Only grant permissions to new extensions from sync if they have the expected version
[chromium-blink-merge.git] / chrome / browser / ssl / ssl_blocking_page.h
blob0c45e31c4e12683610e57b96c5919111960d75b9
1 // Copyright (c) 2012 The Chromium Authors. All rights reserved.
2 // Use of this source code is governed by a BSD-style license that can be
3 // found in the LICENSE file.
5 #ifndef CHROME_BROWSER_SSL_SSL_BLOCKING_PAGE_H_
6 #define CHROME_BROWSER_SSL_SSL_BLOCKING_PAGE_H_
8 #include <string>
9 #include <vector>
11 #include "base/callback.h"
12 #include "base/strings/string16.h"
13 #include "base/task/cancelable_task_tracker.h"
14 #include "base/time/time.h"
15 #include "chrome/browser/interstitials/security_interstitial_page.h"
16 #include "chrome/browser/profiles/profile.h"
17 #include "chrome/browser/ssl/ssl_cert_reporter.h"
18 #include "components/certificate_reporting/error_report.h"
19 #include "net/ssl/ssl_info.h"
20 #include "url/gurl.h"
22 #if defined(ENABLE_EXTENSIONS)
23 namespace extensions {
24 class ExperienceSamplingEvent;
26 #endif
28 namespace policy {
29 class PolicyTest_SSLErrorOverridingDisallowed_Test;
32 class CertReportHelper;
33 class SSLErrorClassification;
35 // This class is responsible for showing/hiding the interstitial page that is
36 // shown when a certificate error happens.
37 // It deletes itself when the interstitial page is closed.
38 class SSLBlockingPage : public SecurityInterstitialPage {
39 public:
40 enum SSLBlockingPageOptionsMask {
41 // Indicates whether or not the user could (assuming perfect knowledge)
42 // successfully override the error and still get the security guarantees
43 // of TLS.
44 OVERRIDABLE = 1 << 0,
45 // Indicates whether or not the site the user is trying to connect to has
46 // requested strict enforcement of certificate validation (e.g. with HTTP
47 // Strict-Transport-Security).
48 STRICT_ENFORCEMENT = 1 << 1,
49 // Indicates whether a user decision had been previously made but the
50 // decision has expired.
51 EXPIRED_BUT_PREVIOUSLY_ALLOWED = 1 << 2
54 // Interstitial type, used in tests.
55 static InterstitialPageDelegate::TypeID kTypeForTesting;
57 ~SSLBlockingPage() override;
59 // Creates an SSL blocking page. If the blocking page isn't shown, the caller
60 // is responsible for cleaning up the blocking page, otherwise the
61 // interstitial takes ownership when shown. |options_mask| must be a bitwise
62 // mask of SSLBlockingPageOptionsMask values.
63 SSLBlockingPage(content::WebContents* web_contents,
64 int cert_error,
65 const net::SSLInfo& ssl_info,
66 const GURL& request_url,
67 int options_mask,
68 const base::Time& time_triggered,
69 scoped_ptr<SSLCertReporter> ssl_cert_reporter,
70 const base::Callback<void(bool)>& callback);
72 // InterstitialPageDelegate method:
73 InterstitialPageDelegate::TypeID GetTypeForTesting() const override;
75 // Returns true if |options_mask| refers to an overridable SSL error and
76 // if SSL error overriding is allowed by policy.
77 static bool IsOverridable(int options_mask, const Profile* const profile);
79 static bool DoesPolicyAllowDangerOverride(const Profile* const profile);
81 void SetSSLCertReporterForTesting(
82 scoped_ptr<SSLCertReporter> ssl_cert_reporter);
84 protected:
85 friend class policy::PolicyTest_SSLErrorOverridingDisallowed_Test;
87 // InterstitialPageDelegate implementation.
88 void CommandReceived(const std::string& command) override;
89 void OverrideEntry(content::NavigationEntry* entry) override;
90 void OverrideRendererPrefs(content::RendererPreferences* prefs) override;
91 void OnProceed() override;
92 void OnDontProceed() override;
94 // SecurityInterstitialPage implementation:
95 bool ShouldCreateNewNavigation() const override;
96 void PopulateInterstitialStrings(
97 base::DictionaryValue* load_time_data) override;
99 private:
100 void NotifyDenyCertificate();
101 void NotifyAllowCertificate();
103 std::string GetUmaHistogramPrefix() const;
104 std::string GetSamplingEventName() const;
106 base::Callback<void(bool)> callback_;
108 const int cert_error_;
109 const net::SSLInfo ssl_info_;
110 // There are two ways for the user to override an interstitial:
112 // overridable_) By clicking on "Advanced" and then "Proceed".
113 // - This corresponds to "the user can override using the UI".
114 // danger_overridable_) By typing the word "danger".
115 // - This is an undocumented workaround.
116 // - This can be set to "false" dynamically to prevent the behaviour.
117 const bool overridable_;
118 bool danger_overridable_;
119 // Has the site requested strict enforcement of certificate errors?
120 const bool strict_enforcement_;
121 // Did the user previously allow a bad certificate but the decision has now
122 // expired?
123 const bool expired_but_previously_allowed_;
124 scoped_ptr<SSLErrorClassification> ssl_error_classification_;
126 // The time at which the interstitial was triggered. The interstitial
127 // calculates all times relative to this.
128 const base::Time time_triggered_;
130 scoped_ptr<CertReportHelper> cert_report_helper_;
132 DISALLOW_COPY_AND_ASSIGN(SSLBlockingPage);
135 #endif // CHROME_BROWSER_SSL_SSL_BLOCKING_PAGE_H_