Home | History | Annotate | Download | only in ssl 
      1 // Copyright (c) 2012 The Chromium Authors. All rights reserved.
      2 // Use of this source code is governed by a BSD-style license that can be
      3 // found in the LICENSE file.
      4 
      5 #ifndef CONTENT_BROWSER_SSL_SSL_POLICY_H_
      6 #define CONTENT_BROWSER_SSL_SSL_POLICY_H_
      7 
      8 #include <string>
      9 
     10 #include "base/memory/ref_counted.h"
     11 #include "webkit/common/resource_type.h"
     12 
     13 namespace content {
     14 class NavigationEntryImpl;
     15 class SSLCertErrorHandler;
     16 class SSLPolicyBackend;
     17 class SSLRequestInfo;
     18 class WebContentsImpl;
     19 
     20 // SSLPolicy
     21 //
     22 // This class is responsible for making the security decisions that concern the
     23 // SSL trust indicators.  It relies on the SSLPolicyBackend to actually enact
     24 // the decisions it reaches.
     25 //
     26 class SSLPolicy {
     27  public:
     28   explicit SSLPolicy(SSLPolicyBackend* backend);
     29 
     30   // An error occurred with the certificate in an SSL connection.
     31   void OnCertError(SSLCertErrorHandler* handler);
     32 
     33   void DidRunInsecureContent(NavigationEntryImpl* entry,
     34                              const std::string& security_origin);
     35 
     36   // We have started a resource request with the given info.
     37   void OnRequestStarted(SSLRequestInfo* info);
     38 
     39   // Update the SSL information in |entry| to match the current state.
     40   // |web_contents| is the WebContentsImpl associated with this entry.
     41   void UpdateEntry(NavigationEntryImpl* entry,
     42                    WebContentsImpl* web_contents);
     43 
     44   SSLPolicyBackend* backend() const { return backend_; }
     45 
     46  private:
     47   // Callback that the user chose to accept or deny the certificate.
     48   void OnAllowCertificate(scoped_refptr<SSLCertErrorHandler> handler,
     49                           bool allow);
     50 
     51   // Helper method for derived classes handling certificate errors.
     52   //
     53   // |overridable| indicates whether or not the user could (assuming perfect
     54   // knowledge) successfully override the error and still get the security
     55   // guarantees of TLS. |strict_enforcement| indicates whether or not the
     56   // site the user is trying to connect to has requested strict enforcement
     57   // of certificate validation (e.g. with HTTP Strict-Transport-Security).
     58   void OnCertErrorInternal(SSLCertErrorHandler* handler,
     59                            bool overridable,
     60                            bool strict_enforcement);
     61 
     62   // If the security style of |entry| has not been initialized, then initialize
     63   // it with the default style for its URL.
     64   void InitializeEntryIfNeeded(NavigationEntryImpl* entry);
     65 
     66   // Mark |origin| as having run insecure content in the process with ID |pid|.
     67   void OriginRanInsecureContent(const std::string& origin, int pid);
     68 
     69   // The backend we use to enact our decisions.
     70   SSLPolicyBackend* backend_;
     71 
     72   DISALLOW_COPY_AND_ASSIGN(SSLPolicy);
     73 };
     74 
     75 }  // namespace content
     76 
     77 #endif  // CONTENT_BROWSER_SSL_SSL_POLICY_H_
     78