1// Copyright (c) 2012 The Chromium Authors. All rights reserved.
2// Use of this source code is governed by a BSD-style license that can be
3// found in the LICENSE file.
4
5#ifndef CONTENT_BROWSER_SSL_SSL_POLICY_BACKEND_H_
6#define CONTENT_BROWSER_SSL_SSL_POLICY_BACKEND_H_
7
8#include <string>
9#include <vector>
10
11#include "base/basictypes.h"
12#include "base/strings/string16.h"
13#include "net/cert/cert_status_flags.h"
14#include "net/cert/x509_certificate.h"
15
16namespace content {
17class NavigationControllerImpl;
18class SSLHostState;
19
20class SSLPolicyBackend {
21 public:
22  explicit SSLPolicyBackend(NavigationControllerImpl* controller);
23
24  // Records that a host has run insecure content.
25  void HostRanInsecureContent(const std::string& host, int pid);
26
27  // Returns whether the specified host ran insecure content.
28  bool DidHostRunInsecureContent(const std::string& host, int pid) const;
29
30  // Records that |cert| is not permitted to be used for |host| in the future,
31  // for a specific error type.
32  void DenyCertForHost(net::X509Certificate* cert,
33                       const std::string& host,
34                       net::CertStatus error);
35
36  // Records that |cert| is permitted to be used for |host| in the future, for
37  // a specific error type.
38  void AllowCertForHost(net::X509Certificate* cert,
39                        const std::string& host,
40                        net::CertStatus error);
41
42  // Queries whether |cert| is allowed or denied for |host|.
43  net::CertPolicy::Judgment QueryPolicy(net::X509Certificate* cert,
44                                        const std::string& host,
45                                        net::CertStatus error);
46
47 private:
48  // SSL state specific for each host.
49  SSLHostState* ssl_host_state_;
50
51  NavigationControllerImpl* controller_;
52
53  DISALLOW_COPY_AND_ASSIGN(SSLPolicyBackend);
54};
55
56}  // namespace content
57
58#endif  // CONTENT_BROWSER_SSL_SSL_POLICY_BACKEND_H_
59