| OLD | NEW |
|---|
| 1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. | 1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. |
| 2 // Use of this source code is governed by a BSD-style license that can be | 2 // Use of this source code is governed by a BSD-style license that can be |
| 3 // found in the LICENSE file. | 3 // found in the LICENSE file. |
| 4 | 4 |
| 5 #include "content/browser/ssl/ssl_policy.h" | 5 #include "content/browser/ssl/ssl_policy.h" |
| 6 | 6 |
| 7 #include "base/base_switches.h" | 7 #include "base/base_switches.h" |
| 8 #include "base/bind.h" | 8 #include "base/bind.h" |
| 9 #include "base/command_line.h" | 9 #include "base/command_line.h" |
| 10 #include "base/memory/singleton.h" | 10 #include "base/memory/singleton.h" |
| 11 #include "base/metrics/histogram_macros.h" | 11 #include "base/metrics/histogram_macros.h" |
| 12 #include "base/strings/string_piece.h" | 12 #include "base/strings/string_piece.h" |
| 13 #include "base/strings/string_util.h" | 13 #include "base/strings/string_util.h" |
| 14 #include "content/browser/frame_host/navigation_entry_impl.h" | 14 #include "content/browser/frame_host/navigation_entry_impl.h" |
| 15 #include "content/browser/renderer_host/render_process_host_impl.h" | 15 #include "content/browser/renderer_host/render_process_host_impl.h" |
| 16 #include "content/browser/renderer_host/render_view_host_impl.h" | 16 #include "content/browser/renderer_host/render_view_host_impl.h" |
| 17 #include "content/browser/site_instance_impl.h" | 17 #include "content/browser/site_instance_impl.h" |
| 18 #include "content/browser/ssl/ssl_cert_error_handler.h" | 18 #include "content/browser/ssl/ssl_error_handler.h" |
| 19 #include "content/browser/web_contents/web_contents_impl.h" | 19 #include "content/browser/web_contents/web_contents_impl.h" |
| 20 #include "content/public/browser/content_browser_client.h" | 20 #include "content/public/browser/content_browser_client.h" |
| 21 #include "content/public/browser/web_contents.h" | 21 #include "content/public/browser/web_contents.h" |
| 22 #include "content/public/common/resource_type.h" | 22 #include "content/public/common/resource_type.h" |
| 23 #include "content/public/common/ssl_status.h" | 23 #include "content/public/common/ssl_status.h" |
| 24 #include "content/public/common/url_constants.h" | 24 #include "content/public/common/url_constants.h" |
| 25 #include "net/ssl/ssl_info.h" | 25 #include "net/ssl/ssl_info.h" |
| 26 #include "url/gurl.h" | 26 #include "url/gurl.h" |
| 27 | 27 |
| 28 namespace content { | 28 namespace content { |
| 29 | 29 |
| 30 namespace { | 30 namespace { |
| 31 | 31 |
| 32 // Events for UMA. Do not reorder or change! | 32 // Events for UMA. Do not reorder or change! |
| 33 enum SSLGoodCertSeenEvent { | 33 enum SSLGoodCertSeenEvent { |
| 34 NO_PREVIOUS_EXCEPTION = 0, | 34 NO_PREVIOUS_EXCEPTION = 0, |
| 35 HAD_PREVIOUS_EXCEPTION = 1, | 35 HAD_PREVIOUS_EXCEPTION = 1, |
| 36 SSL_GOOD_CERT_SEEN_EVENT_MAX = 2 | 36 SSL_GOOD_CERT_SEEN_EVENT_MAX = 2 |
| 37 }; | 37 }; |
| 38 } | 38 } |
| 39 | 39 |
| 40 SSLPolicy::SSLPolicy(SSLPolicyBackend* backend) | 40 SSLPolicy::SSLPolicy(SSLPolicyBackend* backend) |
| 41 : backend_(backend) { | 41 : backend_(backend) { |
| 42 DCHECK(backend_); | 42 DCHECK(backend_); |
| 43 } | 43 } |
| 44 | 44 |
| 45 void SSLPolicy::OnCertError(SSLCertErrorHandler* handler) { | 45 void SSLPolicy::OnCertError(SSLErrorHandler* handler) { |
| 46 bool expired_previous_decision = false; | 46 bool expired_previous_decision = false; |
| 47 // First we check if we know the policy for this error. | 47 // First we check if we know the policy for this error. |
| 48 DCHECK(handler->ssl_info().is_valid()); | 48 DCHECK(handler->ssl_info().is_valid()); |
| 49 SSLHostStateDelegate::CertJudgment judgment = | 49 SSLHostStateDelegate::CertJudgment judgment = |
| 50 backend_->QueryPolicy(*handler->ssl_info().cert.get(), | 50 backend_->QueryPolicy(*handler->ssl_info().cert.get(), |
| 51 handler->request_url().host(), | 51 handler->request_url().host(), |
| 52 handler->cert_error(), | 52 handler->cert_error(), |
| 53 &expired_previous_decision); | 53 &expired_previous_decision); |
| 54 | 54 |
| 55 if (judgment == SSLHostStateDelegate::ALLOWED) { | 55 if (judgment == SSLHostStateDelegate::ALLOWED) { |
| (...skipping 131 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 187 // Minor errors don't lower the security style to | 187 // Minor errors don't lower the security style to |
| 188 // SECURITY_STYLE_AUTHENTICATION_BROKEN. | 188 // SECURITY_STYLE_AUTHENTICATION_BROKEN. |
| 189 if (net::IsCertStatusError(cert_status) && | 189 if (net::IsCertStatusError(cert_status) && |
| 190 !net::IsCertStatusMinorError(cert_status)) { | 190 !net::IsCertStatusMinorError(cert_status)) { |
| 191 return SECURITY_STYLE_AUTHENTICATION_BROKEN; | 191 return SECURITY_STYLE_AUTHENTICATION_BROKEN; |
| 192 } | 192 } |
| 193 | 193 |
| 194 return SECURITY_STYLE_AUTHENTICATED; | 194 return SECURITY_STYLE_AUTHENTICATED; |
| 195 } | 195 } |
| 196 | 196 |
| 197 void SSLPolicy::OnAllowCertificate(scoped_refptr<SSLCertErrorHandler> handler, | 197 void SSLPolicy::OnAllowCertificate(scoped_refptr<SSLErrorHandler> handler, |
| 198 CertificateRequestResultType decision) { | 198 CertificateRequestResultType decision) { |
| 199 DCHECK(handler->ssl_info().is_valid()); | 199 DCHECK(handler->ssl_info().is_valid()); |
| 200 switch (decision) { | 200 switch (decision) { |
| 201 case CERTIFICATE_REQUEST_RESULT_TYPE_CONTINUE: | 201 case CERTIFICATE_REQUEST_RESULT_TYPE_CONTINUE: |
| 202 // Note that we should not call SetMaxSecurityStyle here, because the | 202 // Note that we should not call SetMaxSecurityStyle here, because the |
| 203 // active | 203 // active |
| 204 // NavigationEntry has just been deleted (in HideInterstitialPage) and the | 204 // NavigationEntry has just been deleted (in HideInterstitialPage) and the |
| 205 // new NavigationEntry will not be set until DidNavigate. This is ok, | 205 // new NavigationEntry will not be set until DidNavigate. This is ok, |
| 206 // because the new NavigationEntry will have its max security style set | 206 // because the new NavigationEntry will have its max security style set |
| 207 // within DidNavigate. | 207 // within DidNavigate. |
| (...skipping 11 matching lines...) Expand all Loading... |
| 219 return; | 219 return; |
| 220 case CERTIFICATE_REQUEST_RESULT_TYPE_CANCEL: | 220 case CERTIFICATE_REQUEST_RESULT_TYPE_CANCEL: |
| 221 handler->CancelRequest(); | 221 handler->CancelRequest(); |
| 222 return; | 222 return; |
| 223 } | 223 } |
| 224 } | 224 } |
| 225 | 225 |
| 226 //////////////////////////////////////////////////////////////////////////////// | 226 //////////////////////////////////////////////////////////////////////////////// |
| 227 // Certificate Error Routines | 227 // Certificate Error Routines |
| 228 | 228 |
| 229 void SSLPolicy::OnCertErrorInternal(SSLCertErrorHandler* handler, | 229 void SSLPolicy::OnCertErrorInternal(SSLErrorHandler* handler, |
| 230 int options_mask) { | 230 int options_mask) { |
| 231 bool overridable = (options_mask & OVERRIDABLE) != 0; | 231 bool overridable = (options_mask & OVERRIDABLE) != 0; |
| 232 bool strict_enforcement = (options_mask & STRICT_ENFORCEMENT) != 0; | 232 bool strict_enforcement = (options_mask & STRICT_ENFORCEMENT) != 0; |
| 233 bool expired_previous_decision = | 233 bool expired_previous_decision = |
| 234 (options_mask & EXPIRED_PREVIOUS_DECISION) != 0; | 234 (options_mask & EXPIRED_PREVIOUS_DECISION) != 0; |
| 235 GetContentClient()->browser()->AllowCertificateError( | 235 GetContentClient()->browser()->AllowCertificateError( |
| 236 handler->GetManager()->controller()->GetWebContents(), | 236 handler->GetManager()->controller()->GetWebContents(), |
| 237 handler->cert_error(), handler->ssl_info(), handler->request_url(), | 237 handler->cert_error(), handler->ssl_info(), handler->request_url(), |
| 238 handler->resource_type(), overridable, strict_enforcement, | 238 handler->resource_type(), overridable, strict_enforcement, |
| 239 expired_previous_decision, | 239 expired_previous_decision, |
| 240 base::Bind(&SSLPolicy::OnAllowCertificate, base::Unretained(this), | 240 base::Bind(&SSLPolicy::OnAllowCertificate, base::Unretained(this), |
| 241 make_scoped_refptr(handler))); | 241 make_scoped_refptr(handler))); |
| 242 } | 242 } |
| 243 | 243 |
| 244 void SSLPolicy::InitializeEntryIfNeeded(NavigationEntryImpl* entry) { | 244 void SSLPolicy::InitializeEntryIfNeeded(NavigationEntryImpl* entry) { |
| 245 if (entry->GetSSL().security_style != SECURITY_STYLE_UNKNOWN) | 245 if (entry->GetSSL().security_style != SECURITY_STYLE_UNKNOWN) |
| 246 return; | 246 return; |
| 247 | 247 |
| 248 entry->GetSSL().security_style = GetSecurityStyleForResource( | 248 entry->GetSSL().security_style = GetSecurityStyleForResource( |
| 249 entry->GetURL(), entry->GetSSL().cert_id, entry->GetSSL().cert_status); | 249 entry->GetURL(), entry->GetSSL().cert_id, entry->GetSSL().cert_status); |
| 250 } | 250 } |
| 251 | 251 |
| 252 void SSLPolicy::OriginRanInsecureContent(const std::string& origin, int pid) { | 252 void SSLPolicy::OriginRanInsecureContent(const std::string& origin, int pid) { |
| 253 GURL parsed_origin(origin); | 253 GURL parsed_origin(origin); |
| 254 if (parsed_origin.SchemeIsCryptographic()) | 254 if (parsed_origin.SchemeIsCryptographic()) |
| 255 backend_->HostRanInsecureContent(parsed_origin.host(), pid); | 255 backend_->HostRanInsecureContent(parsed_origin.host(), pid); |
| 256 } | 256 } |
| 257 | 257 |
| 258 } // namespace content | 258 } // namespace content |
| OLD | NEW |
|---|
Chromium Code Reviews
Issue 2222003002:
Combine SSLCertErrorHandler and SSLErrorHandler (Closed)
Base URL: https://chromium.googlesource.com/chromium/src.git@master