chrome/browser/ssl/ssl_manager.cc - Issue 7111013: Move most of the core SSL code from chrome to content. The UI code that's specific to Chrome (i....

Unified Diff: chrome/browser/ssl/ssl_manager.cc

Issue 7111013: Move most of the core SSL code from chrome to content. The UI code that's specific to Chrome (i.... (Closed) Base URL: svn://chrome-svn/chrome/trunk/src/

Patch Set: '' Created 9 years, 7 months ago

Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.

Jump to:

View side-by-side diff with in-line comments

Download patch

Index: chrome/browser/ssl/ssl_manager.cc

===================================================================

--- chrome/browser/ssl/ssl_manager.cc (revision 87796)

+++ chrome/browser/ssl/ssl_manager.cc (working copy)

@@ -1,264 +0,0 @@

-// Use of this source code is governed by a BSD-style license that can be

-// found in the LICENSE file.

-#include "chrome/browser/ssl/ssl_manager.h"

-#include "base/utf_string_conversions.h"

-#include "chrome/browser/load_from_memory_cache_details.h"

-#include "chrome/browser/ssl/ssl_cert_error_handler.h"

-#include "chrome/browser/ssl/ssl_policy.h"

-#include "chrome/browser/ssl/ssl_request_info.h"

-#include "content/browser/browser_thread.h"

-#include "content/browser/renderer_host/resource_dispatcher_host.h"

-#include "content/browser/renderer_host/resource_dispatcher_host_request_info.h"

-#include "content/browser/renderer_host/resource_request_details.h"

-#include "content/browser/tab_contents/navigation_details.h"

-#include "content/browser/tab_contents/navigation_entry.h"

-#include "content/browser/tab_contents/provisional_load_details.h"

-#include "content/browser/tab_contents/tab_contents.h"

-#include "content/common/notification_service.h"

-#include "grit/generated_resources.h"

-#include "net/base/cert_status_flags.h"

-#include "ui/base/l10n/l10n_util.h"

-// static

-void SSLManager::OnSSLCertificateError(ResourceDispatcherHost* rdh,

- net::URLRequest* request,

- int cert_error,

- net::X509Certificate* cert) {

- DVLOG(1) << "OnSSLCertificateError() cert_error: " << cert_error

- << " url: " << request->url().spec();

- ResourceDispatcherHostRequestInfo* info =

- ResourceDispatcherHost::InfoForRequest(request);

- DCHECK(info);

- // A certificate error occurred. Construct a SSLCertErrorHandler object and

- // hand it over to the UI thread for processing.

- BrowserThread::PostTask(

- BrowserThread::UI, FROM_HERE,

- NewRunnableMethod(new SSLCertErrorHandler(rdh,

- request,

- info->resource_type(),

- cert_error,

- cert),

- &SSLCertErrorHandler::Dispatch));

-// static

-void SSLManager::NotifySSLInternalStateChanged() {

- NotificationService::current()->Notify(

- NotificationType::SSL_INTERNAL_STATE_CHANGED,

- NotificationService::AllSources(),

- NotificationService::NoDetails());

-// static

-std::string SSLManager::SerializeSecurityInfo(int cert_id,

- int cert_status,

- int security_bits,

- int ssl_connection_status) {

- Pickle pickle;

- pickle.WriteInt(cert_id);

- pickle.WriteInt(cert_status);

- pickle.WriteInt(security_bits);

- pickle.WriteInt(ssl_connection_status);

- return std::string(static_cast<const char*>(pickle.data()), pickle.size());

-// static

-bool SSLManager::DeserializeSecurityInfo(const std::string& state,

- int* cert_id,

- int* cert_status,

- int* security_bits,

- int* ssl_connection_status) {

- DCHECK(cert_id && cert_status && security_bits && ssl_connection_status);

- if (state.empty()) {

- // No SSL used.

- *cert_id = 0;

- // The following are not applicable and are set to the default values.

- *cert_status = 0;

- *security_bits = -1;

- *ssl_connection_status = 0;

- return false;

- }

- Pickle pickle(state.data(), static_cast<int>(state.size()));

- void * iter = NULL;

- return pickle.ReadInt(&iter, cert_id) &&

- pickle.ReadInt(&iter, cert_status) &&

- pickle.ReadInt(&iter, security_bits) &&

- pickle.ReadInt(&iter, ssl_connection_status);

-// static

-string16 SSLManager::GetEVCertName(const net::X509Certificate& cert) {

- // EV are required to have an organization name and country.

- if (cert.subject().organization_names.empty() ||

- cert.subject().country_name.empty()) {

- NOTREACHED();

- return string16();

- }

- return l10n_util::GetStringFUTF16(

- IDS_SECURE_CONNECTION_EV,

- UTF8ToUTF16(cert.subject().organization_names[0]),

- UTF8ToUTF16(cert.subject().country_name));

-SSLManager::SSLManager(NavigationController* controller)

- : backend_(controller),

- policy_(new SSLPolicy(&backend_)),

- controller_(controller) {

- DCHECK(controller_);

- // Subscribe to various notifications.

- registrar_.Add(this, NotificationType::FAIL_PROVISIONAL_LOAD_WITH_ERROR,

- Source<NavigationController>(controller_));

- registrar_.Add(this, NotificationType::RESOURCE_RESPONSE_STARTED,

- Source<RenderViewHostDelegate>(controller_->tab_contents()));

- registrar_.Add(this, NotificationType::RESOURCE_RECEIVED_REDIRECT,

- Source<RenderViewHostDelegate>(controller_->tab_contents()));

- registrar_.Add(this, NotificationType::LOAD_FROM_MEMORY_CACHE,

- Source<NavigationController>(controller_));

- registrar_.Add(this, NotificationType::SSL_INTERNAL_STATE_CHANGED,

- NotificationService::AllSources());

-SSLManager::~SSLManager() {

-void SSLManager::DidCommitProvisionalLoad(

- const NotificationDetails& in_details) {

- content::LoadCommittedDetails* details =

- Details<content::LoadCommittedDetails>(in_details).ptr();

- NavigationEntry* entry = controller_->GetActiveEntry();

- if (details->is_main_frame) {

- if (entry) {

- // Decode the security details.

- int ssl_cert_id, ssl_cert_status, ssl_security_bits,

- ssl_connection_status;

- DeserializeSecurityInfo(details->serialized_security_info,

- &ssl_cert_id,

- &ssl_cert_status,

- &ssl_security_bits,

- &ssl_connection_status);

- // We may not have an entry if this is a navigation to an initial blank

- // page. Reset the SSL information and add the new data we have.

- entry->ssl() = NavigationEntry::SSLStatus();

- entry->ssl().set_cert_id(ssl_cert_id);

- entry->ssl().set_cert_status(ssl_cert_status);

- entry->ssl().set_security_bits(ssl_security_bits);

- entry->ssl().set_connection_status(ssl_connection_status);

- }

- UpdateEntry(entry);

-void SSLManager::DidRunInsecureContent(const std::string& security_origin) {

- policy()->DidRunInsecureContent(controller_->GetActiveEntry(),

- security_origin);

-bool SSLManager::ProcessedSSLErrorFromRequest() const {

- NavigationEntry* entry = controller_->GetActiveEntry();

- if (!entry) {

- NOTREACHED();

- return false;

- }

- return net::IsCertStatusError(entry->ssl().cert_status());

-void SSLManager::Observe(NotificationType type,

- const NotificationSource& source,

- const NotificationDetails& details) {

- // Dispatch by type.

- switch (type.value) {

- case NotificationType::FAIL_PROVISIONAL_LOAD_WITH_ERROR:

- // Do nothing.

- break;

- case NotificationType::RESOURCE_RESPONSE_STARTED:

- DidStartResourceResponse(Details<ResourceRequestDetails>(details).ptr());

- break;

- case NotificationType::RESOURCE_RECEIVED_REDIRECT:

- DidReceiveResourceRedirect(

- Details<ResourceRedirectDetails>(details).ptr());

- break;

- case NotificationType::LOAD_FROM_MEMORY_CACHE:

- DidLoadFromMemoryCache(

- Details<LoadFromMemoryCacheDetails>(details).ptr());

- break;

- case NotificationType::SSL_INTERNAL_STATE_CHANGED:

- DidChangeSSLInternalState();

- break;

- default:

- NOTREACHED() << "The SSLManager received an unexpected notification.";

- }

-void SSLManager::DidLoadFromMemoryCache(LoadFromMemoryCacheDetails* details) {

- // Simulate loading this resource through the usual path.

- // Note that we specify SUB_RESOURCE as the resource type as WebCore only

- // caches sub-resources.

- // This resource must have been loaded with no filtering because filtered

- // resouces aren't cachable.

- scoped_refptr<SSLRequestInfo> info(new SSLRequestInfo(

- details->url(),

- ResourceType::SUB_RESOURCE,

- details->pid(),

- details->ssl_cert_id(),

- details->ssl_cert_status()));

- // Simulate loading this resource through the usual path.

- policy()->OnRequestStarted(info.get());

-void SSLManager::DidStartResourceResponse(ResourceRequestDetails* details) {

- scoped_refptr<SSLRequestInfo> info(new SSLRequestInfo(

- details->url(),

- details->resource_type(),

- details->origin_child_id(),

- details->ssl_cert_id(),

- details->ssl_cert_status()));

- // Notify our policy that we started a resource request. Ideally, the

- // policy should have the ability to cancel the request, but we can't do

- // that yet.

- policy()->OnRequestStarted(info.get());

-void SSLManager::DidReceiveResourceRedirect(ResourceRedirectDetails* details) {

- // TODO(abarth): Make sure our redirect behavior is correct. If we ever see a

- // non-HTTPS resource in the redirect chain, we want to trigger

- // insecure content, even if the redirect chain goes back to

- // HTTPS. This is because the network attacker can redirect the

- // HTTP request to https://attacker.com/payload.js.

-void SSLManager::DidChangeSSLInternalState() {

- UpdateEntry(controller_->GetActiveEntry());

-void SSLManager::UpdateEntry(NavigationEntry* entry) {

- // We don't always have a navigation entry to update, for example in the

- // case of the Web Inspector.

- if (!entry)

- return;

- NavigationEntry::SSLStatus original_ssl_status = entry->ssl(); // Copy!

- policy()->UpdateEntry(entry, controller_->tab_contents());

- if (!entry->ssl().Equals(original_ssl_status)) {

- NotificationService::current()->Notify(

- NotificationType::SSL_VISIBLE_STATE_CHANGED,

- Source<NavigationController>(controller_),

- NotificationService::NoDetails());

- }

« no previous file with comments | « chrome/browser/ssl/ssl_manager.h ('k') | chrome/browser/ssl/ssl_policy.h » ('j') | no next file with comments »