chrome_ssl_host_state_delegate.h revision 6e8cce623b6e4fe0c9e4af605d675dd9d0338c38
1// Copyright 2014 The Chromium Authors. All rights reserved. 2// Use of this source code is governed by a BSD-style license that can be 3// found in the LICENSE file. 4 5#ifndef CHROME_BROWSER_SSL_CHROME_SSL_HOST_STATE_DELEGATE_H_ 6#define CHROME_BROWSER_SSL_CHROME_SSL_HOST_STATE_DELEGATE_H_ 7 8#include "base/gtest_prod_util.h" 9#include "base/memory/scoped_ptr.h" 10#include "base/time/time.h" 11#include "content/public/browser/ssl_host_state_delegate.h" 12 13class Profile; 14 15namespace base { 16class Clock; 17class DictionaryValue; 18} // namespace base 19 20// Implementation of the tracking of user decisions on SSL errors for sites. 21// Tracks if the user has allowed, denied, or not seen an exception for the 22// specified site, SSL fingerprint, and error. If the user makes a decision, 23// stores the decision until either the session ends or for a length of time 24// (across session restarts), based on command line flags. 25class ChromeSSLHostStateDelegate : public content::SSLHostStateDelegate { 26 public: 27 explicit ChromeSSLHostStateDelegate(Profile* profile); 28 virtual ~ChromeSSLHostStateDelegate(); 29 30 // SSLHostStateDelegate: 31 virtual void DenyCert(const std::string& host, 32 net::X509Certificate* cert, 33 net::CertStatus error) OVERRIDE; 34 virtual void AllowCert(const std::string& host, 35 net::X509Certificate* cert, 36 net::CertStatus error) OVERRIDE; 37 virtual void Clear() OVERRIDE; 38 virtual net::CertPolicy::Judgment QueryPolicy( 39 const std::string& host, 40 net::X509Certificate* cert, 41 net::CertStatus error, 42 bool* expired_previous_decision) OVERRIDE; 43 virtual void HostRanInsecureContent(const std::string& host, 44 int pid) OVERRIDE; 45 virtual bool DidHostRunInsecureContent(const std::string& host, 46 int pid) const OVERRIDE; 47 48 // ChromeSSLHostStateDelegate implementation: 49 // Revoke all user decisions for |host| in the given Profile. The 50 // RevokeUserDecisionsHard version may close idle connections in the process. 51 // This version should be used *only* for rare events, such as a user 52 // controlled button, as it may be very disruptive to the networking stack. 53 virtual void RevokeUserDecisions(const std::string& host); 54 virtual void RevokeUserDecisionsHard(const std::string& host); 55 56 // Returns true if any decisions has been recorded for |host| for the given 57 // Profile, otherwise false. 58 virtual bool HasUserDecision(const std::string& host); 59 60 // Called on the UI thread when the profile is about to be destroyed. 61 void ShutdownOnUIThread() {} 62 63 protected: 64 // SetClock takes ownership of the passed in clock. 65 void SetClock(scoped_ptr<base::Clock> clock); 66 67 private: 68 FRIEND_TEST_ALL_PREFIXES(ForgetInstantlySSLHostStateDelegateTest, 69 MakeAndForgetException); 70 FRIEND_TEST_ALL_PREFIXES(RememberSSLHostStateDelegateTest, AfterRestart); 71 FRIEND_TEST_ALL_PREFIXES(RememberSSLHostStateDelegateTest, 72 QueryPolicyExpired); 73 74 // Used to specify whether new content setting entries should be created if 75 // they don't already exist when querying the user's settings. 76 enum CreateDictionaryEntriesDisposition { 77 CreateDictionaryEntries, 78 DoNotCreateDictionaryEntries 79 }; 80 81 // Specifies whether user SSL error decisions should be forgetten at the end 82 // of this current session (the old style of remembering decisions), or 83 // whether they should be remembered across session restarts for a specified 84 // length of time, deteremined by 85 // |default_ssl_cert_decision_expiration_delta_|. 86 enum RememberSSLExceptionDecisionsDisposition { 87 ForgetSSLExceptionDecisionsAtSessionEnd, 88 RememberSSLExceptionDecisionsForDelta 89 }; 90 91 // Modify the user's content settings to specify a judgement made for a 92 // specific site and certificate, where |url| is the site in question, |cert| 93 // is the certificate with an error, |error| is the error in the certificate, 94 // and |judgement| is the user decision to be recorded. 95 void ChangeCertPolicy(const std::string& host, 96 net::X509Certificate* cert, 97 net::CertStatus error, 98 net::CertPolicy::Judgment judgment); 99 100 // Query the content settings to retrieve a dictionary of certificate 101 // fingerprints and errors of certificates to user decisions, as set by 102 // ChangeCertPolicy. Returns NULL on a failure. 103 // 104 // |dict| specifies the user's full exceptions dictionary for a specific site 105 // in their content settings. Must be retrieved directly from a website 106 // setting in the the profile's HostContentSettingsMap. 107 // 108 // If |create_entries| specifies CreateDictionaryEntries, then 109 // GetValidCertDecisionsDict will create a new set of entries within the 110 // dictionary if they do not already exist. Otherwise will fail and return if 111 // NULL if they do not exist. 112 // 113 // |expired_previous_decision| is set to true if there had been a previous 114 // decision made by the user but it has expired. Otherwise it is set to false. 115 base::DictionaryValue* GetValidCertDecisionsDict( 116 base::DictionaryValue* dict, 117 CreateDictionaryEntriesDisposition create_entries, 118 bool* expired_previous_decision); 119 120 scoped_ptr<base::Clock> clock_; 121 RememberSSLExceptionDecisionsDisposition should_remember_ssl_decisions_; 122 base::TimeDelta default_ssl_cert_decision_expiration_delta_; 123 Profile* profile_; 124 125 // A BrokenHostEntry is a pair of (host, process_id) that indicates the host 126 // contains insecure content in that renderer process. 127 typedef std::pair<std::string, int> BrokenHostEntry; 128 129 // Hosts which have been contaminated with insecure content in the 130 // specified process. Note that insecure content can travel between 131 // same-origin frames in one processs but cannot jump between processes. 132 std::set<BrokenHostEntry> ran_insecure_content_hosts_; 133 134 DISALLOW_COPY_AND_ASSIGN(ChromeSSLHostStateDelegate); 135}; 136 137#endif // CHROME_BROWSER_SSL_CHROME_SSL_HOST_STATE_DELEGATE_H_ 138