| Index: chrome/browser/ssl/ssl_manager.h
|
| ===================================================================
|
| --- chrome/browser/ssl/ssl_manager.h (revision 11701)
|
| +++ chrome/browser/ssl/ssl_manager.h (working copy)
|
| @@ -76,6 +76,15 @@
|
| // Available on either thread.
|
| const GURL& request_url() const { return request_url_; }
|
|
|
| + // Available on either thread.
|
| + ResourceType::Type resource_type() const { return resource_type_; }
|
| +
|
| + // Available on either thread.
|
| + const std::string& frame_origin() const { return frame_origin_; }
|
| +
|
| + // Available on either thread.
|
| + const std::string& main_frame_origin() const { return main_frame_origin_; }
|
| +
|
| // Call on the UI thread.
|
| SSLManager* manager() const { return manager_; }
|
|
|
| @@ -118,6 +127,9 @@
|
| // Construct on the IO thread.
|
| ErrorHandler(ResourceDispatcherHost* resource_dispatcher_host,
|
| URLRequest* request,
|
| + ResourceType::Type resource_type,
|
| + const std::string& frame_origin,
|
| + const std::string& main_frame_origin,
|
| MessageLoop* ui_loop);
|
|
|
| // The following 2 methods are the methods subclasses should implement.
|
| @@ -164,12 +176,26 @@
|
| int render_process_host_id_;
|
| int tab_contents_id_;
|
|
|
| + // The URL that we requested.
|
| // This read-only member can be accessed on any thread.
|
| - const GURL request_url_; // The URL that we requested.
|
| + const GURL request_url_;
|
|
|
| + // What kind of resource is associated with the requested that generated
|
| + // that error.
|
| + // This read-only member can be accessed on any thread.
|
| + const ResourceType::Type resource_type_;
|
| +
|
| + // The origin of the frame associated with this request.
|
| + // This read-only member can be accessed on any thread.
|
| + const std::string frame_origin_;
|
| +
|
| + // The origin of the main frame associated with this request.
|
| + // This read-only member can be accessed on any thread.
|
| + const std::string main_frame_origin_;
|
| +
|
| + // A flag to make sure we notify the URLRequest exactly once.
|
| // Should only be accessed on the IO thread
|
| - bool request_has_been_notified_; // A flag to make sure we notify the
|
| - // URLRequest exactly once.
|
| + bool request_has_been_notified_;
|
|
|
| DISALLOW_COPY_AND_ASSIGN(ErrorHandler);
|
| };
|
| @@ -186,8 +212,7 @@
|
| const net::SSLInfo& ssl_info() const { return ssl_info_; }
|
| int cert_error() const { return cert_error_; }
|
|
|
| - ResourceType::Type resource_type() const { return resource_type_; }
|
| - private:
|
| + private:
|
| // SSLManager is responsible for creating CertError objects.
|
| friend class SSLManager;
|
|
|
| @@ -197,6 +222,8 @@
|
| CertError(ResourceDispatcherHost* resource_dispatcher_host,
|
| URLRequest* request,
|
| ResourceType::Type resource_type,
|
| + const std::string& frame_origin,
|
| + const std::string& main_frame_origin,
|
| int cert_error,
|
| net::X509Certificate* cert,
|
| MessageLoop* ui_loop);
|
| @@ -209,10 +236,6 @@
|
| net::SSLInfo ssl_info_;
|
| const int cert_error_; // The error we represent.
|
|
|
| - // What kind of resource is associated with the requested that generated
|
| - // that error.
|
| - ResourceType::Type resource_type_;
|
| -
|
| DISALLOW_COPY_AND_ASSIGN(CertError);
|
| };
|
|
|
| @@ -223,9 +246,12 @@
|
| // Created on the IO thread.
|
| MixedContentHandler(ResourceDispatcherHost* rdh,
|
| URLRequest* request,
|
| + ResourceType::Type resource_type,
|
| + const std::string& frame_origin,
|
| + const std::string& main_frame_origin,
|
| MessageLoop* ui_loop)
|
| - : ErrorHandler(rdh, request, ui_loop) { }
|
| -
|
| + : ErrorHandler(rdh, request, resource_type, frame_origin,
|
| + main_frame_origin, ui_loop) { }
|
| protected:
|
| virtual void OnDispatchFailed() { TakeNoAction(); }
|
| virtual void OnDispatched() { manager()->OnMixedContent(this); }
|
| @@ -234,6 +260,44 @@
|
| DISALLOW_COPY_AND_ASSIGN(MixedContentHandler);
|
| };
|
|
|
| + class RequestInfo : public base::RefCounted<RequestInfo> {
|
| + public:
|
| + RequestInfo(SSLManager* manager,
|
| + const GURL& url,
|
| + ResourceType::Type resource_type,
|
| + const std::string& frame_origin,
|
| + const std::string& main_frame_origin,
|
| + int ssl_cert_id,
|
| + int ssl_cert_status)
|
| + : manager_(manager),
|
| + url_(url),
|
| + resource_type_(resource_type),
|
| + frame_origin_(frame_origin),
|
| + main_frame_origin_(main_frame_origin),
|
| + ssl_cert_id_(ssl_cert_id),
|
| + ssl_cert_status_(ssl_cert_status) {
|
| + }
|
| +
|
| + SSLManager* manager() const { return manager_; }
|
| + const GURL& url() const { return url_; }
|
| + ResourceType::Type resource_type() const { return resource_type_; }
|
| + const std::string& frame_origin() const { return frame_origin_; }
|
| + const std::string& main_frame_origin() const { return main_frame_origin_; }
|
| + int ssl_cert_id() const { return ssl_cert_id_; }
|
| + int ssl_cert_status() const { return ssl_cert_status_; }
|
| +
|
| + private:
|
| + SSLManager* manager_;
|
| + GURL url_;
|
| + ResourceType::Type resource_type_;
|
| + std::string frame_origin_;
|
| + std::string main_frame_origin_;
|
| + int ssl_cert_id_;
|
| + int ssl_cert_status_;
|
| +
|
| + DISALLOW_COPY_AND_ASSIGN(RequestInfo);
|
| + };
|
| +
|
| // The SSLManager will ask its delegate to decide how to handle events
|
| // relevant to SSL. Delegates are expected to be stateless and intended to be
|
| // easily implementable.
|
| @@ -246,25 +310,17 @@
|
| class Delegate {
|
| public:
|
| // An error occurred with the certificate in an SSL connection.
|
| - virtual void OnCertError(const GURL& main_frame_url, CertError* error) = 0;
|
| + virtual void OnCertError(CertError* error) = 0;
|
|
|
| // A request for a mixed-content resource was made. Note that the resource
|
| // request was not started yet and the delegate is responsible for starting
|
| // it.
|
| - virtual void OnMixedContent(
|
| - NavigationController* navigation_controller,
|
| - const GURL& main_frame_url,
|
| - MixedContentHandler* mixed_content_handler) = 0;
|
| + virtual void OnMixedContent(MixedContentHandler* handler) = 0;
|
|
|
| - // We have started a resource request for the given URL.
|
| - virtual void OnRequestStarted(SSLManager* manager,
|
| - const GURL& url,
|
| - ResourceType::Type resource_type,
|
| - int ssl_cert_id,
|
| - int ssl_cert_status) = 0;
|
| + // We have started a resource request with the given info.
|
| + virtual void OnRequestStarted(RequestInfo* info) = 0;
|
|
|
| - // Returns the default security style for a given URL.
|
| - virtual SecurityStyle GetDefaultStyle(const GURL& url) = 0;
|
| + virtual void UpdateEntry(SSLManager* manager, NavigationEntry* entry) = 0;
|
| };
|
|
|
| static void RegisterUserPrefs(PrefService* prefs);
|
| @@ -291,19 +347,12 @@
|
| const std::wstring& link_text,
|
| Task* task);
|
|
|
| - // Sets the maximum security style for the page. If the current security
|
| - // style is lower than |style|, this will not have an effect on the security
|
| - // indicators.
|
| - //
|
| - // It will return true if the navigation entry was updated or false if
|
| - // nothing changed. The caller is responsible for broadcasting
|
| - // NOTIFY_SSY_STATE_CHANGED if it returns true.
|
| - bool SetMaxSecurityStyle(SecurityStyle style);
|
| -
|
| // Logs a message to the console of the page.
|
| - void AddMessageToConsole(const std::wstring& msg,
|
| - ConsoleMessageLevel level);
|
| + void AddMessageToConsole(const std::wstring& msg, ConsoleMessageLevel level);
|
|
|
| + void MarkHostAsBroken(const std::string& host);
|
| + bool DidMarkHostAsBroken(const std::string& host) const;
|
| +
|
| // Records that |cert| is permitted to be used for |host| in the future.
|
| void DenyCertForHost(net::X509Certificate* cert, const std::string& host);
|
|
|
| @@ -314,14 +363,11 @@
|
| net::X509Certificate::Policy::Judgment QueryPolicy(
|
| net::X509Certificate* cert, const std::string& host);
|
|
|
| - // Allow mixed/unsafe content to be visible (non filtered) for the specified
|
| - // URL.
|
| - // Note that the current implementation allows on a host name basis.
|
| - void AllowShowInsecureContentForURL(const GURL& url);
|
| + // Allow mixed content to be visible (non filtered).
|
| + void AllowMixedContentForHost(const std::string& host);
|
|
|
| - // Returns whether the specified URL is allowed to show insecure (mixed or
|
| - // unsafe) content.
|
| - bool CanShowInsecureContent(const GURL& url);
|
| + // Returns whether the specified host is allowed to show mixed content.
|
| + bool DidAllowMixedContentForHost(const std::string& host) const;
|
|
|
| //
|
| //////////////////////////////////////////////////////////////////////////////
|
| @@ -343,16 +389,17 @@
|
| net::X509Certificate* cert,
|
| MessageLoop* ui_loop);
|
|
|
| - // Called when a mixed-content sub-resource request has been detected. The
|
| - // request is not started yet. The SSLManager will make a decision on whether
|
| - // to filter that request's content (with the filter_policy flag).
|
| + // Called before a URL request has been started. Returns whether the resource
|
| + // request should be delayed while we figure out what to do. We use this
|
| + // function as the entry point for our mixed content detection.
|
| + //
|
| // TODO(jcampan): Implement a way to just cancel the request. This is not
|
| // straight-forward as canceling a request that has not been started will
|
| // not remove from the pending_requests_ of the ResourceDispatcherHost.
|
| // Called on the IO thread.
|
| - static void OnMixedContentRequest(ResourceDispatcherHost* resource_dispatcher,
|
| - URLRequest* request,
|
| - MessageLoop* ui_loop);
|
| + static bool ShouldDelayRequest(ResourceDispatcherHost* resource_dispatcher,
|
| + URLRequest* request,
|
| + MessageLoop* ui_loop);
|
|
|
| // Called by CertError::Dispatch to kick off processing of the cert error by
|
| // the SSL manager. The error originated from the ResourceDispatcherHost.
|
| @@ -436,10 +483,17 @@
|
| void DidFailProvisionalLoadWithError(ProvisionalLoadDetails* details);
|
| void DidStartResourceResponse(ResourceRequestDetails* details);
|
| void DidReceiveResourceRedirect(ResourceRedirectDetails* details);
|
| + void DidChangeSSLInternalState();
|
|
|
| - // Convenience method for initializing navigation entries.
|
| - void InitializeEntryIfNeeded(NavigationEntry* entry);
|
| + // Dispatch NotificationType::SSL_INTERNAL_STATE_CHANGED notification.
|
| + void DispatchSSLInternalStateChanged();
|
|
|
| + // Dispatch NotificationType::SSL_VISIBLE_STATE_CHANGED notification.
|
| + void DispatchSSLVisibleStateChanged();
|
| +
|
| + // Update the NavigationEntry with our current state.
|
| + void UpdateEntry(NavigationEntry* entry);
|
| +
|
| // Shows the pending messages (in info-bars) if any.
|
| void ShowPendingMessages();
|
|
|
|
|