| OLD | NEW |
|---|
| (Empty) |
| 1 // Copyright (c) 2011 The Chromium Authors. All rights reserved. | |
| 2 // Use of this source code is governed by a BSD-style license that can be | |
| 3 // found in the LICENSE file. | |
| 4 | |
| 5 #include "chrome/browser/ssl/ssl_manager.h" | |
| 6 | |
| 7 #include "base/utf_string_conversions.h" | |
| 8 #include "chrome/browser/load_from_memory_cache_details.h" | |
| 9 #include "chrome/browser/ssl/ssl_cert_error_handler.h" | |
| 10 #include "chrome/browser/ssl/ssl_policy.h" | |
| 11 #include "chrome/browser/ssl/ssl_request_info.h" | |
| 12 #include "content/browser/browser_thread.h" | |
| 13 #include "content/browser/renderer_host/resource_dispatcher_host.h" | |
| 14 #include "content/browser/renderer_host/resource_dispatcher_host_request_info.h" | |
| 15 #include "content/browser/renderer_host/resource_request_details.h" | |
| 16 #include "content/browser/tab_contents/navigation_details.h" | |
| 17 #include "content/browser/tab_contents/navigation_entry.h" | |
| 18 #include "content/browser/tab_contents/provisional_load_details.h" | |
| 19 #include "content/browser/tab_contents/tab_contents.h" | |
| 20 #include "content/common/notification_service.h" | |
| 21 #include "grit/generated_resources.h" | |
| 22 #include "net/base/cert_status_flags.h" | |
| 23 #include "ui/base/l10n/l10n_util.h" | |
| 24 | |
| 25 // static | |
| 26 void SSLManager::OnSSLCertificateError(ResourceDispatcherHost* rdh, | |
| 27 net::URLRequest* request, | |
| 28 int cert_error, | |
| 29 net::X509Certificate* cert) { | |
| 30 DVLOG(1) << "OnSSLCertificateError() cert_error: " << cert_error | |
| 31 << " url: " << request->url().spec(); | |
| 32 | |
| 33 ResourceDispatcherHostRequestInfo* info = | |
| 34 ResourceDispatcherHost::InfoForRequest(request); | |
| 35 DCHECK(info); | |
| 36 | |
| 37 // A certificate error occurred. Construct a SSLCertErrorHandler object and | |
| 38 // hand it over to the UI thread for processing. | |
| 39 BrowserThread::PostTask( | |
| 40 BrowserThread::UI, FROM_HERE, | |
| 41 NewRunnableMethod(new SSLCertErrorHandler(rdh, | |
| 42 request, | |
| 43 info->resource_type(), | |
| 44 cert_error, | |
| 45 cert), | |
| 46 &SSLCertErrorHandler::Dispatch)); | |
| 47 } | |
| 48 | |
| 49 // static | |
| 50 void SSLManager::NotifySSLInternalStateChanged() { | |
| 51 NotificationService::current()->Notify( | |
| 52 NotificationType::SSL_INTERNAL_STATE_CHANGED, | |
| 53 NotificationService::AllSources(), | |
| 54 NotificationService::NoDetails()); | |
| 55 } | |
| 56 | |
| 57 // static | |
| 58 std::string SSLManager::SerializeSecurityInfo(int cert_id, | |
| 59 int cert_status, | |
| 60 int security_bits, | |
| 61 int ssl_connection_status) { | |
| 62 Pickle pickle; | |
| 63 pickle.WriteInt(cert_id); | |
| 64 pickle.WriteInt(cert_status); | |
| 65 pickle.WriteInt(security_bits); | |
| 66 pickle.WriteInt(ssl_connection_status); | |
| 67 return std::string(static_cast<const char*>(pickle.data()), pickle.size()); | |
| 68 } | |
| 69 | |
| 70 // static | |
| 71 bool SSLManager::DeserializeSecurityInfo(const std::string& state, | |
| 72 int* cert_id, | |
| 73 int* cert_status, | |
| 74 int* security_bits, | |
| 75 int* ssl_connection_status) { | |
| 76 DCHECK(cert_id && cert_status && security_bits && ssl_connection_status); | |
| 77 if (state.empty()) { | |
| 78 // No SSL used. | |
| 79 *cert_id = 0; | |
| 80 // The following are not applicable and are set to the default values. | |
| 81 *cert_status = 0; | |
| 82 *security_bits = -1; | |
| 83 *ssl_connection_status = 0; | |
| 84 return false; | |
| 85 } | |
| 86 | |
| 87 Pickle pickle(state.data(), static_cast<int>(state.size())); | |
| 88 void * iter = NULL; | |
| 89 return pickle.ReadInt(&iter, cert_id) && | |
| 90 pickle.ReadInt(&iter, cert_status) && | |
| 91 pickle.ReadInt(&iter, security_bits) && | |
| 92 pickle.ReadInt(&iter, ssl_connection_status); | |
| 93 } | |
| 94 | |
| 95 // static | |
| 96 string16 SSLManager::GetEVCertName(const net::X509Certificate& cert) { | |
| 97 // EV are required to have an organization name and country. | |
| 98 if (cert.subject().organization_names.empty() || | |
| 99 cert.subject().country_name.empty()) { | |
| 100 NOTREACHED(); | |
| 101 return string16(); | |
| 102 } | |
| 103 | |
| 104 return l10n_util::GetStringFUTF16( | |
| 105 IDS_SECURE_CONNECTION_EV, | |
| 106 UTF8ToUTF16(cert.subject().organization_names[0]), | |
| 107 UTF8ToUTF16(cert.subject().country_name)); | |
| 108 } | |
| 109 | |
| 110 SSLManager::SSLManager(NavigationController* controller) | |
| 111 : backend_(controller), | |
| 112 policy_(new SSLPolicy(&backend_)), | |
| 113 controller_(controller) { | |
| 114 DCHECK(controller_); | |
| 115 | |
| 116 // Subscribe to various notifications. | |
| 117 registrar_.Add(this, NotificationType::FAIL_PROVISIONAL_LOAD_WITH_ERROR, | |
| 118 Source<NavigationController>(controller_)); | |
| 119 registrar_.Add(this, NotificationType::RESOURCE_RESPONSE_STARTED, | |
| 120 Source<RenderViewHostDelegate>(controller_->tab_contents())); | |
| 121 registrar_.Add(this, NotificationType::RESOURCE_RECEIVED_REDIRECT, | |
| 122 Source<RenderViewHostDelegate>(controller_->tab_contents())); | |
| 123 registrar_.Add(this, NotificationType::LOAD_FROM_MEMORY_CACHE, | |
| 124 Source<NavigationController>(controller_)); | |
| 125 registrar_.Add(this, NotificationType::SSL_INTERNAL_STATE_CHANGED, | |
| 126 NotificationService::AllSources()); | |
| 127 } | |
| 128 | |
| 129 SSLManager::~SSLManager() { | |
| 130 } | |
| 131 | |
| 132 void SSLManager::DidCommitProvisionalLoad( | |
| 133 const NotificationDetails& in_details) { | |
| 134 content::LoadCommittedDetails* details = | |
| 135 Details<content::LoadCommittedDetails>(in_details).ptr(); | |
| 136 | |
| 137 NavigationEntry* entry = controller_->GetActiveEntry(); | |
| 138 | |
| 139 if (details->is_main_frame) { | |
| 140 if (entry) { | |
| 141 // Decode the security details. | |
| 142 int ssl_cert_id, ssl_cert_status, ssl_security_bits, | |
| 143 ssl_connection_status; | |
| 144 DeserializeSecurityInfo(details->serialized_security_info, | |
| 145 &ssl_cert_id, | |
| 146 &ssl_cert_status, | |
| 147 &ssl_security_bits, | |
| 148 &ssl_connection_status); | |
| 149 | |
| 150 // We may not have an entry if this is a navigation to an initial blank | |
| 151 // page. Reset the SSL information and add the new data we have. | |
| 152 entry->ssl() = NavigationEntry::SSLStatus(); | |
| 153 entry->ssl().set_cert_id(ssl_cert_id); | |
| 154 entry->ssl().set_cert_status(ssl_cert_status); | |
| 155 entry->ssl().set_security_bits(ssl_security_bits); | |
| 156 entry->ssl().set_connection_status(ssl_connection_status); | |
| 157 } | |
| 158 } | |
| 159 | |
| 160 UpdateEntry(entry); | |
| 161 } | |
| 162 | |
| 163 void SSLManager::DidRunInsecureContent(const std::string& security_origin) { | |
| 164 policy()->DidRunInsecureContent(controller_->GetActiveEntry(), | |
| 165 security_origin); | |
| 166 } | |
| 167 | |
| 168 bool SSLManager::ProcessedSSLErrorFromRequest() const { | |
| 169 NavigationEntry* entry = controller_->GetActiveEntry(); | |
| 170 if (!entry) { | |
| 171 NOTREACHED(); | |
| 172 return false; | |
| 173 } | |
| 174 | |
| 175 return net::IsCertStatusError(entry->ssl().cert_status()); | |
| 176 } | |
| 177 | |
| 178 void SSLManager::Observe(NotificationType type, | |
| 179 const NotificationSource& source, | |
| 180 const NotificationDetails& details) { | |
| 181 // Dispatch by type. | |
| 182 switch (type.value) { | |
| 183 case NotificationType::FAIL_PROVISIONAL_LOAD_WITH_ERROR: | |
| 184 // Do nothing. | |
| 185 break; | |
| 186 case NotificationType::RESOURCE_RESPONSE_STARTED: | |
| 187 DidStartResourceResponse(Details<ResourceRequestDetails>(details).ptr()); | |
| 188 break; | |
| 189 case NotificationType::RESOURCE_RECEIVED_REDIRECT: | |
| 190 DidReceiveResourceRedirect( | |
| 191 Details<ResourceRedirectDetails>(details).ptr()); | |
| 192 break; | |
| 193 case NotificationType::LOAD_FROM_MEMORY_CACHE: | |
| 194 DidLoadFromMemoryCache( | |
| 195 Details<LoadFromMemoryCacheDetails>(details).ptr()); | |
| 196 break; | |
| 197 case NotificationType::SSL_INTERNAL_STATE_CHANGED: | |
| 198 DidChangeSSLInternalState(); | |
| 199 break; | |
| 200 default: | |
| 201 NOTREACHED() << "The SSLManager received an unexpected notification."; | |
| 202 } | |
| 203 } | |
| 204 | |
| 205 void SSLManager::DidLoadFromMemoryCache(LoadFromMemoryCacheDetails* details) { | |
| 206 // Simulate loading this resource through the usual path. | |
| 207 // Note that we specify SUB_RESOURCE as the resource type as WebCore only | |
| 208 // caches sub-resources. | |
| 209 // This resource must have been loaded with no filtering because filtered | |
| 210 // resouces aren't cachable. | |
| 211 scoped_refptr<SSLRequestInfo> info(new SSLRequestInfo( | |
| 212 details->url(), | |
| 213 ResourceType::SUB_RESOURCE, | |
| 214 details->pid(), | |
| 215 details->ssl_cert_id(), | |
| 216 details->ssl_cert_status())); | |
| 217 | |
| 218 // Simulate loading this resource through the usual path. | |
| 219 policy()->OnRequestStarted(info.get()); | |
| 220 } | |
| 221 | |
| 222 void SSLManager::DidStartResourceResponse(ResourceRequestDetails* details) { | |
| 223 scoped_refptr<SSLRequestInfo> info(new SSLRequestInfo( | |
| 224 details->url(), | |
| 225 details->resource_type(), | |
| 226 details->origin_child_id(), | |
| 227 details->ssl_cert_id(), | |
| 228 details->ssl_cert_status())); | |
| 229 | |
| 230 // Notify our policy that we started a resource request. Ideally, the | |
| 231 // policy should have the ability to cancel the request, but we can't do | |
| 232 // that yet. | |
| 233 policy()->OnRequestStarted(info.get()); | |
| 234 } | |
| 235 | |
| 236 void SSLManager::DidReceiveResourceRedirect(ResourceRedirectDetails* details) { | |
| 237 // TODO(abarth): Make sure our redirect behavior is correct. If we ever see a | |
| 238 // non-HTTPS resource in the redirect chain, we want to trigger | |
| 239 // insecure content, even if the redirect chain goes back to | |
| 240 // HTTPS. This is because the network attacker can redirect the | |
| 241 // HTTP request to https://attacker.com/payload.js. | |
| 242 } | |
| 243 | |
| 244 void SSLManager::DidChangeSSLInternalState() { | |
| 245 UpdateEntry(controller_->GetActiveEntry()); | |
| 246 } | |
| 247 | |
| 248 void SSLManager::UpdateEntry(NavigationEntry* entry) { | |
| 249 // We don't always have a navigation entry to update, for example in the | |
| 250 // case of the Web Inspector. | |
| 251 if (!entry) | |
| 252 return; | |
| 253 | |
| 254 NavigationEntry::SSLStatus original_ssl_status = entry->ssl(); // Copy! | |
| 255 | |
| 256 policy()->UpdateEntry(entry, controller_->tab_contents()); | |
| 257 | |
| 258 if (!entry->ssl().Equals(original_ssl_status)) { | |
| 259 NotificationService::current()->Notify( | |
| 260 NotificationType::SSL_VISIBLE_STATE_CHANGED, | |
| 261 Source<NavigationController>(controller_), | |
| 262 NotificationService::NoDetails()); | |
| 263 } | |
| 264 } | |
| OLD | NEW |
|---|
Chromium Code Reviews
Issue 7111013:
Move most of the core SSL code from chrome to content. The UI code that's specific to Chrome (i.... (Closed)
Base URL: svn://chrome-svn/chrome/trunk/src/