| OLD | NEW |
|---|
| 1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. | 1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. |
| 2 // Use of this source code is governed by a BSD-style license that can be | 2 // Use of this source code is governed by a BSD-style license that can be |
| 3 // found in the LICENSE file. | 3 // found in the LICENSE file. |
| 4 | 4 |
| 5 #include "content/browser/ssl/ssl_policy.h" | 5 #include "content/browser/ssl/ssl_policy.h" |
| 6 | 6 |
| 7 #include "base/base_switches.h" | 7 #include "base/base_switches.h" |
| 8 #include "base/bind.h" | 8 #include "base/bind.h" |
| 9 #include "base/command_line.h" | 9 #include "base/command_line.h" |
| 10 #include "base/memory/singleton.h" | 10 #include "base/memory/singleton.h" |
| (...skipping 99 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 110 return; | 110 return; |
| 111 | 111 |
| 112 SiteInstance* site_instance = entry->site_instance(); | 112 SiteInstance* site_instance = entry->site_instance(); |
| 113 if (!site_instance) | 113 if (!site_instance) |
| 114 return; | 114 return; |
| 115 | 115 |
| 116 backend_->HostRanInsecureContent(security_origin.host(), | 116 backend_->HostRanInsecureContent(security_origin.host(), |
| 117 site_instance->GetProcess()->GetID()); | 117 site_instance->GetProcess()->GetID()); |
| 118 } | 118 } |
| 119 | 119 |
| 120 void SSLPolicy::DidRunContentWithCertErrors(NavigationEntryImpl* entry, |
| 121 const GURL& security_origin) { |
| 122 if (!entry) |
| 123 return; |
| 124 |
| 125 SiteInstance* site_instance = entry->site_instance(); |
| 126 if (!site_instance) |
| 127 return; |
| 128 |
| 129 backend_->HostRanContentWithCertErrors(security_origin.host(), |
| 130 site_instance->GetProcess()->GetID()); |
| 131 } |
| 132 |
| 120 void SSLPolicy::OnRequestStarted(const GURL& url, | 133 void SSLPolicy::OnRequestStarted(const GURL& url, |
| 121 int cert_id, | 134 int cert_id, |
| 122 net::CertStatus cert_status) { | 135 net::CertStatus cert_status) { |
| 123 if (cert_id && url.SchemeIsCryptographic() && | 136 if (cert_id && url.SchemeIsCryptographic() && |
| 124 !net::IsCertStatusError(cert_status)) { | 137 !net::IsCertStatusError(cert_status)) { |
| 125 // If the scheme is https: or wss: *and* the security info for the | 138 // If the scheme is https: or wss: *and* the security info for the |
| 126 // cert has been set (i.e. the cert id is not 0) and the cert did | 139 // cert has been set (i.e. the cert id is not 0) and the cert did |
| 127 // not have any errors, revoke any previous decisions that | 140 // not have any errors, revoke any previous decisions that |
| 128 // have occurred. If the cert info has not been set, do nothing since it | 141 // have occurred. If the cert info has not been set, do nothing since it |
| 129 // isn't known if the connection was actually a valid connection or if it | 142 // isn't known if the connection was actually a valid connection or if it |
| (...skipping 19 matching lines...) Expand all Loading... |
| 149 | 162 |
| 150 if (entry->GetSSL().security_style == SECURITY_STYLE_UNAUTHENTICATED) | 163 if (entry->GetSSL().security_style == SECURITY_STYLE_UNAUTHENTICATED) |
| 151 return; | 164 return; |
| 152 | 165 |
| 153 if (!web_contents->DisplayedInsecureContent()) | 166 if (!web_contents->DisplayedInsecureContent()) |
| 154 entry->GetSSL().content_status &= ~SSLStatus::DISPLAYED_INSECURE_CONTENT; | 167 entry->GetSSL().content_status &= ~SSLStatus::DISPLAYED_INSECURE_CONTENT; |
| 155 | 168 |
| 156 if (web_contents->DisplayedInsecureContent()) | 169 if (web_contents->DisplayedInsecureContent()) |
| 157 entry->GetSSL().content_status |= SSLStatus::DISPLAYED_INSECURE_CONTENT; | 170 entry->GetSSL().content_status |= SSLStatus::DISPLAYED_INSECURE_CONTENT; |
| 158 | 171 |
| 172 if (!web_contents->DisplayedContentWithCertErrors()) |
| 173 entry->GetSSL().content_status &= |
| 174 ~SSLStatus::DISPLAYED_CONTENT_WITH_CERT_ERRORS; |
| 175 |
| 176 if (web_contents->DisplayedContentWithCertErrors()) |
| 177 entry->GetSSL().content_status |= |
| 178 SSLStatus::DISPLAYED_CONTENT_WITH_CERT_ERRORS; |
| 179 |
| 159 if (entry->GetSSL().security_style == SECURITY_STYLE_AUTHENTICATION_BROKEN) | 180 if (entry->GetSSL().security_style == SECURITY_STYLE_AUTHENTICATION_BROKEN) |
| 160 return; | 181 return; |
| 161 | 182 |
| 162 SiteInstance* site_instance = entry->site_instance(); | 183 SiteInstance* site_instance = entry->site_instance(); |
| 163 // Note that |site_instance| can be NULL here because NavigationEntries don't | 184 // Note that |site_instance| can be NULL here because NavigationEntries don't |
| 164 // necessarily have site instances. Without a process, the entry can't | 185 // necessarily have site instances. Without a process, the entry can't |
| 165 // possibly have insecure content. See bug http://crbug.com/12423. | 186 // possibly have insecure content. See bug http://crbug.com/12423. |
| 166 if (site_instance && | 187 if (site_instance && |
| 167 backend_->DidHostRunInsecureContent( | 188 backend_->DidHostRunInsecureContent( |
| 168 entry->GetURL().host(), site_instance->GetProcess()->GetID())) { | 189 entry->GetURL().host(), site_instance->GetProcess()->GetID())) { |
| 169 entry->GetSSL().security_style = | 190 entry->GetSSL().security_style = |
| 170 SECURITY_STYLE_AUTHENTICATION_BROKEN; | 191 SECURITY_STYLE_AUTHENTICATION_BROKEN; |
| 171 entry->GetSSL().content_status |= SSLStatus::RAN_INSECURE_CONTENT; | 192 entry->GetSSL().content_status |= SSLStatus::RAN_INSECURE_CONTENT; |
| 172 return; | 193 } |
| 194 if (site_instance && |
| 195 backend_->DidHostRunContentWithCertErrors( |
| 196 entry->GetURL().host(), site_instance->GetProcess()->GetID())) { |
| 197 entry->GetSSL().security_style = SECURITY_STYLE_AUTHENTICATION_BROKEN; |
| 198 entry->GetSSL().content_status |= SSLStatus::RAN_CONTENT_WITH_CERT_ERRORS; |
| 173 } | 199 } |
| 174 } | 200 } |
| 175 | 201 |
| 176 // Static | 202 // Static |
| 177 SecurityStyle SSLPolicy::GetSecurityStyleForResource( | 203 SecurityStyle SSLPolicy::GetSecurityStyleForResource( |
| 178 const GURL& url, | 204 const GURL& url, |
| 179 int cert_id, | 205 int cert_id, |
| 180 net::CertStatus cert_status) { | 206 net::CertStatus cert_status) { |
| 181 // An HTTPS response may not have a certificate for some reason. When that | 207 // An HTTPS response may not have a certificate for some reason. When that |
| 182 // happens, use the unauthenticated (HTTP) rather than the authentication | 208 // happens, use the unauthenticated (HTTP) rather than the authentication |
| (...skipping 70 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 253 | 279 |
| 254 void SSLPolicy::InitializeEntryIfNeeded(NavigationEntryImpl* entry) { | 280 void SSLPolicy::InitializeEntryIfNeeded(NavigationEntryImpl* entry) { |
| 255 if (entry->GetSSL().security_style != SECURITY_STYLE_UNKNOWN) | 281 if (entry->GetSSL().security_style != SECURITY_STYLE_UNKNOWN) |
| 256 return; | 282 return; |
| 257 | 283 |
| 258 entry->GetSSL().security_style = GetSecurityStyleForResource( | 284 entry->GetSSL().security_style = GetSecurityStyleForResource( |
| 259 entry->GetURL(), entry->GetSSL().cert_id, entry->GetSSL().cert_status); | 285 entry->GetURL(), entry->GetSSL().cert_id, entry->GetSSL().cert_status); |
| 260 } | 286 } |
| 261 | 287 |
| 262 } // namespace content | 288 } // namespace content |
| OLD | NEW |
|---|
Chromium Code Reviews
Issue 2226363002:
Track subresources with cert errors separately from mixed content (Closed)
Base URL: https://chromium.googlesource.com/chromium/src.git@master