Track "display" and "run" separately for mixed content, and make the latter d...

chrome/browser/ssl/ssl_manager.cc

 // Copyright (c) 2010 The Chromium Authors. All rights reserved.
 // Use of this source code is governed by a BSD-style license that can be
 // found in the LICENSE file.
 
 #include "chrome/browser/ssl/ssl_manager.h"
 
 #include "app/l10n_util.h"
 #include "base/utf_string_conversions.h"
 #include "chrome/browser/chrome_thread.h"
 #include "chrome/browser/load_from_memory_cache_details.h"
@@ skipping 10 matching lines @@
 #include "chrome/common/pref_names.h"
 #include "grit/generated_resources.h"
 #include "net/base/cert_status_flags.h"
 
 // static
 void SSLManager::RegisterUserPrefs(PrefService* prefs) {
   prefs->RegisterIntegerPref(prefs::kMixedContentFiltering,
                              FilterPolicy::DONT_FILTER);
 }
 
+// static
+void SSLManager::OnSSLCertificateError(ResourceDispatcherHost* rdh,
+                                       URLRequest* request,
+                                       int cert_error,
+                                       net::X509Certificate* cert) {
+  DLOG(INFO) << "OnSSLCertificateError() cert_error: " << cert_error <<
+                " url: " << request->url().spec();
+
+  ResourceDispatcherHostRequestInfo* info =
+      ResourceDispatcherHost::InfoForRequest(request);
+  DCHECK(info);
+
+  // A certificate error occurred.  Construct a SSLCertErrorHandler object and
+  // hand it over to the UI thread for processing.
+  ChromeThread::PostTask(
+      ChromeThread::UI, FROM_HERE,
+      NewRunnableMethod(new SSLCertErrorHandler(rdh,
+                                                request,
+                                                info->resource_type(),
+                                                info->frame_origin(),
+                                                info->main_frame_origin(),
+                                                cert_error,
+                                                cert),
+                        &SSLCertErrorHandler::Dispatch));
+}
+
+// static
+void SSLManager::NotifySSLInternalStateChanged() {
+  NotificationService::current()->Notify(
+      NotificationType::SSL_INTERNAL_STATE_CHANGED,
+      NotificationService::AllSources(),
+      NotificationService::NoDetails());
+}
+
+// static
+std::string SSLManager::SerializeSecurityInfo(int cert_id,
+                                              int cert_status,
+                                              int security_bits) {
+  Pickle pickle;
+  pickle.WriteInt(cert_id);
+  pickle.WriteInt(cert_status);
+  pickle.WriteInt(security_bits);
+  return std::string(static_cast<const char*>(pickle.data()), pickle.size());
+}
+
+// static
+bool SSLManager::DeserializeSecurityInfo(const std::string& state,
+                                         int* cert_id,
+                                         int* cert_status,
+                                         int* security_bits) {
+  DCHECK(cert_id && cert_status && security_bits);
+  if (state.empty()) {
+    // No SSL used.
+    *cert_id = 0;
+    *cert_status = 0;
+    *security_bits = -1;
+    return false;
+  }
+
+  Pickle pickle(state.data(), static_cast<int>(state.size()));
+  void * iter = NULL;
+  return pickle.ReadInt(&iter, cert_id) &&
+         pickle.ReadInt(&iter, cert_status) &&
+         pickle.ReadInt(&iter, security_bits);
+}
+
+// static
+std::wstring SSLManager::GetEVCertName(const net::X509Certificate& cert) {
+  // EV are required to have an organization name and country.
+  if (cert.subject().organization_names.empty() ||
+      cert.subject().country_name.empty()) {
+    NOTREACHED();
+    return std::wstring();
+  }
+
+  return l10n_util::GetStringF(IDS_SECURE_CONNECTION_EV,
+                               UTF8ToWide(cert.subject().organization_names[0]),
+                               UTF8ToWide(cert.subject().country_name));
+}
+
 SSLManager::SSLManager(NavigationController* controller)
     : backend_(controller),
       policy_(new SSLPolicy(&backend_)),
       controller_(controller) {
   DCHECK(controller_);
 
   // Subscribe to various notifications.
   registrar_.Add(this, NotificationType::FAIL_PROVISIONAL_LOAD_WITH_ERROR,
                  Source<NavigationController>(controller_));
   registrar_.Add(this, NotificationType::RESOURCE_RESPONSE_STARTED,
                  Source<NavigationController>(controller_));
   registrar_.Add(this, NotificationType::RESOURCE_RECEIVED_REDIRECT,
                  Source<NavigationController>(controller_));
   registrar_.Add(this, NotificationType::LOAD_FROM_MEMORY_CACHE,
                  Source<NavigationController>(controller_));
   registrar_.Add(this, NotificationType::SSL_INTERNAL_STATE_CHANGED,
                  NotificationService::AllSources());
 }
 
 SSLManager::~SSLManager() {
 }
 
+void SSLManager::DidCommitProvisionalLoad(
+    const NotificationDetails& in_details) {
+  NavigationController::LoadCommittedDetails* details =
+      Details<NavigationController::LoadCommittedDetails>(in_details).ptr();
+
+  NavigationEntry* entry = controller_->GetActiveEntry();
+
+  if (details->is_main_frame) {
+    if (entry) {
+      // Decode the security details.
+      int ssl_cert_id, ssl_cert_status, ssl_security_bits;
+      DeserializeSecurityInfo(details->serialized_security_info,
+                              &ssl_cert_id,
+                              &ssl_cert_status,
+                              &ssl_security_bits);
+
+      // We may not have an entry if this is a navigation to an initial blank
+      // page. Reset the SSL information and add the new data we have.
+      entry->ssl() = NavigationEntry::SSLStatus();
+      entry->ssl().set_cert_id(ssl_cert_id);
+      entry->ssl().set_cert_status(ssl_cert_status);
+      entry->ssl().set_security_bits(ssl_security_bits);
+    }
+    backend_.ShowPendingMessages();
+  }
+
+  UpdateEntry(entry);
+}
+
+void SSLManager::DidRunInsecureContent(const std::string& security_origin) {
+  policy()->DidRunInsecureContent(controller_->GetActiveEntry(),
+                                  security_origin);
+}
+
 bool SSLManager::ProcessedSSLErrorFromRequest() const {
   NavigationEntry* entry = controller_->GetActiveEntry();
   if (!entry) {
     NOTREACHED();
     return false;
   }
 
   return net::IsCertStatusError(entry->ssl().cert_status());
 }
 
-// static
-void SSLManager::OnSSLCertificateError(ResourceDispatcherHost* rdh,
-                                       URLRequest* request,
-                                       int cert_error,
-                                       net::X509Certificate* cert) {
-  DLOG(INFO) << "OnSSLCertificateError() cert_error: " << cert_error <<
-                " url: " << request->url().spec();
-
-  ResourceDispatcherHostRequestInfo* info =
-      ResourceDispatcherHost::InfoForRequest(request);
-  DCHECK(info);
-
-  // A certificate error occurred.  Construct a SSLCertErrorHandler object and
-  // hand it over to the UI thread for processing.
-  ChromeThread::PostTask(
-      ChromeThread::UI, FROM_HERE,
-      NewRunnableMethod(new SSLCertErrorHandler(rdh,
-                                                request,
-                                                info->resource_type(),
-                                                info->frame_origin(),
-                                                info->main_frame_origin(),
-                                                cert_error,
-                                                cert),
-                        &SSLCertErrorHandler::Dispatch));
-}
-
-void SSLManager::DidDisplayInsecureContent() {
-  policy()->DidDisplayInsecureContent(controller_->GetActiveEntry());
-}
-
-void SSLManager::DidRunInsecureContent(const std::string& security_origin) {
-  policy()->DidRunInsecureContent(controller_->GetActiveEntry(),
-                                  security_origin);
-}
-
 void SSLManager::Observe(NotificationType type,
                          const NotificationSource& source,
                          const NotificationDetails& details) {
   // Dispatch by type.
   switch (type.value) {
     case NotificationType::FAIL_PROVISIONAL_LOAD_WITH_ERROR:
       DidFailProvisionalLoadWithError(
           Details<ProvisionalLoadDetails>(details).ptr());
       break;
     case NotificationType::RESOURCE_RESPONSE_STARTED:
       DidStartResourceResponse(Details<ResourceRequestDetails>(details).ptr());
       break;
     case NotificationType::RESOURCE_RECEIVED_REDIRECT:
       DidReceiveResourceRedirect(
           Details<ResourceRedirectDetails>(details).ptr());
       break;
     case NotificationType::LOAD_FROM_MEMORY_CACHE:
       DidLoadFromMemoryCache(
           Details<LoadFromMemoryCacheDetails>(details).ptr());
       break;
     case NotificationType::SSL_INTERNAL_STATE_CHANGED:
       DidChangeSSLInternalState();
       break;
     default:
       NOTREACHED() << "The SSLManager received an unexpected notification.";
   }
 }
 
-void SSLManager::DispatchSSLVisibleStateChanged() {
-  NotificationService::current()->Notify(
-      NotificationType::SSL_VISIBLE_STATE_CHANGED,
-      Source<NavigationController>(controller_),
-      NotificationService::NoDetails());
-}
-
-void SSLManager::UpdateEntry(NavigationEntry* entry) {
-  // We don't always have a navigation entry to update, for example in the
-  // case of the Web Inspector.
-  if (!entry)
-    return;
-
-  NavigationEntry::SSLStatus original_ssl_status = entry->ssl();  // Copy!
-
-  policy()->UpdateEntry(entry);
-
-  if (!entry->ssl().Equals(original_ssl_status))
-    DispatchSSLVisibleStateChanged();
-}
-
 void SSLManager::DidLoadFromMemoryCache(LoadFromMemoryCacheDetails* details) {
   DCHECK(details);
 
   // Simulate loading this resource through the usual path.
   // Note that we specify SUB_RESOURCE as the resource type as WebCore only
   // caches sub-resources.
   // This resource must have been loaded with FilterPolicy::DONT_FILTER because
   // filtered resouces aren't cachable.
   scoped_refptr<SSLRequestInfo> info = new SSLRequestInfo(
       details->url(),
       ResourceType::SUB_RESOURCE,
       details->frame_origin(),
       details->main_frame_origin(),
       FilterPolicy::DONT_FILTER,
       details->pid(),
       details->ssl_cert_id(),
       details->ssl_cert_status());
 
   // Simulate loading this resource through the usual path.
   policy()->OnRequestStarted(info.get());
 }
 
-void SSLManager::DidCommitProvisionalLoad(
-    const NotificationDetails& in_details) {
-  NavigationController::LoadCommittedDetails* details =
-      Details<NavigationController::LoadCommittedDetails>(in_details).ptr();
-
-  NavigationEntry* entry = controller_->GetActiveEntry();
-
-  if (details->is_main_frame) {
-    if (entry) {
-      // Decode the security details.
-      int ssl_cert_id, ssl_cert_status, ssl_security_bits;
-      DeserializeSecurityInfo(details->serialized_security_info,
-                              &ssl_cert_id,
-                              &ssl_cert_status,
-                              &ssl_security_bits);
-
-      // We may not have an entry if this is a navigation to an initial blank
-      // page. Reset the SSL information and add the new data we have.
-      entry->ssl() = NavigationEntry::SSLStatus();
-      entry->ssl().set_cert_id(ssl_cert_id);
-      entry->ssl().set_cert_status(ssl_cert_status);
-      entry->ssl().set_security_bits(ssl_security_bits);
-    }
-    backend_.ShowPendingMessages();
-  }
-
-  UpdateEntry(entry);
-}
-
 void SSLManager::DidFailProvisionalLoadWithError(
     ProvisionalLoadDetails* details) {
   DCHECK(details);
 
   // Ignore in-page navigations.
   if (details->in_page_navigation())
     return;
 
   if (details->main_frame())
     backend_.ClearPendingMessages();
@@ skipping 23 matching lines @@
   //               a non-HTTPS resource in the redirect chain, we want to
   //               trigger mixed content, even if the redirect chain goes back
   //               to HTTPS.  This is because the network attacker can redirect
   //               the HTTP request to https://attacker.com/payload.js.
 }
 
 void SSLManager::DidChangeSSLInternalState() {
   UpdateEntry(controller_->GetActiveEntry());
 }
 
-// static
-std::string SSLManager::SerializeSecurityInfo(int cert_id,
-                                              int cert_status,
-                                              int security_bits) {
-  Pickle pickle;
-  pickle.WriteInt(cert_id);
-  pickle.WriteInt(cert_status);
-  pickle.WriteInt(security_bits);
-  return std::string(static_cast<const char*>(pickle.data()), pickle.size());
+void SSLManager::UpdateEntry(NavigationEntry* entry) {
+  // We don't always have a navigation entry to update, for example in the
+  // case of the Web Inspector.
+  if (!entry)
+    return;
+
+  NavigationEntry::SSLStatus original_ssl_status = entry->ssl();  // Copy!
+
+  policy()->UpdateEntry(entry, controller_->tab_contents());
+
+  if (!entry->ssl().Equals(original_ssl_status)) {
+    NotificationService::current()->Notify(
+        NotificationType::SSL_VISIBLE_STATE_CHANGED,
+        Source<NavigationController>(controller_),
+        NotificationService::NoDetails());
+  }
 }
-
-// static
-bool SSLManager::DeserializeSecurityInfo(const std::string& state,
-                                         int* cert_id,
-                                         int* cert_status,
-                                         int* security_bits) {
-  DCHECK(cert_id && cert_status && security_bits);
-  if (state.empty()) {
-    // No SSL used.
-    *cert_id = 0;
-    *cert_status = 0;
-    *security_bits = -1;
-    return false;
-  }
-
-  Pickle pickle(state.data(), static_cast<int>(state.size()));
-  void * iter = NULL;
-  return pickle.ReadInt(&iter, cert_id) &&
-         pickle.ReadInt(&iter, cert_status) &&
-         pickle.ReadInt(&iter, security_bits);
-}
-
-// static
-std::wstring SSLManager::GetEVCertName(const net::X509Certificate& cert) {
-  // EV are required to have an organization name and country.
-  if (cert.subject().organization_names.empty() ||
-      cert.subject().country_name.empty()) {
-    NOTREACHED();
-    return std::wstring();
-  }
-
-  return l10n_util::GetStringF(IDS_SECURE_CONNECTION_EV,
-                               UTF8ToWide(cert.subject().organization_names[0]),
-                               UTF8ToWide(cert.subject().country_name));
-}