Roll src/third_party/WebKit eac3800:0237a66 (svn 202606:202607)
[chromium-blink-merge.git] / chrome / browser / ssl / chrome_ssl_host_state_delegate.h
blob3cc0ebc730d95451842bf717f3ba550fbc756197
1 // Copyright 2014 The Chromium Authors. All rights reserved.
2 // Use of this source code is governed by a BSD-style license that can be
3 // found in the LICENSE file.
5 #ifndef CHROME_BROWSER_SSL_CHROME_SSL_HOST_STATE_DELEGATE_H_
6 #define CHROME_BROWSER_SSL_CHROME_SSL_HOST_STATE_DELEGATE_H_
8 #include "base/gtest_prod_util.h"
9 #include "base/memory/scoped_ptr.h"
10 #include "base/time/time.h"
11 #include "content/public/browser/ssl_host_state_delegate.h"
13 class Profile;
15 namespace base {
16 class Clock;
17 class DictionaryValue;
18 } // namespace base
20 // Tracks whether the user has allowed a certificate error exception for a
21 // specific site, SSL fingerprint, and error. Based on command-line flags and
22 // experimental group, remembers this decision either until end-of-session or
23 // for a particular length of time.
24 class ChromeSSLHostStateDelegate : public content::SSLHostStateDelegate {
25 public:
26 explicit ChromeSSLHostStateDelegate(Profile* profile);
27 ~ChromeSSLHostStateDelegate() override;
29 // SSLHostStateDelegate:
30 void AllowCert(const std::string& host,
31 const net::X509Certificate& cert,
32 net::CertStatus error) override;
33 void Clear() override;
34 CertJudgment QueryPolicy(const std::string& host,
35 const net::X509Certificate& cert,
36 net::CertStatus error,
37 bool* expired_previous_decision) override;
38 void HostRanInsecureContent(const std::string& host, int pid) override;
39 bool DidHostRunInsecureContent(const std::string& host,
40 int pid) const override;
42 // Revokes all SSL certificate error allow exceptions made by the user for
43 // |host| in the given Profile.
44 void RevokeUserAllowExceptions(const std::string& host) override;
46 // RevokeUserAllowExceptionsHard is the same as RevokeUserAllowExceptions but
47 // additionally may close idle connections in the process. This should be used
48 // *only* for rare events, such as a user controlled button, as it may be very
49 // disruptive to the networking stack.
50 virtual void RevokeUserAllowExceptionsHard(const std::string& host);
52 // Returns whether the user has allowed a certificate error exception for
53 // |host|. This does not mean that *all* certificate errors are allowed, just
54 // that there exists an exception. To see if a particular certificate and
55 // error combination exception is allowed, use QueryPolicy().
56 bool HasAllowException(const std::string& host) const override;
58 protected:
59 // SetClock takes ownership of the passed in clock.
60 void SetClock(scoped_ptr<base::Clock> clock);
62 private:
63 FRIEND_TEST_ALL_PREFIXES(DefaultMemorySSLHostStateDelegateTest, AfterRestart);
64 FRIEND_TEST_ALL_PREFIXES(DefaultMemorySSLHostStateDelegateTest,
65 QueryPolicyExpired);
67 // Used to specify whether new content setting entries should be created if
68 // they don't already exist when querying the user's settings.
69 enum CreateDictionaryEntriesDisposition {
70 CREATE_DICTIONARY_ENTRIES,
71 DO_NOT_CREATE_DICTIONARY_ENTRIES
74 // Specifies whether user SSL error decisions should be forgetten at the end
75 // of this current session (the old style of remembering decisions), or
76 // whether they should be remembered across session restarts for a specified
77 // length of time, deteremined by
78 // |default_ssl_cert_decision_expiration_delta_|.
79 enum RememberSSLExceptionDecisionsDisposition {
80 FORGET_SSL_EXCEPTION_DECISIONS_AT_SESSION_END,
81 REMEMBER_SSL_EXCEPTION_DECISIONS_FOR_DELTA
84 // Returns a dictionary of certificate fingerprints and errors that have been
85 // allowed as exceptions by the user.
87 // |dict| specifies the user's full exceptions dictionary for a specific site
88 // in their content settings. Must be retrieved directly from a website
89 // setting in the the profile's HostContentSettingsMap.
91 // If |create_entries| specifies CreateDictionaryEntries, then
92 // GetValidCertDecisionsDict will create a new set of entries within the
93 // dictionary if they do not already exist. Otherwise will fail and return if
94 // NULL if they do not exist.
96 // |expired_previous_decision| is set to true if there had been a previous
97 // decision made by the user but it has expired. Otherwise it is set to false.
98 base::DictionaryValue* GetValidCertDecisionsDict(
99 base::DictionaryValue* dict,
100 CreateDictionaryEntriesDisposition create_entries,
101 bool* expired_previous_decision);
103 scoped_ptr<base::Clock> clock_;
104 RememberSSLExceptionDecisionsDisposition should_remember_ssl_decisions_;
105 Profile* profile_;
107 // A BrokenHostEntry is a pair of (host, process_id) that indicates the host
108 // contains insecure content in that renderer process.
109 typedef std::pair<std::string, int> BrokenHostEntry;
111 // Hosts which have been contaminated with insecure content in the
112 // specified process. Note that insecure content can travel between
113 // same-origin frames in one processs but cannot jump between processes.
114 std::set<BrokenHostEntry> ran_insecure_content_hosts_;
116 // This is a GUID to mark this unique session. Whenever a certificate decision
117 // expiration is set, the GUID is saved as well so Chrome can tell if it was
118 // last set during the current session. This is used by the
119 // FORGET_SSL_EXCEPTION_DECISIONS_AT_SESSION_END experimental group to
120 // determine if the expired_previous_decision bit should be set on queries.
122 // Why not just iterate over the set of current extensions and mark them all
123 // as expired when the session starts, rather than storing a GUID for the
124 // current session? Glad you asked! Unfortunately, content settings does not
125 // currently support iterating over all current *compound* content setting
126 // values (iteration only works for simple content settings). While this could
127 // be added, it would be a fair amount of work for what amounts to a temporary
128 // measurement problem, so it's not worth the complexity.
130 // TODO(jww): This is only used by the default and disable groups of the
131 // certificate memory decisions experiment to tell if a decision has expired
132 // since the last session. Since this is only used for UMA purposes, this
133 // should be removed after the experiment has finished, and a call to Clear()
134 // should be added to the constructor and destructor for members of the
135 // FORGET_SSL_EXCEPTION_DECISIONS_AT_SESSION_END groups. See
136 // https://crbug.com/418631 for more details.
137 const std::string current_expiration_guid_;
139 DISALLOW_COPY_AND_ASSIGN(ChromeSSLHostStateDelegate);
142 #endif // CHROME_BROWSER_SSL_CHROME_SSL_HOST_STATE_DELEGATE_H_