OLD | NEW |
1 // Copyright 2014 The Chromium Authors. All rights reserved. | 1 // Copyright 2014 The Chromium Authors. All rights reserved. |
2 // Use of this source code is governed by a BSD-style license that can be | 2 // Use of this source code is governed by a BSD-style license that can be |
3 // found in the LICENSE file. | 3 // found in the LICENSE file. |
4 | 4 |
5 #include "chrome/browser/ssl/chrome_ssl_host_state_delegate.h" | 5 #include "chrome/browser/ssl/chrome_ssl_host_state_delegate.h" |
6 | 6 |
7 #include "base/base64.h" | 7 #include "base/base64.h" |
| 8 #include "base/bind.h" |
8 #include "base/command_line.h" | 9 #include "base/command_line.h" |
9 #include "base/logging.h" | 10 #include "base/logging.h" |
10 #include "base/metrics/field_trial.h" | 11 #include "base/metrics/field_trial.h" |
11 #include "base/strings/string_number_conversions.h" | 12 #include "base/strings/string_number_conversions.h" |
12 #include "base/time/clock.h" | 13 #include "base/time/clock.h" |
13 #include "base/time/default_clock.h" | 14 #include "base/time/default_clock.h" |
14 #include "base/time/time.h" | 15 #include "base/time/time.h" |
15 #include "chrome/browser/content_settings/host_content_settings_map.h" | 16 #include "chrome/browser/content_settings/host_content_settings_map.h" |
16 #include "chrome/browser/profiles/profile.h" | 17 #include "chrome/browser/profiles/profile.h" |
17 #include "chrome/common/chrome_switches.h" | 18 #include "chrome/common/chrome_switches.h" |
18 #include "components/content_settings/core/common/content_settings_types.h" | 19 #include "components/content_settings/core/common/content_settings_types.h" |
19 #include "components/variations/variations_associated_data.h" | 20 #include "components/variations/variations_associated_data.h" |
20 #include "net/base/hash_value.h" | 21 #include "net/base/hash_value.h" |
21 #include "net/cert/x509_certificate.h" | 22 #include "net/cert/x509_certificate.h" |
| 23 #include "net/http/http_transaction_factory.h" |
| 24 #include "net/url_request/url_request_context.h" |
| 25 #include "net/url_request/url_request_context_getter.h" |
22 #include "url/gurl.h" | 26 #include "url/gurl.h" |
23 | 27 |
24 namespace { | 28 namespace { |
25 | 29 |
26 // Switch value that specifies that certificate decisions should be forgotten at | 30 // Switch value that specifies that certificate decisions should be forgotten at |
27 // the end of the current session. | 31 // the end of the current session. |
28 const int64 kForgetAtSessionEndSwitchValue = -1; | 32 const int64 kForgetAtSessionEndSwitchValue = -1; |
29 | 33 |
30 // Experiment information | 34 // Experiment information |
31 const char kRememberCertificateErrorDecisionsFieldTrialName[] = | 35 const char kRememberCertificateErrorDecisionsFieldTrialName[] = |
32 "RememberCertificateErrorDecisions"; | 36 "RememberCertificateErrorDecisions"; |
33 const char kRememberCertificateErrorDecisionsFieldTrialDefaultGroup[] = | 37 const char kRememberCertificateErrorDecisionsFieldTrialDefaultGroup[] = |
34 "Default"; | 38 "Default"; |
35 const char kRememberCertificateErrorDecisionsFieldTrialLengthParam[] = "length"; | 39 const char kRememberCertificateErrorDecisionsFieldTrialLengthParam[] = "length"; |
36 | 40 |
37 // Keys for the per-site error + certificate finger to judgement content | 41 // Keys for the per-site error + certificate finger to judgement content |
38 // settings map. | 42 // settings map. |
39 const char kSSLCertDecisionCertErrorMapKey[] = "cert_exceptions_map"; | 43 const char kSSLCertDecisionCertErrorMapKey[] = "cert_exceptions_map"; |
40 const char kSSLCertDecisionExpirationTimeKey[] = "decision_expiration_time"; | 44 const char kSSLCertDecisionExpirationTimeKey[] = "decision_expiration_time"; |
41 const char kSSLCertDecisionVersionKey[] = "version"; | 45 const char kSSLCertDecisionVersionKey[] = "version"; |
42 | 46 |
43 const int kDefaultSSLCertDecisionVersion = 1; | 47 const int kDefaultSSLCertDecisionVersion = 1; |
44 | 48 |
| 49 // Closes all idle network connections for the given URLRequestContext. This is |
| 50 // a big hammer and should be wielded with extreme caution as it can have a big, |
| 51 // negative impact on network performance. In this case, it is used by |
| 52 // RevokeUserDecisionsHard, which should only be called by rare, user initiated |
| 53 // events. See the comment before RevokeUserDecisionsHard implementation for |
| 54 // more information. |
| 55 void CloseIdleConnections( |
| 56 scoped_refptr<net::URLRequestContextGetter> url_request_context_getter) { |
| 57 url_request_context_getter-> |
| 58 GetURLRequestContext()-> |
| 59 http_transaction_factory()-> |
| 60 GetSession()-> |
| 61 CloseIdleConnections(); |
| 62 } |
| 63 |
45 // All SSL decisions are per host (and are shared arcoss schemes), so this | 64 // All SSL decisions are per host (and are shared arcoss schemes), so this |
46 // canonicalizes all hosts into a secure scheme GURL to use with content | 65 // canonicalizes all hosts into a secure scheme GURL to use with content |
47 // settings. The returned GURL will be the passed in host with an empty path and | 66 // settings. The returned GURL will be the passed in host with an empty path and |
48 // https:// as the scheme. | 67 // https:// as the scheme. |
49 GURL GetSecureGURLForHost(const std::string& host) { | 68 GURL GetSecureGURLForHost(const std::string& host) { |
50 std::string url = "https://" + host; | 69 std::string url = "https://" + host; |
51 return GURL(url); | 70 return GURL(url); |
52 } | 71 } |
53 | 72 |
54 // This is a helper function that returns the length of time before a | 73 // This is a helper function that returns the length of time before a |
(...skipping 228 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
283 // If a policy decision was successfully retrieved and it's a valid value of | 302 // If a policy decision was successfully retrieved and it's a valid value of |
284 // ALLOWED or DENIED, return the valid value. Otherwise, return UNKNOWN. | 303 // ALLOWED or DENIED, return the valid value. Otherwise, return UNKNOWN. |
285 if (success && policy_decision == net::CertPolicy::Judgment::ALLOWED) | 304 if (success && policy_decision == net::CertPolicy::Judgment::ALLOWED) |
286 return net::CertPolicy::Judgment::ALLOWED; | 305 return net::CertPolicy::Judgment::ALLOWED; |
287 else if (success && policy_decision == net::CertPolicy::Judgment::DENIED) | 306 else if (success && policy_decision == net::CertPolicy::Judgment::DENIED) |
288 return net::CertPolicy::Judgment::DENIED; | 307 return net::CertPolicy::Judgment::DENIED; |
289 | 308 |
290 return net::CertPolicy::Judgment::UNKNOWN; | 309 return net::CertPolicy::Judgment::UNKNOWN; |
291 } | 310 } |
292 | 311 |
293 void ChromeSSLHostStateDelegate::RevokeAllowAndDenyPreferences( | 312 void ChromeSSLHostStateDelegate::RevokeUserDecisions(const std::string& host) { |
294 const std::string& host) { | |
295 GURL url = GetSecureGURLForHost(host); | 313 GURL url = GetSecureGURLForHost(host); |
296 const ContentSettingsPattern pattern = | 314 const ContentSettingsPattern pattern = |
297 ContentSettingsPattern::FromURLNoWildcard(url); | 315 ContentSettingsPattern::FromURLNoWildcard(url); |
298 HostContentSettingsMap* map = profile_->GetHostContentSettingsMap(); | 316 HostContentSettingsMap* map = profile_->GetHostContentSettingsMap(); |
299 | 317 |
300 map->SetWebsiteSetting(pattern, | 318 map->SetWebsiteSetting(pattern, |
301 pattern, | 319 pattern, |
302 CONTENT_SETTINGS_TYPE_SSL_CERT_DECISIONS, | 320 CONTENT_SETTINGS_TYPE_SSL_CERT_DECISIONS, |
303 std::string(), | 321 std::string(), |
304 NULL); | 322 NULL); |
305 } | 323 } |
306 | 324 |
307 bool ChromeSSLHostStateDelegate::HasAllowedOrDeniedCert( | 325 // TODO(jww): This will revoke all of the decisions in the browser context. |
| 326 // However, the networking stack actually keeps track of its own list of |
| 327 // exceptions per-HttpNetworkTransaction in the SSLConfig structure (see the |
| 328 // allowed_bad_certs Vector in net/ssl/ssl_config.h). This dual-tracking of |
| 329 // exceptions introduces a problem where the browser context can revoke a |
| 330 // certificate, but if a transaction reuses a cached version of the SSLConfig |
| 331 // (probably from a pooled socket), it may bypass the intestitial layer. |
| 332 // |
| 333 // Over time, the cached versions should expire and it should converge on |
| 334 // showing the interstitial. We probably need to introduce into the networking |
| 335 // stack a way revoke SSLConfig's allowed_bad_certs lists per socket. |
| 336 // |
| 337 // For now, RevokeUserDecisionsHard is our solution for the rare case where it |
| 338 // is necessary to revoke the preferences immediately. It does so by flushing |
| 339 // idle sockets. |
| 340 void ChromeSSLHostStateDelegate::RevokeUserDecisionsHard( |
308 const std::string& host) { | 341 const std::string& host) { |
| 342 RevokeUserDecisions(host); |
| 343 scoped_refptr<net::URLRequestContextGetter> getter( |
| 344 profile_->GetRequestContext()); |
| 345 profile_->GetRequestContext()->GetNetworkTaskRunner()->PostTask( |
| 346 FROM_HERE, base::Bind(&CloseIdleConnections, getter)); |
| 347 } |
| 348 |
| 349 bool ChromeSSLHostStateDelegate::HasUserDecision(const std::string& host) { |
309 GURL url = GetSecureGURLForHost(host); | 350 GURL url = GetSecureGURLForHost(host); |
310 const ContentSettingsPattern pattern = | 351 const ContentSettingsPattern pattern = |
311 ContentSettingsPattern::FromURLNoWildcard(url); | 352 ContentSettingsPattern::FromURLNoWildcard(url); |
312 HostContentSettingsMap* map = profile_->GetHostContentSettingsMap(); | 353 HostContentSettingsMap* map = profile_->GetHostContentSettingsMap(); |
313 | 354 |
314 scoped_ptr<base::Value> value(map->GetWebsiteSetting( | 355 scoped_ptr<base::Value> value(map->GetWebsiteSetting( |
315 url, url, CONTENT_SETTINGS_TYPE_SSL_CERT_DECISIONS, std::string(), NULL)); | 356 url, url, CONTENT_SETTINGS_TYPE_SSL_CERT_DECISIONS, std::string(), NULL)); |
316 | 357 |
317 if (!value.get() || !value->IsType(base::Value::TYPE_DICTIONARY)) | 358 if (!value.get() || !value->IsType(base::Value::TYPE_DICTIONARY)) |
318 return false; | 359 return false; |
319 | 360 |
320 base::DictionaryValue* dict; // Owned by value | 361 base::DictionaryValue* dict; // Owned by value |
321 bool success = value->GetAsDictionary(&dict); | 362 bool success = value->GetAsDictionary(&dict); |
322 DCHECK(success); | 363 DCHECK(success); |
323 | 364 |
324 for (base::DictionaryValue::Iterator it(*dict); !it.IsAtEnd(); it.Advance()) { | 365 for (base::DictionaryValue::Iterator it(*dict); !it.IsAtEnd(); it.Advance()) { |
325 int policy_decision; // Owned by dict | 366 int policy_decision; // Owned by dict |
326 success = it.value().GetAsInteger(&policy_decision); | 367 success = it.value().GetAsInteger(&policy_decision); |
327 if (success && (static_cast<net::CertPolicy::Judgment>(policy_decision) != | 368 if (success && (static_cast<net::CertPolicy::Judgment>(policy_decision) != |
328 net::CertPolicy::UNKNOWN)) | 369 net::CertPolicy::UNKNOWN)) |
329 return true; | 370 return true; |
330 } | 371 } |
331 | 372 |
332 return false; | 373 return false; |
333 } | 374 } |
334 | 375 |
| 376 void ChromeSSLHostStateDelegate::HostRanInsecureContent(const std::string& host, |
| 377 int pid) { |
| 378 ran_insecure_content_hosts_.insert(BrokenHostEntry(host, pid)); |
| 379 } |
| 380 |
| 381 bool ChromeSSLHostStateDelegate::DidHostRunInsecureContent( |
| 382 const std::string& host, |
| 383 int pid) const { |
| 384 return !!ran_insecure_content_hosts_.count(BrokenHostEntry(host, pid)); |
| 385 } |
335 void ChromeSSLHostStateDelegate::SetClock(scoped_ptr<base::Clock> clock) { | 386 void ChromeSSLHostStateDelegate::SetClock(scoped_ptr<base::Clock> clock) { |
336 clock_.reset(clock.release()); | 387 clock_.reset(clock.release()); |
337 } | 388 } |
338 | 389 |
339 void ChromeSSLHostStateDelegate::ChangeCertPolicy( | 390 void ChromeSSLHostStateDelegate::ChangeCertPolicy( |
340 const std::string& host, | 391 const std::string& host, |
341 net::X509Certificate* cert, | 392 net::X509Certificate* cert, |
342 net::CertStatus error, | 393 net::CertStatus error, |
343 net::CertPolicy::Judgment judgment) { | 394 net::CertPolicy::Judgment judgment) { |
344 GURL url = GetSecureGURLForHost(host); | 395 GURL url = GetSecureGURLForHost(host); |
(...skipping 23 matching lines...) Expand all Loading... |
368 cert_dict->SetIntegerWithoutPathExpansion(GetKey(cert, error), judgment); | 419 cert_dict->SetIntegerWithoutPathExpansion(GetKey(cert, error), judgment); |
369 | 420 |
370 // The map takes ownership of the value, so it is released in the call to | 421 // The map takes ownership of the value, so it is released in the call to |
371 // SetWebsiteSetting. | 422 // SetWebsiteSetting. |
372 map->SetWebsiteSetting(pattern, | 423 map->SetWebsiteSetting(pattern, |
373 pattern, | 424 pattern, |
374 CONTENT_SETTINGS_TYPE_SSL_CERT_DECISIONS, | 425 CONTENT_SETTINGS_TYPE_SSL_CERT_DECISIONS, |
375 std::string(), | 426 std::string(), |
376 value.release()); | 427 value.release()); |
377 } | 428 } |
OLD | NEW |