OLD | NEW |
1 // Copyright (c) 2010 The Chromium Authors. All rights reserved. | 1 // Copyright (c) 2010 The Chromium Authors. All rights reserved. |
2 // Use of this source code is governed by a BSD-style license that can be | 2 // Use of this source code is governed by a BSD-style license that can be |
3 // found in the LICENSE file. | 3 // found in the LICENSE file. |
4 | 4 |
5 #include "chrome/browser/ssl/ssl_manager.h" | 5 #include "chrome/browser/ssl/ssl_manager.h" |
6 | 6 |
7 #include "base/utf_string_conversions.h" | 7 #include "base/utf_string_conversions.h" |
8 #include "chrome/browser/browser_thread.h" | 8 #include "chrome/browser/browser_thread.h" |
9 #include "chrome/browser/load_from_memory_cache_details.h" | 9 #include "chrome/browser/load_from_memory_cache_details.h" |
10 #include "chrome/browser/net/url_request_tracking.h" | 10 #include "chrome/browser/net/url_request_tracking.h" |
(...skipping 43 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
54 NotificationService::current()->Notify( | 54 NotificationService::current()->Notify( |
55 NotificationType::SSL_INTERNAL_STATE_CHANGED, | 55 NotificationType::SSL_INTERNAL_STATE_CHANGED, |
56 NotificationService::AllSources(), | 56 NotificationService::AllSources(), |
57 NotificationService::NoDetails()); | 57 NotificationService::NoDetails()); |
58 } | 58 } |
59 | 59 |
60 // static | 60 // static |
61 std::string SSLManager::SerializeSecurityInfo(int cert_id, | 61 std::string SSLManager::SerializeSecurityInfo(int cert_id, |
62 int cert_status, | 62 int cert_status, |
63 int security_bits, | 63 int security_bits, |
64 int ssl_connection_status) { | 64 int ssl_connection_status, |
| 65 string16 tls_username) { |
65 Pickle pickle; | 66 Pickle pickle; |
66 pickle.WriteInt(cert_id); | 67 pickle.WriteInt(cert_id); |
67 pickle.WriteInt(cert_status); | 68 pickle.WriteInt(cert_status); |
68 pickle.WriteInt(security_bits); | 69 pickle.WriteInt(security_bits); |
69 pickle.WriteInt(ssl_connection_status); | 70 pickle.WriteInt(ssl_connection_status); |
| 71 pickle.WriteString16(tls_username); |
70 return std::string(static_cast<const char*>(pickle.data()), pickle.size()); | 72 return std::string(static_cast<const char*>(pickle.data()), pickle.size()); |
71 } | 73 } |
72 | 74 |
73 // static | 75 // static |
74 bool SSLManager::DeserializeSecurityInfo(const std::string& state, | 76 bool SSLManager::DeserializeSecurityInfo(const std::string& state, |
75 int* cert_id, | 77 int* cert_id, |
76 int* cert_status, | 78 int* cert_status, |
77 int* security_bits, | 79 int* security_bits, |
78 int* ssl_connection_status) { | 80 int* ssl_connection_status, |
79 DCHECK(cert_id && cert_status && security_bits && ssl_connection_status); | 81 string16* tls_username) { |
| 82 DCHECK(cert_id && cert_status && security_bits && ssl_connection_status && |
| 83 tls_username); |
80 if (state.empty()) { | 84 if (state.empty()) { |
81 // No SSL used. | 85 // No SSL used. |
82 *cert_id = 0; | 86 *cert_id = 0; |
83 // The following are not applicable and are set to the default values. | 87 // The following are not applicable and are set to the default values. |
84 *cert_status = 0; | 88 *cert_status = 0; |
85 *security_bits = -1; | 89 *security_bits = -1; |
86 *ssl_connection_status = 0; | 90 *ssl_connection_status = 0; |
| 91 tls_username->clear(); |
87 return false; | 92 return false; |
88 } | 93 } |
89 | 94 |
90 Pickle pickle(state.data(), static_cast<int>(state.size())); | 95 Pickle pickle(state.data(), static_cast<int>(state.size())); |
91 void * iter = NULL; | 96 void * iter = NULL; |
92 return pickle.ReadInt(&iter, cert_id) && | 97 return pickle.ReadInt(&iter, cert_id) && |
93 pickle.ReadInt(&iter, cert_status) && | 98 pickle.ReadInt(&iter, cert_status) && |
94 pickle.ReadInt(&iter, security_bits) && | 99 pickle.ReadInt(&iter, security_bits) && |
95 pickle.ReadInt(&iter, ssl_connection_status); | 100 pickle.ReadInt(&iter, ssl_connection_status) && |
| 101 pickle.ReadString16(&iter, tls_username); |
96 } | 102 } |
97 | 103 |
98 // static | 104 // static |
99 string16 SSLManager::GetEVCertName(const net::X509Certificate& cert) { | 105 string16 SSLManager::GetEVCertName(const net::X509Certificate& cert) { |
100 // EV are required to have an organization name and country. | 106 // EV are required to have an organization name and country. |
101 if (cert.subject().organization_names.empty() || | 107 if (cert.subject().organization_names.empty() || |
102 cert.subject().country_name.empty()) { | 108 cert.subject().country_name.empty()) { |
103 NOTREACHED(); | 109 NOTREACHED(); |
104 return string16(); | 110 return string16(); |
105 } | 111 } |
(...skipping 31 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
137 NavigationController::LoadCommittedDetails* details = | 143 NavigationController::LoadCommittedDetails* details = |
138 Details<NavigationController::LoadCommittedDetails>(in_details).ptr(); | 144 Details<NavigationController::LoadCommittedDetails>(in_details).ptr(); |
139 | 145 |
140 NavigationEntry* entry = controller_->GetActiveEntry(); | 146 NavigationEntry* entry = controller_->GetActiveEntry(); |
141 | 147 |
142 if (details->is_main_frame) { | 148 if (details->is_main_frame) { |
143 if (entry) { | 149 if (entry) { |
144 // Decode the security details. | 150 // Decode the security details. |
145 int ssl_cert_id, ssl_cert_status, ssl_security_bits, | 151 int ssl_cert_id, ssl_cert_status, ssl_security_bits, |
146 ssl_connection_status; | 152 ssl_connection_status; |
| 153 string16 tls_username; |
147 DeserializeSecurityInfo(details->serialized_security_info, | 154 DeserializeSecurityInfo(details->serialized_security_info, |
148 &ssl_cert_id, | 155 &ssl_cert_id, |
149 &ssl_cert_status, | 156 &ssl_cert_status, |
150 &ssl_security_bits, | 157 &ssl_security_bits, |
151 &ssl_connection_status); | 158 &ssl_connection_status, |
| 159 &tls_username); |
152 | 160 |
153 // We may not have an entry if this is a navigation to an initial blank | 161 // We may not have an entry if this is a navigation to an initial blank |
154 // page. Reset the SSL information and add the new data we have. | 162 // page. Reset the SSL information and add the new data we have. |
155 entry->ssl() = NavigationEntry::SSLStatus(); | 163 entry->ssl() = NavigationEntry::SSLStatus(); |
156 entry->ssl().set_cert_id(ssl_cert_id); | 164 entry->ssl().set_cert_id(ssl_cert_id); |
157 entry->ssl().set_cert_status(ssl_cert_status); | 165 entry->ssl().set_cert_status(ssl_cert_status); |
158 entry->ssl().set_security_bits(ssl_security_bits); | 166 entry->ssl().set_security_bits(ssl_security_bits); |
159 entry->ssl().set_connection_status(ssl_connection_status); | 167 entry->ssl().set_connection_status(ssl_connection_status); |
| 168 entry->ssl().set_tls_username(tls_username); |
160 } | 169 } |
161 } | 170 } |
162 | 171 |
163 UpdateEntry(entry); | 172 UpdateEntry(entry); |
164 } | 173 } |
165 | 174 |
166 void SSLManager::DidRunInsecureContent(const std::string& security_origin) { | 175 void SSLManager::DidRunInsecureContent(const std::string& security_origin) { |
167 policy()->DidRunInsecureContent(controller_->GetActiveEntry(), | 176 policy()->DidRunInsecureContent(controller_->GetActiveEntry(), |
168 security_origin); | 177 security_origin); |
169 } | 178 } |
(...skipping 41 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
211 // caches sub-resources. | 220 // caches sub-resources. |
212 // This resource must have been loaded with no filtering because filtered | 221 // This resource must have been loaded with no filtering because filtered |
213 // resouces aren't cachable. | 222 // resouces aren't cachable. |
214 scoped_refptr<SSLRequestInfo> info(new SSLRequestInfo( | 223 scoped_refptr<SSLRequestInfo> info(new SSLRequestInfo( |
215 details->url(), | 224 details->url(), |
216 ResourceType::SUB_RESOURCE, | 225 ResourceType::SUB_RESOURCE, |
217 details->frame_origin(), | 226 details->frame_origin(), |
218 details->main_frame_origin(), | 227 details->main_frame_origin(), |
219 details->pid(), | 228 details->pid(), |
220 details->ssl_cert_id(), | 229 details->ssl_cert_id(), |
221 details->ssl_cert_status())); | 230 details->ssl_cert_status(), |
| 231 details->tls_username())); |
222 | 232 |
223 // Simulate loading this resource through the usual path. | 233 // Simulate loading this resource through the usual path. |
224 policy()->OnRequestStarted(info.get()); | 234 policy()->OnRequestStarted(info.get()); |
225 } | 235 } |
226 | 236 |
227 void SSLManager::DidStartResourceResponse(ResourceRequestDetails* details) { | 237 void SSLManager::DidStartResourceResponse(ResourceRequestDetails* details) { |
228 scoped_refptr<SSLRequestInfo> info(new SSLRequestInfo( | 238 scoped_refptr<SSLRequestInfo> info(new SSLRequestInfo( |
229 details->url(), | 239 details->url(), |
230 details->resource_type(), | 240 details->resource_type(), |
231 details->frame_origin(), | 241 details->frame_origin(), |
232 details->main_frame_origin(), | 242 details->main_frame_origin(), |
233 details->origin_child_id(), | 243 details->origin_child_id(), |
234 details->ssl_cert_id(), | 244 details->ssl_cert_id(), |
235 details->ssl_cert_status())); | 245 details->ssl_cert_status(), |
| 246 details->tls_username())); |
236 | 247 |
237 // Notify our policy that we started a resource request. Ideally, the | 248 // Notify our policy that we started a resource request. Ideally, the |
238 // policy should have the ability to cancel the request, but we can't do | 249 // policy should have the ability to cancel the request, but we can't do |
239 // that yet. | 250 // that yet. |
240 policy()->OnRequestStarted(info.get()); | 251 policy()->OnRequestStarted(info.get()); |
241 } | 252 } |
242 | 253 |
243 void SSLManager::DidReceiveResourceRedirect(ResourceRedirectDetails* details) { | 254 void SSLManager::DidReceiveResourceRedirect(ResourceRedirectDetails* details) { |
244 // TODO(abarth): Make sure our redirect behavior is correct. If we ever see a | 255 // TODO(abarth): Make sure our redirect behavior is correct. If we ever see a |
245 // non-HTTPS resource in the redirect chain, we want to trigger | 256 // non-HTTPS resource in the redirect chain, we want to trigger |
(...skipping 16 matching lines...) Expand all Loading... |
262 | 273 |
263 policy()->UpdateEntry(entry, controller_->tab_contents()); | 274 policy()->UpdateEntry(entry, controller_->tab_contents()); |
264 | 275 |
265 if (!entry->ssl().Equals(original_ssl_status)) { | 276 if (!entry->ssl().Equals(original_ssl_status)) { |
266 NotificationService::current()->Notify( | 277 NotificationService::current()->Notify( |
267 NotificationType::SSL_VISIBLE_STATE_CHANGED, | 278 NotificationType::SSL_VISIBLE_STATE_CHANGED, |
268 Source<NavigationController>(controller_), | 279 Source<NavigationController>(controller_), |
269 NotificationService::NoDetails()); | 280 NotificationService::NoDetails()); |
270 } | 281 } |
271 } | 282 } |
OLD | NEW |