Get rid of some SSL dependencies by talking to SSLBlockingPolicy through a callback.

BUG=76697 Review URL: http://codereview.chromium.org/7065070 git-svn-id: svn://svn.chromium.org/chrome/trunk/src@87927 0039d316-1c4b-4281-b951-d872f2087c98
author: jam@chromium.org <jam@chromium.org@0039d316-1c4b-4281-b951-d872f2087c98> 2011-06-04 18:24:03 +0000
committer: jam@chromium.org <jam@chromium.org@0039d316-1c4b-4281-b951-d872f2087c98> 2011-06-04 18:24:03 +0000
commit: 848dd0446ed3ebc6f8ae2db868c117788bda7c2f (patch)
tree: 5bec47e5ab37e4bd67fd5443ed9cc4f663fe3668 /content/browser
parent: cf7dfc0a53eebbf4831800476212e2c6c0ffe5d5 (diff)
download: chromium_src-848dd0446ed3ebc6f8ae2db868c117788bda7c2f.zip
chromium_src-848dd0446ed3ebc6f8ae2db868c117788bda7c2f.tar.gz
chromium_src-848dd0446ed3ebc6f8ae2db868c117788bda7c2f.tar.bz2
5 files changed, 59 insertions, 52 deletions
diff --git a/content/browser/DEPS b/content/browser/DEPS
index d6142c6..33d34a053 100644
--- a/content/browser/DEPS
+++ b/content/browser/DEPS
@@ -47,8 +47,6 @@ include_rules = [
   "+chrome/browser/sessions/session_types.h",
 
   "+chrome/browser/ssl/ssl_add_cert_handler.h",
-  "+chrome/browser/ssl/ssl_blocking_page.h",
-  "+chrome/browser/ssl/ssl_error_info.h",
   "+chrome/browser/tab_contents/tab_contents_ssl_helper.h",
   "+chrome/browser/tab_contents/tab_util.h",
   "+chrome/browser/ui/tab_contents/tab_contents_wrapper.h",
diff --git a/content/browser/content_browser_client.cc b/content/browser/content_browser_client.cc
index 0541735..9eb199c 100644
--- a/content/browser/content_browser_client.cc
+++ b/content/browser/content_browser_client.cc
@@ -87,6 +87,14 @@ QuotaPermissionContext* ContentBrowserClient::CreateQuotaPermissionContext() {
 void ContentBrowserClient::RevealFolderInOS(const FilePath& path) {
 }
 
+void ContentBrowserClient::AllowCertificateError(
+    SSLCertErrorHandler* handler,
+    bool overridable,
+    Callback2<SSLCertErrorHandler*, bool>::Type* callback) {
+  callback->Run(handler, overridable);
+  delete callback;
+}
+
 #if defined(OS_POSIX) && !defined(OS_MACOSX)
 int ContentBrowserClient::GetCrashSignalFD(const std::string& process_type) {
   return -1;
diff --git a/content/browser/content_browser_client.h b/content/browser/content_browser_client.h
index 169d4d6..e0f7737 100644
--- a/content/browser/content_browser_client.h
+++ b/content/browser/content_browser_client.h
@@ -8,6 +8,7 @@
 
 #include <string>
 
+#include "base/callback_old.h"
 #include "content/common/content_client.h"
 
 class BrowserRenderProcessHost;
@@ -18,6 +19,7 @@ class PluginProcessHost;
 class Profile;
 class QuotaPermissionContext;
 class RenderViewHost;
+class SSLCertErrorHandler;
 class TabContents;
 class WorkerProcessHost;
 
@@ -109,6 +111,15 @@ class ContentBrowserClient {
   // Shows the given path using the OS file manager.
   virtual void RevealFolderInOS(const FilePath& path);
 
+  // Informs the embedder that a certificate error has occured.  If overridable
+  // is true, the user can ignore the error and continue.  If it's false, then
+  // the certificate error is severe and the user isn't allowed to proceed.  The
+  // embedder can call the callback asynchronously.
+  virtual void AllowCertificateError(
+      SSLCertErrorHandler* handler,
+      bool overridable,
+      Callback2<SSLCertErrorHandler*, bool>::Type* callback);
+
 #if defined(OS_POSIX) && !defined(OS_MACOSX)
   // Can return an optional fd for crash handling, otherwise returns -1.
   virtual int GetCrashSignalFD(const std::string& process_type);
diff --git a/content/browser/ssl/ssl_policy.cc b/content/browser/ssl/ssl_policy.cc
index 9be48a3..1d7c981 100644
--- a/content/browser/ssl/ssl_policy.cc
+++ b/content/browser/ssl/ssl_policy.cc
@@ -9,7 +9,7 @@
 #include "base/memory/singleton.h"
 #include "base/string_piece.h"
 #include "base/string_util.h"
-#include "chrome/browser/ssl/ssl_error_info.h"
+#include "content/browser/content_browser_client.h"
 #include "content/browser/renderer_host/render_process_host.h"
 #include "content/browser/renderer_host/render_view_host.h"
 #include "content/browser/site_instance.h"
@@ -58,7 +58,7 @@ void SSLPolicy::OnCertError(SSLCertErrorHandler* handler) {
     case net::ERR_CERT_DATE_INVALID:
     case net::ERR_CERT_AUTHORITY_INVALID:
     case net::ERR_CERT_WEAK_SIGNATURE_ALGORITHM:
-      OnCertErrorInternal(handler, SSLBlockingPage::ERROR_OVERRIDABLE);
+      OnCertErrorInternal(handler, true);
       break;
     case net::ERR_CERT_NO_REVOCATION_MECHANISM:
       // Ignore this error.
@@ -73,7 +73,7 @@ void SSLPolicy::OnCertError(SSLCertErrorHandler* handler) {
     case net::ERR_CERT_REVOKED:
     case net::ERR_CERT_INVALID:
     case net::ERR_CERT_NOT_IN_DNS:
-      OnCertErrorInternal(handler, SSLBlockingPage::ERROR_FATAL);
+      OnCertErrorInternal(handler, false);
       break;
     default:
       NOTREACHED();
@@ -154,47 +154,38 @@ void SSLPolicy::UpdateEntry(NavigationEntry* entry, TabContents* tab_contents) {
     entry->ssl().set_displayed_insecure_content();
 }
 
-////////////////////////////////////////////////////////////////////////////////
-// SSLBlockingPage::Delegate methods
-
-SSLErrorInfo SSLPolicy::GetSSLErrorInfo(SSLCertErrorHandler* handler) {
-  return SSLErrorInfo::CreateError(
-      SSLErrorInfo::NetErrorToErrorType(handler->cert_error()),
-      handler->ssl_info().cert, handler->request_url());
-}
-
-void SSLPolicy::OnDenyCertificate(SSLCertErrorHandler* handler) {
-  // Default behavior for rejecting a certificate.
-  //
-  // While DenyCertForHost() executes synchronously on this thread,
-  // CancelRequest() gets posted to a different thread. Calling
-  // DenyCertForHost() first ensures deterministic ordering.
-  backend_->DenyCertForHost(handler->ssl_info().cert,
-                            handler->request_url().host());
-  handler->CancelRequest();
-}
-
-void SSLPolicy::OnAllowCertificate(SSLCertErrorHandler* handler) {
-  // Default behavior for accepting a certificate.
-  // Note that we should not call SetMaxSecurityStyle here, because the active
-  // NavigationEntry has just been deleted (in HideInterstitialPage) and the
-  // new NavigationEntry will not be set until DidNavigate.  This is ok,
-  // because the new NavigationEntry will have its max security style set
-  // within DidNavigate.
-  //
-  // While AllowCertForHost() executes synchronously on this thread,
-  // ContinueRequest() gets posted to a different thread. Calling
-  // AllowCertForHost() first ensures deterministic ordering.
-  backend_->AllowCertForHost(handler->ssl_info().cert,
-                             handler->request_url().host());
-  handler->ContinueRequest();
+void SSLPolicy::OnAllowCertificate(SSLCertErrorHandler* handler, bool allow) {
+  if (allow) {
+    // Default behavior for accepting a certificate.
+    // Note that we should not call SetMaxSecurityStyle here, because the active
+    // NavigationEntry has just been deleted (in HideInterstitialPage) and the
+    // new NavigationEntry will not be set until DidNavigate.  This is ok,
+    // because the new NavigationEntry will have its max security style set
+    // within DidNavigate.
+    //
+    // While AllowCertForHost() executes synchronously on this thread,
+    // ContinueRequest() gets posted to a different thread. Calling
+    // AllowCertForHost() first ensures deterministic ordering.
+    backend_->AllowCertForHost(handler->ssl_info().cert,
+                               handler->request_url().host());
+    handler->ContinueRequest();
+  } else {
+    // Default behavior for rejecting a certificate.
+    //
+    // While DenyCertForHost() executes synchronously on this thread,
+    // CancelRequest() gets posted to a different thread. Calling
+    // DenyCertForHost() first ensures deterministic ordering.
+    backend_->DenyCertForHost(handler->ssl_info().cert,
+                              handler->request_url().host());
+    handler->CancelRequest();
+  }
 }
 
 ////////////////////////////////////////////////////////////////////////////////
 // Certificate Error Routines
 
 void SSLPolicy::OnCertErrorInternal(SSLCertErrorHandler* handler,
-                                    SSLBlockingPage::ErrorLevel error_level) {
+                                    bool overridable) {
   if (handler->resource_type() != ResourceType::MAIN_FRAME) {
     // A sub-resource has a certificate error.  The user doesn't really
     // have a context for making the right decision, so block the
@@ -203,9 +194,11 @@ void SSLPolicy::OnCertErrorInternal(SSLCertErrorHandler* handler,
     handler->DenyRequest();
     return;
   }
-  SSLBlockingPage* blocking_page = new SSLBlockingPage(handler, this,
-                                                       error_level);
-  blocking_page->Show();
+
+  Callback2<SSLCertErrorHandler*, bool>::Type* callback =
+      NewCallback(this, &SSLPolicy::OnAllowCertificate);
+  content::GetContentClient()->browser()->AllowCertificateError(
+      handler, overridable, callback);
 }
 
 void SSLPolicy::InitializeEntryIfNeeded(NavigationEntry* entry) {
diff --git a/content/browser/ssl/ssl_policy.h b/content/browser/ssl/ssl_policy.h
index b1bf5a0..302207d 100644
--- a/content/browser/ssl/ssl_policy.h
+++ b/content/browser/ssl/ssl_policy.h
@@ -8,13 +8,13 @@
 
 #include <string>
 
-#include "chrome/browser/ssl/ssl_blocking_page.h"
 #include "webkit/glue/resource_type.h"
 
 class NavigationEntry;
 class SSLCertErrorHandler;
 class SSLPolicyBackend;
 class SSLRequestInfo;
+class TabContents;
 
 // SSLPolicy
 //
@@ -22,7 +22,7 @@ class SSLRequestInfo;
 // SSL trust indicators.  It relies on the SSLPolicyBackend to actually enact
 // the decisions it reaches.
 //
-class SSLPolicy : public SSLBlockingPage::Delegate {
+class SSLPolicy {
  public:
   explicit SSLPolicy(SSLPolicyBackend* backend);
 
@@ -41,19 +41,16 @@ class SSLPolicy : public SSLBlockingPage::Delegate {
 
   SSLPolicyBackend* backend() const { return backend_; }
 
-  // SSLBlockingPage::Delegate methods.
-  virtual SSLErrorInfo GetSSLErrorInfo(SSLCertErrorHandler* handler);
-  virtual void OnDenyCertificate(SSLCertErrorHandler* handler);
-  virtual void OnAllowCertificate(SSLCertErrorHandler* handler);
-
  private:
+  // Callback that the user chose to accept or deny the certificate.
+  void OnAllowCertificate(SSLCertErrorHandler* handler, bool allow);
+
   // Helper method for derived classes handling certificate errors.
   // If the error can be overridden by the user, show a blocking page that
   // lets the user continue or cancel the request.
   // For fatal certificate errors, show a blocking page that only lets the
   // user cancel the request.
-  void OnCertErrorInternal(SSLCertErrorHandler* handler,
-                           SSLBlockingPage::ErrorLevel error_level);
+  void OnCertErrorInternal(SSLCertErrorHandler* handler, bool overridable);
 
   // If the security style of |entry| has not been initialized, then initialize
   // it with the default style for its URL.
author	jam@chromium.org <jam@chromium.org@0039d316-1c4b-4281-b951-d872f2087c98>	2011-06-04 18:24:03 +0000
committer	jam@chromium.org <jam@chromium.org@0039d316-1c4b-4281-b951-d872f2087c98>	2011-06-04 18:24:03 +0000
commit	848dd0446ed3ebc6f8ae2db868c117788bda7c2f (patch)
tree	5bec47e5ab37e4bd67fd5443ed9cc4f663fe3668 /content/browser
parent	cf7dfc0a53eebbf4831800476212e2c6c0ffe5d5 (diff)
download	chromium_src-848dd0446ed3ebc6f8ae2db868c117788bda7c2f.zip chromium_src-848dd0446ed3ebc6f8ae2db868c117788bda7c2f.tar.gz chromium_src-848dd0446ed3ebc6f8ae2db868c117788bda7c2f.tar.bz2