search:
summary | log | graphiclog1 | graphiclog2 | commit | commitdiff | tree | refs | edit | fork
blame | history | raw | HEAD
Rename Animate as Begin(Main)Frame
[chromium-blink-merge.git] / content / browser / ssl / ssl_manager.cc
blobdcae75e97fc740ccd7157d499078eb9e2037bb9a
1 // Copyright (c) 2012 The Chromium Authors. All rights reserved.
2 // Use of this source code is governed by a BSD-style license that can be
3 // found in the LICENSE file.
4
5 #include "content/browser/ssl/ssl_manager.h"
6
7 #include <set>
8
9 #include "base/bind.h"
10 #include "base/strings/utf_string_conversions.h"
11 #include "base/supports_user_data.h"
12 #include "content/browser/frame_host/navigation_entry_impl.h"
13 #include "content/browser/loader/resource_dispatcher_host_impl.h"
14 #include "content/browser/loader/resource_request_info_impl.h"
15 #include "content/browser/ssl/ssl_cert_error_handler.h"
16 #include "content/browser/ssl/ssl_policy.h"
17 #include "content/browser/ssl/ssl_request_info.h"
18 #include "content/browser/web_contents/web_contents_impl.h"
19 #include "content/common/ssl_status_serialization.h"
20 #include "content/public/browser/browser_context.h"
21 #include "content/public/browser/browser_thread.h"
22 #include "content/public/browser/load_from_memory_cache_details.h"
23 #include "content/public/browser/navigation_details.h"
24 #include "content/public/browser/resource_request_details.h"
25 #include "content/public/common/ssl_status.h"
26 #include "net/url_request/url_request.h"
27
28 namespace content {
29
30 namespace {
31
32 const char kSSLManagerKeyName[] = "content_ssl_manager";
33
34 class SSLManagerSet : public base::SupportsUserData::Data {
35 public:
36 SSLManagerSet() {
37 }
38
39 std::set<SSLManager*>& get() { return set_; }
40
41 private:
42 std::set<SSLManager*> set_;
43
44 DISALLOW_COPY_AND_ASSIGN(SSLManagerSet);
45 };
46
47 } // namespace
48
49 // static
50 void SSLManager::OnSSLCertificateError(
51 const base::WeakPtr<SSLErrorHandler::Delegate>& delegate,
52 const GlobalRequestID& id,
53 const ResourceType resource_type,
54 const GURL& url,
55 int render_process_id,
56 int render_frame_id,
57 const net::SSLInfo& ssl_info,
58 bool fatal) {
59 DCHECK(delegate.get());
60 DVLOG(1) << "OnSSLCertificateError() cert_error: "
61 << net::MapCertStatusToNetError(ssl_info.cert_status) << " id: "
62 << id.child_id << "," << id.request_id << " resource_type: "
63 << resource_type << " url: " << url.spec() << " render_process_id: "
64 << render_process_id << " render_frame_id: " << render_frame_id
65 << " cert_status: " << std::hex << ssl_info.cert_status;
66
67 // A certificate error occurred. Construct a SSLCertErrorHandler object and
68 // hand it over to the UI thread for processing.
69 BrowserThread::PostTask(
70 BrowserThread::UI, FROM_HERE,
71 base::Bind(&SSLCertErrorHandler::Dispatch,
72 new SSLCertErrorHandler(delegate,
73 id,
74 resource_type,
75 url,
76 render_process_id,
77 render_frame_id,
78 ssl_info,
79 fatal)));
80 }
81
82 // static
83 void SSLManager::NotifySSLInternalStateChanged(BrowserContext* context) {
84 SSLManagerSet* managers = static_cast<SSLManagerSet*>(
85 context->GetUserData(kSSLManagerKeyName));
86
87 for (std::set<SSLManager*>::iterator i = managers->get().begin();
88 i != managers->get().end(); ++i) {
89 (*i)->UpdateEntry(NavigationEntryImpl::FromNavigationEntry(
90 (*i)->controller()->GetLastCommittedEntry()));
91 }
92 }
93
94 SSLManager::SSLManager(NavigationControllerImpl* controller)
95 : backend_(controller),
96 policy_(new SSLPolicy(&backend_)),
97 controller_(controller) {
98 DCHECK(controller_);
99
100 SSLManagerSet* managers = static_cast<SSLManagerSet*>(
101 controller_->GetBrowserContext()->GetUserData(kSSLManagerKeyName));
102 if (!managers) {
103 managers = new SSLManagerSet;
104 controller_->GetBrowserContext()->SetUserData(kSSLManagerKeyName, managers);
105 }
106 managers->get().insert(this);
107 }
108
109 SSLManager::~SSLManager() {
110 SSLManagerSet* managers = static_cast<SSLManagerSet*>(
111 controller_->GetBrowserContext()->GetUserData(kSSLManagerKeyName));
112 managers->get().erase(this);
113 }
114
115 void SSLManager::DidCommitProvisionalLoad(const LoadCommittedDetails& details) {
116 NavigationEntryImpl* entry =
117 NavigationEntryImpl::FromNavigationEntry(
118 controller_->GetLastCommittedEntry());
119
120 if (details.is_main_frame) {
121 if (entry) {
122 // Decode the security details.
123 int ssl_cert_id;
124 net::CertStatus ssl_cert_status;
125 int ssl_security_bits;
126 int ssl_connection_status;
127 SignedCertificateTimestampIDStatusList
128 ssl_signed_certificate_timestamp_ids;
129 DeserializeSecurityInfo(details.serialized_security_info,
130 &ssl_cert_id,
131 &ssl_cert_status,
132 &ssl_security_bits,
133 &ssl_connection_status,
134 &ssl_signed_certificate_timestamp_ids);
135
136 // We may not have an entry if this is a navigation to an initial blank
137 // page. Reset the SSL information and add the new data we have.
138 entry->GetSSL() = SSLStatus();
139 entry->GetSSL().cert_id = ssl_cert_id;
140 entry->GetSSL().cert_status = ssl_cert_status;
141 entry->GetSSL().security_bits = ssl_security_bits;
142 entry->GetSSL().connection_status = ssl_connection_status;
143 entry->GetSSL().signed_certificate_timestamp_ids =
144 ssl_signed_certificate_timestamp_ids;
145 }
146 }
147
148 UpdateEntry(entry);
149 }
150
151 void SSLManager::DidDisplayInsecureContent() {
152 UpdateEntry(
153 NavigationEntryImpl::FromNavigationEntry(
154 controller_->GetLastCommittedEntry()));
155 }
156
157 void SSLManager::DidRunInsecureContent(const std::string& security_origin) {
158 NavigationEntryImpl* navigation_entry =
159 NavigationEntryImpl::FromNavigationEntry(
160 controller_->GetLastCommittedEntry());
161 policy()->DidRunInsecureContent(navigation_entry, security_origin);
162 UpdateEntry(navigation_entry);
163 }
164
165 void SSLManager::DidLoadFromMemoryCache(
166 const LoadFromMemoryCacheDetails& details) {
167 // Simulate loading this resource through the usual path.
168 // Note that we specify SUB_RESOURCE as the resource type as WebCore only
169 // caches sub-resources.
170 // This resource must have been loaded with no filtering because filtered
171 // resouces aren't cachable.
172 scoped_refptr<SSLRequestInfo> info(new SSLRequestInfo(
173 details.url,
174 RESOURCE_TYPE_SUB_RESOURCE,
175 details.pid,
176 details.cert_id,
177 details.cert_status));
178
179 // Simulate loading this resource through the usual path.
180 policy()->OnRequestStarted(info.get());
181 }
182
183 void SSLManager::DidStartResourceResponse(
184 const ResourceRequestDetails& details) {
185 scoped_refptr<SSLRequestInfo> info(new SSLRequestInfo(
186 details.url,
187 details.resource_type,
188 details.origin_child_id,
189 details.ssl_cert_id,
190 details.ssl_cert_status));
191
192 // Notify our policy that we started a resource request. Ideally, the
193 // policy should have the ability to cancel the request, but we can't do
194 // that yet.
195 policy()->OnRequestStarted(info.get());
196 }
197
198 void SSLManager::DidReceiveResourceRedirect(
199 const ResourceRedirectDetails& details) {
200 // TODO(abarth): Make sure our redirect behavior is correct. If we ever see a
201 // non-HTTPS resource in the redirect chain, we want to trigger
202 // insecure content, even if the redirect chain goes back to
203 // HTTPS. This is because the network attacker can redirect the
204 // HTTP request to https://attacker.com/payload.js.
205 }
206
207 void SSLManager::UpdateEntry(NavigationEntryImpl* entry) {
208 // We don't always have a navigation entry to update, for example in the
209 // case of the Web Inspector.
210 if (!entry)
211 return;
212
213 SSLStatus original_ssl_status = entry->GetSSL(); // Copy!
214
215 WebContentsImpl* contents =
216 static_cast<WebContentsImpl*>(controller_->delegate()->GetWebContents());
217 policy()->UpdateEntry(entry, contents);
218
219 if (!entry->GetSSL().Equals(original_ssl_status))
220 contents->DidChangeVisibleSSLState();
221 }
222
223 } // namespace content