1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. 2 // Use of this source code is governed by a BSD-style license that can be 3 // found in the LICENSE file. 4 5 #ifndef CONTENT_BROWSER_SSL_SSL_POLICY_H_ 6 #define CONTENT_BROWSER_SSL_SSL_POLICY_H_ 7 8 #include <string> 9 10 #include "base/memory/ref_counted.h" 11 #include "webkit/common/resource_type.h" 12 13 namespace content { 14 class NavigationEntryImpl; 15 class SSLCertErrorHandler; 16 class SSLPolicyBackend; 17 class SSLRequestInfo; 18 class WebContentsImpl; 19 20 // SSLPolicy 21 // 22 // This class is responsible for making the security decisions that concern the 23 // SSL trust indicators. It relies on the SSLPolicyBackend to actually enact 24 // the decisions it reaches. 25 // 26 class SSLPolicy { 27 public: 28 explicit SSLPolicy(SSLPolicyBackend* backend); 29 30 // An error occurred with the certificate in an SSL connection. 31 void OnCertError(SSLCertErrorHandler* handler); 32 33 void DidRunInsecureContent(NavigationEntryImpl* entry, 34 const std::string& security_origin); 35 36 // We have started a resource request with the given info. 37 void OnRequestStarted(SSLRequestInfo* info); 38 39 // Update the SSL information in |entry| to match the current state. 40 // |web_contents| is the WebContentsImpl associated with this entry. 41 void UpdateEntry(NavigationEntryImpl* entry, 42 WebContentsImpl* web_contents); 43 backend()44 SSLPolicyBackend* backend() const { return backend_; } 45 46 private: 47 // Callback that the user chose to accept or deny the certificate. 48 void OnAllowCertificate(scoped_refptr<SSLCertErrorHandler> handler, 49 bool allow); 50 51 // Helper method for derived classes handling certificate errors. 52 // 53 // |overridable| indicates whether or not the user could (assuming perfect 54 // knowledge) successfully override the error and still get the security 55 // guarantees of TLS. |strict_enforcement| indicates whether or not the 56 // site the user is trying to connect to has requested strict enforcement 57 // of certificate validation (e.g. with HTTP Strict-Transport-Security). 58 void OnCertErrorInternal(SSLCertErrorHandler* handler, 59 bool overridable, 60 bool strict_enforcement); 61 62 // If the security style of |entry| has not been initialized, then initialize 63 // it with the default style for its URL. 64 void InitializeEntryIfNeeded(NavigationEntryImpl* entry); 65 66 // Mark |origin| as having run insecure content in the process with ID |pid|. 67 void OriginRanInsecureContent(const std::string& origin, int pid); 68 69 // The backend we use to enact our decisions. 70 SSLPolicyBackend* backend_; 71 72 DISALLOW_COPY_AND_ASSIGN(SSLPolicy); 73 }; 74 75 } // namespace content 76 77 #endif // CONTENT_BROWSER_SSL_SSL_POLICY_H_ 78