content/browser/devtools/protocol/security_handler.cc - Issue 2639203003: Add certificate error handling to devtools.

Side by Side Diff: content/browser/devtools/protocol/security_handler.cc

Issue 2639203003: Add certificate error handling to devtools. (Closed)

Patch Set: plumb error through agent host Created 3 years, 10 months ago

Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.

Jump to:

« no previous file with comments | « content/browser/devtools/protocol/security_handler.h ('k') | content/browser/devtools/render_frame_devtools_agent_host.h » ('j') | content/browser/devtools/render_frame_devtools_agent_host.h » ('J')
Toggle Intra-line Diffs ('i') | Expand Comments ('e') | Collapse Comments ('c') | Hide Comments ('s')

OLD	NEW
1 // Copyright 2015 The Chromium Authors. All rights reserved.	1 // Copyright 2015 The Chromium Authors. All rights reserved.

2 // Use of this source code is governed by a BSD-style license that can be	2 // Use of this source code is governed by a BSD-style license that can be

3 // found in the LICENSE file.	3 // found in the LICENSE file.

4	4

5 #include "content/browser/devtools/protocol/security_handler.h"	5 #include "content/browser/devtools/protocol/security_handler.h"

6	6

7 #include <string>	7 #include <string>

8	8

	9 #include "content/browser/devtools/devtools_session.h"

9 #include "content/browser/frame_host/render_frame_host_impl.h"	10 #include "content/browser/frame_host/render_frame_host_impl.h"

10 #include "content/public/browser/navigation_controller.h"	11 #include "content/public/browser/navigation_controller.h"

11 #include "content/public/browser/navigation_entry.h"	12 #include "content/public/browser/navigation_entry.h"

12 #include "content/public/browser/security_style_explanations.h"	13 #include "content/public/browser/security_style_explanations.h"

13 #include "content/public/browser/ssl_status.h"	14 #include "content/public/browser/ssl_status.h"

14 #include "content/public/browser/web_contents.h"	15 #include "content/public/browser/web_contents.h"

15 #include "content/public/browser/web_contents_delegate.h"	16 #include "content/public/browser/web_contents_delegate.h"

16	17

17 namespace content {	18 namespace content {

18 namespace protocol {	19 namespace protocol {

(...skipping 33 matching lines...) Expand 10 before \| Expand all \| Expand 10 after Loading...
52 .SetHasCertificate(it.has_certificate)	53 .SetHasCertificate(it.has_certificate)

53 .Build());	54 .Build());

54 }	55 }

55 }	56 }

56	57

57 } // namespace	58 } // namespace

58	59

59 SecurityHandler::SecurityHandler()	60 SecurityHandler::SecurityHandler()

60 : DevToolsDomainHandler(Security::Metainfo::domainName),	61 : DevToolsDomainHandler(Security::Metainfo::domainName),

61 enabled_(false),	62 enabled_(false),

62 host_(nullptr) {	63 host_(nullptr),

	64 last_cert_error_id_(0),
	pfeldman 2017/02/16 01:35:34 you no longer need these! you no longer need these! irisu 2017/02/16 04:47:32 Done. Show quoted text On 2017/02/16 01:35:34, pfeldman wrote: > you no longer need these! Done.
	65 certificate_error_enabled_(false) {}

	66

	67 SecurityHandler::~SecurityHandler() {

63 }	68 }

64	69

65 SecurityHandler::~SecurityHandler() {	70 // static

	71 SecurityHandler* SecurityHandler::FromSession(DevToolsSession* session) {

	72 return static_cast<SecurityHandler*>(

	73 session->GetHandlerByName(Security::Metainfo::domainName));

66 }	74 }

67	75

68 void SecurityHandler::Wire(UberDispatcher* dispatcher) {	76 void SecurityHandler::Wire(UberDispatcher* dispatcher) {

69 frontend_.reset(new Security::Frontend(dispatcher->channel()));	77 frontend_.reset(new Security::Frontend(dispatcher->channel()));

70 Security::Dispatcher::wire(dispatcher, this);	78 Security::Dispatcher::wire(dispatcher, this);

71 }	79 }

72	80

73 void SecurityHandler::AttachToRenderFrameHost() {	81 void SecurityHandler::AttachToRenderFrameHost() {

74 DCHECK(host_);	82 DCHECK(host_);

75 WebContents* web_contents = WebContents::FromRenderFrameHost(host_);	83 WebContents* web_contents = WebContents::FromRenderFrameHost(host_);

(...skipping 53 matching lines...) Expand 10 before \| Expand all \| Expand 10 after Loading...
129 .Build();	137 .Build();

130	138

131 frontend_->SecurityStateChanged(	139 frontend_->SecurityStateChanged(

132 security_state,	140 security_state,

133 security_style_explanations.scheme_is_cryptographic,	141 security_style_explanations.scheme_is_cryptographic,

134 std::move(explanations),	142 std::move(explanations),

135 std::move(insecure_status),	143 std::move(insecure_status),

136 Maybe<std::string>(security_style_explanations.summary));	144 Maybe<std::string>(security_style_explanations.summary));

137 }	145 }

138	146

	147 void SecurityHandler::DidFinishLoad(RenderFrameHost* render_frame_host,

	148 const GURL& validated_url) {

	149 if (certificate_error_enabled_)

	150 FlushPendingRequests();

	151 }

	152

	153 void SecurityHandler::FlushPendingRequests() {

	154 for (auto callback : callbacks_)

	155 callback.second.Run(content::CERTIFICATE_REQUEST_RESULT_TYPE_CANCEL);

	156 callbacks_.clear();

	157 }

	158

	159 bool SecurityHandler::NotifyCertificateError(int cert_error,

	160 const GURL& request_url,

	161 CertErrorCallback handler) {

	162 frontend_->CertificateError(++last_cert_error_id_, cert_error,
	pfeldman 2017/02/16 01:35:34 if (!enabled_) return; if (!enabled_) return; irisu 2017/02/16 04:47:32 Done. Show quoted text On 2017/02/16 01:35:34, pfeldman wrote: > if (!enabled_) > return; Done.
	163 net::ErrorToShortString(cert_error),
	pfeldman 2017/02/16 01:35:34 cert_error is internal to chrome, so we should not cert_error is internal to chrome, so we should not be providing it. Eric Seckler 2017/02/16 02:01:07 Shall we add an enum type to the Security domain t Show quoted text On 2017/02/16 01:35:34, pfeldman wrote: > cert_error is internal to chrome, so we should not be providing it. Shall we add an enum type to the Security domain that covers the "Certificate error codes" from net/base/net_error_list.h?
	164 request_url.spec());

	165 if (!certificate_error_enabled_)
	pfeldman 2017/02/16 01:35:34 nit: this now needs a new name (certificate_errors nit: this now needs a new name (certificate_errors_overriden_ or alike) irisu 2017/02/16 04:47:32 Done. Show quoted text On 2017/02/16 01:35:34, pfeldman wrote: > nit: this now needs a new name (certificate_errors_overriden_ or alike) Done.
	166 return false;

	167 callbacks_[last_cert_error_id_] = handler;

	168 return true;

	169 }

	170

139 Response SecurityHandler::Enable() {	171 Response SecurityHandler::Enable() {

140 enabled_ = true;	172 enabled_ = true;

141 if (host_)	173 if (host_)

142 AttachToRenderFrameHost();	174 AttachToRenderFrameHost();

143	175

144 return Response::OK();	176 return Response::OK();

145 }	177 }

146	178

147 Response SecurityHandler::Disable() {	179 Response SecurityHandler::Disable() {

148 enabled_ = false;	180 enabled_ = false;

	181 certificate_error_enabled_ = false;

149 WebContentsObserver::Observe(nullptr);	182 WebContentsObserver::Observe(nullptr);

	183 FlushPendingRequests();

150 return Response::OK();	184 return Response::OK();

151 }	185 }

152	186

153 Response SecurityHandler::ShowCertificateViewer() {	187 Response SecurityHandler::ShowCertificateViewer() {

154 if (!host_)	188 if (!host_)

155 return Response::InternalError();	189 return Response::InternalError();

156 WebContents* web_contents = WebContents::FromRenderFrameHost(host_);	190 WebContents* web_contents = WebContents::FromRenderFrameHost(host_);

157 scoped_refptr<net::X509Certificate> certificate =	191 scoped_refptr<net::X509Certificate> certificate =

158 web_contents->GetController().GetVisibleEntry()->GetSSL().certificate;	192 web_contents->GetController().GetVisibleEntry()->GetSSL().certificate;

159 if (!certificate)	193 if (!certificate)

160 return Response::Error("Could not find certificate");	194 return Response::Error("Could not find certificate");

161 web_contents->GetDelegate()->ShowCertificateViewerInDevTools(	195 web_contents->GetDelegate()->ShowCertificateViewerInDevTools(

162 web_contents, certificate);	196 web_contents, certificate);

163 return Response::OK();	197 return Response::OK();

164 }	198 }

165	199

	200 Response SecurityHandler::HandleCertificateError(int event_id,

	201 const String& action) {

	202 if (callbacks_.find(event_id) == callbacks_.end()) {

	203 return Response::Error(

	204 String("Unknown event id: " + std::to_string(event_id)));

	205 }

	206 content::CertificateRequestResultType type =

	207 content::CERTIFICATE_REQUEST_RESULT_TYPE_DENY;

	208 Response response = Response::OK();

	209 if (action == Security::CertificateErrorActionEnum::Continue) {

	210 type = content::CERTIFICATE_REQUEST_RESULT_TYPE_CONTINUE;

	211 } else if (action == Security::CertificateErrorActionEnum::Cancel) {

	212 type = content::CERTIFICATE_REQUEST_RESULT_TYPE_CANCEL;

	213 } else if (action == Security::CertificateErrorActionEnum::Deny) {

	214 type = content::CERTIFICATE_REQUEST_RESULT_TYPE_DENY;

	215 } else {

	216 response =

	217 Response::Error(String("Unknown Certificate Error Action: " + action));

	218 }

	219 callbacks_[event_id].Run(type);

	220 callbacks_.erase(event_id);

	221 return response;

	222 }

	223

	224 Response SecurityHandler::SetOverrideCertificateErrors(bool override) {

	225 if (override && !enabled_)

	226 return Response::Error("Security domain not enabled");

	227 certificate_error_enabled_ = override;

	228 if (!override)

	229 FlushPendingRequests();

	230 return Response::OK();

	231 }

	232

166 } // namespace protocol	233 } // namespace protocol

167 } // namespace content	234 } // namespace content

OLD	NEW