content/browser/devtools/protocol/security_handler.cc - Issue 2639203003: Add certificate error handling to devtools.

Side by Side Diff: content/browser/devtools/protocol/security_handler.cc

Issue 2639203003: Add certificate error handling to devtools. (Closed)

Patch Set: Fixed test. Created 3 years, 10 months ago

Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.

Jump to:

OLD	NEW
1 // Copyright 2015 The Chromium Authors. All rights reserved.	1 // Copyright 2015 The Chromium Authors. All rights reserved.

2 // Use of this source code is governed by a BSD-style license that can be	2 // Use of this source code is governed by a BSD-style license that can be

3 // found in the LICENSE file.	3 // found in the LICENSE file.

4	4

5 #include "content/browser/devtools/protocol/security_handler.h"	5 #include "content/browser/devtools/protocol/security_handler.h"

6	6

7 #include <string>	7 #include <string>

8	8

9 #include "content/browser/frame_host/render_frame_host_impl.h"	9 #include "content/browser/frame_host/render_frame_host_impl.h"

10 #include "content/public/browser/navigation_controller.h"	10 #include "content/public/browser/navigation_controller.h"

(...skipping 41 matching lines...) Expand 10 before \| Expand all \| Expand 10 after Loading...
52 .SetHasCertificate(it.has_certificate)	52 .SetHasCertificate(it.has_certificate)

53 .Build());	53 .Build());

54 }	54 }

55 }	55 }

56	56

57 } // namespace	57 } // namespace

58	58

59 SecurityHandler::SecurityHandler()	59 SecurityHandler::SecurityHandler()

60 : DevToolsDomainHandler(Security::Metainfo::domainName),	60 : DevToolsDomainHandler(Security::Metainfo::domainName),

61 enabled_(false),	61 enabled_(false),

62 host_(nullptr) {	62 host_(nullptr),

63 }	63 last_cert_error_id_(0),

	64 certificate_error_enabled_(false) {}

64	65

65 SecurityHandler::~SecurityHandler() {	66 SecurityHandler::~SecurityHandler() {

66 }	67 }

67	68

68 void SecurityHandler::Wire(UberDispatcher* dispatcher) {	69 void SecurityHandler::Wire(UberDispatcher* dispatcher) {

69 frontend_.reset(new Security::Frontend(dispatcher->channel()));	70 frontend_.reset(new Security::Frontend(dispatcher->channel()));

70 Security::Dispatcher::wire(dispatcher, this);	71 Security::Dispatcher::wire(dispatcher, this);

71 }	72 }

72	73

73 void SecurityHandler::AttachToRenderFrameHost() {	74 void SecurityHandler::AttachToRenderFrameHost() {

(...skipping 55 matching lines...) Expand 10 before \| Expand all \| Expand 10 after Loading...
129 .Build();	130 .Build();

130	131

131 frontend_->SecurityStateChanged(	132 frontend_->SecurityStateChanged(

132 security_state,	133 security_state,

133 security_style_explanations.scheme_is_cryptographic,	134 security_style_explanations.scheme_is_cryptographic,

134 std::move(explanations),	135 std::move(explanations),

135 std::move(insecure_status),	136 std::move(insecure_status),

136 Maybe<std::string>(security_style_explanations.summary));	137 Maybe<std::string>(security_style_explanations.summary));

137 }	138 }

138	139

	140 bool SecurityHandler::NotifyCertificateError(CertErrorCallback handler) {

	141 if (!certificate_error_enabled_)

	142 return false;

	143 callbacks_[++last_cert_error_id_] = handler;

	144 frontend_->CertificateError(last_cert_error_id_);
	pfeldman 2017/02/08 18:24:00 You should report certificate errors whenever Secu You should report certificate errors whenever Security domain is enabled. Store handler conditionally instead. irisu 2017/02/14 05:46:14 Done. Show quoted text On 2017/02/08 18:24:00, pfeldman wrote: > You should report certificate errors whenever Security domain is enabled. Store > handler conditionally instead. Done.
	145 return true;

	146 }

	147

139 Response SecurityHandler::Enable() {	148 Response SecurityHandler::Enable() {

140 enabled_ = true;	149 enabled_ = true;

141 if (host_)	150 if (host_)

142 AttachToRenderFrameHost();	151 AttachToRenderFrameHost();

143	152

144 return Response::OK();	153 return Response::OK();

145 }	154 }

146	155

147 Response SecurityHandler::Disable() {	156 Response SecurityHandler::Disable() {
	pfeldman 2017/02/08 18:24:00 You should release all the handlers here with defa You should release all the handlers here with default values. irisu 2017/02/14 05:46:14 Done. Show quoted text On 2017/02/08 18:24:00, pfeldman wrote: > You should release all the handlers here with default values. Done.
148 enabled_ = false;	157 enabled_ = false;

149 WebContentsObserver::Observe(nullptr);	158 WebContentsObserver::Observe(nullptr);

150 return Response::OK();	159 return Response::OK();

151 }	160 }

152	161

153 Response SecurityHandler::ShowCertificateViewer() {	162 Response SecurityHandler::ShowCertificateViewer() {

154 if (!host_)	163 if (!host_)

155 return Response::InternalError();	164 return Response::InternalError();

156 WebContents* web_contents = WebContents::FromRenderFrameHost(host_);	165 WebContents* web_contents = WebContents::FromRenderFrameHost(host_);

157 scoped_refptr<net::X509Certificate> certificate =	166 scoped_refptr<net::X509Certificate> certificate =

158 web_contents->GetController().GetVisibleEntry()->GetSSL().certificate;	167 web_contents->GetController().GetVisibleEntry()->GetSSL().certificate;

159 if (!certificate)	168 if (!certificate)

160 return Response::Error("Could not find certificate");	169 return Response::Error("Could not find certificate");

161 web_contents->GetDelegate()->ShowCertificateViewerInDevTools(	170 web_contents->GetDelegate()->ShowCertificateViewerInDevTools(

162 web_contents, certificate);	171 web_contents, certificate);

163 return Response::OK();	172 return Response::OK();

164 }	173 }

165	174

	175 Response SecurityHandler::HandleCertificateError(int event_id,

	176 const String& action) {

	177 content::CertificateRequestResultType type =

	178 content::CERTIFICATE_REQUEST_RESULT_TYPE_DENY;

	179 Response response = Response::OK();

	180 if (action == "continue") {

	181 type = content::CERTIFICATE_REQUEST_RESULT_TYPE_CONTINUE;

	182 } else if (action == "cancel") {

	183 type = content::CERTIFICATE_REQUEST_RESULT_TYPE_CANCEL;

	184 } else if (action == "deny") {

	185 type = content::CERTIFICATE_REQUEST_RESULT_TYPE_DENY;

	186 } else {

	187 response =

	188 Response::Error(String("Unknown Certificate Error Action: " + action));

	189 }

	190 if (callbacks_.find(event_id) == callbacks_.end())
	Sami 2017/02/08 14:58:43 nit: add {} please nit: add {} please irisu 2017/02/14 05:46:14 Done. Show quoted text On 2017/02/08 14:58:43, Sami wrote: > nit: add {} please Done.
	191 return Response::Error(

	192 String("Unknown event id: " + std::to_string(event_id)));

	193 callbacks_[event_id].Run(type);

	194 callbacks_.erase(event_id);

	195 return response;

	196 }

	197

	198 Response SecurityHandler::EnableCertificateErrorHandling() {

	199 certificate_error_enabled_ = true;

	200 if (!enabled_) {
	Sami 2017/02/08 14:58:43 I think we should just require the user to also ca I think we should just require the user to also call Enable() instead doing it for them. pfeldman 2017/02/08 18:24:00 +1, you also need to provide a way to disable it. +1, you also need to provide a way to disable it. setOverrideCertificateErrors irisu 2017/02/14 05:46:14 Done. Show quoted text On 2017/02/08 18:24:00, pfeldman wrote: > +1, you also need to provide a way to disable it. setOverrideCertificateErrors Done.
	201 enabled_ = true;

	202 if (host_)

	203 AttachToRenderFrameHost();

	204 }

	205 return Response::OK();

	206 }

	207

166 } // namespace protocol	208 } // namespace protocol

167 } // namespace content	209 } // namespace content

OLD	NEW

« no previous file with comments | « content/browser/devtools/protocol/security_handler.h ('k') | content/browser/ssl/ssl_manager.cc » ('j') | content/browser/ssl/ssl_manager.cc » ('J')