Supervised user whitelists: Cleanup
[chromium-blink-merge.git] / android_webview / browser / aw_ssl_host_state_delegate.h
blobb5a34f4aa1ebddcdce059ce990aa80a6bcc94f57
1 // Copyright (c) 2014 The Chromium Authors. All rights reserved.
2 // Use of this source code is governed by a BSD-style license that can be
3 // found in the LICENSE file.
5 #ifndef ANDROID_WEBVIEW_BROWSER_AW_SSL_HOST_STATE_DELEGATE_H_
6 #define ANDROID_WEBVIEW_BROWSER_AW_SSL_HOST_STATE_DELEGATE_H_
8 #include <map>
9 #include <string>
11 #include "content/public/browser/ssl_host_state_delegate.h"
12 #include "net/base/hash_value.h"
13 #include "net/cert/cert_status_flags.h"
14 #include "net/cert/x509_certificate.h"
16 namespace android_webview {
18 namespace internal {
19 // This class maintains the policy for storing actions on certificate errors.
20 class CertPolicy {
21 public:
22 CertPolicy();
23 ~CertPolicy();
24 // Returns true if the user has decided to proceed through the ssl error
25 // before. For a certificate to be allowed, it must not have any
26 // *additional* errors from when it was allowed.
27 bool Check(const net::X509Certificate& cert, net::CertStatus error) const;
29 // Causes the policy to allow this certificate for a given |error|. And
30 // remember the user's choice.
31 void Allow(const net::X509Certificate& cert, net::CertStatus error);
33 // Returns true if and only if there exists a user allow exception for some
34 // certificate.
35 bool HasAllowException() const { return allowed_.size() > 0; }
37 private:
38 // The set of fingerprints of allowed certificates.
39 std::map<net::SHA256HashValue, net::CertStatus, net::SHA256HashValueLessThan>
40 allowed_;
43 } // namespace internal
45 class AwSSLHostStateDelegate : public content::SSLHostStateDelegate {
46 public:
47 AwSSLHostStateDelegate();
48 ~AwSSLHostStateDelegate() override;
50 // Records that |cert| is permitted to be used for |host| in the future, for
51 // a specified |error| type.
52 void AllowCert(const std::string& host,
53 const net::X509Certificate& cert,
54 net::CertStatus error) override;
56 void Clear() override;
58 // Queries whether |cert| is allowed or denied for |host| and |error|.
59 content::SSLHostStateDelegate::CertJudgment QueryPolicy(
60 const std::string& host,
61 const net::X509Certificate& cert,
62 net::CertStatus error,
63 bool* expired_previous_decision) override;
65 // Records that a host has run insecure content.
66 void HostRanInsecureContent(const std::string& host, int pid) override;
68 // Returns whether the specified host ran insecure content.
69 bool DidHostRunInsecureContent(const std::string& host,
70 int pid) const override;
72 // Revokes all SSL certificate error allow exceptions made by the user for
73 // |host|.
74 void RevokeUserAllowExceptions(const std::string& host) override;
76 // Returns whether the user has allowed a certificate error exception for
77 // |host|. This does not mean that *all* certificate errors are allowed, just
78 // that there exists an exception. To see if a particular certificate and
79 // error combination exception is allowed, use QueryPolicy().
80 bool HasAllowException(const std::string& host) const override;
82 private:
83 // Certificate policies for each host.
84 std::map<std::string, internal::CertPolicy> cert_policy_for_host_;
86 DISALLOW_COPY_AND_ASSIGN(AwSSLHostStateDelegate);
89 } // namespace android_webview
91 #endif // ANDROID_WEBVIEW_BROWSER_AW_SSL_HOST_STATE_DELEGATE_H_