| Index: chrome/browser/ssl/ssl_policy.cc
|
| ===================================================================
|
| --- chrome/browser/ssl/ssl_policy.cc (revision 87796)
|
| +++ chrome/browser/ssl/ssl_policy.cc (working copy)
|
| @@ -1,226 +0,0 @@
|
| -// Copyright (c) 2011 The Chromium Authors. All rights reserved.
|
| -// Use of this source code is governed by a BSD-style license that can be
|
| -// found in the LICENSE file.
|
| -
|
| -#include "chrome/browser/ssl/ssl_policy.h"
|
| -
|
| -#include "base/base_switches.h"
|
| -#include "base/command_line.h"
|
| -#include "base/memory/singleton.h"
|
| -#include "base/string_piece.h"
|
| -#include "base/string_util.h"
|
| -#include "chrome/browser/ssl/ssl_cert_error_handler.h"
|
| -#include "chrome/browser/ssl/ssl_error_info.h"
|
| -#include "chrome/browser/ssl/ssl_request_info.h"
|
| -#include "chrome/common/jstemplate_builder.h"
|
| -#include "chrome/common/time_format.h"
|
| -#include "chrome/common/url_constants.h"
|
| -#include "content/browser/renderer_host/render_process_host.h"
|
| -#include "content/browser/renderer_host/render_view_host.h"
|
| -#include "content/browser/site_instance.h"
|
| -#include "content/browser/tab_contents/navigation_entry.h"
|
| -#include "content/browser/tab_contents/tab_contents.h"
|
| -#include "grit/generated_resources.h"
|
| -#include "net/base/cert_status_flags.h"
|
| -#include "net/base/ssl_info.h"
|
| -#include "webkit/glue/resource_type.h"
|
| -
|
| -namespace {
|
| -
|
| -static const char kDot = '.';
|
| -
|
| -static bool IsIntranetHost(const std::string& host) {
|
| - const size_t dot = host.find(kDot);
|
| - return dot == std::string::npos || dot == host.length() - 1;
|
| -}
|
| -
|
| -} // namespace
|
| -
|
| -SSLPolicy::SSLPolicy(SSLPolicyBackend* backend)
|
| - : backend_(backend) {
|
| - DCHECK(backend_);
|
| -}
|
| -
|
| -void SSLPolicy::OnCertError(SSLCertErrorHandler* handler) {
|
| - // First we check if we know the policy for this error.
|
| - net::CertPolicy::Judgment judgment =
|
| - backend_->QueryPolicy(handler->ssl_info().cert,
|
| - handler->request_url().host());
|
| -
|
| - if (judgment == net::CertPolicy::ALLOWED) {
|
| - handler->ContinueRequest();
|
| - return;
|
| - }
|
| -
|
| - // The judgment is either DENIED or UNKNOWN.
|
| - // For now we handle the DENIED as the UNKNOWN, which means a blocking
|
| - // page is shown to the user every time he comes back to the page.
|
| -
|
| - switch (handler->cert_error()) {
|
| - case net::ERR_CERT_COMMON_NAME_INVALID:
|
| - case net::ERR_CERT_DATE_INVALID:
|
| - case net::ERR_CERT_AUTHORITY_INVALID:
|
| - case net::ERR_CERT_WEAK_SIGNATURE_ALGORITHM:
|
| - OnCertErrorInternal(handler, SSLBlockingPage::ERROR_OVERRIDABLE);
|
| - break;
|
| - case net::ERR_CERT_NO_REVOCATION_MECHANISM:
|
| - // Ignore this error.
|
| - handler->ContinueRequest();
|
| - break;
|
| - case net::ERR_CERT_UNABLE_TO_CHECK_REVOCATION:
|
| - // We ignore this error but will show a warning status in the location
|
| - // bar.
|
| - handler->ContinueRequest();
|
| - break;
|
| - case net::ERR_CERT_CONTAINS_ERRORS:
|
| - case net::ERR_CERT_REVOKED:
|
| - case net::ERR_CERT_INVALID:
|
| - case net::ERR_CERT_NOT_IN_DNS:
|
| - OnCertErrorInternal(handler, SSLBlockingPage::ERROR_FATAL);
|
| - break;
|
| - default:
|
| - NOTREACHED();
|
| - handler->CancelRequest();
|
| - break;
|
| - }
|
| -}
|
| -
|
| -void SSLPolicy::DidRunInsecureContent(NavigationEntry* entry,
|
| - const std::string& security_origin) {
|
| - if (!entry)
|
| - return;
|
| -
|
| - SiteInstance* site_instance = entry->site_instance();
|
| - if (!site_instance)
|
| - return;
|
| -
|
| - backend_->HostRanInsecureContent(GURL(security_origin).host(),
|
| - site_instance->GetProcess()->id());
|
| -}
|
| -
|
| -void SSLPolicy::OnRequestStarted(SSLRequestInfo* info) {
|
| - // TODO(abarth): This mechanism is wrong. What we should be doing is sending
|
| - // this information back through WebKit and out some FrameLoaderClient
|
| - // methods.
|
| -
|
| - if (net::IsCertStatusError(info->ssl_cert_status()))
|
| - backend_->HostRanInsecureContent(info->url().host(), info->child_id());
|
| -}
|
| -
|
| -void SSLPolicy::UpdateEntry(NavigationEntry* entry, TabContents* tab_contents) {
|
| - DCHECK(entry);
|
| -
|
| - InitializeEntryIfNeeded(entry);
|
| -
|
| - if (!entry->url().SchemeIsSecure())
|
| - return;
|
| -
|
| - // An HTTPS response may not have a certificate for some reason. When that
|
| - // happens, use the unauthenticated (HTTP) rather than the authentication
|
| - // broken security style so that we can detect this error condition.
|
| - if (!entry->ssl().cert_id()) {
|
| - entry->ssl().set_security_style(SECURITY_STYLE_UNAUTHENTICATED);
|
| - return;
|
| - }
|
| -
|
| - if (!(entry->ssl().cert_status() & net::CERT_STATUS_COMMON_NAME_INVALID)) {
|
| - // CAs issue certificates for intranet hosts to everyone. Therefore, we
|
| - // mark intranet hosts as being non-unique.
|
| - if (IsIntranetHost(entry->url().host())) {
|
| - entry->ssl().set_cert_status(entry->ssl().cert_status() |
|
| - net::CERT_STATUS_NON_UNIQUE_NAME);
|
| - }
|
| - }
|
| -
|
| - // If CERT_STATUS_UNABLE_TO_CHECK_REVOCATION is the only certificate error,
|
| - // don't lower the security style to SECURITY_STYLE_AUTHENTICATION_BROKEN.
|
| - int cert_errors = entry->ssl().cert_status() & net::CERT_STATUS_ALL_ERRORS;
|
| - if (cert_errors) {
|
| - if (cert_errors != net::CERT_STATUS_UNABLE_TO_CHECK_REVOCATION)
|
| - entry->ssl().set_security_style(SECURITY_STYLE_AUTHENTICATION_BROKEN);
|
| - return;
|
| - }
|
| -
|
| - SiteInstance* site_instance = entry->site_instance();
|
| - // Note that |site_instance| can be NULL here because NavigationEntries don't
|
| - // necessarily have site instances. Without a process, the entry can't
|
| - // possibly have insecure content. See bug http://crbug.com/12423.
|
| - if (site_instance &&
|
| - backend_->DidHostRunInsecureContent(entry->url().host(),
|
| - site_instance->GetProcess()->id())) {
|
| - entry->ssl().set_security_style(SECURITY_STYLE_AUTHENTICATION_BROKEN);
|
| - entry->ssl().set_ran_insecure_content();
|
| - return;
|
| - }
|
| -
|
| - if (tab_contents->displayed_insecure_content())
|
| - entry->ssl().set_displayed_insecure_content();
|
| -}
|
| -
|
| -////////////////////////////////////////////////////////////////////////////////
|
| -// SSLBlockingPage::Delegate methods
|
| -
|
| -SSLErrorInfo SSLPolicy::GetSSLErrorInfo(SSLCertErrorHandler* handler) {
|
| - return SSLErrorInfo::CreateError(
|
| - SSLErrorInfo::NetErrorToErrorType(handler->cert_error()),
|
| - handler->ssl_info().cert, handler->request_url());
|
| -}
|
| -
|
| -void SSLPolicy::OnDenyCertificate(SSLCertErrorHandler* handler) {
|
| - // Default behavior for rejecting a certificate.
|
| - //
|
| - // While DenyCertForHost() executes synchronously on this thread,
|
| - // CancelRequest() gets posted to a different thread. Calling
|
| - // DenyCertForHost() first ensures deterministic ordering.
|
| - backend_->DenyCertForHost(handler->ssl_info().cert,
|
| - handler->request_url().host());
|
| - handler->CancelRequest();
|
| -}
|
| -
|
| -void SSLPolicy::OnAllowCertificate(SSLCertErrorHandler* handler) {
|
| - // Default behavior for accepting a certificate.
|
| - // Note that we should not call SetMaxSecurityStyle here, because the active
|
| - // NavigationEntry has just been deleted (in HideInterstitialPage) and the
|
| - // new NavigationEntry will not be set until DidNavigate. This is ok,
|
| - // because the new NavigationEntry will have its max security style set
|
| - // within DidNavigate.
|
| - //
|
| - // While AllowCertForHost() executes synchronously on this thread,
|
| - // ContinueRequest() gets posted to a different thread. Calling
|
| - // AllowCertForHost() first ensures deterministic ordering.
|
| - backend_->AllowCertForHost(handler->ssl_info().cert,
|
| - handler->request_url().host());
|
| - handler->ContinueRequest();
|
| -}
|
| -
|
| -////////////////////////////////////////////////////////////////////////////////
|
| -// Certificate Error Routines
|
| -
|
| -void SSLPolicy::OnCertErrorInternal(SSLCertErrorHandler* handler,
|
| - SSLBlockingPage::ErrorLevel error_level) {
|
| - if (handler->resource_type() != ResourceType::MAIN_FRAME) {
|
| - // A sub-resource has a certificate error. The user doesn't really
|
| - // have a context for making the right decision, so block the
|
| - // request hard, without an info bar to allow showing the insecure
|
| - // content.
|
| - handler->DenyRequest();
|
| - return;
|
| - }
|
| - SSLBlockingPage* blocking_page = new SSLBlockingPage(handler, this,
|
| - error_level);
|
| - blocking_page->Show();
|
| -}
|
| -
|
| -void SSLPolicy::InitializeEntryIfNeeded(NavigationEntry* entry) {
|
| - if (entry->ssl().security_style() != SECURITY_STYLE_UNKNOWN)
|
| - return;
|
| -
|
| - entry->ssl().set_security_style(entry->url().SchemeIsSecure() ?
|
| - SECURITY_STYLE_AUTHENTICATED : SECURITY_STYLE_UNAUTHENTICATED);
|
| -}
|
| -
|
| -void SSLPolicy::OriginRanInsecureContent(const std::string& origin, int pid) {
|
| - GURL parsed_origin(origin);
|
| - if (parsed_origin.SchemeIsSecure())
|
| - backend_->HostRanInsecureContent(parsed_origin.host(), pid);
|
| -}
|
|
|
Chromium Code Reviews
Issue 7111013:
Move most of the core SSL code from chrome to content. The UI code that's specific to Chrome (i.... (Closed)
Base URL: svn://chrome-svn/chrome/trunk/src/