Remember that we've white listed a certificate when we switch to a new tab.

R=wtc
BUG=6456

Review URL: http://codereview.chromium.org/20296

git-svn-id: svn://svn.chromium.org/chrome/trunk/src@9747 0039d316-1c4b-4281-b951-d872f2087c98

4 files changed, 150 insertions, 49 deletions

diff --git a/chrome/browser/ssl/ssl_host_state.cc b/chrome/browser/ssl/ssl_host_state.cc
new file mode 100755
index 0000000..5bee7d9
--- /dev/null
+++ b/chrome/browser/ssl/ssl_host_state.cc
@@ -0,0 +1,47 @@
+// Copyright (c) 2006-2009 The Chromium Authors. All rights reserved.
+// Use of this source code is governed by a BSD-style license that can be
+// found in the LICENSE file.
+
+#include "chrome/browser/ssl/ssl_host_state.h"
+
+SSLHostState::SSLHostState() {
+}
+
+SSLHostState::~SSLHostState() {
+}
+
+void SSLHostState::DenyCertForHost(net::X509Certificate* cert,
+                                   const std::string& host) {
+  DCHECK(CalledOnValidThread());
+
+  // Remember that we don't like this cert for this host.
+  cert_policy_for_host_[host].Deny(cert);
+}
+
+void SSLHostState::AllowCertForHost(net::X509Certificate* cert,
+                                    const std::string& host) {
+  DCHECK(CalledOnValidThread());
+
+  // Remember that we do like this cert for this host.
+  cert_policy_for_host_[host].Allow(cert);
+}
+
+net::X509Certificate::Policy::Judgment SSLHostState::QueryPolicy(
+    net::X509Certificate* cert, const std::string& host) {
+  DCHECK(CalledOnValidThread());
+
+  return cert_policy_for_host_[host].Check(cert);
+}
+
+bool SSLHostState::CanShowInsecureContent(const GURL& url) {
+  DCHECK(CalledOnValidThread());
+
+  return (can_show_insecure_content_for_host_.find(url.host()) !=
+      can_show_insecure_content_for_host_.end());
+}
+
+void SSLHostState::AllowShowInsecureContentForURL(const GURL& url) {
+  DCHECK(CalledOnValidThread());
+
+  can_show_insecure_content_for_host_.insert(url.host());
+}
diff --git a/chrome/browser/ssl/ssl_host_state.h b/chrome/browser/ssl/ssl_host_state.h
new file mode 100755
index 0000000..6d0194f
--- /dev/null
+++ b/chrome/browser/ssl/ssl_host_state.h
@@ -0,0 +1,59 @@
+// Copyright (c) 2006-2009 The Chromium Authors. All rights reserved.
+// Use of this source code is governed by a BSD-style license that can be
+// found in the LICENSE file.
+
+#ifndef CHROME_BROWSER_SSL_SSL_HOST_STATE_H_
+#define CHROME_BROWSER_SSL_SSL_HOST_STATE_H_
+
+#include <string>
+#include <map>
+#include <set>
+
+#include "base/basictypes.h"
+#include "base/non_thread_safe.h"
+#include "googleurl/src/gurl.h"
+#include "net/base/x509_certificate.h"
+
+// SSLHostState
+//
+// The SSLHostState encapulates the host-specific state for SSL errors.  For
+// example, SSLHostState rememebers whether the user has whitelisted a
+// particular broken cert for use with particular host.  We separate this state
+// from the SSLManager because this state is shared across many navigation
+// controllers.
+
+class SSLHostState : public NonThreadSafe {
+ public:
+  SSLHostState();
+  ~SSLHostState();
+
+  // Records that |cert| is permitted to be used for |host| in the future.
+  void DenyCertForHost(net::X509Certificate* cert, const std::string& host);
+
+  // Records that |cert| is not permitted to be used for |host| in the future.
+  void AllowCertForHost(net::X509Certificate* cert, const std::string& host);
+
+  // Queries whether |cert| is allowed or denied for |host|.
+  net::X509Certificate::Policy::Judgment QueryPolicy(
+      net::X509Certificate* cert, const std::string& host);
+
+  // Allow mixed/unsafe content to be visible (non filtered) for the specified
+  // URL.
+  // Note that the current implementation allows on a host name basis.
+  void AllowShowInsecureContentForURL(const GURL& url);
+
+  // Returns whether the specified URL is allowed to show insecure (mixed or
+  // unsafe) content.
+  bool CanShowInsecureContent(const GURL& url);
+
+ private:
+  // Certificate policies for each host.
+  std::map<std::string, net::X509Certificate::Policy> cert_policy_for_host_;
+
+  // Domains for which it is OK to show insecure content.
+  std::set<std::string> can_show_insecure_content_for_host_;
+
+  DISALLOW_COPY_AND_ASSIGN(SSLHostState);
+};
+
+#endif  // CHROME_BROWSER_SSL_SSL_HOST_STATE_H_
diff --git a/chrome/browser/ssl/ssl_manager.cc b/chrome/browser/ssl/ssl_manager.cc
index 910d43f..195d25e 100644
--- a/chrome/browser/ssl/ssl_manager.cc
+++ b/chrome/browser/ssl/ssl_manager.cc
@@ -12,6 +12,7 @@
 #include "chrome/browser/renderer_host/render_view_host.h"
 #include "chrome/browser/renderer_host/resource_request_details.h"
 #include "chrome/browser/ssl/ssl_error_info.h"
+#include "chrome/browser/ssl/ssl_host_state.h"
 #include "chrome/browser/tab_contents/navigation_controller.h"
 #include "chrome/browser/tab_contents/navigation_entry.h"
 #include "chrome/browser/tab_contents/provisional_load_details.h"
@@ -43,14 +44,14 @@
 
 class SSLInfoBarDelegate : public ConfirmInfoBarDelegate {
  public:
-   SSLInfoBarDelegate(TabContents* contents,
-                      const std::wstring message,
-                      const std::wstring& button_label,
-                      Task* task)
-      : ConfirmInfoBarDelegate(contents),
-        message_(message),
-        button_label_(button_label),
-        task_(task) {
+  SSLInfoBarDelegate(TabContents* contents,
+                     const std::wstring message,
+                     const std::wstring& button_label,
+                     Task* task)
+    : ConfirmInfoBarDelegate(contents),
+      message_(message),
+      button_label_(button_label),
+      task_(task) {
   }
   virtual ~SSLInfoBarDelegate() {}
 
@@ -101,7 +102,8 @@ void SSLManager::RegisterUserPrefs(PrefService* prefs) {
 
 SSLManager::SSLManager(NavigationController* controller, Delegate* delegate)
     : delegate_(delegate),
-      controller_(controller) {
+      controller_(controller),
+      ssl_host_state_(controller->profile()->GetSSLHostState()) {
   DCHECK(controller_);
 
   // If do delegate is supplied, use the default policy.
@@ -191,33 +193,27 @@ void SSLManager::AddMessageToConsole(const std::wstring& msg,
 void SSLManager::DenyCertForHost(net::X509Certificate* cert,
                                  const std::string& host) {
   // Remember that we don't like this cert for this host.
-  // TODO(abarth): Do we want to persist this information in the user's profile?
-  cert_policy_for_host_[host].Deny(cert);
+  ssl_host_state_->DenyCertForHost(cert, host);
 }
 
 // Delegate API method.
 void SSLManager::AllowCertForHost(net::X509Certificate* cert,
                                   const std::string& host) {
-  // Remember that we do like this cert for this host.
-  // TODO(abarth): Do we want to persist this information in the user's profile?
-  cert_policy_for_host_[host].Allow(cert);
+  ssl_host_state_->AllowCertForHost(cert, host);
 }
 
 // Delegate API method.
 net::X509Certificate::Policy::Judgment SSLManager::QueryPolicy(
     net::X509Certificate* cert, const std::string& host) {
-  // TODO(abarth): Do we want to read this information from the user's profile?
-  return cert_policy_for_host_[host].Check(cert);
+  return ssl_host_state_->QueryPolicy(cert, host);
 }
 
 bool SSLManager::CanShowInsecureContent(const GURL& url) {
-  // TODO(jcampan): Do we want to read this information from the user's profile?
-  return (can_show_insecure_content_for_host_.find(url.host()) !=
-      can_show_insecure_content_for_host_.end());
+  return ssl_host_state_->CanShowInsecureContent(url);
 }
 
 void SSLManager::AllowShowInsecureContentForURL(const GURL& url) {
-  can_show_insecure_content_for_host_.insert(url.host());
+  ssl_host_state_->AllowShowInsecureContentForURL(url);
 }
 
 bool SSLManager::ProcessedSSLErrorFromRequest() const {
@@ -609,7 +605,7 @@ void SSLManager::DidCommitProvisionalLoad(
       // If the frame has been blocked we keep our security style as
       // authenticated in that case as nothing insecure is actually showing or
       // loaded.
-      if (!details->is_content_filtered && 
+      if (!details->is_content_filtered &&
           !details->entry->ssl().has_mixed_content()) {
         details->entry->ssl().set_has_mixed_content();
         changed = true;
diff --git a/chrome/browser/ssl/ssl_manager.h b/chrome/browser/ssl/ssl_manager.h
index 2c013a9..0b1842e 100644
--- a/chrome/browser/ssl/ssl_manager.h
+++ b/chrome/browser/ssl/ssl_manager.h
@@ -2,11 +2,12 @@
 // Use of this source code is governed by a BSD-style license that can be
 // found in the LICENSE file.
 
-#ifndef CHROME_BROWSER_SSL_MANAGER_H_
-#define CHROME_BROWSER_SSL_MANAGER_H_
+#ifndef CHROME_BROWSER_SSL_SSL_MANAGER_H_
+#define CHROME_BROWSER_SSL_SSL_MANAGER_H_
 
 #include <string>
 #include <map>
+#include <vector>
 
 #include "base/basictypes.h"
 #include "base/observer_list.h"
@@ -32,6 +33,7 @@ class PrefService;
 class ResourceRedirectDetails;
 class ResourceRequestDetails;
 class SSLErrorInfo;
+class SSLHostState;
 class Task;
 class URLRequest;
 class WebContents;
@@ -59,7 +61,7 @@ class SSLManager : public NotificationObserver {
   // necessary for ensuring the instance is not leaked.
   class ErrorHandler : public base::RefCountedThreadSafe<ErrorHandler> {
    public:
-     virtual ~ErrorHandler() { }
+    virtual ~ErrorHandler() { }
 
     // Find the appropriate SSLManager for the URLRequest and begin handling
     // this error.
@@ -71,7 +73,7 @@ class SSLManager : public NotificationObserver {
     const GURL& request_url() const { return request_url_; }
 
     // Call on the UI thread.
-    SSLManager* manager() const { return manager_; };
+    SSLManager* manager() const { return manager_; }
 
     // Returns the WebContents this object is associated with.  Should be
     // called from the UI thread.
@@ -162,8 +164,8 @@ class SSLManager : public NotificationObserver {
     const GURL request_url_;  // The URL that we requested.
 
     // Should only be accessed on the IO thread
-    bool request_has_been_notified_; // A flag to make sure we notify the
-                                     // URLRequest exactly once.
+    bool request_has_been_notified_;  // A flag to make sure we notify the
+                                      // URLRequest exactly once.
 
     DISALLOW_EVIL_CONSTRUCTORS(ErrorHandler);
   };
@@ -198,7 +200,7 @@ class SSLManager : public NotificationObserver {
 
     // These read-only members can be accessed on any thread.
     net::SSLInfo ssl_info_;
-    const int cert_error_; // The error we represent.
+    const int cert_error_;  // The error we represent.
 
     // What kind of resource is associated with the requested that generated
     // that error.
@@ -337,7 +339,7 @@ class SSLManager : public NotificationObserver {
   // Called when a mixed-content sub-resource request has been detected.  The
   // request is not started yet.  The SSLManager will make a decision on whether
   // to filter that request's content (with the filter_policy flag).
-  // TODO (jcampan): Implement a way to just cancel the request.  This is not
+  // TODO(jcampan): Implement a way to just cancel the request.  This is not
   // straight-forward as canceling a request that has not been started will
   // not remove from the pending_requests_ of the ResourceDispatcherHost.
   // Called on the IO thread.
@@ -398,24 +400,25 @@ class SSLManager : public NotificationObserver {
   // in an info-bar.
   struct SSLMessageInfo {
    public:
-     explicit SSLMessageInfo(const std::wstring& text)
+    explicit SSLMessageInfo(const std::wstring& text)
         : message(text),
           action(NULL) { }
-     SSLMessageInfo(const std::wstring& message,
-                    const std::wstring& link_text,
-                    Task* action)
+
+    SSLMessageInfo(const std::wstring& message,
+                   const std::wstring& link_text,
+                   Task* action)
         : message(message), link_text(link_text), action(action) { }
 
-     // Overridden so that std::find works.
-     bool operator==(const std::wstring& other_message) const {
-       // We are uniquing SSLMessageInfo by their message only.
-       return message == other_message;
-     }
+    // Overridden so that std::find works.
+    bool operator==(const std::wstring& other_message) const {
+      // We are uniquing SSLMessageInfo by their message only.
+      return message == other_message;
+    }
 
-     std::wstring message;
-     std::wstring link_text;
-     Task* action;
-   };
+    std::wstring message;
+    std::wstring link_text;
+    Task* action;
+  };
 
   // Entry points for notifications to which we subscribe. Note that
   // DidCommitProvisionalLoad uses the abstract NotificationDetails type since
@@ -447,11 +450,8 @@ class SSLManager : public NotificationObserver {
   // Handles registering notifications with the NotificationService.
   NotificationRegistrar registrar_;
 
-  // Certificate policies for each host.
-  std::map<std::string, net::X509Certificate::Policy> cert_policy_for_host_;
-
-  // Domains for which it is OK to show insecure content.
-  std::set<std::string> can_show_insecure_content_for_host_;
+  // SSL state specific for each host.
+  SSLHostState* ssl_host_state_;
 
   // The list of messages that should be displayed (in info bars) when the page
   // currently loading had loaded.
@@ -460,5 +460,4 @@ class SSLManager : public NotificationObserver {
   DISALLOW_COPY_AND_ASSIGN(SSLManager);
 };
 
-#endif // CHROME_BROWSER_SSL_MANAGER_H_
-
+#endif  // CHROME_BROWSER_SSL_SSL_MANAGER_H_