1// Copyright (c) 2012 The Chromium Authors. All rights reserved.
2// Use of this source code is governed by a BSD-style license that can be
3// found in the LICENSE file.
4
5#ifndef CONTENT_BROWSER_SSL_SSL_POLICY_H_
6#define CONTENT_BROWSER_SSL_SSL_POLICY_H_
7
8#include <string>
9
10#include "base/memory/ref_counted.h"
11#include "webkit/common/resource_type.h"
12
13namespace content {
14class NavigationEntryImpl;
15class SSLCertErrorHandler;
16class SSLPolicyBackend;
17class SSLRequestInfo;
18class WebContentsImpl;
19
20// SSLPolicy
21//
22// This class is responsible for making the security decisions that concern the
23// SSL trust indicators.  It relies on the SSLPolicyBackend to actually enact
24// the decisions it reaches.
25//
26class SSLPolicy {
27 public:
28  explicit SSLPolicy(SSLPolicyBackend* backend);
29
30  // An error occurred with the certificate in an SSL connection.
31  void OnCertError(SSLCertErrorHandler* handler);
32
33  void DidRunInsecureContent(NavigationEntryImpl* entry,
34                             const std::string& security_origin);
35
36  // We have started a resource request with the given info.
37  void OnRequestStarted(SSLRequestInfo* info);
38
39  // Update the SSL information in |entry| to match the current state.
40  // |web_contents| is the WebContentsImpl associated with this entry.
41  void UpdateEntry(NavigationEntryImpl* entry,
42                   WebContentsImpl* web_contents);
43
44  SSLPolicyBackend* backend() const { return backend_; }
45
46 private:
47  // Callback that the user chose to accept or deny the certificate.
48  void OnAllowCertificate(scoped_refptr<SSLCertErrorHandler> handler,
49                          bool allow);
50
51  // Helper method for derived classes handling certificate errors.
52  //
53  // |overridable| indicates whether or not the user could (assuming perfect
54  // knowledge) successfully override the error and still get the security
55  // guarantees of TLS. |strict_enforcement| indicates whether or not the
56  // site the user is trying to connect to has requested strict enforcement
57  // of certificate validation (e.g. with HTTP Strict-Transport-Security).
58  void OnCertErrorInternal(SSLCertErrorHandler* handler,
59                           bool overridable,
60                           bool strict_enforcement);
61
62  // If the security style of |entry| has not been initialized, then initialize
63  // it with the default style for its URL.
64  void InitializeEntryIfNeeded(NavigationEntryImpl* entry);
65
66  // Mark |origin| as having run insecure content in the process with ID |pid|.
67  void OriginRanInsecureContent(const std::string& origin, int pid);
68
69  // The backend we use to enact our decisions.
70  SSLPolicyBackend* backend_;
71
72  DISALLOW_COPY_AND_ASSIGN(SSLPolicy);
73};
74
75}  // namespace content
76
77#endif  // CONTENT_BROWSER_SSL_SSL_POLICY_H_
78