| OLD | NEW |
|---|
| 1 // Copyright (c) 2010 The Chromium Authors. All rights reserved. | 1 // Copyright (c) 2010 The Chromium Authors. All rights reserved. |
| 2 // Use of this source code is governed by a BSD-style license that can be | 2 // Use of this source code is governed by a BSD-style license that can be |
| 3 // found in the LICENSE file. | 3 // found in the LICENSE file. |
| 4 | 4 |
| 5 #include "chrome/browser/ssl/ssl_manager.h" | 5 #include "chrome/browser/ssl/ssl_manager.h" |
| 6 | 6 |
| 7 #include "base/utf_string_conversions.h" | 7 #include "base/utf_string_conversions.h" |
| 8 #include "chrome/browser/browser_thread.h" | 8 #include "chrome/browser/browser_thread.h" |
| 9 #include "chrome/browser/load_from_memory_cache_details.h" | 9 #include "chrome/browser/load_from_memory_cache_details.h" |
| 10 #include "chrome/browser/net/url_request_tracking.h" | 10 #include "chrome/browser/net/url_request_tracking.h" |
| (...skipping 43 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 54 NotificationService::current()->Notify( | 54 NotificationService::current()->Notify( |
| 55 NotificationType::SSL_INTERNAL_STATE_CHANGED, | 55 NotificationType::SSL_INTERNAL_STATE_CHANGED, |
| 56 NotificationService::AllSources(), | 56 NotificationService::AllSources(), |
| 57 NotificationService::NoDetails()); | 57 NotificationService::NoDetails()); |
| 58 } | 58 } |
| 59 | 59 |
| 60 // static | 60 // static |
| 61 std::string SSLManager::SerializeSecurityInfo(int cert_id, | 61 std::string SSLManager::SerializeSecurityInfo(int cert_id, |
| 62 int cert_status, | 62 int cert_status, |
| 63 int security_bits, | 63 int security_bits, |
| 64 int ssl_connection_status) { | 64 int ssl_connection_status, |
| 65 string16 tls_username) { |
| 65 Pickle pickle; | 66 Pickle pickle; |
| 66 pickle.WriteInt(cert_id); | 67 pickle.WriteInt(cert_id); |
| 67 pickle.WriteInt(cert_status); | 68 pickle.WriteInt(cert_status); |
| 68 pickle.WriteInt(security_bits); | 69 pickle.WriteInt(security_bits); |
| 69 pickle.WriteInt(ssl_connection_status); | 70 pickle.WriteInt(ssl_connection_status); |
| 71 pickle.WriteString16(tls_username); |
| 70 return std::string(static_cast<const char*>(pickle.data()), pickle.size()); | 72 return std::string(static_cast<const char*>(pickle.data()), pickle.size()); |
| 71 } | 73 } |
| 72 | 74 |
| 73 // static | 75 // static |
| 74 bool SSLManager::DeserializeSecurityInfo(const std::string& state, | 76 bool SSLManager::DeserializeSecurityInfo(const std::string& state, |
| 75 int* cert_id, | 77 int* cert_id, |
| 76 int* cert_status, | 78 int* cert_status, |
| 77 int* security_bits, | 79 int* security_bits, |
| 78 int* ssl_connection_status) { | 80 int* ssl_connection_status, |
| 79 DCHECK(cert_id && cert_status && security_bits && ssl_connection_status); | 81 string16* tls_username) { |
| 82 DCHECK(cert_id && cert_status && security_bits && ssl_connection_status && |
| 83 tls_username); |
| 80 if (state.empty()) { | 84 if (state.empty()) { |
| 81 // No SSL used. | 85 // No SSL used. |
| 82 *cert_id = 0; | 86 *cert_id = 0; |
| 83 // The following are not applicable and are set to the default values. | 87 // The following are not applicable and are set to the default values. |
| 84 *cert_status = 0; | 88 *cert_status = 0; |
| 85 *security_bits = -1; | 89 *security_bits = -1; |
| 86 *ssl_connection_status = 0; | 90 *ssl_connection_status = 0; |
| 91 tls_username->clear(); |
| 87 return false; | 92 return false; |
| 88 } | 93 } |
| 89 | 94 |
| 90 Pickle pickle(state.data(), static_cast<int>(state.size())); | 95 Pickle pickle(state.data(), static_cast<int>(state.size())); |
| 91 void * iter = NULL; | 96 void * iter = NULL; |
| 92 return pickle.ReadInt(&iter, cert_id) && | 97 return pickle.ReadInt(&iter, cert_id) && |
| 93 pickle.ReadInt(&iter, cert_status) && | 98 pickle.ReadInt(&iter, cert_status) && |
| 94 pickle.ReadInt(&iter, security_bits) && | 99 pickle.ReadInt(&iter, security_bits) && |
| 95 pickle.ReadInt(&iter, ssl_connection_status); | 100 pickle.ReadInt(&iter, ssl_connection_status) && |
| 101 pickle.ReadString16(&iter, tls_username); |
| 96 } | 102 } |
| 97 | 103 |
| 98 // static | 104 // static |
| 99 string16 SSLManager::GetEVCertName(const net::X509Certificate& cert) { | 105 string16 SSLManager::GetEVCertName(const net::X509Certificate& cert) { |
| 100 // EV are required to have an organization name and country. | 106 // EV are required to have an organization name and country. |
| 101 if (cert.subject().organization_names.empty() || | 107 if (cert.subject().organization_names.empty() || |
| 102 cert.subject().country_name.empty()) { | 108 cert.subject().country_name.empty()) { |
| 103 NOTREACHED(); | 109 NOTREACHED(); |
| 104 return string16(); | 110 return string16(); |
| 105 } | 111 } |
| (...skipping 31 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 137 NavigationController::LoadCommittedDetails* details = | 143 NavigationController::LoadCommittedDetails* details = |
| 138 Details<NavigationController::LoadCommittedDetails>(in_details).ptr(); | 144 Details<NavigationController::LoadCommittedDetails>(in_details).ptr(); |
| 139 | 145 |
| 140 NavigationEntry* entry = controller_->GetActiveEntry(); | 146 NavigationEntry* entry = controller_->GetActiveEntry(); |
| 141 | 147 |
| 142 if (details->is_main_frame) { | 148 if (details->is_main_frame) { |
| 143 if (entry) { | 149 if (entry) { |
| 144 // Decode the security details. | 150 // Decode the security details. |
| 145 int ssl_cert_id, ssl_cert_status, ssl_security_bits, | 151 int ssl_cert_id, ssl_cert_status, ssl_security_bits, |
| 146 ssl_connection_status; | 152 ssl_connection_status; |
| 153 string16 tls_username; |
| 147 DeserializeSecurityInfo(details->serialized_security_info, | 154 DeserializeSecurityInfo(details->serialized_security_info, |
| 148 &ssl_cert_id, | 155 &ssl_cert_id, |
| 149 &ssl_cert_status, | 156 &ssl_cert_status, |
| 150 &ssl_security_bits, | 157 &ssl_security_bits, |
| 151 &ssl_connection_status); | 158 &ssl_connection_status, |
| 159 &tls_username); |
| 152 | 160 |
| 153 // We may not have an entry if this is a navigation to an initial blank | 161 // We may not have an entry if this is a navigation to an initial blank |
| 154 // page. Reset the SSL information and add the new data we have. | 162 // page. Reset the SSL information and add the new data we have. |
| 155 entry->ssl() = NavigationEntry::SSLStatus(); | 163 entry->ssl() = NavigationEntry::SSLStatus(); |
| 156 entry->ssl().set_cert_id(ssl_cert_id); | 164 entry->ssl().set_cert_id(ssl_cert_id); |
| 157 entry->ssl().set_cert_status(ssl_cert_status); | 165 entry->ssl().set_cert_status(ssl_cert_status); |
| 158 entry->ssl().set_security_bits(ssl_security_bits); | 166 entry->ssl().set_security_bits(ssl_security_bits); |
| 159 entry->ssl().set_connection_status(ssl_connection_status); | 167 entry->ssl().set_connection_status(ssl_connection_status); |
| 168 entry->ssl().set_tls_username(tls_username); |
| 160 } | 169 } |
| 161 } | 170 } |
| 162 | 171 |
| 163 UpdateEntry(entry); | 172 UpdateEntry(entry); |
| 164 } | 173 } |
| 165 | 174 |
| 166 void SSLManager::DidRunInsecureContent(const std::string& security_origin) { | 175 void SSLManager::DidRunInsecureContent(const std::string& security_origin) { |
| 167 policy()->DidRunInsecureContent(controller_->GetActiveEntry(), | 176 policy()->DidRunInsecureContent(controller_->GetActiveEntry(), |
| 168 security_origin); | 177 security_origin); |
| 169 } | 178 } |
| (...skipping 41 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 211 // caches sub-resources. | 220 // caches sub-resources. |
| 212 // This resource must have been loaded with no filtering because filtered | 221 // This resource must have been loaded with no filtering because filtered |
| 213 // resouces aren't cachable. | 222 // resouces aren't cachable. |
| 214 scoped_refptr<SSLRequestInfo> info(new SSLRequestInfo( | 223 scoped_refptr<SSLRequestInfo> info(new SSLRequestInfo( |
| 215 details->url(), | 224 details->url(), |
| 216 ResourceType::SUB_RESOURCE, | 225 ResourceType::SUB_RESOURCE, |
| 217 details->frame_origin(), | 226 details->frame_origin(), |
| 218 details->main_frame_origin(), | 227 details->main_frame_origin(), |
| 219 details->pid(), | 228 details->pid(), |
| 220 details->ssl_cert_id(), | 229 details->ssl_cert_id(), |
| 221 details->ssl_cert_status())); | 230 details->ssl_cert_status(), |
| 231 details->tls_username())); |
| 222 | 232 |
| 223 // Simulate loading this resource through the usual path. | 233 // Simulate loading this resource through the usual path. |
| 224 policy()->OnRequestStarted(info.get()); | 234 policy()->OnRequestStarted(info.get()); |
| 225 } | 235 } |
| 226 | 236 |
| 227 void SSLManager::DidStartResourceResponse(ResourceRequestDetails* details) { | 237 void SSLManager::DidStartResourceResponse(ResourceRequestDetails* details) { |
| 228 scoped_refptr<SSLRequestInfo> info(new SSLRequestInfo( | 238 scoped_refptr<SSLRequestInfo> info(new SSLRequestInfo( |
| 229 details->url(), | 239 details->url(), |
| 230 details->resource_type(), | 240 details->resource_type(), |
| 231 details->frame_origin(), | 241 details->frame_origin(), |
| 232 details->main_frame_origin(), | 242 details->main_frame_origin(), |
| 233 details->origin_child_id(), | 243 details->origin_child_id(), |
| 234 details->ssl_cert_id(), | 244 details->ssl_cert_id(), |
| 235 details->ssl_cert_status())); | 245 details->ssl_cert_status(), |
| 246 details->tls_username())); |
| 236 | 247 |
| 237 // Notify our policy that we started a resource request. Ideally, the | 248 // Notify our policy that we started a resource request. Ideally, the |
| 238 // policy should have the ability to cancel the request, but we can't do | 249 // policy should have the ability to cancel the request, but we can't do |
| 239 // that yet. | 250 // that yet. |
| 240 policy()->OnRequestStarted(info.get()); | 251 policy()->OnRequestStarted(info.get()); |
| 241 } | 252 } |
| 242 | 253 |
| 243 void SSLManager::DidReceiveResourceRedirect(ResourceRedirectDetails* details) { | 254 void SSLManager::DidReceiveResourceRedirect(ResourceRedirectDetails* details) { |
| 244 // TODO(abarth): Make sure our redirect behavior is correct. If we ever see a | 255 // TODO(abarth): Make sure our redirect behavior is correct. If we ever see a |
| 245 // non-HTTPS resource in the redirect chain, we want to trigger | 256 // non-HTTPS resource in the redirect chain, we want to trigger |
| (...skipping 16 matching lines...) Expand all Loading... |
| 262 | 273 |
| 263 policy()->UpdateEntry(entry, controller_->tab_contents()); | 274 policy()->UpdateEntry(entry, controller_->tab_contents()); |
| 264 | 275 |
| 265 if (!entry->ssl().Equals(original_ssl_status)) { | 276 if (!entry->ssl().Equals(original_ssl_status)) { |
| 266 NotificationService::current()->Notify( | 277 NotificationService::current()->Notify( |
| 267 NotificationType::SSL_VISIBLE_STATE_CHANGED, | 278 NotificationType::SSL_VISIBLE_STATE_CHANGED, |
| 268 Source<NavigationController>(controller_), | 279 Source<NavigationController>(controller_), |
| 269 NotificationService::NoDetails()); | 280 NotificationService::NoDetails()); |
| 270 } | 281 } |
| 271 } | 282 } |
| OLD | NEW |
|---|
Chromium Code Reviews
Issue 6804032:
Add TLS-SRP (RFC 5054) support
Base URL: http://git.chromium.org/git/chromium.git@trunk