE_DICTIONARY_ENTRIES
};
// Specifies whether user SSL error decisions should be forgetten at the end
// length of time, deteremined by
// |default_ssl_cert_decision_expiration_delta_|.
enum RememberSSLExceptionDecisionsDisposition {
- ForgetSSLExceptionDecisionsAtSessionEnd,
- RememberSSLExceptionDecisionsForDelta
+ FORGET_SSL_EXCEPTION_DECISIONS_AT_SESSION_END,
+ REMEMBER_SSL_EXCEPTION_DECISIONS_FOR_DELTA
};
- // Modify the user's content settings to specify a judgement made for a
- // specific site and certificate, where |url| is the site in question, |cert|
- // is the certificate with an error, |error| is the error in the certificate,
- // and |judgement| is the user decision to be recorded.
- void ChangeCertPolicy(const std::string& host,
- net::X509Certificate* cert,
- net::CertStatus error,
- net::CertPolicy::Judgment judgment);
-
- // Query the content settings to retrieve a dictionary of certificate
- // fingerprints and errors of certificates to user decisions, as set by
- // ChangeCertPolicy. Returns NULL on a failure.
+ // Returns a dictionary of certificate fingerprints and errors that have been
+ // allowed as exceptions by the user.
//
// |dict| specifies the user's full exceptions dictionary for a specific site
// in their content settings. Must be retrieved directly from a website
// same-origin frames in one processs but cannot jump between processes.
std::set<BrokenHostEntry> ran_insecure_content_hosts_;
+ // This is a GUID to mark this unique session. Whenever a certificate decision
+ // expiration is set, the GUID is saved as well so Chrome can tell if it was
+ // last set during the current session. This is used by the
+ // FORGET_SSL_EXCEPTION_DECISIONS_AT_SESSION_END experimental group to
+ // determine if the expired_previous_decision bit should be set on queries.
+ //
+ // Why not just iterate over the set of current extensions and mark them all
+ // as expired when the session starts, rather than storing a GUID for the
+ // current session? Glad you asked! Unfortunately, content settings does not
+ // currently support iterating over all current *compound* content setting
+ // values (iteration only works for simple content settings). While this could
+ // be added, it would be a fair amount of work for what amounts to a temporary
+ // measurement problem, so it's not worth the complexity.
+ //
+ // TODO(jww): This is only used by the default and disable groups of the
+ // certificate memory decisions experiment to tell if a decision has expired
+ // since the last session. Since this is only used for UMA purposes, this
+ // should be removed after the experiment has finished, and a call to Clear()
+ // should be added to the constructor and destructor for members of the
+ // FORGET_SSL_EXCEPTION_DECISIONS_AT_SESSION_END groups. See
+ // https://crbug.com/418631 for more details.
+ const std::string current_expiration_guid_;
+
DISALLOW_COPY_AND_ASSIGN(ChromeSSLHostStateDelegate);
};