content/browser/ssl/ssl_policy.h

   1 // Copyright (c) 2012 The Chromium Authors. All rights reserved.
   2 // Use of this source code is governed by a BSD-style license that can be
   3 // found in the LICENSE file.
   4
   5 #ifndef CONTENT_BROWSER_SSL_SSL_POLICY_H_
   6 #define CONTENT_BROWSER_SSL_SSL_POLICY_H_
   7
   8 #include <string>
   9
  10 #include "base/memory/ref_counted.h"
  11 #include "webkit/common/resource_type.h"
  12
  13 namespace content {
  14 class NavigationEntryImpl;
  15 class SSLCertErrorHandler;
  16 class SSLPolicyBackend;
  17 class SSLRequestInfo;
  18 class WebContentsImpl;
  19
  20 // SSLPolicy
  21 //
  22 // This class is responsible for making the security decisions that concern the
  23 // SSL trust indicators.  It relies on the SSLPolicyBackend to actually enact
  24 // the decisions it reaches.
  25 //
  26 class SSLPolicy {
  27  public:
  28   explicit SSLPolicy(SSLPolicyBackend* backend);
  29
  30   // An error occurred with the certificate in an SSL connection.
  31   void OnCertError(SSLCertErrorHandler* handler);
  32
  33   void DidRunInsecureContent(NavigationEntryImpl* entry,
  34                              const std::string& security_origin);
  35
  36   // We have started a resource request with the given info.
  37   void OnRequestStarted(SSLRequestInfo* info);
  38
  39   // Update the SSL information in |entry| to match the current state.
  40   // |web_contents| is the WebContentsImpl associated with this entry.
  41   void UpdateEntry(NavigationEntryImpl* entry,
  42                    WebContentsImpl* web_contents);
  43
  44   SSLPolicyBackend* backend() const { return backend_; }
  45
  46  private:
  47   // Callback that the user chose to accept or deny the certificate.
  48   void OnAllowCertificate(scoped_refptr<SSLCertErrorHandler> handler,
  49                           bool allow);
  50
  51   // Helper method for derived classes handling certificate errors.
  52   //
  53   // |overridable| indicates whether or not the user could (assuming perfect
  54   // knowledge) successfully override the error and still get the security
  55   // guarantees of TLS. |strict_enforcement| indicates whether or not the
  56   // site the user is trying to connect to has requested strict enforcement
  57   // of certificate validation (e.g. with HTTP Strict-Transport-Security).
  58   void OnCertErrorInternal(SSLCertErrorHandler* handler,
  59                            bool overridable,
  60                            bool strict_enforcement);
  61
  62   // If the security style of |entry| has not been initialized, then initialize
  63   // it with the default style for its URL.
  64   void InitializeEntryIfNeeded(NavigationEntryImpl* entry);
  65
  66   // Mark |origin| as having run insecure content in the process with ID |pid|.
  67   void OriginRanInsecureContent(const std::string& origin, int pid);
  68
  69   // The backend we use to enact our decisions.
  70   SSLPolicyBackend* backend_;
  71
  72   DISALLOW_COPY_AND_ASSIGN(SSLPolicy);
  73 };
  74
  75 }  // namespace content
  76
  77 #endif  // CONTENT_BROWSER_SSL_SSL_POLICY_H_