[SSL] Componentize ChromeSSLHostStateDelegate
This class will shortly be shared by WebLayer's SSL interstitial
embedding so that the logic on when to allow users bypass SSL
interstitials is shared between WebLayer and Chrome.
As part of the componentization, also componentizes a pref that is used
by this class.
Bug: 1030692
Change-Id: I0d4e8a84b8b14637ad6380a99c7fec94310c01c5
Reviewed-on: https://chromium-review.googlesource.com/c/chromium/src/+/2062433
Reviewed-by: Carlos IL <[email protected]>
Commit-Queue: Colin Blundell <[email protected]>
Cr-Commit-Position: refs/heads/master@{#742571}
diff --git a/chrome/browser/BUILD.gn b/chrome/browser/BUILD.gn
index 8911015e..f2b45b0 100644
--- a/chrome/browser/BUILD.gn
+++ b/chrome/browser/BUILD.gn
@@ -1726,8 +1726,6 @@
"ssl/certificate_error_reporter.h",
"ssl/chrome_security_blocking_page_factory.cc",
"ssl/chrome_security_blocking_page_factory.h",
- "ssl/chrome_ssl_host_state_delegate.cc",
- "ssl/chrome_ssl_host_state_delegate.h",
"ssl/chrome_ssl_host_state_delegate_factory.cc",
"ssl/chrome_ssl_host_state_delegate_factory.h",
"ssl/connection_help_tab_helper.cc",
diff --git a/chrome/browser/about_flags.cc b/chrome/browser/about_flags.cc
index c8f635c5..cea95c50 100644
--- a/chrome/browser/about_flags.cc
+++ b/chrome/browser/about_flags.cc
@@ -48,7 +48,6 @@
#include "chrome/browser/sharing/sms/sms_flags.h"
#include "chrome/browser/sharing/webrtc/webrtc_flags.h"
#include "chrome/browser/signin/account_consistency_mode_manager.h"
-#include "chrome/browser/ssl/chrome_ssl_host_state_delegate.h"
#include "chrome/browser/ui/ui_features.h"
#include "chrome/browser/unexpire_flags.h"
#include "chrome/common/buildflags.h"
@@ -105,6 +104,7 @@
#include "components/previews/core/previews_switches.h"
#include "components/printing/browser/features.h"
#include "components/safe_browsing/core/features.h"
+#include "components/security_interstitials/content/chrome_ssl_host_state_delegate.h"
#include "components/security_interstitials/core/features.h"
#include "components/security_state/core/features.h"
#include "components/security_state/core/security_state.h"
diff --git a/chrome/browser/browsing_data/chrome_browsing_data_remover_delegate_unittest.cc b/chrome/browser/browsing_data/chrome_browsing_data_remover_delegate_unittest.cc
index 8713760..f6168e1 100644
--- a/chrome/browser/browsing_data/chrome_browsing_data_remover_delegate_unittest.cc
+++ b/chrome/browser/browsing_data/chrome_browsing_data_remover_delegate_unittest.cc
@@ -49,7 +49,6 @@
#include "chrome/browser/permissions/adaptive_quiet_notification_permission_ui_enabler.h"
#include "chrome/browser/permissions/permission_decision_auto_blocker_factory.h"
#include "chrome/browser/safe_browsing/safe_browsing_service.h"
-#include "chrome/browser/ssl/chrome_ssl_host_state_delegate.h"
#include "chrome/browser/ssl/chrome_ssl_host_state_delegate_factory.h"
#include "chrome/browser/storage/durable_storage_permission_context.h"
#include "chrome/browser/subresource_filter/subresource_filter_profile_context_factory.h"
@@ -92,6 +91,7 @@
#include "components/permissions/permission_util.h"
#include "components/prefs/testing_pref_service.h"
#include "components/safe_browsing/core/verdict_cache_manager.h"
+#include "components/security_interstitials/content/chrome_ssl_host_state_delegate.h"
#include "content/public/browser/browser_task_traits.h"
#include "content/public/browser/browsing_data_filter_builder.h"
#include "content/public/browser/browsing_data_remover.h"
diff --git a/chrome/browser/prefs/browser_prefs.cc b/chrome/browser/prefs/browser_prefs.cc
index 1574feb..a0b6b11 100644
--- a/chrome/browser/prefs/browser_prefs.cc
+++ b/chrome/browser/prefs/browser_prefs.cc
@@ -65,7 +65,6 @@
#include "chrome/browser/rlz/chrome_rlz_tracker_delegate.h"
#include "chrome/browser/search/search.h"
#include "chrome/browser/sharing/sharing_sync_preference.h"
-#include "chrome/browser/ssl/chrome_ssl_host_state_delegate.h"
#include "chrome/browser/ssl/ssl_config_service_manager.h"
#include "chrome/browser/task_manager/task_manager_interface.h"
#include "chrome/browser/tracing/chrome_tracing_delegate.h"
@@ -129,6 +128,7 @@
#include "components/rappor/rappor_service_impl.h"
#include "components/safe_browsing/core/common/safe_browsing_prefs.h"
#include "components/search_engines/template_url_prepopulate_data.h"
+#include "components/security_interstitials/content/chrome_ssl_host_state_delegate.h"
#include "components/security_state/core/security_state.h"
#include "components/sessions/core/session_id_generator.h"
#include "components/signin/public/identity_manager/identity_manager.h"
diff --git a/chrome/browser/profiles/off_the_record_profile_impl.cc b/chrome/browser/profiles/off_the_record_profile_impl.cc
index acd5fb9..d1cd81f 100644
--- a/chrome/browser/profiles/off_the_record_profile_impl.cc
+++ b/chrome/browser/profiles/off_the_record_profile_impl.cc
@@ -42,7 +42,6 @@
#include "chrome/browser/prefs/pref_service_syncable_util.h"
#include "chrome/browser/profiles/profile_key.h"
#include "chrome/browser/profiles/profile_manager.h"
-#include "chrome/browser/ssl/chrome_ssl_host_state_delegate.h"
#include "chrome/browser/ssl/chrome_ssl_host_state_delegate_factory.h"
#include "chrome/browser/themes/theme_service.h"
#include "chrome/browser/transition_manager/full_browser_transition_manager.h"
@@ -58,6 +57,7 @@
#include "components/keyed_service/core/simple_key_map.h"
#include "components/keyed_service/core/simple_keyed_service_factory.h"
#include "components/prefs/json_pref_store.h"
+#include "components/security_interstitials/content/chrome_ssl_host_state_delegate.h"
#include "components/sync_preferences/pref_service_syncable.h"
#include "components/user_prefs/user_prefs.h"
#include "content/public/browser/browser_task_traits.h"
diff --git a/chrome/browser/profiles/profile_impl.cc b/chrome/browser/profiles/profile_impl.cc
index a3b0b35..55fbf20 100644
--- a/chrome/browser/profiles/profile_impl.cc
+++ b/chrome/browser/profiles/profile_impl.cc
@@ -94,7 +94,6 @@
#include "chrome/browser/signin/identity_manager_factory.h"
#include "chrome/browser/signin/signin_ui_util.h"
#include "chrome/browser/site_isolation/site_isolation_policy.h"
-#include "chrome/browser/ssl/chrome_ssl_host_state_delegate.h"
#include "chrome/browser/ssl/chrome_ssl_host_state_delegate_factory.h"
#include "chrome/browser/startup_data.h"
#include "chrome/browser/storage/storage_notification_service_factory.h"
@@ -134,6 +133,7 @@
#include "components/policy/core/common/cloud/user_cloud_policy_manager.h"
#include "components/pref_registry/pref_registry_syncable.h"
#include "components/prefs/scoped_user_pref_update.h"
+#include "components/security_interstitials/content/chrome_ssl_host_state_delegate.h"
#include "components/signin/public/base/signin_pref_names.h"
#include "components/signin/public/identity_manager/identity_manager.h"
#include "components/sync_preferences/pref_service_syncable.h"
diff --git a/chrome/browser/ssl/chrome_security_blocking_page_factory.cc b/chrome/browser/ssl/chrome_security_blocking_page_factory.cc
index 7f8ab679..1a55967d 100644
--- a/chrome/browser/ssl/chrome_security_blocking_page_factory.cc
+++ b/chrome/browser/ssl/chrome_security_blocking_page_factory.cc
@@ -11,10 +11,10 @@
#include "chrome/browser/history/history_service_factory.h"
#include "chrome/browser/profiles/profile.h"
#include "chrome/browser/renderer_preferences_util.h"
-#include "chrome/browser/ssl/chrome_ssl_host_state_delegate.h"
#include "chrome/browser/ssl/chrome_ssl_host_state_delegate_factory.h"
#include "chrome/browser/ssl/ssl_error_controller_client.h"
#include "chrome/common/channel_info.h"
+#include "components/security_interstitials/content/chrome_ssl_host_state_delegate.h"
#include "components/security_interstitials/content/content_metrics_helper.h"
#include "components/security_interstitials/content/ssl_blocking_page.h"
#include "components/security_interstitials/core/controller_client.h"
diff --git a/chrome/browser/ssl/chrome_ssl_host_state_delegate.cc b/chrome/browser/ssl/chrome_ssl_host_state_delegate.cc
deleted file mode 100644
index 18157166f..0000000
--- a/chrome/browser/ssl/chrome_ssl_host_state_delegate.cc
+++ /dev/null
@@ -1,694 +0,0 @@
-// Copyright 2014 The Chromium Authors. All rights reserved.
-// Use of this source code is governed by a BSD-style license that can be
-// found in the LICENSE file.
-
-#include "chrome/browser/ssl/chrome_ssl_host_state_delegate.h"
-
-#include <stdint.h>
-
-#include <functional>
-#include <set>
-#include <string>
-#include <utility>
-
-#include "base/base64.h"
-#include "base/bind.h"
-#include "base/callback.h"
-#include "base/command_line.h"
-#include "base/feature_list.h"
-#include "base/logging.h"
-#include "base/metrics/field_trial.h"
-#include "base/metrics/field_trial_params.h"
-#include "base/stl_util.h"
-#include "base/strings/string_number_conversions.h"
-#include "base/time/clock.h"
-#include "base/time/default_clock.h"
-#include "base/time/time.h"
-#include "base/values.h"
-#include "build/build_config.h"
-#include "chrome/common/pref_names.h"
-#include "components/content_settings/core/browser/host_content_settings_map.h"
-#include "components/content_settings/core/common/content_settings_types.h"
-#include "components/pref_registry/pref_registry_syncable.h"
-#include "components/prefs/pref_service.h"
-#include "components/prefs/scoped_user_pref_update.h"
-#include "components/variations/variations_associated_data.h"
-#include "content/public/browser/browser_context.h"
-#include "content/public/browser/storage_partition.h"
-#include "content/public/browser/web_contents.h"
-#include "content/public/common/content_switches.h"
-#include "net/base/hash_value.h"
-#include "net/base/url_util.h"
-#include "net/cert/x509_certificate.h"
-#include "services/network/public/cpp/features.h"
-#include "services/network/public/mojom/network_context.mojom.h"
-#include "url/gurl.h"
-
-namespace {
-
-#if defined(OS_ANDROID)
-ChromeSSLHostStateDelegate::RecurrentInterstitialMode
- kRecurrentInterstitialDefaultMode =
- ChromeSSLHostStateDelegate::RecurrentInterstitialMode::PREF;
-#else
-ChromeSSLHostStateDelegate::RecurrentInterstitialMode
- kRecurrentInterstitialDefaultMode =
- ChromeSSLHostStateDelegate::RecurrentInterstitialMode::IN_MEMORY;
-#endif
-
-// The number of times an error must recur before the recurrent error message is
-// shown.
-constexpr int kRecurrentInterstitialDefaultThreshold = 3;
-
-// If "mode" is "pref", a pref stores the time at which each error most recently
-// occurred, and the recurrent error message is shown if the error has recurred
-// more than the threshold number of times with the most recent instance being
-// less than |kRecurrentInterstitialResetTimeParam| seconds in the past. The
-// default is 3 days.
-constexpr int kRecurrentInterstitialDefaultResetTime =
- 259200; // 3 days in seconds
-
-// The default expiration for certificate error bypasses is one week, unless
-// overidden by a field trial group. See https://crbug.com/487270.
-const uint64_t kDeltaDefaultExpirationInSeconds = UINT64_C(604800);
-
-// Keys for the per-site error + certificate finger to judgment content
-// settings map.
-const char kSSLCertDecisionCertErrorMapKey[] = "cert_exceptions_map";
-const char kSSLCertDecisionExpirationTimeKey[] = "decision_expiration_time";
-const char kSSLCertDecisionVersionKey[] = "version";
-
-const int kDefaultSSLCertDecisionVersion = 1;
-
-// Records a new occurrence of |error|. The occurrence is stored in the
-// recurrent interstitial pref, which keeps track of the most recent timestamps
-// at which each error type occurred (up to the |threshold| most recent
-// instances per error). The list is reset if the clock has gone backwards at
-// any point.
-void UpdateRecurrentInterstitialPref(PrefService* pref_service,
- base::Clock* clock,
- int error,
- int threshold) {
- double now = clock->Now().ToJsTime();
-
- DictionaryPrefUpdate pref_update(pref_service,
- prefs::kRecurrentSSLInterstitial);
- base::Value* list_value =
- pref_update->FindKey(net::ErrorToShortString(error));
- if (list_value) {
- // Check that the values are in increasing order and wipe out the list if
- // not (presumably because the clock changed).
- double previous = 0;
- for (const auto& error_instance : list_value->GetList()) {
- double error_time = error_instance.GetDouble();
- if (error_time < previous) {
- list_value = nullptr;
- break;
- }
- previous = error_time;
- }
- if (now < previous)
- list_value = nullptr;
- }
-
- if (!list_value) {
- // Either there was no list of occurrences of this error, or it was corrupt
- // (i.e. out of order). Save a new list composed of just this one error
- // instance.
- base::ListValue error_list;
- error_list.Append(now);
- pref_update->SetKey(net::ErrorToShortString(error), std::move(error_list));
- } else {
- // Only up to |threshold| values need to be stored. If the list already
- // contains |threshold| values, pop one off the front and append the new one
- // at the end; otherwise just append the new one.
- while (base::MakeStrictNum(list_value->GetList().size()) >= threshold) {
- list_value->EraseListIter(list_value->GetList().begin());
- }
- list_value->Append(now);
- }
-}
-
-bool DoesRecurrentInterstitialPrefMeetThreshold(PrefService* pref_service,
- base::Clock* clock,
- int error,
- int threshold,
- int error_reset_time) {
- const base::DictionaryValue* pref =
- pref_service->GetDictionary(prefs::kRecurrentSSLInterstitial);
- const base::Value* list_value = pref->FindKey(net::ErrorToShortString(error));
- if (!list_value)
- return false;
-
- base::Time cutoff_time;
- cutoff_time = clock->Now() - base::TimeDelta::FromSeconds(error_reset_time);
-
- // Assume that the values in the list are in increasing order;
- // UpdateRecurrentInterstitialPref() maintains this ordering. Check if there
- // are more than |threshold| values after the cutoff time.
- base::Value::ConstListView error_list = list_value->GetList();
- for (size_t i = 0; i < error_list.size(); i++) {
- if (base::Time::FromJsTime(error_list[i].GetDouble()) >= cutoff_time)
- return base::MakeStrictNum(error_list.size() - i) >= threshold;
- }
- return false;
-}
-
-// All SSL decisions are per host (and are shared arcoss schemes), so this
-// canonicalizes all hosts into a secure scheme GURL to use with content
-// settings. The returned GURL will be the passed in host with an empty path and
-// https:// as the scheme.
-GURL GetSecureGURLForHost(const std::string& host) {
- std::string url = "https://" + host;
- return GURL(url);
-}
-
-std::string GetKey(const net::X509Certificate& cert, int error) {
- // Since a security decision will be made based on the fingerprint, Chrome
- // should use the SHA-256 fingerprint for the certificate.
- net::SHA256HashValue fingerprint = cert.CalculateChainFingerprint256();
- std::string base64_fingerprint;
- base::Base64Encode(
- base::StringPiece(reinterpret_cast<const char*>(fingerprint.data),
- sizeof(fingerprint.data)),
- &base64_fingerprint);
- return base::NumberToString(error) + base64_fingerprint;
-}
-
-void MigrateOldSettings(HostContentSettingsMap* map) {
- // Migrate old settings. Previously SSL would use the same pattern twice,
- // instead of using ContentSettingsPattern::Wildcard(). This has no impact on
- // lookups using GetWebsiteSetting (because Wildcard matches everything) but
- // it has an impact when trying to change the existing content setting. We
- // need to migrate the old-format keys.
- // TODO(raymes): Remove this after ~M51 when clients have migrated. We should
- // leave in some code to remove old-format settings for a long time.
- // crbug.com/569734.
- ContentSettingsForOneType settings;
- map->GetSettingsForOneType(ContentSettingsType::SSL_CERT_DECISIONS,
- std::string(), &settings);
- for (const ContentSettingPatternSource& setting : settings) {
- // Migrate user preference settings only.
- if (setting.source != "preference")
- continue;
- // Migrate old-format settings only.
- if (setting.secondary_pattern != ContentSettingsPattern::Wildcard()) {
- GURL url(setting.primary_pattern.ToString());
- // Pull out the value of the old-format setting. Only do this if the
- // patterns are as we expect them to be, otherwise the setting will just
- // be removed for safety.
- std::unique_ptr<base::Value> value;
- if (setting.primary_pattern == setting.secondary_pattern &&
- url.is_valid()) {
- value = map->GetWebsiteSetting(url, url,
- ContentSettingsType::SSL_CERT_DECISIONS,
- std::string(), nullptr);
- }
- // Remove the old pattern.
- map->SetWebsiteSettingCustomScope(
- setting.primary_pattern, setting.secondary_pattern,
- ContentSettingsType::SSL_CERT_DECISIONS, std::string(), nullptr);
- // Set the new pattern.
- if (value) {
- map->SetWebsiteSettingDefaultScope(
- url, GURL(), ContentSettingsType::SSL_CERT_DECISIONS, std::string(),
- std::move(value));
- }
- }
- }
-}
-
-bool HostFilterToPatternFilter(
- base::OnceCallback<bool(const std::string&)> host_filter,
- const ContentSettingsPattern& primary_pattern,
- const ContentSettingsPattern& secondary_pattern) {
- // We only ever set origin-scoped exceptions which are of the form
- // "https://<host>:443". That is a valid URL, so we can compare |host_filter|
- // against its host.
- GURL url = GURL(primary_pattern.ToString());
- DCHECK(url.is_valid());
- return std::move(host_filter).Run(url.host());
-}
-
-} // namespace
-
-ChromeSSLHostStateDelegate::ChromeSSLHostStateDelegate(
- content::BrowserContext* browser_context,
- PrefService* pref_service,
- HostContentSettingsMap* host_content_settings_map)
- : clock_(new base::DefaultClock()),
- browser_context_(browser_context),
- pref_service_(pref_service),
- host_content_settings_map_(host_content_settings_map),
- recurrent_interstitial_threshold_for_testing(-1),
- recurrent_interstitial_mode_for_testing(NOT_SET),
- recurrent_interstitial_reset_time_for_testing(-1) {
- MigrateOldSettings(host_content_settings_map_);
-}
-
-ChromeSSLHostStateDelegate::~ChromeSSLHostStateDelegate() = default;
-
-void ChromeSSLHostStateDelegate::RegisterProfilePrefs(
- user_prefs::PrefRegistrySyncable* registry) {
- registry->RegisterDictionaryPref(prefs::kRecurrentSSLInterstitial);
-}
-
-void ChromeSSLHostStateDelegate::AllowCert(const std::string& host,
- const net::X509Certificate& cert,
- int error,
- content::WebContents* web_contents) {
- DCHECK(web_contents);
- content::StoragePartition* storage_partition =
- content::BrowserContext::GetStoragePartition(
- browser_context_, web_contents->GetMainFrame()->GetSiteInstance(),
- false /* can_create */);
- if (!storage_partition ||
- storage_partition != content::BrowserContext::GetDefaultStoragePartition(
- browser_context_)) {
- // Decisions for non-default storage partitions are stored in memory only;
- // see comment on declaration of
- // |allowed_certs_for_non_default_storage_partitions_|.
- auto allowed_cert =
- AllowedCert(GetKey(cert, error), storage_partition->GetPath());
- allowed_certs_for_non_default_storage_partitions_[host].insert(
- allowed_cert);
- return;
- }
-
- GURL url = GetSecureGURLForHost(host);
- std::unique_ptr<base::Value> value(
- host_content_settings_map_->GetWebsiteSetting(
- url, url, ContentSettingsType::SSL_CERT_DECISIONS, std::string(),
- nullptr));
-
- if (!value.get() || !value->is_dict())
- value.reset(new base::DictionaryValue());
-
- base::DictionaryValue* dict;
- bool success = value->GetAsDictionary(&dict);
- DCHECK(success);
-
- base::DictionaryValue* cert_dict =
- GetValidCertDecisionsDict(dict, CREATE_DICTIONARY_ENTRIES);
- // If a a valid certificate dictionary cannot be extracted from the content
- // setting, that means it's in an unknown format. Unfortunately, there's
- // nothing to be done in that case, so a silent fail is the only option.
- if (!cert_dict)
- return;
-
- dict->SetKey(kSSLCertDecisionVersionKey,
- base::Value(kDefaultSSLCertDecisionVersion));
- cert_dict->SetKey(GetKey(cert, error), base::Value(ALLOWED));
-
- // The map takes ownership of the value, so it is released in the call to
- // SetWebsiteSettingDefaultScope.
- host_content_settings_map_->SetWebsiteSettingDefaultScope(
- url, GURL(), ContentSettingsType::SSL_CERT_DECISIONS, std::string(),
- std::move(value));
-}
-
-void ChromeSSLHostStateDelegate::Clear(
- base::RepeatingCallback<bool(const std::string&)> host_filter) {
- // Convert host matching to content settings pattern matching. Content
- // settings deletion is done synchronously on the UI thread, so we can use
- // |host_filter| by reference.
- HostContentSettingsMap::PatternSourcePredicate pattern_filter;
- if (!host_filter.is_null()) {
- pattern_filter =
- base::BindRepeating(&HostFilterToPatternFilter, host_filter);
- }
-
- host_content_settings_map_->ClearSettingsForOneTypeWithPredicate(
- ContentSettingsType::SSL_CERT_DECISIONS, base::Time(), base::Time::Max(),
- pattern_filter);
-}
-
-content::SSLHostStateDelegate::CertJudgment
-ChromeSSLHostStateDelegate::QueryPolicy(const std::string& host,
- const net::X509Certificate& cert,
- int error,
- content::WebContents* web_contents) {
- DCHECK(web_contents);
-
- // If the appropriate flag is set, let requests on localhost go
- // through even if there are certificate errors. Errors on localhost
- // are unlikely to indicate actual security problems.
- GURL url = GetSecureGURLForHost(host);
- bool allow_localhost = base::CommandLine::ForCurrentProcess()->HasSwitch(
- switches::kAllowInsecureLocalhost);
- if (allow_localhost && net::IsLocalhost(url))
- return ALLOWED;
-
- content::StoragePartition* storage_partition =
- content::BrowserContext::GetStoragePartition(
- browser_context_, web_contents->GetMainFrame()->GetSiteInstance(),
- false /* can_create */);
- if (!storage_partition ||
- storage_partition != content::BrowserContext::GetDefaultStoragePartition(
- browser_context_)) {
- if (allowed_certs_for_non_default_storage_partitions_.find(host) ==
- allowed_certs_for_non_default_storage_partitions_.end()) {
- return DENIED;
- }
- AllowedCert allowed_cert =
- AllowedCert(GetKey(cert, error), storage_partition->GetPath());
- if (base::Contains(allowed_certs_for_non_default_storage_partitions_[host],
- allowed_cert)) {
- return ALLOWED;
- }
- return DENIED;
- }
-
- std::unique_ptr<base::Value> value(
- host_content_settings_map_->GetWebsiteSetting(
- url, url, ContentSettingsType::SSL_CERT_DECISIONS, std::string(),
- nullptr));
-
- if (!value.get() || !value->is_dict())
- return DENIED;
-
- base::DictionaryValue* dict; // Owned by value
- int policy_decision;
- bool success = value->GetAsDictionary(&dict);
- DCHECK(success);
-
- base::DictionaryValue* cert_error_dict; // Owned by value
- cert_error_dict =
- GetValidCertDecisionsDict(dict, DO_NOT_CREATE_DICTIONARY_ENTRIES);
- if (!cert_error_dict) {
- // This revoke is necessary to clear any old expired setting that may be
- // lingering in the case that an old decision expried.
- RevokeUserAllowExceptions(host);
- return DENIED;
- }
-
- success = cert_error_dict->GetIntegerWithoutPathExpansion(GetKey(cert, error),
- &policy_decision);
-
- // If a policy decision was successfully retrieved and it's a valid value of
- // ALLOWED, return the valid value. Otherwise, return DENIED.
- if (success && policy_decision == ALLOWED)
- return ALLOWED;
-
- return DENIED;
-}
-
-void ChromeSSLHostStateDelegate::HostRanInsecureContent(
- const std::string& host,
- int child_id,
- InsecureContentType content_type) {
- switch (content_type) {
- case MIXED_CONTENT:
- ran_mixed_content_hosts_.insert(BrokenHostEntry(host, child_id));
- return;
- case CERT_ERRORS_CONTENT:
- ran_content_with_cert_errors_hosts_.insert(
- BrokenHostEntry(host, child_id));
- return;
- }
-}
-
-bool ChromeSSLHostStateDelegate::DidHostRunInsecureContent(
- const std::string& host,
- int child_id,
- InsecureContentType content_type) {
- auto entry = BrokenHostEntry(host, child_id);
- switch (content_type) {
- case MIXED_CONTENT:
- return base::Contains(ran_mixed_content_hosts_, entry);
- case CERT_ERRORS_CONTENT:
- return base::Contains(ran_content_with_cert_errors_hosts_, entry);
- }
- NOTREACHED();
- return false;
-}
-
-void ChromeSSLHostStateDelegate::RevokeUserAllowExceptions(
- const std::string& host) {
- GURL url = GetSecureGURLForHost(host);
-
- host_content_settings_map_->SetWebsiteSettingDefaultScope(
- url, GURL(), ContentSettingsType::SSL_CERT_DECISIONS, std::string(),
- nullptr);
-
- // Decisions for non-default storage partitions are stored separately in
- // memory; delete those as well.
- allowed_certs_for_non_default_storage_partitions_.erase(host);
-}
-
-bool ChromeSSLHostStateDelegate::HasAllowException(
- const std::string& host,
- content::WebContents* web_contents) {
- DCHECK(web_contents);
-
- content::StoragePartition* storage_partition =
- content::BrowserContext::GetStoragePartition(
- browser_context_, web_contents->GetMainFrame()->GetSiteInstance(),
- false /* can_create */);
- if (!storage_partition ||
- storage_partition != content::BrowserContext::GetDefaultStoragePartition(
- browser_context_)) {
- return allowed_certs_for_non_default_storage_partitions_.find(host) !=
- allowed_certs_for_non_default_storage_partitions_.end();
- }
-
- GURL url = GetSecureGURLForHost(host);
- const ContentSettingsPattern pattern =
- ContentSettingsPattern::FromURLNoWildcard(url);
-
- std::unique_ptr<base::Value> value(
- host_content_settings_map_->GetWebsiteSetting(
- url, url, ContentSettingsType::SSL_CERT_DECISIONS, std::string(),
- nullptr));
-
- if (!value.get() || !value->is_dict())
- return false;
-
- base::DictionaryValue* dict; // Owned by value
- bool success = value->GetAsDictionary(&dict);
- DCHECK(success);
-
- for (base::DictionaryValue::Iterator it(*dict); !it.IsAtEnd(); it.Advance()) {
- int policy_decision; // Owned by dict
- success = it.value().GetAsInteger(&policy_decision);
- if (success && (static_cast<CertJudgment>(policy_decision) == ALLOWED))
- return true;
- }
-
- return false;
-}
-
-// TODO(jww): This will revoke all of the decisions in the browser context.
-// However, the networking stack actually keeps track of its own list of
-// exceptions per-HttpNetworkTransaction in the SSLConfig structure (see the
-// allowed_bad_certs Vector in net/ssl/ssl_config.h). This dual-tracking of
-// exceptions introduces a problem where the browser context can revoke a
-// certificate, but if a transaction reuses a cached version of the SSLConfig
-// (probably from a pooled socket), it may bypass the intestitial layer.
-//
-// Over time, the cached versions should expire and it should converge on
-// showing the interstitial. We probably need to introduce into the networking
-// stack a way revoke SSLConfig's allowed_bad_certs lists per socket.
-//
-// For now, RevokeUserAllowExceptionsHard is our solution for the rare case
-// where it is necessary to revoke the preferences immediately. It does so by
-// flushing idle sockets, thus it is a big hammer and should be wielded with
-// extreme caution as it can have a big, negative impact on network performance.
-void ChromeSSLHostStateDelegate::RevokeUserAllowExceptionsHard(
- const std::string& host) {
- RevokeUserAllowExceptions(host);
- auto* network_context =
- content::BrowserContext::GetDefaultStoragePartition(browser_context_)
- ->GetNetworkContext();
- network_context->CloseIdleConnections(base::NullCallback());
-}
-
-void ChromeSSLHostStateDelegate::DidDisplayErrorPage(int error) {
- if (error != net::ERR_CERT_SYMANTEC_LEGACY &&
- error != net::ERR_CERTIFICATE_TRANSPARENCY_REQUIRED) {
- return;
- }
- RecurrentInterstitialMode mode_param = GetRecurrentInterstitialMode();
- const int threshold = GetRecurrentInterstitialThreshold();
- if (mode_param ==
- ChromeSSLHostStateDelegate::RecurrentInterstitialMode::IN_MEMORY) {
- const auto count_it = recurrent_errors_.find(error);
- if (count_it == recurrent_errors_.end()) {
- recurrent_errors_[error] = 1;
- return;
- }
- if (count_it->second >= threshold) {
- return;
- }
- recurrent_errors_[error] = count_it->second + 1;
- } else if (mode_param ==
- ChromeSSLHostStateDelegate::RecurrentInterstitialMode::PREF) {
- UpdateRecurrentInterstitialPref(pref_service_, clock_.get(), error,
- threshold);
- }
-}
-
-bool ChromeSSLHostStateDelegate::HasSeenRecurrentErrors(int error) const {
- RecurrentInterstitialMode mode_param = GetRecurrentInterstitialMode();
- const int threshold = GetRecurrentInterstitialThreshold();
- if (mode_param ==
- ChromeSSLHostStateDelegate::RecurrentInterstitialMode::IN_MEMORY) {
- const auto count_it = recurrent_errors_.find(error);
- if (count_it == recurrent_errors_.end())
- return false;
- return count_it->second >= threshold;
- } else if (mode_param ==
- ChromeSSLHostStateDelegate::RecurrentInterstitialMode::PREF) {
- return DoesRecurrentInterstitialPrefMeetThreshold(
- pref_service_, clock_.get(), error, threshold,
- GetRecurrentInterstitialResetTime());
- }
-
- return false;
-}
-
-void ChromeSSLHostStateDelegate::ResetRecurrentErrorCountForTesting() {
- recurrent_errors_.clear();
- DictionaryPrefUpdate pref_update(pref_service_,
- prefs::kRecurrentSSLInterstitial);
- pref_update->Clear();
-}
-
-void ChromeSSLHostStateDelegate::SetClockForTesting(
- std::unique_ptr<base::Clock> clock) {
- clock_ = std::move(clock);
-}
-
-void ChromeSSLHostStateDelegate::SetRecurrentInterstitialThresholdForTesting(
- int threshold) {
- recurrent_interstitial_threshold_for_testing = threshold;
-}
-
-void ChromeSSLHostStateDelegate::SetRecurrentInterstitialModeForTesting(
- ChromeSSLHostStateDelegate::RecurrentInterstitialMode mode) {
- recurrent_interstitial_mode_for_testing = mode;
-}
-
-void ChromeSSLHostStateDelegate::SetRecurrentInterstitialResetTimeForTesting(
- int reset) {
- recurrent_interstitial_reset_time_for_testing = reset;
-}
-
-int ChromeSSLHostStateDelegate::GetRecurrentInterstitialThreshold() const {
- if (recurrent_interstitial_threshold_for_testing == -1) {
- return kRecurrentInterstitialDefaultThreshold;
- } else {
- return recurrent_interstitial_threshold_for_testing;
- }
-}
-
-int ChromeSSLHostStateDelegate::GetRecurrentInterstitialResetTime() const {
- if (recurrent_interstitial_reset_time_for_testing == -1) {
- return kRecurrentInterstitialDefaultResetTime;
- } else {
- return recurrent_interstitial_reset_time_for_testing;
- }
-}
-
-ChromeSSLHostStateDelegate::RecurrentInterstitialMode
-ChromeSSLHostStateDelegate::GetRecurrentInterstitialMode() const {
- if (recurrent_interstitial_mode_for_testing == NOT_SET) {
- return kRecurrentInterstitialDefaultMode;
- } else {
- return recurrent_interstitial_mode_for_testing;
- }
-}
-
-// This helper function gets the dictionary of certificate fingerprints to
-// errors of certificates that have been accepted by the user from the content
-// dictionary that has been passed in. The returned pointer is owned by the the
-// argument dict that is passed in.
-//
-// If create_entries is set to |DO_NOT_CREATE_DICTIONARY_ENTRIES|,
-// GetValidCertDecisionsDict will return nullptr if there is anything invalid
-// about the setting, such as an invalid version or invalid value types (in
-// addition to there not being any values in the dictionary). If create_entries
-// is set to |CREATE_DICTIONARY_ENTRIES|, if no dictionary is found or the
-// decisions are expired, a new dictionary will be created.
-base::DictionaryValue* ChromeSSLHostStateDelegate::GetValidCertDecisionsDict(
- base::DictionaryValue* dict,
- CreateDictionaryEntriesDisposition create_entries) {
- // Extract the version of the certificate decision structure from the content
- // setting.
- int version;
- bool success = dict->GetInteger(kSSLCertDecisionVersionKey, &version);
- if (!success) {
- if (create_entries == DO_NOT_CREATE_DICTIONARY_ENTRIES)
- return nullptr;
-
- dict->SetInteger(kSSLCertDecisionVersionKey,
- kDefaultSSLCertDecisionVersion);
- version = kDefaultSSLCertDecisionVersion;
- }
-
- // If the version is somehow a newer version than Chrome can handle, there's
- // really nothing to do other than fail silently and pretend it doesn't exist
- // (or is malformed).
- if (version > kDefaultSSLCertDecisionVersion) {
- LOG(ERROR) << "Failed to parse a certificate error exception that is in a "
- << "newer version format (" << version << ") than is supported ("
- << kDefaultSSLCertDecisionVersion << ")";
- return nullptr;
- }
-
- // Extract the certificate decision's expiration time from the content
- // setting. If there is no expiration time, that means it should never expire
- // and it should reset only at session restart, so skip all of the expiration
- // checks.
- bool expired = false;
- base::Time now = clock_->Now();
- base::Time decision_expiration;
- if (dict->HasKey(kSSLCertDecisionExpirationTimeKey)) {
- std::string decision_expiration_string;
- int64_t decision_expiration_int64;
- success = dict->GetString(kSSLCertDecisionExpirationTimeKey,
- &decision_expiration_string);
- if (!base::StringToInt64(base::StringPiece(decision_expiration_string),
- &decision_expiration_int64)) {
- LOG(ERROR) << "Failed to parse a certificate error exception that has a "
- << "bad value for an expiration time: "
- << decision_expiration_string;
- return nullptr;
- }
- decision_expiration =
- base::Time::FromInternalValue(decision_expiration_int64);
- }
-
- // Check to see if the user's certificate decision has expired.
- // - Expired and |create_entries| is DO_NOT_CREATE_DICTIONARY_ENTRIES, return
- // nullptr.
- // - Expired and |create_entries| is CREATE_DICTIONARY_ENTRIES, update the
- // expiration time.
- if (decision_expiration.ToInternalValue() <= now.ToInternalValue()) {
- if (create_entries == DO_NOT_CREATE_DICTIONARY_ENTRIES)
- return nullptr;
-
- expired = true;
- base::Time expiration_time =
- now + base::TimeDelta::FromSeconds(kDeltaDefaultExpirationInSeconds);
- // Unfortunately, JSON (and thus content settings) doesn't support int64_t
- // values, only doubles. Since this mildly depends on precision, it is
- // better to store the value as a string.
- dict->SetString(kSSLCertDecisionExpirationTimeKey,
- base::NumberToString(expiration_time.ToInternalValue()));
- }
-
- // Extract the map of certificate fingerprints to errors from the setting.
- base::DictionaryValue* cert_error_dict = nullptr; // Will be owned by dict
- if (expired ||
- !dict->GetDictionary(kSSLCertDecisionCertErrorMapKey, &cert_error_dict)) {
- if (create_entries == DO_NOT_CREATE_DICTIONARY_ENTRIES)
- return nullptr;
-
- cert_error_dict =
- dict->SetDictionary(kSSLCertDecisionCertErrorMapKey,
- std::make_unique<base::DictionaryValue>());
- }
-
- return cert_error_dict;
-}
diff --git a/chrome/browser/ssl/chrome_ssl_host_state_delegate.h b/chrome/browser/ssl/chrome_ssl_host_state_delegate.h
deleted file mode 100644
index b7c1f85..0000000
--- a/chrome/browser/ssl/chrome_ssl_host_state_delegate.h
+++ /dev/null
@@ -1,167 +0,0 @@
-// Copyright 2014 The Chromium Authors. All rights reserved.
-// Use of this source code is governed by a BSD-style license that can be
-// found in the LICENSE file.
-
-#ifndef CHROME_BROWSER_SSL_CHROME_SSL_HOST_STATE_DELEGATE_H_
-#define CHROME_BROWSER_SSL_CHROME_SSL_HOST_STATE_DELEGATE_H_
-
-#include <memory>
-#include <set>
-
-#include "base/feature_list.h"
-#include "base/macros.h"
-#include "base/time/time.h"
-#include "content/public/browser/ssl_host_state_delegate.h"
-
-class HostContentSettingsMap;
-class PrefService;
-
-namespace base {
-class Clock;
-class DictionaryValue;
-} // namespace base
-
-namespace content {
-class BrowserContext;
-}
-
-namespace user_prefs {
-class PrefRegistrySyncable;
-} // namespace user_prefs
-
-
-// Tracks state related to certificate and SSL errors. This state includes:
-// - certificate error exceptions (which are remembered for a particular length
-// of time depending on experimental groups)
-// - mixed content exceptions
-// - when errors have recurred multiple times
-class ChromeSSLHostStateDelegate : public content::SSLHostStateDelegate {
- public:
- enum RecurrentInterstitialMode { PREF, IN_MEMORY, NOT_SET };
-
- ChromeSSLHostStateDelegate(content::BrowserContext* browser_context,
- PrefService* pref_service,
- HostContentSettingsMap* host_content_settings_map);
- ~ChromeSSLHostStateDelegate() override;
-
- static void RegisterProfilePrefs(user_prefs::PrefRegistrySyncable* registry);
-
- // content::SSLHostStateDelegate overrides:
- void AllowCert(const std::string& host,
- const net::X509Certificate& cert,
- int error,
- content::WebContents* web_contents) override;
- void Clear(
- base::RepeatingCallback<bool(const std::string&)> host_filter) override;
- CertJudgment QueryPolicy(const std::string& host,
- const net::X509Certificate& cert,
- int error,
- content::WebContents* web_contents) override;
- void HostRanInsecureContent(const std::string& host,
- int child_id,
- InsecureContentType content_type) override;
- bool DidHostRunInsecureContent(const std::string& host,
- int child_id,
- InsecureContentType content_type) override;
- void RevokeUserAllowExceptions(const std::string& host) override;
- bool HasAllowException(const std::string& host,
- content::WebContents* web_contents) override;
-
- // RevokeUserAllowExceptionsHard is the same as RevokeUserAllowExceptions but
- // additionally may close idle connections in the process. This should be used
- // *only* for rare events, such as a user controlled button, as it may be very
- // disruptive to the networking stack.
- virtual void RevokeUserAllowExceptionsHard(const std::string& host);
-
- // Called when an error page is displayed for a given error code |error|.
- // Tracks whether an error of interest has recurred over a threshold number of
- // times.
- void DidDisplayErrorPage(int error);
-
- // Returns true if DidDisplayErrorPage() has been called over a threshold
- // number of times for a particular error in a particular time period. The number
- // of times and time period are controlled by the feature parameters. Only
- // certain error codes of interest are tracked, so this may return false for
- // an error code that has recurred.
- bool HasSeenRecurrentErrors(int error) const;
-
- void ResetRecurrentErrorCountForTesting();
-
- // SetClockForTesting takes ownership of the passed in clock.
- void SetClockForTesting(std::unique_ptr<base::Clock> clock);
-
- void SetRecurrentInterstitialThresholdForTesting(int threshold);
- void SetRecurrentInterstitialModeForTesting(
- ChromeSSLHostStateDelegate::RecurrentInterstitialMode mode);
- void SetRecurrentInterstitialResetTimeForTesting(int reset);
-
- RecurrentInterstitialMode GetRecurrentInterstitialMode() const;
- int GetRecurrentInterstitialThreshold() const;
- int GetRecurrentInterstitialResetTime() const;
-
- private:
- // Used to specify whether new content setting entries should be created if
- // they don't already exist when querying the user's settings.
- enum CreateDictionaryEntriesDisposition {
- CREATE_DICTIONARY_ENTRIES,
- DO_NOT_CREATE_DICTIONARY_ENTRIES
- };
-
- // Returns a dictionary of certificate fingerprints and errors that have been
- // allowed as exceptions by the user.
- //
- // |dict| specifies the user's full exceptions dictionary for a specific site
- // in their content settings. Must be retrieved directly from a website
- // setting in |host_content_settings_map_|.
- //
- // If |create_entries| specifies CreateDictionaryEntries, then
- // GetValidCertDecisionsDict will create a new set of entries within the
- // dictionary if they do not already exist. Otherwise will fail and return if
- // NULL if they do not exist.
- base::DictionaryValue* GetValidCertDecisionsDict(
- base::DictionaryValue* dict,
- CreateDictionaryEntriesDisposition create_entries);
-
- std::unique_ptr<base::Clock> clock_;
- content::BrowserContext* browser_context_;
- PrefService* pref_service_;
- HostContentSettingsMap* host_content_settings_map_;
-
- using AllowedCert = std::pair<std::string /* certificate fingerprint */,
- base::FilePath /* StoragePartition path */>;
-
- // Typically, cert decisions are stored in ContentSettings and persisted to
- // disk. For non-default StoragePartitions, particularly a <webview> in a
- // Chrome App, the decisions should be isolated from normal browsing and don't
- // need to be persisted to disk. In fact, persisting them is undesirable
- // because they may not have UI exposed to the user when a certificate error
- // is bypassed. So we track these decisions purely in memory. See
- // https://crbug.com/639173.
- std::map<std::string /* host */, std::set<AllowedCert>>
- allowed_certs_for_non_default_storage_partitions_;
-
- // A BrokenHostEntry is a pair of (host, child_id) that indicates the host
- // contains insecure content in that renderer process.
- using BrokenHostEntry = std::pair<std::string, int>;
-
- // Hosts which have been contaminated with insecure mixed content in the
- // specified process. Note that insecure content can travel between
- // same-origin frames in one processs but cannot jump between processes.
- std::set<BrokenHostEntry> ran_mixed_content_hosts_;
-
- // Hosts which have been contaminated with content with certificate errors in
- // the specific process.
- std::set<BrokenHostEntry> ran_content_with_cert_errors_hosts_;
-
- // Tracks how many times an error page has been shown for a given error, up
- // to a certain threshold value.
- std::map<int /* error code */, int /* count */> recurrent_errors_;
-
- DISALLOW_COPY_AND_ASSIGN(ChromeSSLHostStateDelegate);
-
- int recurrent_interstitial_threshold_for_testing;
- enum RecurrentInterstitialMode recurrent_interstitial_mode_for_testing;
- int recurrent_interstitial_reset_time_for_testing;
-};
-
-#endif // CHROME_BROWSER_SSL_CHROME_SSL_HOST_STATE_DELEGATE_H_
diff --git a/chrome/browser/ssl/chrome_ssl_host_state_delegate_factory.cc b/chrome/browser/ssl/chrome_ssl_host_state_delegate_factory.cc
index 525f4d1..02bfd6ac 100644
--- a/chrome/browser/ssl/chrome_ssl_host_state_delegate_factory.cc
+++ b/chrome/browser/ssl/chrome_ssl_host_state_delegate_factory.cc
@@ -10,10 +10,10 @@
#include "chrome/browser/content_settings/host_content_settings_map_factory.h"
#include "chrome/browser/profiles/incognito_helpers.h"
#include "chrome/browser/profiles/profile.h"
-#include "chrome/browser/ssl/chrome_ssl_host_state_delegate.h"
#include "components/keyed_service/content/browser_context_dependency_manager.h"
#include "components/keyed_service/content/browser_context_keyed_service_factory.h"
#include "components/keyed_service/core/keyed_service.h"
+#include "components/security_interstitials/content/chrome_ssl_host_state_delegate.h"
namespace {
diff --git a/chrome/browser/ssl/chrome_ssl_host_state_delegate_test.cc b/chrome/browser/ssl/chrome_ssl_host_state_delegate_test.cc
index 2931c3a..2742509 100644
--- a/chrome/browser/ssl/chrome_ssl_host_state_delegate_test.cc
+++ b/chrome/browser/ssl/chrome_ssl_host_state_delegate_test.cc
@@ -2,7 +2,7 @@
// Use of this source code is governed by a BSD-style license that can be
// found in the LICENSE file.
-#include "chrome/browser/ssl/chrome_ssl_host_state_delegate.h"
+#include "components/security_interstitials/content/chrome_ssl_host_state_delegate.h"
#include <stdint.h>
#include <utility>
diff --git a/chrome/browser/ssl/ssl_browsertest.cc b/chrome/browser/ssl/ssl_browsertest.cc
index 57276b01..ac85938 100644
--- a/chrome/browser/ssl/ssl_browsertest.cc
+++ b/chrome/browser/ssl/ssl_browsertest.cc
@@ -55,7 +55,6 @@
#include "chrome/browser/ssl/cert_verifier_browser_test.h"
#include "chrome/browser/ssl/certificate_reporting_test_utils.h"
#include "chrome/browser/ssl/chrome_security_blocking_page_factory.h"
-#include "chrome/browser/ssl/chrome_ssl_host_state_delegate.h"
#include "chrome/browser/ssl/security_state_tab_helper.h"
#include "chrome/browser/ssl/ssl_browsertest_util.h"
#include "chrome/browser/ssl/ssl_error_controller_client.h"
@@ -92,6 +91,7 @@
#include "components/security_interstitials/content/bad_clock_blocking_page.h"
#include "components/security_interstitials/content/captive_portal_blocking_page.h"
#include "components/security_interstitials/content/cert_report_helper.h"
+#include "components/security_interstitials/content/chrome_ssl_host_state_delegate.h"
#include "components/security_interstitials/content/common_name_mismatch_handler.h"
#include "components/security_interstitials/content/mitm_software_blocking_page.h"
#include "components/security_interstitials/content/security_interstitial_controller_client.h"
diff --git a/chrome/browser/ssl/ssl_error_controller_client.cc b/chrome/browser/ssl/ssl_error_controller_client.cc
index 1bbb2bb..a38a8869 100644
--- a/chrome/browser/ssl/ssl_error_controller_client.cc
+++ b/chrome/browser/ssl/ssl_error_controller_client.cc
@@ -16,12 +16,12 @@
#include "chrome/browser/browser_process.h"
#include "chrome/browser/interstitials/enterprise_util.h"
#include "chrome/browser/profiles/profile.h"
-#include "chrome/browser/ssl/chrome_ssl_host_state_delegate.h"
#include "chrome/browser/ssl/chrome_ssl_host_state_delegate_factory.h"
#include "chrome/common/chrome_features.h"
#include "chrome/common/pref_names.h"
#include "chrome/common/url_constants.h"
#include "components/safe_browsing/core/common/safe_browsing_prefs.h"
+#include "components/security_interstitials/content/chrome_ssl_host_state_delegate.h"
#include "components/security_interstitials/content/content_metrics_helper.h"
#include "components/security_interstitials/content/utils.h"
#include "content/public/browser/browser_thread.h"
diff --git a/chrome/browser/ui/page_info/page_info.cc b/chrome/browser/ui/page_info/page_info.cc
index 8179d3a..b0f0675 100644
--- a/chrome/browser/ui/page_info/page_info.cc
+++ b/chrome/browser/ui/page_info/page_info.cc
@@ -40,7 +40,6 @@
#include "chrome/browser/permissions/permission_manager.h"
#include "chrome/browser/profiles/profile.h"
#include "chrome/browser/safe_browsing/safe_browsing_service.h"
-#include "chrome/browser/ssl/chrome_ssl_host_state_delegate.h"
#include "chrome/browser/ssl/chrome_ssl_host_state_delegate_factory.h"
#include "chrome/browser/ui/page_info/page_info_ui.h"
#include "chrome/browser/usb/usb_chooser_context.h"
@@ -64,6 +63,7 @@
#include "components/safe_browsing/buildflags.h"
#include "components/safe_browsing/content/password_protection/metrics_util.h"
#include "components/safe_browsing/core/proto/csd.pb.h"
+#include "components/security_interstitials/content/chrome_ssl_host_state_delegate.h"
#include "components/security_state/core/features.h"
#include "components/signin/public/identity_manager/account_info.h"
#include "components/ssl_errors/error_info.h"
diff --git a/chrome/browser/ui/page_info/page_info_unittest.cc b/chrome/browser/ui/page_info/page_info_unittest.cc
index edeae0574..c6f12c26 100644
--- a/chrome/browser/ui/page_info/page_info_unittest.cc
+++ b/chrome/browser/ui/page_info/page_info_unittest.cc
@@ -19,7 +19,6 @@
#include "build/build_config.h"
#include "chrome/browser/content_settings/host_content_settings_map_factory.h"
#include "chrome/browser/infobars/mock_infobar_service.h"
-#include "chrome/browser/ssl/chrome_ssl_host_state_delegate.h"
#include "chrome/browser/ssl/chrome_ssl_host_state_delegate_factory.h"
#include "chrome/browser/ssl/tls_deprecation_test_utils.h"
#include "chrome/browser/ui/page_info/page_info_ui.h"
@@ -33,6 +32,7 @@
#include "components/content_settings/core/common/content_settings_types.h"
#include "components/infobars/core/infobar.h"
#include "components/safe_browsing/buildflags.h"
+#include "components/security_interstitials/content/chrome_ssl_host_state_delegate.h"
#include "components/security_state/core/features.h"
#include "components/strings/grit/components_strings.h"
#include "content/public/browser/ssl_host_state_delegate.h"
diff --git a/chrome/common/pref_names.cc b/chrome/common/pref_names.cc
index 0cdcb6d..794602c2 100644
--- a/chrome/common/pref_names.cc
+++ b/chrome/common/pref_names.cc
@@ -102,11 +102,6 @@
// in-product help is active. Observed time is active session time in seconds.
const char kObservedSessionTime[] = "profile.observed_session_time";
-// Stores counts and timestamps of SSL certificate errors that have occurred.
-// When the same error recurs within some period of time, a message is added to
-// the SSL interstitial.
-const char kRecurrentSSLInterstitial[] = "profile.ssl_recurrent_interstitial";
-
// The last time that the site engagement service recorded an engagement event
// for this profile for any URL. Recorded only during shutdown. Used to prevent
// the service from decaying engagement when a user does not use Chrome at all
diff --git a/chrome/common/pref_names.h b/chrome/common/pref_names.h
index 8d98048..66d983a 100644
--- a/chrome/common/pref_names.h
+++ b/chrome/common/pref_names.h
@@ -41,7 +41,6 @@
extern const char kSessionExitedCleanly[];
extern const char kSessionExitType[];
extern const char kObservedSessionTime[];
-extern const char kRecurrentSSLInterstitial[];
extern const char kSiteEngagementLastUpdateTime[];
extern const char kSupervisedUserCustodianEmail[];
extern const char kSupervisedUserCustodianName[];
