| OLD | NEW |
|---|
| 1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. | 1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. |
| 2 // Use of this source code is governed by a BSD-style license that can be | 2 // Use of this source code is governed by a BSD-style license that can be |
| 3 // found in the LICENSE file. | 3 // found in the LICENSE file. |
| 4 | 4 |
| 5 #include "content/browser/ssl/ssl_policy.h" | 5 #include "content/browser/ssl/ssl_policy.h" |
| 6 | 6 |
| 7 #include "base/base_switches.h" | 7 #include "base/base_switches.h" |
| 8 #include "base/bind.h" | 8 #include "base/bind.h" |
| 9 #include "base/command_line.h" | 9 #include "base/command_line.h" |
| 10 #include "base/memory/singleton.h" | 10 #include "base/memory/singleton.h" |
| (...skipping 130 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 141 return; | 141 return; |
| 142 | 142 |
| 143 SiteInstance* site_instance = entry->site_instance(); | 143 SiteInstance* site_instance = entry->site_instance(); |
| 144 if (!site_instance) | 144 if (!site_instance) |
| 145 return; | 145 return; |
| 146 | 146 |
| 147 backend_->HostRanInsecureContent(security_origin.host(), | 147 backend_->HostRanInsecureContent(security_origin.host(), |
| 148 site_instance->GetProcess()->GetID()); | 148 site_instance->GetProcess()->GetID()); |
| 149 } | 149 } |
| 150 | 150 |
| 151 void SSLPolicy::DidRunContentWithCertErrors(NavigationEntryImpl* entry, |
| 152 const GURL& security_origin) { |
| 153 if (!entry) |
| 154 return; |
| 155 |
| 156 SiteInstance* site_instance = entry->site_instance(); |
| 157 if (!site_instance) |
| 158 return; |
| 159 |
| 160 backend_->HostRanContentWithCertErrors(security_origin.host(), |
| 161 site_instance->GetProcess()->GetID()); |
| 162 } |
| 163 |
| 151 void SSLPolicy::OnRequestStarted(const GURL& url, | 164 void SSLPolicy::OnRequestStarted(const GURL& url, |
| 152 int cert_id, | 165 int cert_id, |
| 153 net::CertStatus cert_status) { | 166 net::CertStatus cert_status) { |
| 154 if (cert_id && url.SchemeIsCryptographic() && | 167 if (cert_id && url.SchemeIsCryptographic() && |
| 155 !net::IsCertStatusError(cert_status)) { | 168 !net::IsCertStatusError(cert_status)) { |
| 156 // If the scheme is https: or wss: *and* the security info for the | 169 // If the scheme is https: or wss: *and* the security info for the |
| 157 // cert has been set (i.e. the cert id is not 0) and the cert did | 170 // cert has been set (i.e. the cert id is not 0) and the cert did |
| 158 // not have any errors, revoke any previous decisions that | 171 // not have any errors, revoke any previous decisions that |
| 159 // have occurred. If the cert info has not been set, do nothing since it | 172 // have occurred. If the cert info has not been set, do nothing since it |
| 160 // isn't known if the connection was actually a valid connection or if it | 173 // isn't known if the connection was actually a valid connection or if it |
| 161 // had a cert error. | 174 // had a cert error. |
| 162 SSLGoodCertSeenEvent event = NO_PREVIOUS_EXCEPTION; | 175 SSLGoodCertSeenEvent event = NO_PREVIOUS_EXCEPTION; |
| 163 if (backend_->HasAllowException(url.host())) { | 176 if (backend_->HasAllowException(url.host())) { |
| 164 // If there's no certificate error, a good certificate has been seen, so | 177 // If there's no certificate error, a good certificate has been seen, so |
| 165 // clear out any exceptions that were made by the user for bad | 178 // clear out any exceptions that were made by the user for bad |
| 166 // certificates. This intentionally does not apply to cached resources | 179 // certificates. This intentionally does not apply to cached resources |
| 167 // (see https://crbug.com/634553 for an explanation). | 180 // (see https://crbug.com/634553 for an explanation). |
| 168 backend_->RevokeUserAllowExceptions(url.host()); | 181 backend_->RevokeUserAllowExceptions(url.host()); |
| 169 event = HAD_PREVIOUS_EXCEPTION; | 182 event = HAD_PREVIOUS_EXCEPTION; |
| 170 } | 183 } |
| 171 UMA_HISTOGRAM_ENUMERATION("interstitial.ssl.good_cert_seen", event, | 184 UMA_HISTOGRAM_ENUMERATION("interstitial.ssl.good_cert_seen", event, |
| 172 SSL_GOOD_CERT_SEEN_EVENT_MAX); | 185 SSL_GOOD_CERT_SEEN_EVENT_MAX); |
| 173 } | 186 } |
| 174 } | 187 } |
| 175 | 188 |
| 176 void SSLPolicy::UpdateEntry(NavigationEntryImpl* entry, | 189 void SSLPolicy::UpdateEntry(NavigationEntryImpl* entry, |
| 177 WebContents* web_contents) { | 190 WebContents* web_contents) { |
| 178 DCHECK(entry); | 191 DCHECK(entry); |
| 179 | 192 |
| 193 WebContentsImpl* web_contents_impl = |
| 194 static_cast<WebContentsImpl*>(web_contents); |
| 195 |
| 180 InitializeEntryIfNeeded(entry); | 196 InitializeEntryIfNeeded(entry); |
| 181 | 197 |
| 182 if (entry->GetSSL().security_style == SECURITY_STYLE_UNAUTHENTICATED) | 198 if (entry->GetSSL().security_style == SECURITY_STYLE_UNAUTHENTICATED) |
| 183 return; | 199 return; |
| 184 | 200 |
| 185 if (!web_contents->DisplayedInsecureContent()) | 201 if (!web_contents_impl->DisplayedInsecureContent()) |
| 186 entry->GetSSL().content_status &= ~SSLStatus::DISPLAYED_INSECURE_CONTENT; | 202 entry->GetSSL().content_status &= ~SSLStatus::DISPLAYED_INSECURE_CONTENT; |
| 187 | 203 |
| 188 if (web_contents->DisplayedInsecureContent()) | 204 if (web_contents_impl->DisplayedInsecureContent()) |
| 189 entry->GetSSL().content_status |= SSLStatus::DISPLAYED_INSECURE_CONTENT; | 205 entry->GetSSL().content_status |= SSLStatus::DISPLAYED_INSECURE_CONTENT; |
| 190 | 206 |
| 207 if (!web_contents_impl->DisplayedContentWithCertErrors()) |
| 208 entry->GetSSL().content_status &= |
| 209 ~SSLStatus::DISPLAYED_CONTENT_WITH_CERT_ERRORS; |
| 210 |
| 211 if (web_contents_impl->DisplayedContentWithCertErrors()) |
| 212 entry->GetSSL().content_status |= |
| 213 SSLStatus::DISPLAYED_CONTENT_WITH_CERT_ERRORS; |
| 214 |
| 191 SiteInstance* site_instance = entry->site_instance(); | 215 SiteInstance* site_instance = entry->site_instance(); |
| 192 // Note that |site_instance| can be NULL here because NavigationEntries don't | 216 // Note that |site_instance| can be NULL here because NavigationEntries don't |
| 193 // necessarily have site instances. Without a process, the entry can't | 217 // necessarily have site instances. Without a process, the entry can't |
| 194 // possibly have insecure content. See bug http://crbug.com/12423. | 218 // possibly have insecure content. See bug http://crbug.com/12423. |
| 195 if (site_instance && | 219 if (site_instance && |
| 196 backend_->DidHostRunInsecureContent( | 220 backend_->DidHostRunInsecureContent( |
| 197 entry->GetURL().host(), site_instance->GetProcess()->GetID())) { | 221 entry->GetURL().host(), site_instance->GetProcess()->GetID())) { |
| 198 entry->GetSSL().security_style = | 222 entry->GetSSL().security_style = |
| 199 SECURITY_STYLE_AUTHENTICATION_BROKEN; | 223 SECURITY_STYLE_AUTHENTICATION_BROKEN; |
| 200 entry->GetSSL().content_status |= SSLStatus::RAN_INSECURE_CONTENT; | 224 entry->GetSSL().content_status |= SSLStatus::RAN_INSECURE_CONTENT; |
| 201 } | 225 } |
| 226 |
| 227 if (site_instance && |
| 228 backend_->DidHostRunContentWithCertErrors( |
| 229 entry->GetURL().host(), site_instance->GetProcess()->GetID())) { |
| 230 entry->GetSSL().security_style = SECURITY_STYLE_AUTHENTICATION_BROKEN; |
| 231 entry->GetSSL().content_status |= SSLStatus::RAN_CONTENT_WITH_CERT_ERRORS; |
| 232 } |
| 202 } | 233 } |
| 203 | 234 |
| 204 // Static | 235 // Static |
| 205 SecurityStyle SSLPolicy::GetSecurityStyleForResource( | 236 SecurityStyle SSLPolicy::GetSecurityStyleForResource( |
| 206 const GURL& url, | 237 const GURL& url, |
| 207 int cert_id, | 238 int cert_id, |
| 208 net::CertStatus cert_status) { | 239 net::CertStatus cert_status) { |
| 209 // An HTTPS response may not have a certificate for some reason. When that | 240 // An HTTPS response may not have a certificate for some reason. When that |
| 210 // happens, use the unauthenticated (HTTP) rather than the authentication | 241 // happens, use the unauthenticated (HTTP) rather than the authentication |
| 211 // broken security style so that we can detect this error condition. | 242 // broken security style so that we can detect this error condition. |
| (...skipping 33 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 245 | 276 |
| 246 void SSLPolicy::InitializeEntryIfNeeded(NavigationEntryImpl* entry) { | 277 void SSLPolicy::InitializeEntryIfNeeded(NavigationEntryImpl* entry) { |
| 247 if (entry->GetSSL().security_style != SECURITY_STYLE_UNKNOWN) | 278 if (entry->GetSSL().security_style != SECURITY_STYLE_UNKNOWN) |
| 248 return; | 279 return; |
| 249 | 280 |
| 250 entry->GetSSL().security_style = GetSecurityStyleForResource( | 281 entry->GetSSL().security_style = GetSecurityStyleForResource( |
| 251 entry->GetURL(), entry->GetSSL().cert_id, entry->GetSSL().cert_status); | 282 entry->GetURL(), entry->GetSSL().cert_id, entry->GetSSL().cert_status); |
| 252 } | 283 } |
| 253 | 284 |
| 254 } // namespace content | 285 } // namespace content |
| OLD | NEW |
|---|
Chromium Code Reviews
Issue 2226363002:
Track subresources with cert errors separately from mixed content (Closed)
Base URL: https://chromium.googlesource.com/chromium/src.git@master