blob: 77b8a9f17a46c11528edc72ddc2284e1b019c121 [file] [log] [blame]
// Copyright 2014 The Chromium Authors. All rights reserved.
// Use of this source code is governed by a BSD-style license that can be
// found in the LICENSE file.
#include <memory>
#include <set>
#include "base/feature_list.h"
#include "base/macros.h"
#include "base/time/time.h"
#include "content/public/browser/ssl_host_state_delegate.h"
class Profile;
namespace base {
class Clock;
class DictionaryValue;
} // namespace base
namespace user_prefs {
class PrefRegistrySyncable;
} // namespace user_prefs
// The Finch feature that controls whether a message is shown when users
// encounter the same error multiiple times.
extern const base::Feature kRecurrentInterstitialFeature;
// Tracks state related to certificate and SSL errors. This state includes:
// - certificate error exceptions (which are remembered for a particular length
// of time depending on experimental groups)
// - mixed content exceptions
// - when errors have recurred multiple times
class ChromeSSLHostStateDelegate : public content::SSLHostStateDelegate {
explicit ChromeSSLHostStateDelegate(Profile* profile);
~ChromeSSLHostStateDelegate() override;
static void RegisterProfilePrefs(user_prefs::PrefRegistrySyncable* registry);
// content::SSLHostStateDelegate overrides:
void AllowCert(const std::string& host,
const net::X509Certificate& cert,
int error) override;
void Clear(
const base::Callback<bool(const std::string&)>& host_filter) override;
CertJudgment QueryPolicy(const std::string& host,
const net::X509Certificate& cert,
int error,
bool* expired_previous_decision) override;
void HostRanInsecureContent(const std::string& host,
int child_id,
InsecureContentType content_type) override;
bool DidHostRunInsecureContent(
const std::string& host,
int child_id,
InsecureContentType content_type) const override;
void RevokeUserAllowExceptions(const std::string& host) override;
bool HasAllowException(const std::string& host) const override;
// RevokeUserAllowExceptionsHard is the same as RevokeUserAllowExceptions but
// additionally may close idle connections in the process. This should be used
// *only* for rare events, such as a user controlled button, as it may be very
// disruptive to the networking stack.
virtual void RevokeUserAllowExceptionsHard(const std::string& host);
// Called when an error page is displayed for a given error code |error|.
// Tracks whether an error of interest has recurred over a threshold number of
// times.
void DidDisplayErrorPage(int error);
// Returns true if DidDisplayErrorPage() has been called over a threshold
// number of times for a particular error in a particular time period. Always
// returns false if |kRecurrentInterstitialFeature| is not enabled. The number
// of times and time period are controlled by the feature parameters. Only
// certain error codes of interest are tracked, so this may return false for
// an error code that has recurred.
bool HasSeenRecurrentErrors(int error) const;
void ResetRecurrentErrorCountForTesting();
// SetClockForTesting takes ownership of the passed in clock.
void SetClockForTesting(std::unique_ptr<base::Clock> clock);
// Used to specify whether new content setting entries should be created if
// they don't already exist when querying the user's settings.
enum CreateDictionaryEntriesDisposition {
// Returns a dictionary of certificate fingerprints and errors that have been
// allowed as exceptions by the user.
// |dict| specifies the user's full exceptions dictionary for a specific site
// in their content settings. Must be retrieved directly from a website
// setting in the the profile's HostContentSettingsMap.
// If |create_entries| specifies CreateDictionaryEntries, then
// GetValidCertDecisionsDict will create a new set of entries within the
// dictionary if they do not already exist. Otherwise will fail and return if
// NULL if they do not exist.
// |expired_previous_decision| is set to true if there had been a previous
// decision made by the user but it has expired. Otherwise it is set to false.
base::DictionaryValue* GetValidCertDecisionsDict(
base::DictionaryValue* dict,
CreateDictionaryEntriesDisposition create_entries,
bool* expired_previous_decision);
std::unique_ptr<base::Clock> clock_;
Profile* profile_;
// A BrokenHostEntry is a pair of (host, child_id) that indicates the host
// contains insecure content in that renderer process.
typedef std::pair<std::string, int> BrokenHostEntry;
// Hosts which have been contaminated with insecure mixed content in the
// specified process. Note that insecure content can travel between
// same-origin frames in one processs but cannot jump between processes.
std::set<BrokenHostEntry> ran_mixed_content_hosts_;
// Hosts which have been contaminated with content with certificate errors in
// the specific process.
std::set<BrokenHostEntry> ran_content_with_cert_errors_hosts_;
// Tracks how many times an error page has been shown for a given error, up
// to a certain threshold value.
std::map<int /* error code */, int /* count */> recurrent_errors_;