chrome/browser/ssl/chrome_ssl_host_state_delegate.h - chromium/src - Git at Google

 // Copyright 2014 The Chromium Authors. All rights reserved.
 // Use of this source code is governed by a BSD-style license that can be
 // found in the LICENSE file.

 #ifndef CHROME_BROWSER_SSL_CHROME_SSL_HOST_STATE_DELEGATE_H_
 #define CHROME_BROWSER_SSL_CHROME_SSL_HOST_STATE_DELEGATE_H_

 #include <memory>
 #include <set>

 #include "base/feature_list.h"
 #include "base/macros.h"
 #include "base/time/time.h"
 #include "content/public/browser/ssl_host_state_delegate.h"

 class Profile;

 namespace base {
 class Clock;
 class DictionaryValue;
 }  //  namespace base

 namespace user_prefs {
 class PrefRegistrySyncable;
 }  // namespace user_prefs

 // The Finch feature that controls whether a message is shown when users
 // encounter the same error multiiple times.
 extern const base::Feature kRecurrentInterstitialFeature;

 // Tracks state related to certificate and SSL errors. This state includes:
 // - certificate error exceptions (which are remembered for a particular length
 //   of time depending on experimental groups)
 // - mixed content exceptions
 // - when errors have recurred multiple times
 class ChromeSSLHostStateDelegate : public content::SSLHostStateDelegate {
  public:
   explicit ChromeSSLHostStateDelegate(Profile* profile);
   ~ChromeSSLHostStateDelegate() override;

   static void RegisterProfilePrefs(user_prefs::PrefRegistrySyncable* registry);

   // content::SSLHostStateDelegate overrides:
   void AllowCert(const std::string& host,
                  const net::X509Certificate& cert,
                  int error) override;
   void Clear(
       const base::Callback<bool(const std::string&)>& host_filter) override;
   CertJudgment QueryPolicy(const std::string& host,
                            const net::X509Certificate& cert,
                            int error,
                            bool* expired_previous_decision) override;
   void HostRanInsecureContent(const std::string& host,
                               int child_id,
                               InsecureContentType content_type) override;
   bool DidHostRunInsecureContent(
       const std::string& host,
       int child_id,
       InsecureContentType content_type) const override;
   void RevokeUserAllowExceptions(const std::string& host) override;
   bool HasAllowException(const std::string& host) const override;

   // RevokeUserAllowExceptionsHard is the same as RevokeUserAllowExceptions but
   // additionally may close idle connections in the process. This should be used
   // *only* for rare events, such as a user controlled button, as it may be very
   // disruptive to the networking stack.
   virtual void RevokeUserAllowExceptionsHard(const std::string& host);

   // Called when an error page is displayed for a given error code |error|.
   // Tracks whether an error of interest has recurred over a threshold number of
   // times.
   void DidDisplayErrorPage(int error);

   // Returns true if DidDisplayErrorPage() has been called over a threshold
   // number of times for a particular error in a particular time period. Always
   // returns false if |kRecurrentInterstitialFeature| is not enabled. The number
   // of times and time period are controlled by the feature parameters. Only
   // certain error codes of interest are tracked, so this may return false for
   // an error code that has recurred.
   bool HasSeenRecurrentErrors(int error) const;

   void ResetRecurrentErrorCountForTesting();

   // SetClockForTesting takes ownership of the passed in clock.
   void SetClockForTesting(std::unique_ptr<base::Clock> clock);

  private:
   // Used to specify whether new content setting entries should be created if
   // they don't already exist when querying the user's settings.
   enum CreateDictionaryEntriesDisposition {
     CREATE_DICTIONARY_ENTRIES,
     DO_NOT_CREATE_DICTIONARY_ENTRIES
   };

   // Returns a dictionary of certificate fingerprints and errors that have been
   // allowed as exceptions by the user.
   //
   // |dict| specifies the user's full exceptions dictionary for a specific site
   // in their content settings. Must be retrieved directly from a website
   // setting in the the profile's HostContentSettingsMap.
   //
   // If |create_entries| specifies CreateDictionaryEntries, then
   // GetValidCertDecisionsDict will create a new set of entries within the
   // dictionary if they do not already exist. Otherwise will fail and return if
   // NULL if they do not exist.
   //
   // |expired_previous_decision| is set to true if there had been a previous
   // decision made by the user but it has expired. Otherwise it is set to false.
   base::DictionaryValue* GetValidCertDecisionsDict(
       base::DictionaryValue* dict,
       CreateDictionaryEntriesDisposition create_entries,
       bool* expired_previous_decision);

   std::unique_ptr<base::Clock> clock_;
   Profile* profile_;

   // A BrokenHostEntry is a pair of (host, child_id) that indicates the host
   // contains insecure content in that renderer process.
   typedef std::pair<std::string, int> BrokenHostEntry;

   // Hosts which have been contaminated with insecure mixed content in the
   // specified process.  Note that insecure content can travel between
   // same-origin frames in one processs but cannot jump between processes.
   std::set<BrokenHostEntry> ran_mixed_content_hosts_;

   // Hosts which have been contaminated with content with certificate errors in
   // the specific process.
   std::set<BrokenHostEntry> ran_content_with_cert_errors_hosts_;

   // Tracks how many times an error page has been shown for a given error, up
   // to a certain threshold value.
   std::map<int /* error code */, int /* count */> recurrent_errors_;

   DISALLOW_COPY_AND_ASSIGN(ChromeSSLHostStateDelegate);
 };

 #endif  // CHROME_BROWSER_SSL_CHROME_SSL_HOST_STATE_DELEGATE_H_
	// Copyright 2014 The Chromium Authors. All rights reserved.
	// Use of this source code is governed by a BSD-style license that can be
	// found in the LICENSE file.

	#ifndef CHROME_BROWSER_SSL_CHROME_SSL_HOST_STATE_DELEGATE_H_
	#define CHROME_BROWSER_SSL_CHROME_SSL_HOST_STATE_DELEGATE_H_

	#include <memory>
	#include <set>

	#include "base/feature_list.h"
	#include "base/macros.h"
	#include "base/time/time.h"
	#include "content/public/browser/ssl_host_state_delegate.h"

	class Profile;

	namespace base {
	class Clock;
	class DictionaryValue;
	} // namespace base

	namespace user_prefs {
	class PrefRegistrySyncable;
	} // namespace user_prefs

	// The Finch feature that controls whether a message is shown when users
	// encounter the same error multiiple times.
	extern const base::Feature kRecurrentInterstitialFeature;

	// Tracks state related to certificate and SSL errors. This state includes:
	// - certificate error exceptions (which are remembered for a particular length
	// of time depending on experimental groups)
	// - mixed content exceptions
	// - when errors have recurred multiple times
	class ChromeSSLHostStateDelegate : public content::SSLHostStateDelegate {
	public:
	explicit ChromeSSLHostStateDelegate(Profile* profile);
	~ChromeSSLHostStateDelegate() override;

	static void RegisterProfilePrefs(user_prefs::PrefRegistrySyncable* registry);

	// content::SSLHostStateDelegate overrides:
	void AllowCert(const std::string& host,
	const net::X509Certificate& cert,
	int error) override;
	void Clear(
	const base::Callback<bool(const std::string&)>& host_filter) override;
	CertJudgment QueryPolicy(const std::string& host,
	const net::X509Certificate& cert,
	int error,
	bool* expired_previous_decision) override;
	void HostRanInsecureContent(const std::string& host,
	int child_id,
	InsecureContentType content_type) override;
	bool DidHostRunInsecureContent(
	const std::string& host,
	int child_id,
	InsecureContentType content_type) const override;
	void RevokeUserAllowExceptions(const std::string& host) override;
	bool HasAllowException(const std::string& host) const override;

	// RevokeUserAllowExceptionsHard is the same as RevokeUserAllowExceptions but
	// additionally may close idle connections in the process. This should be used
	// only for rare events, such as a user controlled button, as it may be very
	// disruptive to the networking stack.
	virtual void RevokeUserAllowExceptionsHard(const std::string& host);

	// Called when an error page is displayed for a given error code \|error\|.
	// Tracks whether an error of interest has recurred over a threshold number of
	// times.
	void DidDisplayErrorPage(int error);

	// Returns true if DidDisplayErrorPage() has been called over a threshold
	// number of times for a particular error in a particular time period. Always
	// returns false if \|kRecurrentInterstitialFeature\| is not enabled. The number
	// of times and time period are controlled by the feature parameters. Only
	// certain error codes of interest are tracked, so this may return false for
	// an error code that has recurred.
	bool HasSeenRecurrentErrors(int error) const;

	void ResetRecurrentErrorCountForTesting();

	// SetClockForTesting takes ownership of the passed in clock.
	void SetClockForTesting(std::unique_ptr<base::Clock> clock);

	private:
	// Used to specify whether new content setting entries should be created if
	// they don't already exist when querying the user's settings.
	enum CreateDictionaryEntriesDisposition {
	CREATE_DICTIONARY_ENTRIES,
	DO_NOT_CREATE_DICTIONARY_ENTRIES
	};

	// Returns a dictionary of certificate fingerprints and errors that have been
	// allowed as exceptions by the user.
	//
	// \|dict\| specifies the user's full exceptions dictionary for a specific site
	// in their content settings. Must be retrieved directly from a website
	// setting in the the profile's HostContentSettingsMap.
	//
	// If \|create_entries\| specifies CreateDictionaryEntries, then
	// GetValidCertDecisionsDict will create a new set of entries within the
	// dictionary if they do not already exist. Otherwise will fail and return if
	// NULL if they do not exist.
	//
	// \|expired_previous_decision\| is set to true if there had been a previous
	// decision made by the user but it has expired. Otherwise it is set to false.
	base::DictionaryValue* GetValidCertDecisionsDict(
	base::DictionaryValue* dict,
	CreateDictionaryEntriesDisposition create_entries,
	bool* expired_previous_decision);

	std::unique_ptr<base::Clock> clock_;
	Profile* profile_;

	// A BrokenHostEntry is a pair of (host, child_id) that indicates the host
	// contains insecure content in that renderer process.
	typedef std::pair<std::string, int> BrokenHostEntry;

	// Hosts which have been contaminated with insecure mixed content in the
	// specified process. Note that insecure content can travel between
	// same-origin frames in one processs but cannot jump between processes.
	std::set<BrokenHostEntry> ran_mixed_content_hosts_;

	// Hosts which have been contaminated with content with certificate errors in
	// the specific process.
	std::set<BrokenHostEntry> ran_content_with_cert_errors_hosts_;

	// Tracks how many times an error page has been shown for a given error, up
	// to a certain threshold value.
	std::map<int /* error code /, int / count */> recurrent_errors_;

	DISALLOW_COPY_AND_ASSIGN(ChromeSSLHostStateDelegate);
	};

	#endif // CHROME_BROWSER_SSL_CHROME_SSL_HOST_STATE_DELEGATE_H_