Chromium Code Reviews
chromiumcodereview-hr@appspot.gserviceaccount.com (chromiumcodereview-hr) | Please choose your nickname with Settings | Help | Chromium Project | Gerrit Changes | Sign out
(143)

Side by Side Diff: chrome/browser/ssl/ssl_manager.cc

Issue 46094: Fix our handling of mixed SSL / non-SSL content.... (Closed) Base URL: svn://svn.chromium.org/chrome/trunk/src/
Patch Set: '' Created 11 years, 9 months ago
Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.
Jump to:
View unified diff | Download patch | Annotate | Revision Log
OLDNEW
1 // Copyright (c) 2006-2008 The Chromium Authors. All rights reserved. 1 // Copyright (c) 2006-2008 The Chromium Authors. All rights reserved.
2 // Use of this source code is governed by a BSD-style license that can be 2 // Use of this source code is governed by a BSD-style license that can be
3 // found in the LICENSE file. 3 // found in the LICENSE file.
4 4
5 #include "chrome/browser/ssl/ssl_manager.h" 5 #include "chrome/browser/ssl/ssl_manager.h"
6 6
7 #include "base/message_loop.h" 7 #include "base/message_loop.h"
8 #include "base/string_util.h" 8 #include "base/string_util.h"
9 #include "chrome/browser/browser_process.h" 9 #include "chrome/browser/browser_process.h"
10 #include "chrome/browser/load_from_memory_cache_details.h" 10 #include "chrome/browser/load_from_memory_cache_details.h"
(...skipping 103 matching lines...) Expand 10 before | Expand all | Expand 10 after
114 registrar_.Add(this, NotificationType::NAV_ENTRY_COMMITTED, 114 registrar_.Add(this, NotificationType::NAV_ENTRY_COMMITTED,
115 Source<NavigationController>(controller_)); 115 Source<NavigationController>(controller_));
116 registrar_.Add(this, NotificationType::FAIL_PROVISIONAL_LOAD_WITH_ERROR, 116 registrar_.Add(this, NotificationType::FAIL_PROVISIONAL_LOAD_WITH_ERROR,
117 Source<NavigationController>(controller_)); 117 Source<NavigationController>(controller_));
118 registrar_.Add(this, NotificationType::RESOURCE_RESPONSE_STARTED, 118 registrar_.Add(this, NotificationType::RESOURCE_RESPONSE_STARTED,
119 Source<NavigationController>(controller_)); 119 Source<NavigationController>(controller_));
120 registrar_.Add(this, NotificationType::RESOURCE_RECEIVED_REDIRECT, 120 registrar_.Add(this, NotificationType::RESOURCE_RECEIVED_REDIRECT,
121 Source<NavigationController>(controller_)); 121 Source<NavigationController>(controller_));
122 registrar_.Add(this, NotificationType::LOAD_FROM_MEMORY_CACHE, 122 registrar_.Add(this, NotificationType::LOAD_FROM_MEMORY_CACHE,
123 Source<NavigationController>(controller_)); 123 Source<NavigationController>(controller_));
124 registrar_.Add(this, NotificationType::SSL_INTERNAL_STATE_CHANGED,
125 NotificationService::AllSources());
124 } 126 }
125 127
126 SSLManager::~SSLManager() { 128 SSLManager::~SSLManager() {
127 } 129 }
128 130
129 // Delegate API method. 131 // Delegate API method.
130 void SSLManager::ShowMessage(const std::wstring& msg) { 132 void SSLManager::ShowMessage(const std::wstring& msg) {
131 ShowMessageWithLink(msg, std::wstring(), NULL); 133 ShowMessageWithLink(msg, std::wstring(), NULL);
132 } 134 }
133 135
(...skipping 20 matching lines...) Expand all
154 return; 156 return;
155 157
156 if (controller_->active_contents()) { 158 if (controller_->active_contents()) {
157 controller_->active_contents()->AddInfoBar( 159 controller_->active_contents()->AddInfoBar(
158 new SSLInfoBarDelegate(controller_->active_contents(), msg, link_text, 160 new SSLInfoBarDelegate(controller_->active_contents(), msg, link_text,
159 task)); 161 task));
160 } 162 }
161 } 163 }
162 164
163 // Delegate API method. 165 // Delegate API method.
164 bool SSLManager::SetMaxSecurityStyle(SecurityStyle style) {
165 NavigationEntry* entry = controller_->GetActiveEntry();
166 if (!entry) {
167 NOTREACHED();
168 return false;
169 }
170
171 if (entry->ssl().security_style() > style) {
172 entry->ssl().set_security_style(style);
173 return true;
174 }
175 return false;
176 }
177
178 // Delegate API method.
179 void SSLManager::AddMessageToConsole(const std::wstring& msg, 166 void SSLManager::AddMessageToConsole(const std::wstring& msg,
180 ConsoleMessageLevel level) { 167 ConsoleMessageLevel level) {
181 TabContents* tab_contents = controller_->GetTabContents(TAB_CONTENTS_WEB); 168 TabContents* tab_contents = controller_->GetTabContents(TAB_CONTENTS_WEB);
182 if (!tab_contents) 169 if (!tab_contents)
183 return; 170 return;
184 WebContents* web_contents = tab_contents->AsWebContents(); 171 WebContents* web_contents = tab_contents->AsWebContents();
185 if (!web_contents) 172 if (!web_contents)
186 return; 173 return;
187 174
188 web_contents->render_view_host()->AddMessageToConsole( 175 web_contents->render_view_host()->AddMessageToConsole(
189 std::wstring(), msg, level); 176 std::wstring(), msg, level);
190 } 177 }
191 178
192 // Delegate API method. 179 // Delegate API method.
180 void SSLManager::MarkHostAsBroken(const std::string& host) {
181 ssl_host_state_->MarkHostAsBroken(host);
182 DispatchSSLInternalStateChanged();
183 }
184
185 // Delegate API method.
186 bool SSLManager::DidMarkHostAsBroken(const std::string& host) const {
187 return ssl_host_state_->DidMarkHostAsBroken(host);
188 }
189
190 // Delegate API method.
193 void SSLManager::DenyCertForHost(net::X509Certificate* cert, 191 void SSLManager::DenyCertForHost(net::X509Certificate* cert,
194 const std::string& host) { 192 const std::string& host) {
195 // Remember that we don't like this cert for this host. 193 // Remember that we don't like this cert for this host.
196 ssl_host_state_->DenyCertForHost(cert, host); 194 ssl_host_state_->DenyCertForHost(cert, host);
195 DispatchSSLInternalStateChanged();
197 } 196 }
198 197
199 // Delegate API method. 198 // Delegate API method.
200 void SSLManager::AllowCertForHost(net::X509Certificate* cert, 199 void SSLManager::AllowCertForHost(net::X509Certificate* cert,
201 const std::string& host) { 200 const std::string& host) {
202 ssl_host_state_->AllowCertForHost(cert, host); 201 ssl_host_state_->AllowCertForHost(cert, host);
202 DispatchSSLInternalStateChanged();
203 } 203 }
204 204
205 // Delegate API method. 205 // Delegate API method.
206 net::X509Certificate::Policy::Judgment SSLManager::QueryPolicy( 206 net::X509Certificate::Policy::Judgment SSLManager::QueryPolicy(
207 net::X509Certificate* cert, const std::string& host) { 207 net::X509Certificate* cert, const std::string& host) {
208 return ssl_host_state_->QueryPolicy(cert, host); 208 return ssl_host_state_->QueryPolicy(cert, host);
209 } 209 }
210 210
211 bool SSLManager::CanShowInsecureContent(const GURL& url) { 211 // Delegate API method.
212 return ssl_host_state_->CanShowInsecureContent(url); 212 void SSLManager::AllowMixedContentForHost(const std::string& host) {
213 ssl_host_state_->AllowMixedContentForHost(host);
214 DispatchSSLInternalStateChanged();
213 } 215 }
214 216
215 void SSLManager::AllowShowInsecureContentForURL(const GURL& url) { 217 // Delegate API method.
216 ssl_host_state_->AllowShowInsecureContentForURL(url); 218 bool SSLManager::DidAllowMixedContentForHost(const std::string& host) const {
219 return ssl_host_state_->DidAllowMixedContentForHost(host);
217 } 220 }
218 221
219 bool SSLManager::ProcessedSSLErrorFromRequest() const { 222 bool SSLManager::ProcessedSSLErrorFromRequest() const {
220 NavigationEntry* entry = controller_->GetActiveEntry(); 223 NavigationEntry* entry = controller_->GetActiveEntry();
221 if (!entry) { 224 if (!entry) {
222 NOTREACHED(); 225 NOTREACHED();
223 return false; 226 return false;
224 } 227 }
225 228
226 return net::IsCertStatusError(entry->ssl().cert_status()); 229 return net::IsCertStatusError(entry->ssl().cert_status());
227 } 230 }
228 231
229 //////////////////////////////////////////////////////////////////////////////// 232 ////////////////////////////////////////////////////////////////////////////////
230 // ErrorHandler 233 // ErrorHandler
231 234
232 SSLManager::ErrorHandler::ErrorHandler(ResourceDispatcherHost* rdh, 235 SSLManager::ErrorHandler::ErrorHandler(ResourceDispatcherHost* rdh,
233 URLRequest* request, 236 URLRequest* request,
237 ResourceType::Type resource_type,
238 const std::string& frame_origin,
239 const std::string& main_frame_origin,
234 MessageLoop* ui_loop) 240 MessageLoop* ui_loop)
235 : ui_loop_(ui_loop), 241 : ui_loop_(ui_loop),
236 io_loop_(MessageLoop::current()), 242 io_loop_(MessageLoop::current()),
237 manager_(NULL), 243 manager_(NULL),
238 request_id_(0, 0), 244 request_id_(0, 0),
239 resource_dispatcher_host_(rdh), 245 resource_dispatcher_host_(rdh),
240 request_url_(request->url()), 246 request_url_(request->url()),
247 resource_type_(resource_type),
248 frame_origin_(frame_origin),
249 main_frame_origin_(main_frame_origin),
241 request_has_been_notified_(false) { 250 request_has_been_notified_(false) {
242 DCHECK(MessageLoop::current() != ui_loop); 251 DCHECK(MessageLoop::current() != ui_loop);
243 252
244 ResourceDispatcherHost::ExtraRequestInfo* info = 253 ResourceDispatcherHost::ExtraRequestInfo* info =
245 ResourceDispatcherHost::ExtraInfoForRequest(request); 254 ResourceDispatcherHost::ExtraInfoForRequest(request);
246 request_id_.process_id = info->process_id; 255 request_id_.process_id = info->process_id;
247 request_id_.request_id = info->request_id; 256 request_id_.request_id = info->request_id;
248 257
249 if (!tab_util::GetTabContentsID(request, 258 if (!tab_util::GetTabContentsID(request,
250 &render_process_host_id_, 259 &render_process_host_id_,
(...skipping 170 matching lines...) Expand 10 before | Expand all | Expand 10 after
421 } 430 }
422 431
423 432
424 //////////////////////////////////////////////////////////////////////////////// 433 ////////////////////////////////////////////////////////////////////////////////
425 // CertError 434 // CertError
426 435
427 SSLManager::CertError::CertError( 436 SSLManager::CertError::CertError(
428 ResourceDispatcherHost* rdh, 437 ResourceDispatcherHost* rdh,
429 URLRequest* request, 438 URLRequest* request,
430 ResourceType::Type resource_type, 439 ResourceType::Type resource_type,
440 const std::string& frame_origin,
441 const std::string& main_frame_origin,
431 int cert_error, 442 int cert_error,
432 net::X509Certificate* cert, 443 net::X509Certificate* cert,
433 MessageLoop* ui_loop) 444 MessageLoop* ui_loop)
434 : ErrorHandler(rdh, request, ui_loop), 445 : ErrorHandler(rdh, request, resource_type, frame_origin,
435 cert_error_(cert_error), 446 main_frame_origin, ui_loop),
436 resource_type_(resource_type) { 447 cert_error_(cert_error) {
437 DCHECK(request == resource_dispatcher_host_->GetURLRequest(request_id_)); 448 DCHECK(request == resource_dispatcher_host_->GetURLRequest(request_id_));
438 449
439 // We cannot use the request->ssl_info(), it's not been initialized yet, so 450 // We cannot use the request->ssl_info(), it's not been initialized yet, so
440 // we have to set the fields manually. 451 // we have to set the fields manually.
441 ssl_info_.cert = cert; 452 ssl_info_.cert = cert;
442 ssl_info_.SetCertError(cert_error); 453 ssl_info_.SetCertError(cert_error);
443 } 454 }
444 455
445 // static 456 // static
446 void SSLManager::OnSSLCertificateError(ResourceDispatcherHost* rdh, 457 void SSLManager::OnSSLCertificateError(ResourceDispatcherHost* rdh,
447 URLRequest* request, 458 URLRequest* request,
448 int cert_error, 459 int cert_error,
449 net::X509Certificate* cert, 460 net::X509Certificate* cert,
450 MessageLoop* ui_loop) { 461 MessageLoop* ui_loop) {
451 DLOG(INFO) << "OnSSLCertificateError() cert_error: " << cert_error << 462 DLOG(INFO) << "OnSSLCertificateError() cert_error: " << cert_error <<
452 " url: " << request->url().spec(); 463 " url: " << request->url().spec();
453 464
454 ResourceDispatcherHost::ExtraRequestInfo* info = 465 ResourceDispatcherHost::ExtraRequestInfo* info =
455 ResourceDispatcherHost::ExtraInfoForRequest(request); 466 ResourceDispatcherHost::ExtraInfoForRequest(request);
456 DCHECK(info); 467 DCHECK(info);
457 468
458 // A certificate error occurred. Construct a CertError object and hand it 469 // A certificate error occurred. Construct a CertError object and hand it
459 // over to the UI thread for processing. 470 // over to the UI thread for processing.
460 ui_loop->PostTask(FROM_HERE, 471 ui_loop->PostTask(FROM_HERE,
461 NewRunnableMethod(new CertError(rdh, request, info->resource_type, 472 NewRunnableMethod(new CertError(rdh,
462 cert_error, cert, ui_loop), 473 request,
474 info->resource_type,
475 info->frame_origin,
476 info->main_frame_origin,
477 cert_error,
478 cert,
479 ui_loop),
463 &CertError::Dispatch)); 480 &CertError::Dispatch));
464 } 481 }
465 482
466 // static 483 // static
467 void SSLManager::OnMixedContentRequest(ResourceDispatcherHost* rdh, 484 bool SSLManager::ShouldDelayRequest(ResourceDispatcherHost* rdh,
468 URLRequest* request, 485 URLRequest* request,
469 MessageLoop* ui_loop) { 486 MessageLoop* ui_loop) {
487 ResourceDispatcherHost::ExtraRequestInfo* info =
488 ResourceDispatcherHost::ExtraInfoForRequest(request);
489 DCHECK(info);
490
491 // We cheat here and talk to the SSLPolicy on the IO channel because we need
492 // to respond synchronously to avoid delaying all network requests...
493 SSLPolicy::IsMixedContent(request->url(),
jcampan 2009/03/16 18:43:54 Don't you want to return false if IsMixedContent r
abarth-chromium 2009/03/16 21:34:21 Yes. :)
494 info->resource_type,
495 info->frame_origin);
496
497
470 ui_loop->PostTask(FROM_HERE, 498 ui_loop->PostTask(FROM_HERE,
471 NewRunnableMethod(new MixedContentHandler(rdh, request, ui_loop), 499 NewRunnableMethod(new MixedContentHandler(rdh, request,
500 info->resource_type,
501 info->frame_origin,
502 info->main_frame_origin,
503 ui_loop),
472 &MixedContentHandler::Dispatch)); 504 &MixedContentHandler::Dispatch));
505 return true;
473 } 506 }
474 507
475 void SSLManager::OnCertError(CertError* error) { 508 void SSLManager::OnCertError(CertError* error) {
476 // Ask our delegate to deal with the error. 509 delegate()->OnCertError(error);
477 NavigationEntry* entry = controller_->GetActiveEntry();
478 // We might not have a navigation entry in some cases (e.g. when a
479 // HTTPS page opens a popup with no URL and then populate it with
480 // document.write()). See bug http://crbug.com/3845.
481 if (!entry)
482 return;
483
484 delegate()->OnCertError(entry->url(), error);
485 } 510 }
486 511
487 void SSLManager::OnMixedContent(MixedContentHandler* mixed_content) { 512 void SSLManager::OnMixedContent(MixedContentHandler* mixed_content) {
488 // Ask our delegate to deal with the mixed content. 513 delegate()->OnMixedContent(mixed_content);
489 NavigationEntry* entry = controller_->GetActiveEntry();
490 // We might not have a navigation entry in some cases (e.g. when a
491 // HTTPS page opens a popup with no URL and then populate it with
492 // document.write()). See bug http://crbug.com/3845.
493 if (!entry)
494 return;
495
496 delegate()->OnMixedContent(controller_, entry->url(), mixed_content);
497 } 514 }
498 515
499 void SSLManager::Observe(NotificationType type, 516 void SSLManager::Observe(NotificationType type,
500 const NotificationSource& source, 517 const NotificationSource& source,
501 const NotificationDetails& details) { 518 const NotificationDetails& details) {
502 // We should only be getting notifications from our controller.
503 DCHECK(source == Source<NavigationController>(controller_));
504
505 // Dispatch by type. 519 // Dispatch by type.
506 switch (type.value) { 520 switch (type.value) {
507 case NotificationType::NAV_ENTRY_COMMITTED: 521 case NotificationType::NAV_ENTRY_COMMITTED:
508 DidCommitProvisionalLoad(details); 522 DidCommitProvisionalLoad(details);
509 break; 523 break;
510 case NotificationType::FAIL_PROVISIONAL_LOAD_WITH_ERROR: 524 case NotificationType::FAIL_PROVISIONAL_LOAD_WITH_ERROR:
511 DidFailProvisionalLoadWithError( 525 DidFailProvisionalLoadWithError(
512 Details<ProvisionalLoadDetails>(details).ptr()); 526 Details<ProvisionalLoadDetails>(details).ptr());
513 break; 527 break;
514 case NotificationType::RESOURCE_RESPONSE_STARTED: 528 case NotificationType::RESOURCE_RESPONSE_STARTED:
515 DidStartResourceResponse(Details<ResourceRequestDetails>(details).ptr()); 529 DidStartResourceResponse(Details<ResourceRequestDetails>(details).ptr());
516 break; 530 break;
517 case NotificationType::RESOURCE_RECEIVED_REDIRECT: 531 case NotificationType::RESOURCE_RECEIVED_REDIRECT:
518 DidReceiveResourceRedirect( 532 DidReceiveResourceRedirect(
519 Details<ResourceRedirectDetails>(details).ptr()); 533 Details<ResourceRedirectDetails>(details).ptr());
520 break; 534 break;
521 case NotificationType::LOAD_FROM_MEMORY_CACHE: 535 case NotificationType::LOAD_FROM_MEMORY_CACHE:
522 DidLoadFromMemoryCache( 536 DidLoadFromMemoryCache(
523 Details<LoadFromMemoryCacheDetails>(details).ptr()); 537 Details<LoadFromMemoryCacheDetails>(details).ptr());
524 break; 538 break;
539 case NotificationType::SSL_INTERNAL_STATE_CHANGED:
540 DidChangeSSLInternalState();
541 break;
525 default: 542 default:
526 NOTREACHED() << "The SSLManager received an unexpected notification."; 543 NOTREACHED() << "The SSLManager received an unexpected notification.";
527 } 544 }
528 } 545 }
529 546
530 void SSLManager::InitializeEntryIfNeeded(NavigationEntry* entry) { 547 void SSLManager::DispatchSSLInternalStateChanged() {
548 NotificationService::current()->Notify(
549 NotificationType::SSL_INTERNAL_STATE_CHANGED,
550 Source<NavigationController>(controller_),
551 NotificationService::NoDetails());
552 }
553
554 void SSLManager::DispatchSSLVisibleStateChanged() {
555 NotificationService::current()->Notify(
556 NotificationType::SSL_VISIBLE_STATE_CHANGED,
557 Source<NavigationController>(controller_),
558 NotificationService::NoDetails());
559 }
560
561 void SSLManager::UpdateEntry(NavigationEntry* entry) {
531 DCHECK(entry); 562 DCHECK(entry);
532 563
533 // If the security style of the entry is SECURITY_STYLE_UNKNOWN, then it is a 564 NavigationEntry::SSLStatus original_status = entry->ssl(); // Copy!
534 // fresh entry and should get the default style. 565
535 if (entry->ssl().security_style() == SECURITY_STYLE_UNKNOWN) { 566 delegate()->UpdateEntry(this, entry);
536 entry->ssl().set_security_style( 567
537 delegate()->GetDefaultStyle(entry->url())); 568 if (original_status.security_style() != entry->ssl().security_style() ||
538 } 569 original_status.has_mixed_content() != entry->ssl().has_mixed_content() ||
570 original_status.has_unsafe_content() != entry->ssl().has_unsafe_content())
571 DispatchSSLVisibleStateChanged();
539 } 572 }
540 573
541 void SSLManager::NavigationStateChanged() { 574 void SSLManager::NavigationStateChanged() {
542 NavigationEntry* active_entry = controller_->GetActiveEntry(); 575 NavigationEntry* entry = controller_->GetActiveEntry();
543 if (!active_entry) 576 if (!entry)
544 return; // Nothing showing yet. 577 return; // Nothing showing yet.
545 578
546 // This might be a new entry we've never seen before. 579 // This might be a new entry we've never seen before.
547 InitializeEntryIfNeeded(active_entry); 580 UpdateEntry(entry);
548 } 581 }
549 582
550 void SSLManager::DidLoadFromMemoryCache(LoadFromMemoryCacheDetails* details) { 583 void SSLManager::DidLoadFromMemoryCache(LoadFromMemoryCacheDetails* details) {
551 DCHECK(details); 584 DCHECK(details);
552 585
553 // Simulate loading this resource through the usual path.
554 // Note that we specify SUB_RESOURCE as the resource type as WebCore only 586 // Note that we specify SUB_RESOURCE as the resource type as WebCore only
555 // caches sub-resources. 587 // caches sub-resources.
556 delegate()->OnRequestStarted(this, details->url(), 588 scoped_refptr<RequestInfo> info = new RequestInfo(
557 ResourceType::SUB_RESOURCE, 589 this,
558 details->ssl_cert_id(), 590 details->url(),
559 details->ssl_cert_status()); 591 ResourceType::SUB_RESOURCE,
592 details->frame_origin(),
593 details->main_frame_origin(),
594 details->ssl_cert_id(),
595 details->ssl_cert_status());
596
597 // Simulate loading this resource through the usual path.
598 delegate()->OnRequestStarted(info.get());
599 }
600
601 void SSLManager::DidChangeSSLInternalState() {
602 NavigationEntry* entry = controller_->GetActiveEntry();
603 if (!entry)
604 return; // Nothing showing yet.
605
606 // We might have to update the current entry if our SSL state changes.
607 UpdateEntry(entry);
560 } 608 }
561 609
562 void SSLManager::DidCommitProvisionalLoad( 610 void SSLManager::DidCommitProvisionalLoad(
563 const NotificationDetails& in_details) { 611 const NotificationDetails& in_details) {
564 NavigationController::LoadCommittedDetails* details = 612 NavigationController::LoadCommittedDetails* details =
565 Details<NavigationController::LoadCommittedDetails>(in_details).ptr(); 613 Details<NavigationController::LoadCommittedDetails>(in_details).ptr();
566 614
567 // Ignore in-page navigations, they should not change the security style or 615 // Ignore in-page navigations, they should not change the security style or
568 // the info-bars. 616 // the info-bars.
569 if (details->is_in_page) 617 if (details->is_in_page)
570 return; 618 return;
571 619
572 // Decode the security details. 620 // Decode the security details.
573 int ssl_cert_id, ssl_cert_status, ssl_security_bits; 621 int ssl_cert_id, ssl_cert_status, ssl_security_bits;
574 DeserializeSecurityInfo(details->serialized_security_info, 622 DeserializeSecurityInfo(details->serialized_security_info,
575 &ssl_cert_id, &ssl_cert_status, &ssl_security_bits); 623 &ssl_cert_id, &ssl_cert_status, &ssl_security_bits);
576 624
577 bool changed = false; 625 bool entry_changed = false;
578 if (details->is_main_frame) { 626 if (details->is_main_frame) {
579 // Update the SSL states of the pending entry. 627 // Update the SSL states of the pending entry.
580 NavigationEntry* entry = controller_->GetActiveEntry(); 628 NavigationEntry* entry = controller_->GetActiveEntry();
581 if (entry) { 629 if (entry) {
582 // We may not have an entry if this is a navigation to an initial blank 630 // We may not have an entry if this is a navigation to an initial blank
583 // page. Reset the SSL information and add the new data we have. 631 // page. Reset the SSL information and add the new data we have.
584 entry->ssl() = NavigationEntry::SSLStatus(); 632 entry->ssl() = NavigationEntry::SSLStatus();
585 InitializeEntryIfNeeded(entry); // For security_style. 633 UpdateEntry(entry); // For security_style.
586 entry->ssl().set_cert_id(ssl_cert_id); 634 entry->ssl().set_cert_id(ssl_cert_id);
587 entry->ssl().set_cert_status(ssl_cert_status); 635 entry->ssl().set_cert_status(ssl_cert_status);
588 entry->ssl().set_security_bits(ssl_security_bits); 636 entry->ssl().set_security_bits(ssl_security_bits);
589 changed = true; 637 entry_changed = true;
590 } 638 }
591 639
592 ShowPendingMessages(); 640 ShowPendingMessages();
593 } 641 }
594 642
595 // An HTTPS response may not have a certificate for some reason. When that 643 // An HTTPS response may not have a certificate for some reason. When that
596 // happens, use the unauthenticated (HTTP) rather than the authentication 644 // happens, use the unauthenticated (HTTP) rather than the authentication
597 // broken security style so that we can detect this error condition. 645 // broken security style so that we can detect this error condition.
598 if (net::IsCertStatusError(ssl_cert_status) && 646 if (net::IsCertStatusError(ssl_cert_status) &&
599 !details->is_content_filtered) { 647 !details->is_content_filtered) {
600 changed |= SetMaxSecurityStyle(SECURITY_STYLE_AUTHENTICATION_BROKEN); 648 // TODO(abarth): This is wrong. It's the SSLPolicy's job to set the max
649 // security style.
650 //SetMaxSecurityStyle(SECURITY_STYLE_AUTHENTICATION_BROKEN);
601 if (!details->is_main_frame && 651 if (!details->is_main_frame &&
602 !details->entry->ssl().has_unsafe_content()) { 652 !details->entry->ssl().has_unsafe_content()) {
603 details->entry->ssl().set_has_unsafe_content(); 653 details->entry->ssl().set_has_unsafe_content();
604 changed = true; 654 entry_changed = true;
605 } 655 }
606 } else if (details->entry->url().SchemeIsSecure() && !ssl_cert_id) { 656 } else if (details->entry->url().SchemeIsSecure() && !ssl_cert_id) {
607 if (details->is_main_frame) { 657 if (details->is_main_frame) {
608 changed |= SetMaxSecurityStyle(SECURITY_STYLE_UNAUTHENTICATED); 658 // TODO(abarth): This is wrong. It's the SSLPolicy's job to set the max
659 // security style.
660 //SetMaxSecurityStyle(SECURITY_STYLE_UNAUTHENTICATED);
609 } else { 661 } else {
610 // If the frame has been blocked we keep our security style as 662 // If the frame has been blocked we keep our security style as
611 // authenticated in that case as nothing insecure is actually showing or 663 // authenticated in that case as nothing insecure is actually showing or
612 // loaded. 664 // loaded.
613 if (!details->is_content_filtered && 665 if (!details->is_content_filtered &&
614 !details->entry->ssl().has_mixed_content()) { 666 !details->entry->ssl().has_mixed_content()) {
615 details->entry->ssl().set_has_mixed_content(); 667 details->entry->ssl().set_has_mixed_content();
616 changed = true; 668 entry_changed = true;
617 } 669 }
618 } 670 }
619 } 671 }
620 672
621 if (changed) { 673 if (entry_changed)
622 // Only send the notification when something actually changed. 674 DispatchSSLVisibleStateChanged();
623 NotificationService::current()->Notify(
624 NotificationType::SSL_STATE_CHANGED,
625 Source<NavigationController>(controller_),
626 NotificationService::NoDetails());
627 }
628 } 675 }
629 676
630 void SSLManager::DidFailProvisionalLoadWithError( 677 void SSLManager::DidFailProvisionalLoadWithError(
631 ProvisionalLoadDetails* details) { 678 ProvisionalLoadDetails* details) {
632 DCHECK(details); 679 DCHECK(details);
633 680
634 // Ignore in-page navigations. 681 // Ignore in-page navigations.
635 if (details->in_page_navigation()) 682 if (details->in_page_navigation())
636 return; 683 return;
637 684
638 if (details->main_frame()) 685 if (details->main_frame())
639 ClearPendingMessages(); 686 ClearPendingMessages();
640 } 687 }
641 688
642 void SSLManager::DidStartResourceResponse(ResourceRequestDetails* details) { 689 void SSLManager::DidStartResourceResponse(ResourceRequestDetails* details) {
643 DCHECK(details); 690 DCHECK(details);
644 691
692 scoped_refptr<RequestInfo> info = new RequestInfo(
693 this,
694 details->url(),
695 details->resource_type(),
696 details->frame_origin(),
697 details->main_frame_origin(),
698 details->ssl_cert_id(),
699 details->ssl_cert_status());
700
645 // Notify our delegate that we started a resource request. Ideally, the 701 // Notify our delegate that we started a resource request. Ideally, the
646 // delegate should have the ability to cancel the request, but we can't do 702 // delegate should have the ability to cancel the request, but we can't do
647 // that yet. 703 // that yet.
648 delegate()->OnRequestStarted(this, details->url(), 704 delegate()->OnRequestStarted(info.get());
649 details->resource_type(),
650 details->ssl_cert_id() ,
651 details->ssl_cert_status());
652 } 705 }
653 706
654 void SSLManager::DidReceiveResourceRedirect(ResourceRedirectDetails* details) { 707 void SSLManager::DidReceiveResourceRedirect(ResourceRedirectDetails* details) {
655 // TODO(jcampan): when we receive a redirect for a sub-resource, we may want 708 // TODO(jcampan): when we receive a redirect for a sub-resource, we may want
656 // to clear any mixed/unsafe content error that it may have triggered. 709 // to clear any mixed/unsafe content error that it may have triggered.
710 // Really??? I'm not sure that's right. -- abarth (3/14/2009)
657 } 711 }
658 712
659 void SSLManager::ShowPendingMessages() { 713 void SSLManager::ShowPendingMessages() {
660 std::vector<SSLMessageInfo>::const_iterator iter; 714 std::vector<SSLMessageInfo>::const_iterator iter;
661 for (iter = pending_messages_.begin(); 715 for (iter = pending_messages_.begin();
662 iter != pending_messages_.end(); ++iter) { 716 iter != pending_messages_.end(); ++iter) {
663 ShowMessageWithLink(iter->message, iter->link_text, iter->action); 717 ShowMessageWithLink(iter->message, iter->link_text, iter->action);
664 } 718 }
665 ClearPendingMessages(); 719 ClearPendingMessages();
666 } 720 }
(...skipping 56 matching lines...) Expand 10 before | Expand all | Expand 10 after
723 } 777 }
724 778
725 if (ca_name) { 779 if (ca_name) {
726 // TODO(wtc): should we show the root CA's name instead? 780 // TODO(wtc): should we show the root CA's name instead?
727 *ca_name = l10n_util::GetStringF( 781 *ca_name = l10n_util::GetStringF(
728 IDS_SECURE_CONNECTION_EV_CA, 782 IDS_SECURE_CONNECTION_EV_CA,
729 UTF8ToWide(cert.issuer().organization_names[0])); 783 UTF8ToWide(cert.issuer().organization_names[0]));
730 } 784 }
731 return true; 785 return true;
732 } 786 }
OLDNEW

Powered by Google App Engine
This is Rietveld 408576698