chrome/browser/ssl/chrome_ssl_host_state_delegate.h

   1 // Copyright 2014 The Chromium Authors. All rights reserved.
   2 // Use of this source code is governed by a BSD-style license that can be
   3 // found in the LICENSE file.
   4
   5 #ifndef CHROME_BROWSER_SSL_CHROME_SSL_HOST_STATE_DELEGATE_H_
   6 #define CHROME_BROWSER_SSL_CHROME_SSL_HOST_STATE_DELEGATE_H_
   7
   8 #include "base/gtest_prod_util.h"
   9 #include "base/memory/scoped_ptr.h"
  10 #include "base/time/time.h"
  11 #include "content/public/browser/ssl_host_state_delegate.h"
  12
  13 class Profile;
  14
  15 namespace base {
  16 class Clock;
  17 class DictionaryValue;
  18 }  //  namespace base
  19
  20 // Tracks whether the user has allowed a certificate error exception for a
  21 // specific site, SSL fingerprint, and error. Based on command-line flags and
  22 // experimental group, remembers this decision either until end-of-session or
  23 // for a particular length of time.
  24 class ChromeSSLHostStateDelegate : public content::SSLHostStateDelegate {
  25  public:
  26   explicit ChromeSSLHostStateDelegate(Profile* profile);
  27   ~ChromeSSLHostStateDelegate() override;
  28
  29   // SSLHostStateDelegate:
  30   void AllowCert(const std::string& host,
  31                  const net::X509Certificate& cert,
  32                  net::CertStatus error) override;
  33   void Clear() override;
  34   CertJudgment QueryPolicy(const std::string& host,
  35                            const net::X509Certificate& cert,
  36                            net::CertStatus error,
  37                            bool* expired_previous_decision) override;
  38   void HostRanInsecureContent(const std::string& host, int pid) override;
  39   bool DidHostRunInsecureContent(const std::string& host,
  40                                  int pid) const override;
  41
  42   // Revokes all SSL certificate error allow exceptions made by the user for
  43   // |host| in the given Profile.
  44   void RevokeUserAllowExceptions(const std::string& host) override;
  45
  46   // RevokeUserAllowExceptionsHard is the same as RevokeUserAllowExceptions but
  47   // additionally may close idle connections in the process. This should be used
  48   // *only* for rare events, such as a user controlled button, as it may be very
  49   // disruptive to the networking stack.
  50   virtual void RevokeUserAllowExceptionsHard(const std::string& host);
  51
  52   // Returns whether the user has allowed a certificate error exception for
  53   // |host|. This does not mean that *all* certificate errors are allowed, just
  54   // that there exists an exception. To see if a particular certificate and
  55   // error combination exception is allowed, use QueryPolicy().
  56   bool HasAllowException(const std::string& host) const override;
  57
  58  protected:
  59   // SetClock takes ownership of the passed in clock.
  60   void SetClock(scoped_ptr<base::Clock> clock);
  61
  62  private:
  63   FRIEND_TEST_ALL_PREFIXES(DefaultMemorySSLHostStateDelegateTest, AfterRestart);
  64   FRIEND_TEST_ALL_PREFIXES(DefaultMemorySSLHostStateDelegateTest,
  65                            QueryPolicyExpired);
  66
  67   // Used to specify whether new content setting entries should be created if
  68   // they don't already exist when querying the user's settings.
  69   enum CreateDictionaryEntriesDisposition {
  70     CREATE_DICTIONARY_ENTRIES,
  71     DO_NOT_CREATE_DICTIONARY_ENTRIES
  72   };
  73
  74   // Specifies whether user SSL error decisions should be forgetten at the end
  75   // of this current session (the old style of remembering decisions), or
  76   // whether they should be remembered across session restarts for a specified
  77   // length of time, deteremined by
  78   // |default_ssl_cert_decision_expiration_delta_|.
  79   enum RememberSSLExceptionDecisionsDisposition {
  80     FORGET_SSL_EXCEPTION_DECISIONS_AT_SESSION_END,
  81     REMEMBER_SSL_EXCEPTION_DECISIONS_FOR_DELTA
  82   };
  83
  84   // Returns a dictionary of certificate fingerprints and errors that have been
  85   // allowed as exceptions by the user.
  86   //
  87   // |dict| specifies the user's full exceptions dictionary for a specific site
  88   // in their content settings. Must be retrieved directly from a website
  89   // setting in the the profile's HostContentSettingsMap.
  90   //
  91   // If |create_entries| specifies CreateDictionaryEntries, then
  92   // GetValidCertDecisionsDict will create a new set of entries within the
  93   // dictionary if they do not already exist. Otherwise will fail and return if
  94   // NULL if they do not exist.
  95   //
  96   // |expired_previous_decision| is set to true if there had been a previous
  97   // decision made by the user but it has expired. Otherwise it is set to false.
  98   base::DictionaryValue* GetValidCertDecisionsDict(
  99       base::DictionaryValue* dict,
 100       CreateDictionaryEntriesDisposition create_entries,
 101       bool* expired_previous_decision);
 102
 103   scoped_ptr<base::Clock> clock_;
 104   RememberSSLExceptionDecisionsDisposition should_remember_ssl_decisions_;
 105   Profile* profile_;
 106
 107   // A BrokenHostEntry is a pair of (host, process_id) that indicates the host
 108   // contains insecure content in that renderer process.
 109   typedef std::pair<std::string, int> BrokenHostEntry;
 110
 111   // Hosts which have been contaminated with insecure content in the
 112   // specified process.  Note that insecure content can travel between
 113   // same-origin frames in one processs but cannot jump between processes.
 114   std::set<BrokenHostEntry> ran_insecure_content_hosts_;
 115
 116   // This is a GUID to mark this unique session. Whenever a certificate decision
 117   // expiration is set, the GUID is saved as well so Chrome can tell if it was
 118   // last set during the current session. This is used by the
 119   // FORGET_SSL_EXCEPTION_DECISIONS_AT_SESSION_END experimental group to
 120   // determine if the expired_previous_decision bit should be set on queries.
 121   //
 122   // Why not just iterate over the set of current extensions and mark them all
 123   // as expired when the session starts, rather than storing a GUID for the
 124   // current session? Glad you asked! Unfortunately, content settings does not
 125   // currently support iterating over all current *compound* content setting
 126   // values (iteration only works for simple content settings). While this could
 127   // be added, it would be a fair amount of work for what amounts to a temporary
 128   // measurement problem, so it's not worth the complexity.
 129   //
 130   // TODO(jww): This is only used by the default and disable groups of the
 131   // certificate memory decisions experiment to tell if a decision has expired
 132   // since the last session. Since this is only used for UMA purposes, this
 133   // should be removed after the experiment has finished, and a call to Clear()
 134   // should be added to the constructor and destructor for members of the
 135   // FORGET_SSL_EXCEPTION_DECISIONS_AT_SESSION_END groups. See
 136   // https://crbug.com/418631 for more details.
 137   const std::string current_expiration_guid_;
 138
 139   DISALLOW_COPY_AND_ASSIGN(ChromeSSLHostStateDelegate);
 140 };
 141
 142 #endif  // CHROME_BROWSER_SSL_CHROME_SSL_HOST_STATE_DELEGATE_H_