| OLD | NEW |
|---|
| 1 // Copyright (c) 2006-2008 The Chromium Authors. All rights reserved. | 1 // Copyright (c) 2006-2008 The Chromium Authors. All rights reserved. |
| 2 // Use of this source code is governed by a BSD-style license that can be | 2 // Use of this source code is governed by a BSD-style license that can be |
| 3 // found in the LICENSE file. | 3 // found in the LICENSE file. |
| 4 | 4 |
| 5 #include "chrome/browser/ssl/ssl_manager.h" | 5 #include "chrome/browser/ssl/ssl_manager.h" |
| 6 | 6 |
| 7 #include "base/message_loop.h" | 7 #include "base/message_loop.h" |
| 8 #include "base/string_util.h" | 8 #include "base/string_util.h" |
| 9 #include "chrome/app/theme/theme_resources.h" | 9 #include "chrome/app/theme/theme_resources.h" |
| 10 #include "chrome/browser/browser_process.h" | 10 #include "chrome/browser/browser_process.h" |
| 11 #include "chrome/browser/load_notification_details.h" | 11 #include "chrome/browser/load_notification_details.h" |
| 12 #include "chrome/browser/load_from_memory_cache_details.h" | 12 #include "chrome/browser/load_from_memory_cache_details.h" |
| 13 #include "chrome/browser/renderer_host/render_view_host.h" | 13 #include "chrome/browser/renderer_host/render_view_host.h" |
| 14 #include "chrome/browser/resource_request_details.h" | 14 #include "chrome/browser/resource_request_details.h" |
| 15 #include "chrome/browser/ssl/ssl_error_info.h" | 15 #include "chrome/browser/ssl/ssl_error_info.h" |
| 16 #include "chrome/browser/ssl/ssl_host_state.h" |
| 16 #include "chrome/browser/ssl/ssl_policy.h" | 17 #include "chrome/browser/ssl/ssl_policy.h" |
| 17 #include "chrome/browser/tab_contents/infobar_delegate.h" | 18 #include "chrome/browser/tab_contents/infobar_delegate.h" |
| 18 #include "chrome/browser/tab_contents/navigation_controller.h" | 19 #include "chrome/browser/tab_contents/navigation_controller.h" |
| 19 #include "chrome/browser/tab_contents/navigation_entry.h" | 20 #include "chrome/browser/tab_contents/navigation_entry.h" |
| 20 #include "chrome/browser/tab_contents/provisional_load_details.h" | 21 #include "chrome/browser/tab_contents/provisional_load_details.h" |
| 21 #include "chrome/browser/tab_contents/tab_contents.h" | 22 #include "chrome/browser/tab_contents/tab_contents.h" |
| 22 #include "chrome/browser/tab_contents/tab_util.h" | 23 #include "chrome/browser/tab_contents/tab_util.h" |
| 23 #include "chrome/browser/tab_contents/web_contents.h" | 24 #include "chrome/browser/tab_contents/web_contents.h" |
| 24 #include "chrome/common/l10n_util.h" | 25 #include "chrome/common/l10n_util.h" |
| 25 #include "chrome/common/notification_service.h" | 26 #include "chrome/common/notification_service.h" |
| 26 #include "chrome/common/pref_names.h" | 27 #include "chrome/common/pref_names.h" |
| 27 #include "chrome/common/pref_service.h" | 28 #include "chrome/common/pref_service.h" |
| 28 #include "chrome/common/resource_bundle.h" | 29 #include "chrome/common/resource_bundle.h" |
| 29 #include "chrome/views/decision.h" | 30 #include "chrome/views/decision.h" |
| 30 #include "chrome/views/link.h" | 31 #include "chrome/views/link.h" |
| 31 #include "net/base/cert_status_flags.h" | 32 #include "net/base/cert_status_flags.h" |
| 32 #include "net/base/net_errors.h" | 33 #include "net/base/net_errors.h" |
| 33 #include "net/url_request/url_request.h" | 34 #include "net/url_request/url_request.h" |
| 34 #include "webkit/glue/resource_type.h" | 35 #include "webkit/glue/resource_type.h" |
| 35 #include "generated_resources.h" | 36 #include "generated_resources.h" |
| 36 | 37 |
| 37 class SSLInfoBarDelegate : public ConfirmInfoBarDelegate { | 38 class SSLInfoBarDelegate : public ConfirmInfoBarDelegate { |
| 38 public: | 39 public: |
| 39 SSLInfoBarDelegate(TabContents* contents, | 40 SSLInfoBarDelegate(TabContents* contents, |
| 40 const std::wstring message, | 41 const std::wstring message, |
| 41 const std::wstring& button_label, | 42 const std::wstring& button_label, |
| 42 Task* task) | 43 Task* task) |
| 43 : ConfirmInfoBarDelegate(contents), | 44 : ConfirmInfoBarDelegate(contents), |
| 44 message_(message), | 45 message_(message), |
| 45 button_label_(button_label), | 46 button_label_(button_label), |
| 46 task_(task) { | 47 task_(task) { |
| 47 } | 48 } |
| 48 virtual ~SSLInfoBarDelegate() {} | 49 virtual ~SSLInfoBarDelegate() {} |
| 49 | 50 |
| 50 // Overridden from ConfirmInfoBarDelegate: | 51 // Overridden from ConfirmInfoBarDelegate: |
| 51 virtual void InfoBarClosed() { | 52 virtual void InfoBarClosed() { |
| 52 delete this; | 53 delete this; |
| 53 } | 54 } |
| 54 virtual std::wstring GetMessageText() const { | 55 virtual std::wstring GetMessageText() const { |
| 55 return message_; | 56 return message_; |
| 56 } | 57 } |
| (...skipping 30 matching lines...) Expand all Loading... |
| 87 // SSLManager | 88 // SSLManager |
| 88 | 89 |
| 89 // static | 90 // static |
| 90 void SSLManager::RegisterUserPrefs(PrefService* prefs) { | 91 void SSLManager::RegisterUserPrefs(PrefService* prefs) { |
| 91 prefs->RegisterIntegerPref(prefs::kMixedContentFiltering, | 92 prefs->RegisterIntegerPref(prefs::kMixedContentFiltering, |
| 92 FilterPolicy::DONT_FILTER); | 93 FilterPolicy::DONT_FILTER); |
| 93 } | 94 } |
| 94 | 95 |
| 95 SSLManager::SSLManager(NavigationController* controller, Delegate* delegate) | 96 SSLManager::SSLManager(NavigationController* controller, Delegate* delegate) |
| 96 : controller_(controller), | 97 : controller_(controller), |
| 97 delegate_(delegate) { | 98 delegate_(delegate), |
| 99 ssl_host_state_(controller->profile()->GetSSLHostState()) { |
| 98 DCHECK(controller_); | 100 DCHECK(controller_); |
| 99 | 101 |
| 100 // If do delegate is supplied, use the default policy. | 102 // If do delegate is supplied, use the default policy. |
| 101 if (!delegate_) | 103 if (!delegate_) |
| 102 delegate_ = SSLPolicy::GetDefaultPolicy(); | 104 delegate_ = SSLPolicy::GetDefaultPolicy(); |
| 103 | 105 |
| 104 // Subscribe to various notifications. | 106 // Subscribe to various notifications. |
| 105 registrar_.Add(this, NotificationType::NAV_ENTRY_COMMITTED, | 107 registrar_.Add(this, NotificationType::NAV_ENTRY_COMMITTED, |
| 106 Source<NavigationController>(controller_)); | 108 Source<NavigationController>(controller_)); |
| 107 registrar_.Add(this, NotificationType::FAIL_PROVISIONAL_LOAD_WITH_ERROR, | 109 registrar_.Add(this, NotificationType::FAIL_PROVISIONAL_LOAD_WITH_ERROR, |
| (...skipping 69 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 177 return; | 179 return; |
| 178 | 180 |
| 179 web_contents->render_view_host()->AddMessageToConsole( | 181 web_contents->render_view_host()->AddMessageToConsole( |
| 180 std::wstring(), msg, level); | 182 std::wstring(), msg, level); |
| 181 } | 183 } |
| 182 | 184 |
| 183 // Delegate API method. | 185 // Delegate API method. |
| 184 void SSLManager::DenyCertForHost(net::X509Certificate* cert, | 186 void SSLManager::DenyCertForHost(net::X509Certificate* cert, |
| 185 const std::string& host) { | 187 const std::string& host) { |
| 186 // Remember that we don't like this cert for this host. | 188 // Remember that we don't like this cert for this host. |
| 187 // TODO(abarth): Do we want to persist this information in the user's profile? | 189 ssl_host_state_->DenyCertForHost(cert, host); |
| 188 cert_policy_for_host_[host].Deny(cert); | |
| 189 } | 190 } |
| 190 | 191 |
| 191 // Delegate API method. | 192 // Delegate API method. |
| 192 void SSLManager::AllowCertForHost(net::X509Certificate* cert, | 193 void SSLManager::AllowCertForHost(net::X509Certificate* cert, |
| 193 const std::string& host) { | 194 const std::string& host) { |
| 194 // Remember that we do like this cert for this host. | 195 ssl_host_state_->AllowCertForHost(cert, host); |
| 195 // TODO(abarth): Do we want to persist this information in the user's profile? | |
| 196 cert_policy_for_host_[host].Allow(cert); | |
| 197 } | 196 } |
| 198 | 197 |
| 199 // Delegate API method. | 198 // Delegate API method. |
| 200 net::X509Certificate::Policy::Judgment SSLManager::QueryPolicy( | 199 net::X509Certificate::Policy::Judgment SSLManager::QueryPolicy( |
| 201 net::X509Certificate* cert, const std::string& host) { | 200 net::X509Certificate* cert, const std::string& host) { |
| 202 // TODO(abarth): Do we want to read this information from the user's profile? | 201 return ssl_host_state_->QueryPolicy(cert, host); |
| 203 return cert_policy_for_host_[host].Check(cert); | |
| 204 } | 202 } |
| 205 | 203 |
| 206 bool SSLManager::CanShowInsecureContent(const GURL& url) { | 204 bool SSLManager::CanShowInsecureContent(const GURL& url) { |
| 207 // TODO(jcampan): Do we want to read this information from the user's profile? | 205 return ssl_host_state_->CanShowInsecureContent(url); |
| 208 return (can_show_insecure_content_for_host_.find(url.host()) != | |
| 209 can_show_insecure_content_for_host_.end()); | |
| 210 } | 206 } |
| 211 | 207 |
| 212 void SSLManager::AllowShowInsecureContentForURL(const GURL& url) { | 208 void SSLManager::AllowShowInsecureContentForURL(const GURL& url) { |
| 213 can_show_insecure_content_for_host_.insert(url.host()); | 209 ssl_host_state_->AllowShowInsecureContentForURL(url); |
| 214 } | 210 } |
| 215 | 211 |
| 216 bool SSLManager::ProcessedSSLErrorFromRequest() const { | 212 bool SSLManager::ProcessedSSLErrorFromRequest() const { |
| 217 NavigationEntry* entry = controller_->GetActiveEntry(); | 213 NavigationEntry* entry = controller_->GetActiveEntry(); |
| 218 if (!entry) { | 214 if (!entry) { |
| 219 NOTREACHED(); | 215 NOTREACHED(); |
| 220 return false; | 216 return false; |
| 221 } | 217 } |
| 222 | 218 |
| 223 return net::IsCertStatusError(entry->ssl().cert_status()); | 219 return net::IsCertStatusError(entry->ssl().cert_status()); |
| (...skipping 371 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 595 details->entry->ssl().set_has_unsafe_content(); | 591 details->entry->ssl().set_has_unsafe_content(); |
| 596 changed = true; | 592 changed = true; |
| 597 } | 593 } |
| 598 } else if (details->entry->url().SchemeIsSecure() && !ssl_cert_id) { | 594 } else if (details->entry->url().SchemeIsSecure() && !ssl_cert_id) { |
| 599 if (details->is_main_frame) { | 595 if (details->is_main_frame) { |
| 600 changed |= SetMaxSecurityStyle(SECURITY_STYLE_UNAUTHENTICATED); | 596 changed |= SetMaxSecurityStyle(SECURITY_STYLE_UNAUTHENTICATED); |
| 601 } else { | 597 } else { |
| 602 // If the frame has been blocked we keep our security style as | 598 // If the frame has been blocked we keep our security style as |
| 603 // authenticated in that case as nothing insecure is actually showing or | 599 // authenticated in that case as nothing insecure is actually showing or |
| 604 // loaded. | 600 // loaded. |
| 605 if (!details->is_content_filtered && | 601 if (!details->is_content_filtered && |
| 606 !details->entry->ssl().has_mixed_content()) { | 602 !details->entry->ssl().has_mixed_content()) { |
| 607 details->entry->ssl().set_has_mixed_content(); | 603 details->entry->ssl().set_has_mixed_content(); |
| 608 changed = true; | 604 changed = true; |
| 609 } | 605 } |
| 610 } | 606 } |
| 611 } | 607 } |
| 612 | 608 |
| 613 if (changed) { | 609 if (changed) { |
| 614 // Only send the notification when something actually changed. | 610 // Only send the notification when something actually changed. |
| 615 NotificationService::current()->Notify( | 611 NotificationService::current()->Notify( |
| (...skipping 100 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 716 | 712 |
| 717 if (ca_name) { | 713 if (ca_name) { |
| 718 // TODO(wtc): should we show the root CA's name instead? | 714 // TODO(wtc): should we show the root CA's name instead? |
| 719 *ca_name = l10n_util::GetStringF( | 715 *ca_name = l10n_util::GetStringF( |
| 720 IDS_SECURE_CONNECTION_EV_CA, | 716 IDS_SECURE_CONNECTION_EV_CA, |
| 721 UTF8ToWide(cert.issuer().organization_names[0])); | 717 UTF8ToWide(cert.issuer().organization_names[0])); |
| 722 } | 718 } |
| 723 return true; | 719 return true; |
| 724 } | 720 } |
| 725 | 721 |
| OLD | NEW |
|---|
Chromium Code Reviews
Issue 20296:
Remember that we've white listed a certificate when we switch to a new tab.... (Closed)
Base URL: svn://svn.chromium.org/chrome/trunk/src/