Chromium Code Reviews Chromium Code Reviews
Issue 2639203003:
Add certificate error handling to devtools. (Closed)
| OLD | NEW |
|---|---|
| 1 // Copyright 2015 The Chromium Authors. All rights reserved. | 1 // Copyright 2015 The Chromium Authors. All rights reserved. |
| 2 // Use of this source code is governed by a BSD-style license that can be | 2 // Use of this source code is governed by a BSD-style license that can be |
| 3 // found in the LICENSE file. | 3 // found in the LICENSE file. |
| 4 | 4 |
| 5 #include "content/browser/devtools/protocol/security_handler.h" | 5 #include "content/browser/devtools/protocol/security_handler.h" |
| 6 | 6 |
| 7 #include <string> | 7 #include <string> |
| 8 | 8 |
| 9 #include "content/browser/devtools/devtools_session.h" | |
| 9 #include "content/browser/frame_host/render_frame_host_impl.h" | 10 #include "content/browser/frame_host/render_frame_host_impl.h" |
| 10 #include "content/public/browser/navigation_controller.h" | 11 #include "content/public/browser/navigation_controller.h" |
| 11 #include "content/public/browser/navigation_entry.h" | 12 #include "content/public/browser/navigation_entry.h" |
| 12 #include "content/public/browser/security_style_explanations.h" | 13 #include "content/public/browser/security_style_explanations.h" |
| 13 #include "content/public/browser/ssl_status.h" | 14 #include "content/public/browser/ssl_status.h" |
| 14 #include "content/public/browser/web_contents.h" | 15 #include "content/public/browser/web_contents.h" |
| 15 #include "content/public/browser/web_contents_delegate.h" | 16 #include "content/public/browser/web_contents_delegate.h" |
| 16 | 17 |
| 17 namespace content { | 18 namespace content { |
| 18 namespace protocol { | 19 namespace protocol { |
| (...skipping 33 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... | |
| 52 .SetHasCertificate(it.has_certificate) | 53 .SetHasCertificate(it.has_certificate) |
| 53 .Build()); | 54 .Build()); |
| 54 } | 55 } |
| 55 } | 56 } |
| 56 | 57 |
| 57 } // namespace | 58 } // namespace |
| 58 | 59 |
| 59 SecurityHandler::SecurityHandler() | 60 SecurityHandler::SecurityHandler() |
| 60 : DevToolsDomainHandler(Security::Metainfo::domainName), | 61 : DevToolsDomainHandler(Security::Metainfo::domainName), |
| 61 enabled_(false), | 62 enabled_(false), |
| 62 host_(nullptr) { | 63 host_(nullptr) {} |
| 64 | |
| 65 SecurityHandler::~SecurityHandler() { | |
| 63 } | 66 } |
| 64 | 67 |
| 65 SecurityHandler::~SecurityHandler() { | 68 // static |
| 69 SecurityHandler* SecurityHandler::FromSession(DevToolsSession* session) { | |
| 70 return static_cast<SecurityHandler*>( | |
| 71 session->GetHandlerByName(Security::Metainfo::domainName)); | |
| 66 } | 72 } |
| 67 | 73 |
| 68 void SecurityHandler::Wire(UberDispatcher* dispatcher) { | 74 void SecurityHandler::Wire(UberDispatcher* dispatcher) { |
| 69 frontend_.reset(new Security::Frontend(dispatcher->channel())); | 75 frontend_.reset(new Security::Frontend(dispatcher->channel())); |
| 70 Security::Dispatcher::wire(dispatcher, this); | 76 Security::Dispatcher::wire(dispatcher, this); |
| 71 } | 77 } |
| 72 | 78 |
| 73 void SecurityHandler::AttachToRenderFrameHost() { | 79 void SecurityHandler::AttachToRenderFrameHost() { |
| 74 DCHECK(host_); | 80 DCHECK(host_); |
| 75 WebContents* web_contents = WebContents::FromRenderFrameHost(host_); | 81 WebContents* web_contents = WebContents::FromRenderFrameHost(host_); |
| (...skipping 53 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... | |
| 129 .Build(); | 135 .Build(); |
| 130 | 136 |
| 131 frontend_->SecurityStateChanged( | 137 frontend_->SecurityStateChanged( |
| 132 security_state, | 138 security_state, |
| 133 security_style_explanations.scheme_is_cryptographic, | 139 security_style_explanations.scheme_is_cryptographic, |
| 134 std::move(explanations), | 140 std::move(explanations), |
| 135 std::move(insecure_status), | 141 std::move(insecure_status), |
| 136 Maybe<std::string>(security_style_explanations.summary)); | 142 Maybe<std::string>(security_style_explanations.summary)); |
| 137 } | 143 } |
| 138 | 144 |
| 145 void SecurityHandler::DidFinishLoad(RenderFrameHost* render_frame_host, | |
|
pfeldman
2017/02/21 18:51:41
This is too late, use DidFinishNavigation instead.
irisu
2017/02/23 03:29:08
Done.
| |
| 146 const GURL& validated_url) { | |
| 147 if (certificate_errors_overriden_) | |
| 148 FlushPendingRequests(); | |
| 149 } | |
| 150 | |
| 151 void SecurityHandler::FlushPendingRequests() { | |
| 152 for (auto callback : callbacks_) | |
| 153 callback.second.Run(content::CERTIFICATE_REQUEST_RESULT_TYPE_CANCEL); | |
| 154 callbacks_.clear(); | |
| 155 } | |
| 156 | |
| 157 bool SecurityHandler::NotifyCertificateError(int cert_error, | |
| 158 const GURL& request_url, | |
| 159 CertErrorCallback handler) { | |
| 160 if (!enabled_) | |
| 161 return false; | |
| 162 frontend_->CertificateError(++last_cert_error_id_, | |
| 163 net::ErrorToShortString(cert_error), | |
| 164 request_url.spec()); | |
| 165 if (!certificate_errors_overriden_) | |
| 166 return false; | |
| 167 callbacks_[last_cert_error_id_] = handler; | |
| 168 return true; | |
| 169 } | |
| 170 | |
| 139 Response SecurityHandler::Enable() { | 171 Response SecurityHandler::Enable() { |
| 140 enabled_ = true; | 172 enabled_ = true; |
| 141 if (host_) | 173 if (host_) |
| 142 AttachToRenderFrameHost(); | 174 AttachToRenderFrameHost(); |
| 143 | 175 |
| 144 return Response::OK(); | 176 return Response::OK(); |
| 145 } | 177 } |
| 146 | 178 |
| 147 Response SecurityHandler::Disable() { | 179 Response SecurityHandler::Disable() { |
| 148 enabled_ = false; | 180 enabled_ = false; |
| 181 certificate_errors_overriden_ = false; | |
| 149 WebContentsObserver::Observe(nullptr); | 182 WebContentsObserver::Observe(nullptr); |
| 183 FlushPendingRequests(); | |
| 150 return Response::OK(); | 184 return Response::OK(); |
| 151 } | 185 } |
| 152 | 186 |
| 153 Response SecurityHandler::ShowCertificateViewer() { | 187 Response SecurityHandler::ShowCertificateViewer() { |
| 154 if (!host_) | 188 if (!host_) |
| 155 return Response::InternalError(); | 189 return Response::InternalError(); |
| 156 WebContents* web_contents = WebContents::FromRenderFrameHost(host_); | 190 WebContents* web_contents = WebContents::FromRenderFrameHost(host_); |
| 157 scoped_refptr<net::X509Certificate> certificate = | 191 scoped_refptr<net::X509Certificate> certificate = |
| 158 web_contents->GetController().GetVisibleEntry()->GetSSL().certificate; | 192 web_contents->GetController().GetVisibleEntry()->GetSSL().certificate; |
| 159 if (!certificate) | 193 if (!certificate) |
| 160 return Response::Error("Could not find certificate"); | 194 return Response::Error("Could not find certificate"); |
| 161 web_contents->GetDelegate()->ShowCertificateViewerInDevTools( | 195 web_contents->GetDelegate()->ShowCertificateViewerInDevTools( |
| 162 web_contents, certificate); | 196 web_contents, certificate); |
| 163 return Response::OK(); | 197 return Response::OK(); |
| 164 } | 198 } |
| 165 | 199 |
| 200 Response SecurityHandler::HandleCertificateError(int event_id, | |
| 201 const String& action) { | |
| 202 if (callbacks_.find(event_id) == callbacks_.end()) { | |
| 203 return Response::Error( | |
| 204 String("Unknown event id: " + std::to_string(event_id))); | |
| 205 } | |
| 206 content::CertificateRequestResultType type = | |
| 207 content::CERTIFICATE_REQUEST_RESULT_TYPE_DENY; | |
| 208 Response response = Response::OK(); | |
| 209 if (action == Security::CertificateErrorActionEnum::Continue) { | |
| 210 type = content::CERTIFICATE_REQUEST_RESULT_TYPE_CONTINUE; | |
| 211 } else if (action == Security::CertificateErrorActionEnum::Cancel) { | |
| 212 type = content::CERTIFICATE_REQUEST_RESULT_TYPE_CANCEL; | |
| 213 } else if (action == Security::CertificateErrorActionEnum::Deny) { | |
| 214 type = content::CERTIFICATE_REQUEST_RESULT_TYPE_DENY; | |
| 215 } else { | |
| 216 response = | |
| 217 Response::Error(String("Unknown Certificate Error Action: " + action)); | |
| 218 } | |
| 219 callbacks_[event_id].Run(type); | |
| 220 callbacks_.erase(event_id); | |
| 221 return response; | |
| 222 } | |
| 223 | |
| 224 Response SecurityHandler::SetOverrideCertificateErrors(bool override) { | |
| 225 if (override && !enabled_) | |
| 226 return Response::Error("Security domain not enabled"); | |
| 227 certificate_errors_overriden_ = override; | |
| 228 if (!override) | |
| 229 FlushPendingRequests(); | |
| 230 return Response::OK(); | |
| 231 } | |
| 232 | |
| 166 } // namespace protocol | 233 } // namespace protocol |
| 167 } // namespace content | 234 } // namespace content |
| OLD | NEW |
