OLD | NEW |
1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. | 1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. |
2 // Use of this source code is governed by a BSD-style license that can be | 2 // Use of this source code is governed by a BSD-style license that can be |
3 // found in the LICENSE file. | 3 // found in the LICENSE file. |
4 | 4 |
5 #include "content/browser/ssl/ssl_manager.h" | 5 #include "content/browser/ssl/ssl_manager.h" |
6 | 6 |
7 #include <set> | 7 #include <set> |
8 | 8 |
9 #include "base/bind.h" | 9 #include "base/bind.h" |
10 #include "base/macros.h" | 10 #include "base/macros.h" |
11 #include "base/metrics/histogram_macros.h" | 11 #include "base/metrics/histogram_macros.h" |
12 #include "base/strings/utf_string_conversions.h" | 12 #include "base/strings/utf_string_conversions.h" |
13 #include "base/supports_user_data.h" | 13 #include "base/supports_user_data.h" |
| 14 #include "content/browser/devtools/devtools_agent_host_impl.h" |
| 15 #include "content/browser/devtools/protocol/security_handler.h" |
14 #include "content/browser/frame_host/navigation_entry_impl.h" | 16 #include "content/browser/frame_host/navigation_entry_impl.h" |
15 #include "content/browser/loader/resource_dispatcher_host_impl.h" | 17 #include "content/browser/loader/resource_dispatcher_host_impl.h" |
16 #include "content/browser/loader/resource_request_info_impl.h" | 18 #include "content/browser/loader/resource_request_info_impl.h" |
17 #include "content/browser/ssl/ssl_error_handler.h" | 19 #include "content/browser/ssl/ssl_error_handler.h" |
18 #include "content/browser/web_contents/web_contents_impl.h" | 20 #include "content/browser/web_contents/web_contents_impl.h" |
19 #include "content/public/browser/browser_context.h" | 21 #include "content/public/browser/browser_context.h" |
20 #include "content/public/browser/browser_thread.h" | 22 #include "content/public/browser/browser_thread.h" |
21 #include "content/public/browser/certificate_request_result_type.h" | 23 #include "content/public/browser/certificate_request_result_type.h" |
22 #include "content/public/browser/content_browser_client.h" | 24 #include "content/public/browser/content_browser_client.h" |
| 25 #include "content/public/browser/devtools_agent_host.h" |
23 #include "content/public/browser/navigation_details.h" | 26 #include "content/public/browser/navigation_details.h" |
24 #include "content/public/browser/ssl_host_state_delegate.h" | 27 #include "content/public/browser/ssl_host_state_delegate.h" |
25 #include "net/url_request/url_request.h" | 28 #include "net/url_request/url_request.h" |
26 | 29 |
27 namespace content { | 30 namespace content { |
28 | 31 |
29 namespace { | 32 namespace { |
30 | 33 |
31 const char kSSLManagerKeyName[] = "content_ssl_manager"; | 34 const char kSSLManagerKeyName[] = "content_ssl_manager"; |
32 | 35 |
33 // Events for UMA. Do not reorder or change! | 36 // Events for UMA. Do not reorder or change! |
34 enum SSLGoodCertSeenEvent { | 37 enum SSLGoodCertSeenEvent { |
35 NO_PREVIOUS_EXCEPTION = 0, | 38 NO_PREVIOUS_EXCEPTION = 0, |
36 HAD_PREVIOUS_EXCEPTION = 1, | 39 HAD_PREVIOUS_EXCEPTION = 1, |
37 SSL_GOOD_CERT_SEEN_EVENT_MAX = 2 | 40 SSL_GOOD_CERT_SEEN_EVENT_MAX = 2 |
38 }; | 41 }; |
39 | 42 |
| 43 void OnAllowCertificateWithRecordDecision( |
| 44 bool record_decision, |
| 45 const base::Callback<void(bool, content::CertificateRequestResultType)>& |
| 46 callback, |
| 47 CertificateRequestResultType decision) { |
| 48 callback.Run(record_decision, decision); |
| 49 } |
| 50 |
40 void OnAllowCertificate(SSLErrorHandler* handler, | 51 void OnAllowCertificate(SSLErrorHandler* handler, |
41 SSLHostStateDelegate* state_delegate, | 52 SSLHostStateDelegate* state_delegate, |
| 53 bool record_decision, |
42 CertificateRequestResultType decision) { | 54 CertificateRequestResultType decision) { |
43 DCHECK(handler->ssl_info().is_valid()); | 55 DCHECK(handler->ssl_info().is_valid()); |
44 switch (decision) { | 56 switch (decision) { |
45 case CERTIFICATE_REQUEST_RESULT_TYPE_CONTINUE: | 57 case CERTIFICATE_REQUEST_RESULT_TYPE_CONTINUE: |
46 // Note that we should not call SetMaxSecurityStyle here, because | 58 // Note that we should not call SetMaxSecurityStyle here, because |
47 // the active NavigationEntry has just been deleted (in | 59 // the active NavigationEntry has just been deleted (in |
48 // HideInterstitialPage) and the new NavigationEntry will not be | 60 // HideInterstitialPage) and the new NavigationEntry will not be |
49 // set until DidNavigate. This is ok, because the new | 61 // set until DidNavigate. This is ok, because the new |
50 // NavigationEntry will have its max security style set within | 62 // NavigationEntry will have its max security style set within |
51 // DidNavigate. | 63 // DidNavigate. |
52 // | 64 // |
53 // While AllowCert() executes synchronously on this thread, | 65 // While AllowCert() executes synchronously on this thread, |
54 // ContinueRequest() gets posted to a different thread. Calling | 66 // ContinueRequest() gets posted to a different thread. Calling |
55 // AllowCert() first ensures deterministic ordering. | 67 // AllowCert() first ensures deterministic ordering. |
56 if (state_delegate) { | 68 if (record_decision && state_delegate) { |
57 state_delegate->AllowCert(handler->request_url().host(), | 69 state_delegate->AllowCert(handler->request_url().host(), |
58 *handler->ssl_info().cert.get(), | 70 *handler->ssl_info().cert.get(), |
59 handler->cert_error()); | 71 handler->cert_error()); |
60 } | 72 } |
61 handler->ContinueRequest(); | 73 handler->ContinueRequest(); |
62 return; | 74 return; |
63 case CERTIFICATE_REQUEST_RESULT_TYPE_DENY: | 75 case CERTIFICATE_REQUEST_RESULT_TYPE_DENY: |
64 handler->DenyRequest(); | 76 handler->DenyRequest(); |
65 return; | 77 return; |
66 case CERTIFICATE_REQUEST_RESULT_TYPE_CANCEL: | 78 case CERTIFICATE_REQUEST_RESULT_TYPE_CANCEL: |
(...skipping 282 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
349 bool overridable = (options_mask & OVERRIDABLE) != 0; | 361 bool overridable = (options_mask & OVERRIDABLE) != 0; |
350 bool strict_enforcement = (options_mask & STRICT_ENFORCEMENT) != 0; | 362 bool strict_enforcement = (options_mask & STRICT_ENFORCEMENT) != 0; |
351 bool expired_previous_decision = | 363 bool expired_previous_decision = |
352 (options_mask & EXPIRED_PREVIOUS_DECISION) != 0; | 364 (options_mask & EXPIRED_PREVIOUS_DECISION) != 0; |
353 | 365 |
354 WebContents* web_contents = handler->web_contents(); | 366 WebContents* web_contents = handler->web_contents(); |
355 int cert_error = handler->cert_error(); | 367 int cert_error = handler->cert_error(); |
356 const net::SSLInfo& ssl_info = handler->ssl_info(); | 368 const net::SSLInfo& ssl_info = handler->ssl_info(); |
357 const GURL& request_url = handler->request_url(); | 369 const GURL& request_url = handler->request_url(); |
358 ResourceType resource_type = handler->resource_type(); | 370 ResourceType resource_type = handler->resource_type(); |
359 GetContentClient()->browser()->AllowCertificateError( | 371 |
360 web_contents, cert_error, ssl_info, request_url, resource_type, | 372 base::Callback<void(bool, content::CertificateRequestResultType)> callback = |
361 overridable, strict_enforcement, expired_previous_decision, | |
362 base::Bind(&OnAllowCertificate, base::Owned(handler.release()), | 373 base::Bind(&OnAllowCertificate, base::Owned(handler.release()), |
363 ssl_host_state_delegate_)); | 374 ssl_host_state_delegate_); |
| 375 |
| 376 DevToolsAgentHostImpl* agent_host = static_cast<DevToolsAgentHostImpl*>( |
| 377 DevToolsAgentHost::GetOrCreateFor(web_contents).get()); |
| 378 protocol::SecurityHandler* security_handler = |
| 379 protocol::SecurityHandler::FromAgentHost(agent_host); |
| 380 if (!security_handler || |
| 381 !security_handler->NotifyCertificateError( |
| 382 cert_error, request_url, |
| 383 base::Bind(&OnAllowCertificateWithRecordDecision, false, callback))) { |
| 384 GetContentClient()->browser()->AllowCertificateError( |
| 385 web_contents, cert_error, ssl_info, request_url, resource_type, |
| 386 overridable, strict_enforcement, expired_previous_decision, |
| 387 base::Bind(&OnAllowCertificateWithRecordDecision, true, callback)); |
| 388 } |
364 } | 389 } |
365 | 390 |
366 void SSLManager::UpdateEntry(NavigationEntryImpl* entry, | 391 void SSLManager::UpdateEntry(NavigationEntryImpl* entry, |
367 int add_content_status_flags, | 392 int add_content_status_flags, |
368 int remove_content_status_flags) { | 393 int remove_content_status_flags) { |
369 // We don't always have a navigation entry to update, for example in the | 394 // We don't always have a navigation entry to update, for example in the |
370 // case of the Web Inspector. | 395 // case of the Web Inspector. |
371 if (!entry) | 396 if (!entry) |
372 return; | 397 return; |
373 | 398 |
(...skipping 47 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
421 SSLManagerSet* managers = | 446 SSLManagerSet* managers = |
422 static_cast<SSLManagerSet*>(context->GetUserData(kSSLManagerKeyName)); | 447 static_cast<SSLManagerSet*>(context->GetUserData(kSSLManagerKeyName)); |
423 | 448 |
424 for (std::set<SSLManager*>::iterator i = managers->get().begin(); | 449 for (std::set<SSLManager*>::iterator i = managers->get().begin(); |
425 i != managers->get().end(); ++i) { | 450 i != managers->get().end(); ++i) { |
426 (*i)->UpdateEntry((*i)->controller()->GetLastCommittedEntry(), 0, 0); | 451 (*i)->UpdateEntry((*i)->controller()->GetLastCommittedEntry(), 0, 0); |
427 } | 452 } |
428 } | 453 } |
429 | 454 |
430 } // namespace content | 455 } // namespace content |
OLD | NEW |