OLD | NEW |
1 // Copyright (c) 2010 The Chromium Authors. All rights reserved. | 1 // Copyright (c) 2010 The Chromium Authors. All rights reserved. |
2 // Use of this source code is governed by a BSD-style license that can be | 2 // Use of this source code is governed by a BSD-style license that can be |
3 // found in the LICENSE file. | 3 // found in the LICENSE file. |
4 | 4 |
5 #include "chrome/browser/ssl/ssl_policy.h" | 5 #include "chrome/browser/ssl/ssl_policy.h" |
6 | 6 |
7 #include "base/base_switches.h" | 7 #include "base/base_switches.h" |
8 #include "base/command_line.h" | 8 #include "base/command_line.h" |
9 #include "base/singleton.h" | 9 #include "base/singleton.h" |
10 #include "base/string_piece.h" | 10 #include "base/string_piece.h" |
(...skipping 98 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
109 // resource), the resource load just fails. | 109 // resource), the resource load just fails. |
110 // 2) If the user has previously approved the same certificate error for | 110 // 2) If the user has previously approved the same certificate error for |
111 // this host in a full-page interstitial, then we'll proceed with the | 111 // this host in a full-page interstitial, then we'll proceed with the |
112 // load. | 112 // load. |
113 // 3) If we proceed with the load, we should treat the resources as if they | 113 // 3) If we proceed with the load, we should treat the resources as if they |
114 // were loaded over HTTP, w.r.t. the display vs. run distinction above. | 114 // were loaded over HTTP, w.r.t. the display vs. run distinction above. |
115 // | 115 // |
116 // However, right now we don't have the proper context to understand where | 116 // However, right now we don't have the proper context to understand where |
117 // these resources will be used. Consequently, we're conservative and treat | 117 // these resources will be used. Consequently, we're conservative and treat |
118 // them all like DidRunInsecureContent(). | 118 // them all like DidRunInsecureContent(). |
119 | 119 if (net::IsCertStatusError(info->ssl_cert_status()) || |
120 if (net::IsCertStatusError(info->ssl_cert_status())) { | 120 (!info->ssl_cert_id() && info->tls_username().empty())) { |
121 backend_->HostRanInsecureContent(info->url().host(), info->child_id()); | 121 backend_->HostRanInsecureContent(info->url().host(), info->child_id()); |
122 | 122 |
123 // TODO(abarth): We should eventually remove the main_frame_origin and | 123 // TODO(abarth): We should eventually remove the main_frame_origin and |
124 // frame_origin properties. First, not every resource load is associated | 124 // frame_origin properties. First, not every resource load is associated |
125 // with a frame, so they don't always make sense. Second, the | 125 // with a frame, so they don't always make sense. Second, the |
126 // main_frame_origin is computed from the first_party_for_cookies, which has | 126 // main_frame_origin is computed from the first_party_for_cookies, which has |
127 // been hacked to death to support third-party cookie blocking. | 127 // been hacked to death to support third-party cookie blocking. |
128 | 128 |
129 if (info->resource_type() != ResourceType::MAIN_FRAME && | 129 if (info->resource_type() != ResourceType::MAIN_FRAME && |
130 info->resource_type() != ResourceType::SUB_FRAME) { | 130 info->resource_type() != ResourceType::SUB_FRAME) { |
(...skipping 10 matching lines...) Expand all Loading... |
141 } | 141 } |
142 | 142 |
143 void SSLPolicy::UpdateEntry(NavigationEntry* entry, TabContents* tab_contents) { | 143 void SSLPolicy::UpdateEntry(NavigationEntry* entry, TabContents* tab_contents) { |
144 DCHECK(entry); | 144 DCHECK(entry); |
145 | 145 |
146 InitializeEntryIfNeeded(entry); | 146 InitializeEntryIfNeeded(entry); |
147 | 147 |
148 if (!entry->url().SchemeIsSecure()) | 148 if (!entry->url().SchemeIsSecure()) |
149 return; | 149 return; |
150 | 150 |
151 // An HTTPS response may not have a certificate for some reason. When that | 151 // An HTTPS response may not have a certificate or TLS auth username for some |
152 // happens, use the unauthenticated (HTTP) rather than the authentication | 152 // reason. When that happens, use the unauthenticated (HTTP) rather than the |
153 // broken security style so that we can detect this error condition. | 153 // authentication broken security style so that we can detect this error |
154 if (!entry->ssl().cert_id()) { | 154 // condition. |
| 155 if (!entry->ssl().cert_id() && entry->ssl().tls_username().empty()) { |
155 entry->ssl().set_security_style(SECURITY_STYLE_UNAUTHENTICATED); | 156 entry->ssl().set_security_style(SECURITY_STYLE_UNAUTHENTICATED); |
156 return; | 157 return; |
157 } | 158 } |
158 | 159 |
159 if (!(entry->ssl().cert_status() & net::CERT_STATUS_COMMON_NAME_INVALID)) { | 160 if (!(entry->ssl().cert_status() & net::CERT_STATUS_COMMON_NAME_INVALID)) { |
160 // CAs issue certificates for intranet hosts to everyone. Therefore, we | 161 // CAs issue certificates for intranet hosts to everyone. Therefore, we |
161 // mark intranet hosts as being non-unique. | 162 // mark intranet hosts as being non-unique. |
162 if (IsIntranetHost(entry->url().host())) { | 163 if (IsIntranetHost(entry->url().host())) { |
163 entry->ssl().set_cert_status(entry->ssl().cert_status() | | 164 entry->ssl().set_cert_status(entry->ssl().cert_status() | |
164 net::CERT_STATUS_NON_UNIQUE_NAME); | 165 net::CERT_STATUS_NON_UNIQUE_NAME); |
165 } | 166 } |
166 } | 167 } |
167 | 168 |
168 // If CERT_STATUS_UNABLE_TO_CHECK_REVOCATION is the only certificate error, | 169 // If CERT_STATUS_UNABLE_TO_CHECK_REVOCATION is the only certificate error, |
169 // don't lower the security style to SECURITY_STYLE_AUTHENTICATION_BROKEN. | 170 // don't lower the security style to SECURITY_STYLE_AUTHENTICATION_BROKEN. |
170 int cert_errors = entry->ssl().cert_status() & net::CERT_STATUS_ALL_ERRORS; | 171 int cert_errors = entry->ssl().cert_status() & net::CERT_STATUS_ALL_ERRORS; |
171 if (cert_errors) { | 172 if (cert_errors && entry->ssl().tls_username().empty()) { |
172 if (cert_errors != net::CERT_STATUS_UNABLE_TO_CHECK_REVOCATION) | 173 if (cert_errors != net::CERT_STATUS_UNABLE_TO_CHECK_REVOCATION) |
173 entry->ssl().set_security_style(SECURITY_STYLE_AUTHENTICATION_BROKEN); | 174 entry->ssl().set_security_style(SECURITY_STYLE_AUTHENTICATION_BROKEN); |
174 return; | 175 return; |
175 } | 176 } |
176 | 177 |
177 SiteInstance* site_instance = entry->site_instance(); | 178 SiteInstance* site_instance = entry->site_instance(); |
178 // Note that |site_instance| can be NULL here because NavigationEntries don't | 179 // Note that |site_instance| can be NULL here because NavigationEntries don't |
179 // necessarily have site instances. Without a process, the entry can't | 180 // necessarily have site instances. Without a process, the entry can't |
180 // possibly have insecure content. See bug http://crbug.com/12423. | 181 // possibly have insecure content. See bug http://crbug.com/12423. |
181 if (site_instance && | 182 if (site_instance && |
(...skipping 68 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
250 | 251 |
251 entry->ssl().set_security_style(entry->url().SchemeIsSecure() ? | 252 entry->ssl().set_security_style(entry->url().SchemeIsSecure() ? |
252 SECURITY_STYLE_AUTHENTICATED : SECURITY_STYLE_UNAUTHENTICATED); | 253 SECURITY_STYLE_AUTHENTICATED : SECURITY_STYLE_UNAUTHENTICATED); |
253 } | 254 } |
254 | 255 |
255 void SSLPolicy::OriginRanInsecureContent(const std::string& origin, int pid) { | 256 void SSLPolicy::OriginRanInsecureContent(const std::string& origin, int pid) { |
256 GURL parsed_origin(origin); | 257 GURL parsed_origin(origin); |
257 if (parsed_origin.SchemeIsSecure()) | 258 if (parsed_origin.SchemeIsSecure()) |
258 backend_->HostRanInsecureContent(parsed_origin.host(), pid); | 259 backend_->HostRanInsecureContent(parsed_origin.host(), pid); |
259 } | 260 } |
OLD | NEW |