| OLD | NEW |
|---|
| 1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. | 1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. |
| 2 // Use of this source code is governed by a BSD-style license that can be | 2 // Use of this source code is governed by a BSD-style license that can be |
| 3 // found in the LICENSE file. | 3 // found in the LICENSE file. |
| 4 | 4 |
| 5 #include "content/browser/ssl/ssl_policy.h" | 5 #include "content/browser/ssl/ssl_policy.h" |
| 6 | 6 |
| 7 #include "base/base_switches.h" | 7 #include "base/base_switches.h" |
| 8 #include "base/bind.h" | 8 #include "base/bind.h" |
| 9 #include "base/command_line.h" | 9 #include "base/command_line.h" |
| 10 #include "base/memory/singleton.h" | 10 #include "base/memory/singleton.h" |
| 11 #include "base/metrics/histogram_macros.h" | 11 #include "base/metrics/histogram_macros.h" |
| 12 #include "base/strings/string_piece.h" | 12 #include "base/strings/string_piece.h" |
| 13 #include "base/strings/string_util.h" | 13 #include "base/strings/string_util.h" |
| 14 #include "content/browser/frame_host/navigation_entry_impl.h" | 14 #include "content/browser/frame_host/navigation_entry_impl.h" |
| 15 #include "content/browser/renderer_host/render_process_host_impl.h" | 15 #include "content/browser/renderer_host/render_process_host_impl.h" |
| 16 #include "content/browser/renderer_host/render_view_host_impl.h" | 16 #include "content/browser/renderer_host/render_view_host_impl.h" |
| 17 #include "content/browser/site_instance_impl.h" | 17 #include "content/browser/site_instance_impl.h" |
| 18 #include "content/browser/ssl/ssl_cert_error_handler.h" | 18 #include "content/browser/ssl/ssl_error_handler.h" |
| 19 #include "content/browser/web_contents/web_contents_impl.h" | 19 #include "content/browser/web_contents/web_contents_impl.h" |
| 20 #include "content/public/browser/content_browser_client.h" | 20 #include "content/public/browser/content_browser_client.h" |
| 21 #include "content/public/browser/web_contents.h" | 21 #include "content/public/browser/web_contents.h" |
| 22 #include "content/public/common/resource_type.h" | 22 #include "content/public/common/resource_type.h" |
| 23 #include "content/public/common/ssl_status.h" | 23 #include "content/public/common/ssl_status.h" |
| 24 #include "content/public/common/url_constants.h" | 24 #include "content/public/common/url_constants.h" |
| 25 #include "net/ssl/ssl_info.h" | 25 #include "net/ssl/ssl_info.h" |
| 26 #include "url/gurl.h" | 26 #include "url/gurl.h" |
| 27 | 27 |
| 28 namespace content { | 28 namespace content { |
| 29 | 29 |
| 30 namespace { | 30 namespace { |
| 31 | 31 |
| 32 // Events for UMA. Do not reorder or change! | 32 // Events for UMA. Do not reorder or change! |
| 33 enum SSLGoodCertSeenEvent { | 33 enum SSLGoodCertSeenEvent { |
| 34 NO_PREVIOUS_EXCEPTION = 0, | 34 NO_PREVIOUS_EXCEPTION = 0, |
| 35 HAD_PREVIOUS_EXCEPTION = 1, | 35 HAD_PREVIOUS_EXCEPTION = 1, |
| 36 SSL_GOOD_CERT_SEEN_EVENT_MAX = 2 | 36 SSL_GOOD_CERT_SEEN_EVENT_MAX = 2 |
| 37 }; | 37 }; |
| 38 } | 38 } |
| 39 | 39 |
| 40 SSLPolicy::SSLPolicy(SSLPolicyBackend* backend) | 40 SSLPolicy::SSLPolicy(SSLPolicyBackend* backend) |
| 41 : backend_(backend) { | 41 : backend_(backend) { |
| 42 DCHECK(backend_); | 42 DCHECK(backend_); |
| 43 } | 43 } |
| 44 | 44 |
| 45 void SSLPolicy::OnCertError(SSLCertErrorHandler* handler) { | 45 void SSLPolicy::OnCertError(SSLErrorHandler* handler) { |
| 46 bool expired_previous_decision = false; | 46 bool expired_previous_decision = false; |
| 47 // First we check if we know the policy for this error. | 47 // First we check if we know the policy for this error. |
| 48 DCHECK(handler->ssl_info().is_valid()); | 48 DCHECK(handler->ssl_info().is_valid()); |
| 49 SSLHostStateDelegate::CertJudgment judgment = | 49 SSLHostStateDelegate::CertJudgment judgment = |
| 50 backend_->QueryPolicy(*handler->ssl_info().cert.get(), | 50 backend_->QueryPolicy(*handler->ssl_info().cert.get(), |
| 51 handler->request_url().host(), | 51 handler->request_url().host(), |
| 52 handler->cert_error(), | 52 handler->cert_error(), |
| 53 &expired_previous_decision); | 53 &expired_previous_decision); |
| 54 | 54 |
| 55 if (judgment == SSLHostStateDelegate::ALLOWED) { | 55 if (judgment == SSLHostStateDelegate::ALLOWED) { |
| (...skipping 127 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 183 // Minor errors don't lower the security style to | 183 // Minor errors don't lower the security style to |
| 184 // SECURITY_STYLE_AUTHENTICATION_BROKEN. | 184 // SECURITY_STYLE_AUTHENTICATION_BROKEN. |
| 185 if (net::IsCertStatusError(cert_status) && | 185 if (net::IsCertStatusError(cert_status) && |
| 186 !net::IsCertStatusMinorError(cert_status)) { | 186 !net::IsCertStatusMinorError(cert_status)) { |
| 187 return SECURITY_STYLE_AUTHENTICATION_BROKEN; | 187 return SECURITY_STYLE_AUTHENTICATION_BROKEN; |
| 188 } | 188 } |
| 189 | 189 |
| 190 return SECURITY_STYLE_AUTHENTICATED; | 190 return SECURITY_STYLE_AUTHENTICATED; |
| 191 } | 191 } |
| 192 | 192 |
| 193 void SSLPolicy::OnAllowCertificate(scoped_refptr<SSLCertErrorHandler> handler, | 193 void SSLPolicy::OnAllowCertificate(scoped_refptr<SSLErrorHandler> handler, |
| 194 CertificateRequestResultType decision) { | 194 CertificateRequestResultType decision) { |
| 195 DCHECK(handler->ssl_info().is_valid()); | 195 DCHECK(handler->ssl_info().is_valid()); |
| 196 switch (decision) { | 196 switch (decision) { |
| 197 case CERTIFICATE_REQUEST_RESULT_TYPE_CONTINUE: | 197 case CERTIFICATE_REQUEST_RESULT_TYPE_CONTINUE: |
| 198 // Note that we should not call SetMaxSecurityStyle here, because the | 198 // Note that we should not call SetMaxSecurityStyle here, because the |
| 199 // active | 199 // active |
| 200 // NavigationEntry has just been deleted (in HideInterstitialPage) and the | 200 // NavigationEntry has just been deleted (in HideInterstitialPage) and the |
| 201 // new NavigationEntry will not be set until DidNavigate. This is ok, | 201 // new NavigationEntry will not be set until DidNavigate. This is ok, |
| 202 // because the new NavigationEntry will have its max security style set | 202 // because the new NavigationEntry will have its max security style set |
| 203 // within DidNavigate. | 203 // within DidNavigate. |
| (...skipping 11 matching lines...) Expand all Loading... |
| 215 return; | 215 return; |
| 216 case CERTIFICATE_REQUEST_RESULT_TYPE_CANCEL: | 216 case CERTIFICATE_REQUEST_RESULT_TYPE_CANCEL: |
| 217 handler->CancelRequest(); | 217 handler->CancelRequest(); |
| 218 return; | 218 return; |
| 219 } | 219 } |
| 220 } | 220 } |
| 221 | 221 |
| 222 //////////////////////////////////////////////////////////////////////////////// | 222 //////////////////////////////////////////////////////////////////////////////// |
| 223 // Certificate Error Routines | 223 // Certificate Error Routines |
| 224 | 224 |
| 225 void SSLPolicy::OnCertErrorInternal(SSLCertErrorHandler* handler, | 225 void SSLPolicy::OnCertErrorInternal(SSLErrorHandler* handler, |
| 226 int options_mask) { | 226 int options_mask) { |
| 227 bool overridable = (options_mask & OVERRIDABLE) != 0; | 227 bool overridable = (options_mask & OVERRIDABLE) != 0; |
| 228 bool strict_enforcement = (options_mask & STRICT_ENFORCEMENT) != 0; | 228 bool strict_enforcement = (options_mask & STRICT_ENFORCEMENT) != 0; |
| 229 bool expired_previous_decision = | 229 bool expired_previous_decision = |
| 230 (options_mask & EXPIRED_PREVIOUS_DECISION) != 0; | 230 (options_mask & EXPIRED_PREVIOUS_DECISION) != 0; |
| 231 GetContentClient()->browser()->AllowCertificateError( | 231 GetContentClient()->browser()->AllowCertificateError( |
| 232 handler->GetManager()->controller()->GetWebContents(), | 232 handler->GetManager()->controller()->GetWebContents(), |
| 233 handler->cert_error(), handler->ssl_info(), handler->request_url(), | 233 handler->cert_error(), handler->ssl_info(), handler->request_url(), |
| 234 handler->resource_type(), overridable, strict_enforcement, | 234 handler->resource_type(), overridable, strict_enforcement, |
| 235 expired_previous_decision, | 235 expired_previous_decision, |
| 236 base::Bind(&SSLPolicy::OnAllowCertificate, base::Unretained(this), | 236 base::Bind(&SSLPolicy::OnAllowCertificate, base::Unretained(this), |
| 237 make_scoped_refptr(handler))); | 237 make_scoped_refptr(handler))); |
| 238 } | 238 } |
| 239 | 239 |
| 240 void SSLPolicy::InitializeEntryIfNeeded(NavigationEntryImpl* entry) { | 240 void SSLPolicy::InitializeEntryIfNeeded(NavigationEntryImpl* entry) { |
| 241 if (entry->GetSSL().security_style != SECURITY_STYLE_UNKNOWN) | 241 if (entry->GetSSL().security_style != SECURITY_STYLE_UNKNOWN) |
| 242 return; | 242 return; |
| 243 | 243 |
| 244 entry->GetSSL().security_style = GetSecurityStyleForResource( | 244 entry->GetSSL().security_style = GetSecurityStyleForResource( |
| 245 entry->GetURL(), entry->GetSSL().cert_id, entry->GetSSL().cert_status); | 245 entry->GetURL(), entry->GetSSL().cert_id, entry->GetSSL().cert_status); |
| 246 } | 246 } |
| 247 | 247 |
| 248 } // namespace content | 248 } // namespace content |
| OLD | NEW |
|---|
Chromium Code Reviews
Issue 2222003002:
Combine SSLCertErrorHandler and SSLErrorHandler (Closed)
Base URL: https://chromium.googlesource.com/chromium/src.git@master