Attach a SecurityStyle to each request in ResourceLoader

content/browser/loader/resource_loader.cc

 // Copyright (c) 2012 The Chromium Authors. All rights reserved.
 // Use of this source code is governed by a BSD-style license that can be
 // found in the LICENSE file.
 
 #include "content/browser/loader/resource_loader.h"
 
 #include "base/command_line.h"
 #include "base/location.h"
 #include "base/metrics/histogram.h"
 #include "base/profiler/scoped_tracker.h"
 #include "base/single_thread_task_runner.h"
 #include "base/thread_task_runner_handle.h"
 #include "base/time/time.h"
 #include "content/browser/appcache/appcache_interceptor.h"
 #include "content/browser/child_process_security_policy_impl.h"
 #include "content/browser/loader/cross_site_resource_handler.h"
 #include "content/browser/loader/detachable_resource_handler.h"
 #include "content/browser/loader/resource_loader_delegate.h"
 #include "content/browser/loader/resource_request_info_impl.h"
 #include "content/browser/service_worker/service_worker_request_handler.h"
 #include "content/browser/ssl/ssl_client_auth_handler.h"
 #include "content/browser/ssl/ssl_manager.h"
+#include "content/browser/ssl/ssl_policy.h"
 #include "content/common/ssl_status_serialization.h"
 #include "content/public/browser/cert_store.h"
 #include "content/public/browser/resource_context.h"
 #include "content/public/browser/resource_dispatcher_host_login_delegate.h"
 #include "content/public/browser/signed_certificate_timestamp_store.h"
 #include "content/public/common/content_client.h"
 #include "content/public/common/content_switches.h"
 #include "content/public/common/process_type.h"
 #include "content/public/common/resource_response.h"
+#include "content/public/common/security_style.h"
 #include "net/base/io_buffer.h"
 #include "net/base/load_flags.h"
 #include "net/http/http_response_headers.h"
 #include "net/ssl/client_cert_store.h"
 #include "net/url_request/redirect_info.h"
 #include "net/url_request/url_request_status.h"
 
 using base::TimeDelta;
 using base::TimeTicks;
 
@@ skipping 26 matching lines @@
     handler->GetExtraResponseInfo(&response->head);
   }
   AppCacheInterceptor::GetExtraResponseInfo(
       request,
       &response->head.appcache_id,
       &response->head.appcache_manifest_url);
   if (info->is_load_timing_enabled())
     request->GetLoadTimingInfo(&response->head.load_timing);
 }
 
+void StoreSignedCertificateTimestamps(
+    const net::SignedCertificateTimestampAndStatusList& sct_list,
+    int process_id,
+    SignedCertificateTimestampIDStatusList* sct_ids) {
+  SignedCertificateTimestampStore* sct_store(
+      SignedCertificateTimestampStore::GetInstance());
+
+  for (auto iter = sct_list.begin(); iter != sct_list.end(); ++iter) {
+    const int sct_id(sct_store->Store(iter->sct.get(), process_id));
+    sct_ids->push_back(
+        SignedCertificateTimestampIDAndStatus(sct_id, iter->status));
+  }
+}
+
+void GetSSLStatusForRequest(const GURL& url,
+                            const net::SSLInfo& ssl_info,
+                            int child_id,
+                            SSLStatus* ssl_status) {
+  DCHECK(ssl_info.cert);
+
+  int cert_id =
+      CertStore::GetInstance()->StoreCert(ssl_info.cert.get(), child_id);
+
+  SignedCertificateTimestampIDStatusList signed_certificate_timestamp_ids;
+  StoreSignedCertificateTimestamps(ssl_info.signed_certificate_timestamps,
+                                   child_id, &signed_certificate_timestamp_ids);
+
+  ssl_status->cert_id = cert_id;
+  ssl_status->cert_status = ssl_info.cert_status;
+  ssl_status->security_bits = ssl_info.security_bits;
+  ssl_status->connection_status = ssl_info.connection_status;
+  ssl_status->signed_certificate_timestamp_ids =
+      signed_certificate_timestamp_ids;
+  ssl_status->security_style =
+      SSLPolicy::GetSecurityStyleForResource(url, *ssl_status);
+}
+
 }  // namespace
 
 ResourceLoader::ResourceLoader(scoped_ptr<net::URLRequest> request,
                                scoped_ptr<ResourceHandler> handler,
                                ResourceLoaderDelegate* delegate)
     : deferred_stage_(DEFERRED_NONE),
       request_(request.Pass()),
       handler_(handler.Pass()),
       delegate_(delegate),
       last_upload_position_(0),
@@ skipping 460 matching lines @@
   if (!was_pending) {
     // If the request isn't in flight, then we won't get an asynchronous
     // notification from the request, so we have to signal ourselves to finish
     // this request.
     base::ThreadTaskRunnerHandle::Get()->PostTask(
         FROM_HERE, base::Bind(&ResourceLoader::ResponseCompleted,
                               weak_ptr_factory_.GetWeakPtr()));
   }
 }
 
-void ResourceLoader::StoreSignedCertificateTimestamps(
-    const net::SignedCertificateTimestampAndStatusList& sct_list,
-    int process_id,
-    SignedCertificateTimestampIDStatusList* sct_ids) {
-  SignedCertificateTimestampStore* sct_store(
-      SignedCertificateTimestampStore::GetInstance());
-
-  for (net::SignedCertificateTimestampAndStatusList::const_iterator iter =
-       sct_list.begin(); iter != sct_list.end(); ++iter) {
-    const int sct_id(sct_store->Store(iter->sct.get(), process_id));
-    sct_ids->push_back(
-        SignedCertificateTimestampIDAndStatus(sct_id, iter->status));
-  }
-}
-
 void ResourceLoader::CompleteResponseStarted() {
   ResourceRequestInfoImpl* info = GetRequestInfo();
   scoped_refptr<ResourceResponse> response(new ResourceResponse());
   PopulateResourceResponse(info, request_.get(), response.get());
 
   if (request_->ssl_info().cert.get()) {
-    int cert_id = CertStore::GetInstance()->StoreCert(
-        request_->ssl_info().cert.get(), info->GetChildID());
+    SSLStatus ssl_status;
+    GetSSLStatusForRequest(request_->url(), request_->ssl_info(),
+                           info->GetChildID(), &ssl_status);
 
-    SignedCertificateTimestampIDStatusList signed_certificate_timestamp_ids;
-    StoreSignedCertificateTimestamps(
-        request_->ssl_info().signed_certificate_timestamps,
-        info->GetChildID(),
-        &signed_certificate_timestamp_ids);
-
-    response->head.security_info = SerializeSecurityInfo(
-        cert_id,
-        request_->ssl_info().cert_status,
-        request_->ssl_info().security_bits,
-        request_->ssl_info().connection_status,
-        signed_certificate_timestamp_ids);
+    response->head.security_info = SerializeSecurityInfo(ssl_status);
   } else {
     // We should not have any SSL state.
     DCHECK(!request_->ssl_info().cert_status &&
            request_->ssl_info().security_bits == -1 &&
            !request_->ssl_info().connection_status);
   }
 
   delegate_->DidReceiveResponse(this);
 
   // TODO(darin): Remove ScopedTracker below once crbug.com/475761 is fixed.
@@ skipping 95 matching lines @@
 }
 
 void ResourceLoader::ResponseCompleted() {
   DVLOG(1) << "ResponseCompleted: " << request_->url().spec();
   RecordHistograms();
   ResourceRequestInfoImpl* info = GetRequestInfo();
 
   std::string security_info;
   const net::SSLInfo& ssl_info = request_->ssl_info();
   if (ssl_info.cert.get() != NULL) {
-    int cert_id = CertStore::GetInstance()->StoreCert(ssl_info.cert.get(),
-                                                      info->GetChildID());
-    SignedCertificateTimestampIDStatusList signed_certificate_timestamp_ids;
-    StoreSignedCertificateTimestamps(ssl_info.signed_certificate_timestamps,
-                                     info->GetChildID(),
-                                     &signed_certificate_timestamp_ids);
+    SSLStatus ssl_status;
+    GetSSLStatusForRequest(request_->url(), ssl_info, info->GetChildID(),
+                           &ssl_status);
 
-    security_info = SerializeSecurityInfo(
-        cert_id, ssl_info.cert_status, ssl_info.security_bits,
-        ssl_info.connection_status, signed_certificate_timestamp_ids);
+    security_info = SerializeSecurityInfo(ssl_status);
   }
 
   bool defer = false;
   {
     // TODO(darin): Remove ScopedTracker below once crbug.com/475761 is fixed.
     tracked_objects::ScopedTracker tracking_profile(
         FROM_HERE_WITH_EXPLICIT_FUNCTION("475761 OnResponseCompleted()"));
 
     handler_->OnResponseCompleted(request_->status(), security_info, &defer);
   }
@@ skipping 38 matching lines @@
       case net::URLRequestStatus::FAILED:
         status = STATUS_UNDEFINED;
         break;
     }
 
     UMA_HISTOGRAM_ENUMERATION("Net.Prefetch.Pattern", status, STATUS_MAX);
   }
 }
 
 }  // namespace content