1 // Copyright (c) 2012 The Chromium Authors. All rights reserved.
2 // Use of this source code is governed by a BSD-style license that can be
3 // found in the LICENSE file.
5 #include "chrome/renderer/security_filter_peer.h"
9 #include "base/memory/scoped_ptr.h"
10 #include "base/strings/stringprintf.h"
11 #include "chrome/grit/generated_resources.h"
12 #include "content/public/child/fixed_received_data.h"
13 #include "net/base/net_errors.h"
14 #include "net/http/http_response_headers.h"
15 #include "ui/base/l10n/l10n_util.h"
17 SecurityFilterPeer::SecurityFilterPeer(content::RequestPeer
* peer
)
18 : original_peer_(peer
) {
21 SecurityFilterPeer::~SecurityFilterPeer() {
26 SecurityFilterPeer::CreateSecurityFilterPeerForDeniedRequest(
27 content::ResourceType resource_type
,
28 content::RequestPeer
* peer
,
30 // Create a filter for SSL and CERT errors.
32 case net::ERR_SSL_PROTOCOL_ERROR
:
33 case net::ERR_CERT_COMMON_NAME_INVALID
:
34 case net::ERR_CERT_DATE_INVALID
:
35 case net::ERR_CERT_AUTHORITY_INVALID
:
36 case net::ERR_CERT_CONTAINS_ERRORS
:
37 case net::ERR_CERT_NO_REVOCATION_MECHANISM
:
38 case net::ERR_CERT_UNABLE_TO_CHECK_REVOCATION
:
39 case net::ERR_CERT_REVOKED
:
40 case net::ERR_CERT_INVALID
:
41 case net::ERR_CERT_WEAK_SIGNATURE_ALGORITHM
:
42 case net::ERR_CERT_WEAK_KEY
:
43 case net::ERR_CERT_NAME_CONSTRAINT_VIOLATION
:
44 case net::ERR_INSECURE_RESPONSE
:
45 case net::ERR_SSL_PINNED_KEY_NOT_IN_CERT_CHAIN
:
46 if (content::IsResourceTypeFrame(resource_type
))
47 return CreateSecurityFilterPeerForFrame(peer
, os_error
);
48 // Any other content is entirely filtered-out.
49 return new ReplaceContentPeer(peer
, std::string(), std::string());
51 // For other errors, we use our normal error handling.
57 SecurityFilterPeer
* SecurityFilterPeer::CreateSecurityFilterPeerForFrame(
58 content::RequestPeer
* peer
,
60 // TODO(jcampan): use a different message when getting a phishing/malware
62 std::string html
= base::StringPrintf(
63 "<html><meta charset='UTF-8'>"
64 "<body style='background-color:#990000;color:white;'>"
66 l10n_util::GetStringUTF8(IDS_UNSAFE_FRAME_MESSAGE
).c_str());
67 return new ReplaceContentPeer(peer
, "text/html", html
);
70 void SecurityFilterPeer::OnUploadProgress(uint64 position
, uint64 size
) {
71 original_peer_
->OnUploadProgress(position
, size
);
74 bool SecurityFilterPeer::OnReceivedRedirect(
75 const net::RedirectInfo
& redirect_info
,
76 const content::ResourceResponseInfo
& info
) {
82 void ProcessResponseInfo(const content::ResourceResponseInfo
& info_in
,
83 content::ResourceResponseInfo
* info_out
,
84 const std::string
& mime_type
) {
87 info_out
->mime_type
= mime_type
;
88 // Let's create our own HTTP headers.
89 std::string raw_headers
;
90 raw_headers
.append("HTTP/1.1 200 OK");
91 raw_headers
.push_back('\0');
92 // Don't cache the data we are serving, it is not the real data for that URL
93 // (if the filtered resource were to make it into the WebCore cache, then the
94 // same URL loaded in a safe scenario would still return the filtered
96 raw_headers
.append("cache-control: no-cache");
97 raw_headers
.push_back('\0');
98 if (!mime_type
.empty()) {
99 raw_headers
.append("content-type: ");
100 raw_headers
.append(mime_type
);
101 raw_headers
.push_back('\0');
103 raw_headers
.push_back('\0');
104 net::HttpResponseHeaders
* new_headers
=
105 new net::HttpResponseHeaders(raw_headers
);
106 info_out
->headers
= new_headers
;
109 ////////////////////////////////////////////////////////////////////////////////
112 BufferedPeer::BufferedPeer(content::RequestPeer
* peer
,
113 const std::string
& mime_type
)
114 : SecurityFilterPeer(peer
), mime_type_(mime_type
) {}
116 BufferedPeer::~BufferedPeer() {
119 void BufferedPeer::OnReceivedResponse(
120 const content::ResourceResponseInfo
& info
) {
121 ProcessResponseInfo(info
, &response_info_
, mime_type_
);
124 void BufferedPeer::OnReceivedData(scoped_ptr
<ReceivedData
> data
) {
125 data_
.append(data
->payload(), data
->length());
128 void BufferedPeer::OnCompletedRequest(int error_code
,
129 bool was_ignored_by_handler
,
130 bool stale_copy_in_cache
,
131 const std::string
& security_info
,
132 const base::TimeTicks
& completion_time
,
133 int64 total_transfer_size
) {
134 // Make sure we delete ourselves at the end of this call.
135 scoped_ptr
<BufferedPeer
> this_deleter(this);
137 // Give sub-classes a chance at altering the data.
138 if (error_code
!= net::OK
|| !DataReady()) {
139 // Pretend we failed to load the resource.
140 original_peer_
->OnReceivedCompletedResponse(
141 response_info_
, nullptr, net::ERR_ABORTED
, false, stale_copy_in_cache
,
142 security_info
, completion_time
, total_transfer_size
);
146 scoped_ptr
<content::FixedReceivedData
> data_to_pass(
147 data_
.empty() ? nullptr : new content::FixedReceivedData(
148 data_
.data(), data_
.size(), -1));
149 original_peer_
->OnReceivedCompletedResponse(
150 response_info_
, data_to_pass
.Pass(), error_code
, was_ignored_by_handler
,
151 stale_copy_in_cache
, security_info
, completion_time
, total_transfer_size
);
154 void BufferedPeer::OnReceivedCompletedResponse(
155 const content::ResourceResponseInfo
& info
,
156 scoped_ptr
<ReceivedData
> data
,
158 bool was_ignored_by_handler
,
159 bool stale_copy_in_cache
,
160 const std::string
& security_info
,
161 const base::TimeTicks
& completion_time
,
162 int64 total_transfer_size
) {
163 // Make sure we delete ourselves at the end of this call.
164 scoped_ptr
<BufferedPeer
> this_deleter(this);
165 original_peer_
->OnReceivedCompletedResponse(
166 info
, data
.Pass(), error_code
, was_ignored_by_handler
,
167 stale_copy_in_cache
, security_info
, completion_time
, total_transfer_size
);
170 ////////////////////////////////////////////////////////////////////////////////
171 // ReplaceContentPeer
173 ReplaceContentPeer::ReplaceContentPeer(content::RequestPeer
* peer
,
174 const std::string
& mime_type
,
175 const std::string
& data
)
176 : SecurityFilterPeer(peer
),
177 mime_type_(mime_type
),
180 ReplaceContentPeer::~ReplaceContentPeer() {
183 void ReplaceContentPeer::OnReceivedResponse(
184 const content::ResourceResponseInfo
& info
) {
185 // Ignore this, we'll serve some alternate content in OnCompletedRequest.
188 void ReplaceContentPeer::OnReceivedData(scoped_ptr
<ReceivedData
> data
) {
189 // Ignore this, we'll serve some alternate content in OnCompletedRequest.
192 void ReplaceContentPeer::OnCompletedRequest(
194 bool was_ignored_by_handler
,
195 bool stale_copy_in_cache
,
196 const std::string
& security_info
,
197 const base::TimeTicks
& completion_time
,
198 int64 total_transfer_size
) {
199 // Make sure we delete ourselves at the end of this call.
200 scoped_ptr
<ReplaceContentPeer
> this_deleter(this);
202 content::ResourceResponseInfo info
;
203 ProcessResponseInfo(info
, &info
, mime_type_
);
204 info
.security_info
= security_info
;
205 info
.content_length
= static_cast<int>(data_
.size());
207 scoped_ptr
<content::FixedReceivedData
> data_to_pass(
208 data_
.empty() ? nullptr : new content::FixedReceivedData(
209 data_
.data(), data_
.size(), -1));
210 original_peer_
->OnReceivedCompletedResponse(
211 response_info_
, data_to_pass
.Pass(), net::OK
, false, stale_copy_in_cache
,
212 security_info
, completion_time
, total_transfer_size
);
215 void ReplaceContentPeer::OnReceivedCompletedResponse(
216 const content::ResourceResponseInfo
& info
,
217 scoped_ptr
<ReceivedData
> data
,
219 bool was_ignored_by_handler
,
220 bool stale_copy_in_cache
,
221 const std::string
& security_info
,
222 const base::TimeTicks
& completion_time
,
223 int64 total_transfer_size
) {
224 // Make sure we delete ourselves at the end of this call.
225 scoped_ptr
<ReplaceContentPeer
> this_deleter(this);
227 original_peer_
->OnReceivedCompletedResponse(
228 info
, data
.Pass(), error_code
, was_ignored_by_handler
,
229 stale_copy_in_cache
, security_info
, completion_time
, total_transfer_size
);
