search:
summary | log | graphiclog1 | graphiclog2 | commit | commitdiff | tree | refs | edit | fork
blame | history | raw | HEAD
Rename Animate as Begin(Main)Frame
[chromium-blink-merge.git] / content / browser / ssl / ssl_policy.cc
blob18fdde4dfe2bf9823e716ae01e48db73f1641fb8
1 // Copyright (c) 2012 The Chromium Authors. All rights reserved.
2 // Use of this source code is governed by a BSD-style license that can be
3 // found in the LICENSE file.
4
5 #include "content/browser/ssl/ssl_policy.h"
6
7 #include "base/base_switches.h"
8 #include "base/bind.h"
9 #include "base/command_line.h"
10 #include "base/memory/singleton.h"
11 #include "base/strings/string_piece.h"
12 #include "base/strings/string_util.h"
13 #include "content/browser/frame_host/navigation_entry_impl.h"
14 #include "content/browser/renderer_host/render_process_host_impl.h"
15 #include "content/browser/renderer_host/render_view_host_impl.h"
16 #include "content/browser/site_instance_impl.h"
17 #include "content/browser/ssl/ssl_cert_error_handler.h"
18 #include "content/browser/ssl/ssl_request_info.h"
19 #include "content/browser/web_contents/web_contents_impl.h"
20 #include "content/public/browser/content_browser_client.h"
21 #include "content/public/common/resource_type.h"
22 #include "content/public/common/ssl_status.h"
23 #include "content/public/common/url_constants.h"
24 #include "net/ssl/ssl_info.h"
25
26
27 namespace content {
28
29 SSLPolicy::SSLPolicy(SSLPolicyBackend* backend)
30 : backend_(backend) {
31 DCHECK(backend_);
32 }
33
34 void SSLPolicy::OnCertError(SSLCertErrorHandler* handler) {
35 bool expired_previous_decision;
36 // First we check if we know the policy for this error.
37 net::CertPolicy::Judgment judgment =
38 backend_->QueryPolicy(handler->ssl_info().cert.get(),
39 handler->request_url().host(),
40 handler->cert_error(),
41 &expired_previous_decision);
42
43 if (judgment == net::CertPolicy::ALLOWED) {
44 handler->ContinueRequest();
45 return;
46 }
47
48 // The judgment is either DENIED or UNKNOWN.
49 // For now we handle the DENIED as the UNKNOWN, which means a blocking
50 // page is shown to the user every time he comes back to the page.
51
52 int options_mask = 0;
53 switch (handler->cert_error()) {
54 case net::ERR_CERT_COMMON_NAME_INVALID:
55 case net::ERR_CERT_DATE_INVALID:
56 case net::ERR_CERT_AUTHORITY_INVALID:
57 case net::ERR_CERT_WEAK_SIGNATURE_ALGORITHM:
58 case net::ERR_CERT_WEAK_KEY:
59 case net::ERR_CERT_NAME_CONSTRAINT_VIOLATION:
60 if (!handler->fatal())
61 options_mask |= OVERRIDABLE;
62 else
63 options_mask |= STRICT_ENFORCEMENT;
64 if (expired_previous_decision)
65 options_mask |= EXPIRED_PREVIOUS_DECISION;
66 OnCertErrorInternal(handler, options_mask);
67 break;
68 case net::ERR_CERT_NO_REVOCATION_MECHANISM:
69 // Ignore this error.
70 handler->ContinueRequest();
71 break;
72 case net::ERR_CERT_UNABLE_TO_CHECK_REVOCATION:
73 // We ignore this error but will show a warning status in the location
74 // bar.
75 handler->ContinueRequest();
76 break;
77 case net::ERR_CERT_CONTAINS_ERRORS:
78 case net::ERR_CERT_REVOKED:
79 case net::ERR_CERT_INVALID:
80 case net::ERR_SSL_WEAK_SERVER_EPHEMERAL_DH_KEY:
81 case net::ERR_SSL_PINNED_KEY_NOT_IN_CERT_CHAIN:
82 if (handler->fatal())
83 options_mask |= STRICT_ENFORCEMENT;
84 if (expired_previous_decision)
85 options_mask |= EXPIRED_PREVIOUS_DECISION;
86 OnCertErrorInternal(handler, options_mask);
87 break;
88 default:
89 NOTREACHED();
90 handler->CancelRequest();
91 break;
92 }
93 }
94
95 void SSLPolicy::DidRunInsecureContent(NavigationEntryImpl* entry,
96 const std::string& security_origin) {
97 if (!entry)
98 return;
99
100 SiteInstance* site_instance = entry->site_instance();
101 if (!site_instance)
102 return;
103
104 backend_->HostRanInsecureContent(GURL(security_origin).host(),
105 site_instance->GetProcess()->GetID());
106 }
107
108 void SSLPolicy::OnRequestStarted(SSLRequestInfo* info) {
109 // TODO(abarth): This mechanism is wrong. What we should be doing is sending
110 // this information back through WebKit and out some FrameLoaderClient
111 // methods.
112
113 if (net::IsCertStatusError(info->ssl_cert_status()))
114 backend_->HostRanInsecureContent(info->url().host(), info->child_id());
115 }
116
117 void SSLPolicy::UpdateEntry(NavigationEntryImpl* entry,
118 WebContentsImpl* web_contents) {
119 DCHECK(entry);
120
121 InitializeEntryIfNeeded(entry);
122
123 if (!entry->GetURL().SchemeIsSecure())
124 return;
125
126 if (!web_contents->DisplayedInsecureContent())
127 entry->GetSSL().content_status &= ~SSLStatus::DISPLAYED_INSECURE_CONTENT;
128
129 // An HTTPS response may not have a certificate for some reason. When that
130 // happens, use the unauthenticated (HTTP) rather than the authentication
131 // broken security style so that we can detect this error condition.
132 if (!entry->GetSSL().cert_id) {
133 entry->GetSSL().security_style = SECURITY_STYLE_UNAUTHENTICATED;
134 return;
135 }
136
137 if (web_contents->DisplayedInsecureContent())
138 entry->GetSSL().content_status |= SSLStatus::DISPLAYED_INSECURE_CONTENT;
139
140 if (net::IsCertStatusError(entry->GetSSL().cert_status)) {
141 // Minor errors don't lower the security style to
142 // SECURITY_STYLE_AUTHENTICATION_BROKEN.
143 if (!net::IsCertStatusMinorError(entry->GetSSL().cert_status)) {
144 entry->GetSSL().security_style =
145 SECURITY_STYLE_AUTHENTICATION_BROKEN;
146 }
147 return;
148 }
149
150 SiteInstance* site_instance = entry->site_instance();
151 // Note that |site_instance| can be NULL here because NavigationEntries don't
152 // necessarily have site instances. Without a process, the entry can't
153 // possibly have insecure content. See bug http://crbug.com/12423.
154 if (site_instance &&
155 backend_->DidHostRunInsecureContent(
156 entry->GetURL().host(), site_instance->GetProcess()->GetID())) {
157 entry->GetSSL().security_style =
158 SECURITY_STYLE_AUTHENTICATION_BROKEN;
159 entry->GetSSL().content_status |= SSLStatus::RAN_INSECURE_CONTENT;
160 return;
161 }
162 }
163
164 void SSLPolicy::OnAllowCertificate(scoped_refptr<SSLCertErrorHandler> handler,
165 bool allow) {
166 if (allow) {
167 // Default behavior for accepting a certificate.
168 // Note that we should not call SetMaxSecurityStyle here, because the active
169 // NavigationEntry has just been deleted (in HideInterstitialPage) and the
170 // new NavigationEntry will not be set until DidNavigate. This is ok,
171 // because the new NavigationEntry will have its max security style set
172 // within DidNavigate.
173 //
174 // While AllowCertForHost() executes synchronously on this thread,
175 // ContinueRequest() gets posted to a different thread. Calling
176 // AllowCertForHost() first ensures deterministic ordering.
177 backend_->AllowCertForHost(handler->ssl_info().cert.get(),
178 handler->request_url().host(),
179 handler->cert_error());
180 handler->ContinueRequest();
181 } else {
182 // Default behavior for rejecting a certificate.
183 //
184 // While DenyCertForHost() executes synchronously on this thread,
185 // CancelRequest() gets posted to a different thread. Calling
186 // DenyCertForHost() first ensures deterministic ordering.
187 backend_->DenyCertForHost(handler->ssl_info().cert.get(),
188 handler->request_url().host(),
189 handler->cert_error());
190 handler->CancelRequest();
191 }
192 }
193
194 ////////////////////////////////////////////////////////////////////////////////
195 // Certificate Error Routines
196
197 void SSLPolicy::OnCertErrorInternal(SSLCertErrorHandler* handler,
198 int options_mask) {
199 bool overridable = (options_mask & OVERRIDABLE) != 0;
200 bool strict_enforcement = (options_mask & STRICT_ENFORCEMENT) != 0;
201 bool expired_previous_decision =
202 (options_mask & EXPIRED_PREVIOUS_DECISION) != 0;
203 CertificateRequestResultType result =
204 CERTIFICATE_REQUEST_RESULT_TYPE_CONTINUE;
205 GetContentClient()->browser()->AllowCertificateError(
206 handler->render_process_id(),
207 handler->render_frame_id(),
208 handler->cert_error(),
209 handler->ssl_info(),
210 handler->request_url(),
211 handler->resource_type(),
212 overridable,
213 strict_enforcement,
214 expired_previous_decision,
215 base::Bind(&SSLPolicy::OnAllowCertificate,
216 base::Unretained(this),
217 make_scoped_refptr(handler)),
218 &result);
219 switch (result) {
220 case CERTIFICATE_REQUEST_RESULT_TYPE_CONTINUE:
221 break;
222 case CERTIFICATE_REQUEST_RESULT_TYPE_CANCEL:
223 handler->CancelRequest();
224 break;
225 case CERTIFICATE_REQUEST_RESULT_TYPE_DENY:
226 handler->DenyRequest();
227 break;
228 default:
229 NOTREACHED();
230 }
231 }
232
233 void SSLPolicy::InitializeEntryIfNeeded(NavigationEntryImpl* entry) {
234 if (entry->GetSSL().security_style != SECURITY_STYLE_UNKNOWN)
235 return;
236
237 entry->GetSSL().security_style = entry->GetURL().SchemeIsSecure() ?
238 SECURITY_STYLE_AUTHENTICATED : SECURITY_STYLE_UNAUTHENTICATED;
239 }
240
241 void SSLPolicy::OriginRanInsecureContent(const std::string& origin, int pid) {
242 GURL parsed_origin(origin);
243 if (parsed_origin.SchemeIsSecure())
244 backend_->HostRanInsecureContent(parsed_origin.host(), pid);
245 }
246
247 } // namespace content