| Index: chrome/browser/ssl/ssl_manager.h
|
| ===================================================================
|
| --- chrome/browser/ssl/ssl_manager.h (revision 11892)
|
| +++ chrome/browser/ssl/ssl_manager.h (working copy)
|
| @@ -45,7 +45,6 @@
|
| // There is one SSLManager per tab.
|
| // The security state (secure/insecure) is stored in the navigation entry.
|
| // Along with it are stored any SSL error code and the associated cert.
|
| -//
|
|
|
| class SSLManager : public NotificationObserver {
|
| public:
|
| @@ -76,6 +75,15 @@
|
| // Available on either thread.
|
| const GURL& request_url() const { return request_url_; }
|
|
|
| + // Available on either thread.
|
| + ResourceType::Type resource_type() const { return resource_type_; }
|
| +
|
| + // Available on either thread.
|
| + const std::string& frame_origin() const { return frame_origin_; }
|
| +
|
| + // Available on either thread.
|
| + const std::string& main_frame_origin() const { return main_frame_origin_; }
|
| +
|
| // Call on the UI thread.
|
| SSLManager* manager() const { return manager_; }
|
|
|
| @@ -118,6 +126,9 @@
|
| // Construct on the IO thread.
|
| ErrorHandler(ResourceDispatcherHost* resource_dispatcher_host,
|
| URLRequest* request,
|
| + ResourceType::Type resource_type,
|
| + const std::string& frame_origin,
|
| + const std::string& main_frame_origin,
|
| MessageLoop* ui_loop);
|
|
|
| // The following 2 methods are the methods subclasses should implement.
|
| @@ -164,12 +175,26 @@
|
| int render_process_host_id_;
|
| int tab_contents_id_;
|
|
|
| + // The URL that we requested.
|
| // This read-only member can be accessed on any thread.
|
| - const GURL request_url_; // The URL that we requested.
|
| + const GURL request_url_;
|
|
|
| + // What kind of resource is associated with the requested that generated
|
| + // that error.
|
| + // This read-only member can be accessed on any thread.
|
| + const ResourceType::Type resource_type_;
|
| +
|
| + // The origin of the frame associated with this request.
|
| + // This read-only member can be accessed on any thread.
|
| + const std::string frame_origin_;
|
| +
|
| + // The origin of the main frame associated with this request.
|
| + // This read-only member can be accessed on any thread.
|
| + const std::string main_frame_origin_;
|
| +
|
| + // A flag to make sure we notify the URLRequest exactly once.
|
| // Should only be accessed on the IO thread
|
| - bool request_has_been_notified_; // A flag to make sure we notify the
|
| - // URLRequest exactly once.
|
| + bool request_has_been_notified_;
|
|
|
| DISALLOW_COPY_AND_ASSIGN(ErrorHandler);
|
| };
|
| @@ -186,7 +211,6 @@
|
| const net::SSLInfo& ssl_info() const { return ssl_info_; }
|
| int cert_error() const { return cert_error_; }
|
|
|
| - ResourceType::Type resource_type() const { return resource_type_; }
|
| private:
|
| // SSLManager is responsible for creating CertError objects.
|
| friend class SSLManager;
|
| @@ -197,6 +221,8 @@
|
| CertError(ResourceDispatcherHost* resource_dispatcher_host,
|
| URLRequest* request,
|
| ResourceType::Type resource_type,
|
| + const std::string& frame_origin,
|
| + const std::string& main_frame_origin,
|
| int cert_error,
|
| net::X509Certificate* cert,
|
| MessageLoop* ui_loop);
|
| @@ -209,10 +235,6 @@
|
| net::SSLInfo ssl_info_;
|
| const int cert_error_; // The error we represent.
|
|
|
| - // What kind of resource is associated with the requested that generated
|
| - // that error.
|
| - ResourceType::Type resource_type_;
|
| -
|
| DISALLOW_COPY_AND_ASSIGN(CertError);
|
| };
|
|
|
| @@ -223,8 +245,12 @@
|
| // Created on the IO thread.
|
| MixedContentHandler(ResourceDispatcherHost* rdh,
|
| URLRequest* request,
|
| + ResourceType::Type resource_type,
|
| + const std::string& frame_origin,
|
| + const std::string& main_frame_origin,
|
| MessageLoop* ui_loop)
|
| - : ErrorHandler(rdh, request, ui_loop) { }
|
| + : ErrorHandler(rdh, request, resource_type, frame_origin,
|
| + main_frame_origin, ui_loop) { }
|
|
|
| protected:
|
| virtual void OnDispatchFailed() { TakeNoAction(); }
|
| @@ -234,6 +260,47 @@
|
| DISALLOW_COPY_AND_ASSIGN(MixedContentHandler);
|
| };
|
|
|
| + // RequestInfo wraps up the information SSLPolicy needs about a request in
|
| + // order to update our security IU. RequestInfo is RefCounted in case we need
|
| + // to deal with the request asynchronously.
|
| + class RequestInfo : public base::RefCounted<RequestInfo> {
|
| + public:
|
| + RequestInfo(SSLManager* manager,
|
| + const GURL& url,
|
| + ResourceType::Type resource_type,
|
| + const std::string& frame_origin,
|
| + const std::string& main_frame_origin,
|
| + int ssl_cert_id,
|
| + int ssl_cert_status)
|
| + : manager_(manager),
|
| + url_(url),
|
| + resource_type_(resource_type),
|
| + frame_origin_(frame_origin),
|
| + main_frame_origin_(main_frame_origin),
|
| + ssl_cert_id_(ssl_cert_id),
|
| + ssl_cert_status_(ssl_cert_status) {
|
| + }
|
| +
|
| + SSLManager* manager() const { return manager_; }
|
| + const GURL& url() const { return url_; }
|
| + ResourceType::Type resource_type() const { return resource_type_; }
|
| + const std::string& frame_origin() const { return frame_origin_; }
|
| + const std::string& main_frame_origin() const { return main_frame_origin_; }
|
| + int ssl_cert_id() const { return ssl_cert_id_; }
|
| + int ssl_cert_status() const { return ssl_cert_status_; }
|
| +
|
| + private:
|
| + SSLManager* manager_;
|
| + GURL url_;
|
| + ResourceType::Type resource_type_;
|
| + std::string frame_origin_;
|
| + std::string main_frame_origin_;
|
| + int ssl_cert_id_;
|
| + int ssl_cert_status_;
|
| +
|
| + DISALLOW_COPY_AND_ASSIGN(RequestInfo);
|
| + };
|
| +
|
| // The SSLManager will ask its delegate to decide how to handle events
|
| // relevant to SSL. Delegates are expected to be stateless and intended to be
|
| // easily implementable.
|
| @@ -246,22 +313,15 @@
|
| class Delegate {
|
| public:
|
| // An error occurred with the certificate in an SSL connection.
|
| - virtual void OnCertError(const GURL& main_frame_url, CertError* error) = 0;
|
| + virtual void OnCertError(CertError* error) = 0;
|
|
|
| // A request for a mixed-content resource was made. Note that the resource
|
| // request was not started yet and the delegate is responsible for starting
|
| // it.
|
| - virtual void OnMixedContent(
|
| - NavigationController* navigation_controller,
|
| - const GURL& main_frame_url,
|
| - MixedContentHandler* mixed_content_handler) = 0;
|
| + virtual void OnMixedContent(MixedContentHandler* handler) = 0;
|
|
|
| - // We have started a resource request for the given URL.
|
| - virtual void OnRequestStarted(SSLManager* manager,
|
| - const GURL& url,
|
| - ResourceType::Type resource_type,
|
| - int ssl_cert_id,
|
| - int ssl_cert_status) = 0;
|
| + // We have started a resource request with the given info.
|
| + virtual void OnRequestStarted(RequestInfo* info) = 0;
|
|
|
| // Returns the default security style for a given URL.
|
| virtual SecurityStyle GetDefaultStyle(const GURL& url) = 0;
|
| @@ -291,6 +351,14 @@
|
| const std::wstring& link_text,
|
| Task* task);
|
|
|
| + // Records that a host is "broken," that is, the origin for that host has been
|
| + // contaminated with insecure content, either via HTTP or via HTTPS with a
|
| + // bad certificate.
|
| + void MarkHostAsBroken(const std::string& host);
|
| +
|
| + // Returns whether the specified host was marked as broken.
|
| + bool DidMarkHostAsBroken(const std::string& host) const;
|
| +
|
| // Sets the maximum security style for the page. If the current security
|
| // style is lower than |style|, this will not have an effect on the security
|
| // indicators.
|
| @@ -314,14 +382,11 @@
|
| net::X509Certificate::Policy::Judgment QueryPolicy(
|
| net::X509Certificate* cert, const std::string& host);
|
|
|
| - // Allow mixed/unsafe content to be visible (non filtered) for the specified
|
| - // URL.
|
| - // Note that the current implementation allows on a host name basis.
|
| - void AllowShowInsecureContentForURL(const GURL& url);
|
| + // Allow mixed content to be visible (non filtered).
|
| + void AllowMixedContentForHost(const std::string& host);
|
|
|
| - // Returns whether the specified URL is allowed to show insecure (mixed or
|
| - // unsafe) content.
|
| - bool CanShowInsecureContent(const GURL& url);
|
| + // Returns whether the specified host is allowed to show mixed content.
|
| + bool DidAllowMixedContentForHost(const std::string& host) const;
|
|
|
| //
|
| //////////////////////////////////////////////////////////////////////////////
|
| @@ -366,7 +431,7 @@
|
| // ResourceDispatcherHost.
|
| //
|
| // Called on the UI thread.
|
| - void OnMixedContent(MixedContentHandler* mixed_content);
|
| + void OnMixedContent(MixedContentHandler* handler);
|
|
|
| // Entry point for navigation. This function begins the process of updating
|
| // the security UI when the main frame navigates to a new URL.
|
| @@ -437,7 +502,14 @@
|
| void DidFailProvisionalLoadWithError(ProvisionalLoadDetails* details);
|
| void DidStartResourceResponse(ResourceRequestDetails* details);
|
| void DidReceiveResourceRedirect(ResourceRedirectDetails* details);
|
| + void DidChangeSSLInternalState();
|
|
|
| + // Dispatch NotificationType::SSL_INTERNAL_STATE_CHANGED notification.
|
| + void DispatchSSLInternalStateChanged();
|
| +
|
| + // Dispatch NotificationType::SSL_VISIBLE_STATE_CHANGED notification.
|
| + void DispatchSSLVisibleStateChanged();
|
| +
|
| // Convenience method for initializing navigation entries.
|
| void InitializeEntryIfNeeded(NavigationEntry* entry);
|
|
|
|
|
Chromium Code Reviews
