content/browser/ssl/ssl_manager.cc

   1 // Copyright (c) 2012 The Chromium Authors. All rights reserved.
   2 // Use of this source code is governed by a BSD-style license that can be
   3 // found in the LICENSE file.
   4
   5 #include "content/browser/ssl/ssl_manager.h"
   6
   7 #include <set>
   8
   9 #include "base/bind.h"
  10 #include "base/strings/utf_string_conversions.h"
  11 #include "base/supports_user_data.h"
  12 #include "content/browser/frame_host/navigation_entry_impl.h"
  13 #include "content/browser/loader/resource_dispatcher_host_impl.h"
  14 #include "content/browser/loader/resource_request_info_impl.h"
  15 #include "content/browser/ssl/ssl_cert_error_handler.h"
  16 #include "content/browser/ssl/ssl_policy.h"
  17 #include "content/browser/ssl/ssl_request_info.h"
  18 #include "content/browser/web_contents/web_contents_impl.h"
  19 #include "content/common/ssl_status_serialization.h"
  20 #include "content/public/browser/browser_context.h"
  21 #include "content/public/browser/browser_thread.h"
  22 #include "content/public/browser/load_from_memory_cache_details.h"
  23 #include "content/public/browser/navigation_details.h"
  24 #include "content/public/browser/resource_request_details.h"
  25 #include "content/public/common/ssl_status.h"
  26 #include "net/url_request/url_request.h"
  27
  28 namespace content {
  29
  30 namespace {
  31
  32 const char kSSLManagerKeyName[] = "content_ssl_manager";
  33
  34 class SSLManagerSet : public base::SupportsUserData::Data {
  35  public:
  36   SSLManagerSet() {
  37   }
  38
  39   std::set<SSLManager*>& get() { return set_; }
  40
  41  private:
  42   std::set<SSLManager*> set_;
  43
  44   DISALLOW_COPY_AND_ASSIGN(SSLManagerSet);
  45 };
  46
  47 }  // namespace
  48
  49 // static
  50 void SSLManager::OnSSLCertificateError(
  51     const base::WeakPtr<SSLErrorHandler::Delegate>& delegate,
  52     const ResourceType resource_type,
  53     const GURL& url,
  54     int render_process_id,
  55     int render_frame_id,
  56     const net::SSLInfo& ssl_info,
  57     bool fatal) {
  58   DCHECK(delegate.get());
  59   DVLOG(1) << "OnSSLCertificateError() cert_error: "
  60            << net::MapCertStatusToNetError(ssl_info.cert_status)
  61            << " resource_type: " << resource_type
  62            << " url: " << url.spec()
  63            << " render_process_id: " << render_process_id
  64            << " render_frame_id: " << render_frame_id
  65            << " cert_status: " << std::hex << ssl_info.cert_status;
  66
  67   // A certificate error occurred.  Construct a SSLCertErrorHandler object and
  68   // hand it over to the UI thread for processing.
  69   BrowserThread::PostTask(
  70       BrowserThread::UI, FROM_HERE,
  71       base::Bind(&SSLCertErrorHandler::Dispatch,
  72                  new SSLCertErrorHandler(delegate,
  73                                          resource_type,
  74                                          url,
  75                                          render_process_id,
  76                                          render_frame_id,
  77                                          ssl_info,
  78                                          fatal)));
  79 }
  80
  81 // static
  82 void SSLManager::NotifySSLInternalStateChanged(BrowserContext* context) {
  83   SSLManagerSet* managers = static_cast<SSLManagerSet*>(
  84       context->GetUserData(kSSLManagerKeyName));
  85
  86   for (std::set<SSLManager*>::iterator i = managers->get().begin();
  87        i != managers->get().end(); ++i) {
  88     (*i)->UpdateEntry((*i)->controller()->GetLastCommittedEntry());
  89   }
  90 }
  91
  92 SSLManager::SSLManager(NavigationControllerImpl* controller)
  93     : backend_(controller),
  94       policy_(new SSLPolicy(&backend_)),
  95       controller_(controller) {
  96   DCHECK(controller_);
  97
  98   SSLManagerSet* managers = static_cast<SSLManagerSet*>(
  99       controller_->GetBrowserContext()->GetUserData(kSSLManagerKeyName));
 100   if (!managers) {
 101     managers = new SSLManagerSet;
 102     controller_->GetBrowserContext()->SetUserData(kSSLManagerKeyName, managers);
 103   }
 104   managers->get().insert(this);
 105 }
 106
 107 SSLManager::~SSLManager() {
 108   SSLManagerSet* managers = static_cast<SSLManagerSet*>(
 109       controller_->GetBrowserContext()->GetUserData(kSSLManagerKeyName));
 110   managers->get().erase(this);
 111 }
 112
 113 void SSLManager::DidCommitProvisionalLoad(const LoadCommittedDetails& details) {
 114   NavigationEntryImpl* entry = controller_->GetLastCommittedEntry();
 115
 116   if (details.is_main_frame) {
 117     if (entry) {
 118       // We may not have an entry if this is a navigation to an initial blank
 119       // page. Add the new data we have.
 120       entry->GetSSL() = details.ssl_status;
 121     }
 122   }
 123
 124   policy()->UpdateEntry(entry, controller_->delegate()->GetWebContents());
 125   // Always notify the WebContents that the SSL state changed when a
 126   // load is committed, in case the active navigation entry has changed.
 127   NotifyDidChangeVisibleSSLState();
 128 }
 129
 130 void SSLManager::DidDisplayInsecureContent() {
 131   UpdateEntry(controller_->GetLastCommittedEntry());
 132 }
 133
 134 void SSLManager::DidRunInsecureContent(const std::string& security_origin) {
 135   NavigationEntryImpl* navigation_entry = controller_->GetLastCommittedEntry();
 136   policy()->DidRunInsecureContent(navigation_entry, security_origin);
 137   UpdateEntry(navigation_entry);
 138 }
 139
 140 void SSLManager::DidLoadFromMemoryCache(
 141     const LoadFromMemoryCacheDetails& details) {
 142   // Simulate loading this resource through the usual path.
 143   // Note that we specify SUB_RESOURCE as the resource type as WebCore only
 144   // caches sub-resources.
 145   // This resource must have been loaded with no filtering because filtered
 146   // resouces aren't cachable.
 147   scoped_refptr<SSLRequestInfo> info(new SSLRequestInfo(
 148       details.url,
 149       RESOURCE_TYPE_SUB_RESOURCE,
 150       details.pid,
 151       details.cert_id,
 152       details.cert_status));
 153
 154   // Simulate loading this resource through the usual path.
 155   policy()->OnRequestStarted(info.get());
 156 }
 157
 158 void SSLManager::DidStartResourceResponse(
 159     const ResourceRequestDetails& details) {
 160   scoped_refptr<SSLRequestInfo> info(new SSLRequestInfo(
 161       details.url,
 162       details.resource_type,
 163       details.origin_child_id,
 164       details.ssl_cert_id,
 165       details.ssl_cert_status));
 166
 167   // Notify our policy that we started a resource request.  Ideally, the
 168   // policy should have the ability to cancel the request, but we can't do
 169   // that yet.
 170   policy()->OnRequestStarted(info.get());
 171 }
 172
 173 void SSLManager::DidReceiveResourceRedirect(
 174     const ResourceRedirectDetails& details) {
 175   // TODO(abarth): Make sure our redirect behavior is correct.  If we ever see a
 176   //               non-HTTPS resource in the redirect chain, we want to trigger
 177   //               insecure content, even if the redirect chain goes back to
 178   //               HTTPS.  This is because the network attacker can redirect the
 179   //               HTTP request to https://attacker.com/payload.js.
 180 }
 181
 182 void SSLManager::UpdateEntry(NavigationEntryImpl* entry) {
 183   // We don't always have a navigation entry to update, for example in the
 184   // case of the Web Inspector.
 185   if (!entry)
 186     return;
 187
 188   SSLStatus original_ssl_status = entry->GetSSL();  // Copy!
 189
 190   policy()->UpdateEntry(entry, controller_->delegate()->GetWebContents());
 191
 192   if (!entry->GetSSL().Equals(original_ssl_status))
 193     NotifyDidChangeVisibleSSLState();
 194 }
 195
 196 void SSLManager::NotifyDidChangeVisibleSSLState() {
 197   WebContentsImpl* contents =
 198       static_cast<WebContentsImpl*>(controller_->delegate()->GetWebContents());
 199   contents->DidChangeVisibleSSLState();
 200 }
 201
 202 }  // namespace content