summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
Diffstat
-rw-r--r--chrome/browser/chrome_content_browser_client.cc10
-rw-r--r--chrome/browser/chrome_content_browser_client.h4
-rw-r--r--chrome/browser/ssl/ssl_blocking_page.cc36
-rw-r--r--chrome/browser/ssl/ssl_blocking_page.h41
-rw-r--r--content/browser/DEPS2
-rw-r--r--content/browser/content_browser_client.cc8
-rw-r--r--content/browser/content_browser_client.h11
-rw-r--r--content/browser/ssl/ssl_policy.cc75
-rw-r--r--content/browser/ssl/ssl_policy.h15
9 files changed, 99 insertions, 103 deletions
diff --git a/chrome/browser/chrome_content_browser_client.cc b/chrome/browser/chrome_content_browser_client.cc
index 1a2f44d..614c5f0 100644
--- a/chrome/browser/chrome_content_browser_client.cc
+++ b/chrome/browser/chrome_content_browser_client.cc
@@ -28,6 +28,7 @@
#include "chrome/browser/renderer_host/text_input_client_message_filter.h"
#include "chrome/browser/search_engines/search_provider_install_state_message_filter.h"
#include "chrome/browser/spellcheck_message_filter.h"
+#include "chrome/browser/ssl/ssl_blocking_page.h"
#include "chrome/browser/ui/webui/chrome_web_ui_factory.h"
#include "chrome/common/child_process_logging.h"
#include "chrome/common/chrome_switches.h"
@@ -323,6 +324,15 @@ void ChromeContentBrowserClient::RevealFolderInOS(const FilePath& path) {
#endif
}
+void ChromeContentBrowserClient::AllowCertificateError(
+ SSLCertErrorHandler* handler,
+ bool overridable,
+ Callback2<SSLCertErrorHandler*, bool>::Type* callback) {
+ SSLBlockingPage* blocking_page = new SSLBlockingPage(
+ handler, overridable, callback);
+ blocking_page->Show();
+}
+
#if defined(OS_LINUX)
int ChromeContentBrowserClient::GetCrashSignalFD(
const std::string& process_type) {
diff --git a/chrome/browser/chrome_content_browser_client.h b/chrome/browser/chrome_content_browser_client.h
index 9e54f1b..428d446 100644
--- a/chrome/browser/chrome_content_browser_client.h
+++ b/chrome/browser/chrome_content_browser_client.h
@@ -46,6 +46,10 @@ class ChromeContentBrowserClient : public content::ContentBrowserClient {
net::CookieOptions* options) OVERRIDE;
virtual QuotaPermissionContext* CreateQuotaPermissionContext() OVERRIDE;
virtual void RevealFolderInOS(const FilePath& path) OVERRIDE;
+ virtual void AllowCertificateError(
+ SSLCertErrorHandler* handler,
+ bool overridable,
+ Callback2<SSLCertErrorHandler*, bool>::Type* callback) OVERRIDE;
#if defined(OS_POSIX) && !defined(OS_MACOSX)
// Can return an optional fd for crash handling, otherwise returns -1.
virtual int GetCrashSignalFD(const std::string& process_type) OVERRIDE;
diff --git a/chrome/browser/ssl/ssl_blocking_page.cc b/chrome/browser/ssl/ssl_blocking_page.cc
index 97da845..039df9f 100644
--- a/chrome/browser/ssl/ssl_blocking_page.cc
+++ b/chrome/browser/ssl/ssl_blocking_page.cc
@@ -42,21 +42,21 @@ void RecordSSLBlockingPageStats(SSLBlockingPageEvent event) {
// Note that we always create a navigation entry with SSL errors.
// No error happening loading a sub-resource triggers an interstitial so far.
-SSLBlockingPage::SSLBlockingPage(SSLCertErrorHandler* handler,
- Delegate* delegate,
- ErrorLevel error_level)
+SSLBlockingPage::SSLBlockingPage(
+ SSLCertErrorHandler* handler,
+ bool overridable,
+ Callback2<SSLCertErrorHandler*, bool>::Type* callback)
: ChromeInterstitialPage(handler->GetTabContents(),
true,
handler->request_url()),
handler_(handler),
- delegate_(delegate),
- delegate_has_been_notified_(false),
- error_level_(error_level) {
+ callback_(callback),
+ overridable_(overridable) {
RecordSSLBlockingPageStats(SHOW);
}
SSLBlockingPage::~SSLBlockingPage() {
- if (!delegate_has_been_notified_) {
+ if (callback_) {
// The page is closed without the user having chosen what to do, default to
// deny.
NotifyDenyCertificate();
@@ -66,7 +66,10 @@ SSLBlockingPage::~SSLBlockingPage() {
std::string SSLBlockingPage::GetHTMLContents() {
// Let's build the html error page.
DictionaryValue strings;
- SSLErrorInfo error_info = delegate_->GetSSLErrorInfo(handler_);
+ SSLErrorInfo error_info = SSLErrorInfo::CreateError(
+ SSLErrorInfo::NetErrorToErrorType(handler_->cert_error()),
+ handler_->ssl_info().cert, handler_->request_url());
+
strings.SetString("headLine", error_info.title());
strings.SetString("description", error_info.details());
@@ -75,7 +78,7 @@ std::string SSLBlockingPage::GetHTMLContents() {
SetExtraInfo(&strings, error_info.extra_information());
int resource_id;
- if (error_level_ == ERROR_OVERRIDABLE) {
+ if (overridable_) {
resource_id = IDR_SSL_ROAD_BLOCK_HTML;
strings.SetString("title",
l10n_util::GetStringUTF16(IDS_SSL_BLOCKING_PAGE_TITLE));
@@ -84,7 +87,6 @@ std::string SSLBlockingPage::GetHTMLContents() {
strings.SetString("exit",
l10n_util::GetStringUTF16(IDS_SSL_BLOCKING_PAGE_EXIT));
} else {
- DCHECK_EQ(error_level_, ERROR_FATAL);
resource_id = IDR_SSL_ERROR_HTML;
strings.SetString("title",
l10n_util::GetStringUTF16(IDS_SSL_ERROR_PAGE_TITLE));
@@ -141,17 +143,19 @@ void SSLBlockingPage::DontProceed() {
}
void SSLBlockingPage::NotifyDenyCertificate() {
- DCHECK(!delegate_has_been_notified_);
+ DCHECK(callback_);
- delegate_->OnDenyCertificate(handler_);
- delegate_has_been_notified_ = true;
+ callback_->Run(handler_, false);
+ delete callback_;
+ callback_ = NULL;
}
void SSLBlockingPage::NotifyAllowCertificate() {
- DCHECK(!delegate_has_been_notified_);
+ DCHECK(callback_);
- delegate_->OnAllowCertificate(handler_);
- delegate_has_been_notified_ = true;
+ callback_->Run(handler_, true);
+ delete callback_;
+ callback_ = NULL;
}
// static
diff --git a/chrome/browser/ssl/ssl_blocking_page.h b/chrome/browser/ssl/ssl_blocking_page.h
index 2bc4d11..7768995 100644
--- a/chrome/browser/ssl/ssl_blocking_page.h
+++ b/chrome/browser/ssl/ssl_blocking_page.h
@@ -9,8 +9,8 @@
#include <string>
#include <vector>
+#include "base/callback_old.h"
#include "base/string16.h"
-#include "chrome/browser/ssl/ssl_error_info.h"
#include "chrome/browser/tab_contents/chrome_interstitial_page.h"
class DictionaryValue;
@@ -21,33 +21,9 @@ class SSLCertErrorHandler;
// It deletes itself when the interstitial page is closed.
class SSLBlockingPage : public ChromeInterstitialPage {
public:
- // An interface that classes that want to interact with the SSLBlockingPage
- // should implement.
- class Delegate {
- public:
- // Should return the information about the error that causes this blocking
- // page.
- virtual SSLErrorInfo GetSSLErrorInfo(SSLCertErrorHandler* handler) = 0;
-
- // Notification that the user chose to reject the certificate.
- virtual void OnDenyCertificate(SSLCertErrorHandler* handler) = 0;
-
- // Notification that the user chose to accept the certificate.
- virtual void OnAllowCertificate(SSLCertErrorHandler* handler) = 0;
-
- protected:
- virtual ~Delegate() {}
- };
-
- // The severity of the certificate error.
- enum ErrorLevel {
- ERROR_OVERRIDABLE, // The interstitial page has a "Proceed anyway" button.
- ERROR_FATAL, // The interstitial page doesn't allow the user to
- // proceed to the site.
- };
-
- SSLBlockingPage(SSLCertErrorHandler* handler, Delegate* delegate,
- ErrorLevel error_level);
+ SSLBlockingPage(SSLCertErrorHandler* handler,
+ bool overridable,
+ Callback2<SSLCertErrorHandler*, bool>::Type* callback);
virtual ~SSLBlockingPage();
// A method that sets strings in the specified dictionary from the passed
@@ -73,15 +49,10 @@ class SSLBlockingPage : public ChromeInterstitialPage {
// ContinueRequest() on this object.
scoped_refptr<SSLCertErrorHandler> handler_;
- // Our delegate. It provides useful information, like the title and details
- // about this error.
- Delegate* delegate_;
-
- // A flag to indicate if we've notified |delegate_| of the user's decision.
- bool delegate_has_been_notified_;
+ Callback2<SSLCertErrorHandler*, bool>::Type* callback_;
// Is the certificate error overridable or fatal?
- ErrorLevel error_level_;
+ bool overridable_;
DISALLOW_COPY_AND_ASSIGN(SSLBlockingPage);
};
diff --git a/content/browser/DEPS b/content/browser/DEPS
index d6142c6..33d34a053 100644
--- a/content/browser/DEPS
+++ b/content/browser/DEPS
@@ -47,8 +47,6 @@ include_rules = [
"+chrome/browser/sessions/session_types.h",
"+chrome/browser/ssl/ssl_add_cert_handler.h",
- "+chrome/browser/ssl/ssl_blocking_page.h",
- "+chrome/browser/ssl/ssl_error_info.h",
"+chrome/browser/tab_contents/tab_contents_ssl_helper.h",
"+chrome/browser/tab_contents/tab_util.h",
"+chrome/browser/ui/tab_contents/tab_contents_wrapper.h",
diff --git a/content/browser/content_browser_client.cc b/content/browser/content_browser_client.cc
index 0541735..9eb199c 100644
--- a/content/browser/content_browser_client.cc
+++ b/content/browser/content_browser_client.cc
@@ -87,6 +87,14 @@ QuotaPermissionContext* ContentBrowserClient::CreateQuotaPermissionContext() {
void ContentBrowserClient::RevealFolderInOS(const FilePath& path) {
}
+void ContentBrowserClient::AllowCertificateError(
+ SSLCertErrorHandler* handler,
+ bool overridable,
+ Callback2<SSLCertErrorHandler*, bool>::Type* callback) {
+ callback->Run(handler, overridable);
+ delete callback;
+}
+
#if defined(OS_POSIX) && !defined(OS_MACOSX)
int ContentBrowserClient::GetCrashSignalFD(const std::string& process_type) {
return -1;
diff --git a/content/browser/content_browser_client.h b/content/browser/content_browser_client.h
index 169d4d6..e0f7737 100644
--- a/content/browser/content_browser_client.h
+++ b/content/browser/content_browser_client.h
@@ -8,6 +8,7 @@
#include <string>
+#include "base/callback_old.h"
#include "content/common/content_client.h"
class BrowserRenderProcessHost;
@@ -18,6 +19,7 @@ class PluginProcessHost;
class Profile;
class QuotaPermissionContext;
class RenderViewHost;
+class SSLCertErrorHandler;
class TabContents;
class WorkerProcessHost;
@@ -109,6 +111,15 @@ class ContentBrowserClient {
// Shows the given path using the OS file manager.
virtual void RevealFolderInOS(const FilePath& path);
+ // Informs the embedder that a certificate error has occured. If overridable
+ // is true, the user can ignore the error and continue. If it's false, then
+ // the certificate error is severe and the user isn't allowed to proceed. The
+ // embedder can call the callback asynchronously.
+ virtual void AllowCertificateError(
+ SSLCertErrorHandler* handler,
+ bool overridable,
+ Callback2<SSLCertErrorHandler*, bool>::Type* callback);
+
#if defined(OS_POSIX) && !defined(OS_MACOSX)
// Can return an optional fd for crash handling, otherwise returns -1.
virtual int GetCrashSignalFD(const std::string& process_type);
diff --git a/content/browser/ssl/ssl_policy.cc b/content/browser/ssl/ssl_policy.cc
index 9be48a3..1d7c981 100644
--- a/content/browser/ssl/ssl_policy.cc
+++ b/content/browser/ssl/ssl_policy.cc
@@ -9,7 +9,7 @@
#include "base/memory/singleton.h"
#include "base/string_piece.h"
#include "base/string_util.h"
-#include "chrome/browser/ssl/ssl_error_info.h"
+#include "content/browser/content_browser_client.h"
#include "content/browser/renderer_host/render_process_host.h"
#include "content/browser/renderer_host/render_view_host.h"
#include "content/browser/site_instance.h"
@@ -58,7 +58,7 @@ void SSLPolicy::OnCertError(SSLCertErrorHandler* handler) {
case net::ERR_CERT_DATE_INVALID:
case net::ERR_CERT_AUTHORITY_INVALID:
case net::ERR_CERT_WEAK_SIGNATURE_ALGORITHM:
- OnCertErrorInternal(handler, SSLBlockingPage::ERROR_OVERRIDABLE);
+ OnCertErrorInternal(handler, true);
break;
case net::ERR_CERT_NO_REVOCATION_MECHANISM:
// Ignore this error.
@@ -73,7 +73,7 @@ void SSLPolicy::OnCertError(SSLCertErrorHandler* handler) {
case net::ERR_CERT_REVOKED:
case net::ERR_CERT_INVALID:
case net::ERR_CERT_NOT_IN_DNS:
- OnCertErrorInternal(handler, SSLBlockingPage::ERROR_FATAL);
+ OnCertErrorInternal(handler, false);
break;
default:
NOTREACHED();
@@ -154,47 +154,38 @@ void SSLPolicy::UpdateEntry(NavigationEntry* entry, TabContents* tab_contents) {
entry->ssl().set_displayed_insecure_content();
}
-////////////////////////////////////////////////////////////////////////////////
-// SSLBlockingPage::Delegate methods
-
-SSLErrorInfo SSLPolicy::GetSSLErrorInfo(SSLCertErrorHandler* handler) {
- return SSLErrorInfo::CreateError(
- SSLErrorInfo::NetErrorToErrorType(handler->cert_error()),
- handler->ssl_info().cert, handler->request_url());
-}
-
-void SSLPolicy::OnDenyCertificate(SSLCertErrorHandler* handler) {
- // Default behavior for rejecting a certificate.
- //
- // While DenyCertForHost() executes synchronously on this thread,
- // CancelRequest() gets posted to a different thread. Calling
- // DenyCertForHost() first ensures deterministic ordering.
- backend_->DenyCertForHost(handler->ssl_info().cert,
- handler->request_url().host());
- handler->CancelRequest();
-}
-
-void SSLPolicy::OnAllowCertificate(SSLCertErrorHandler* handler) {
- // Default behavior for accepting a certificate.
- // Note that we should not call SetMaxSecurityStyle here, because the active
- // NavigationEntry has just been deleted (in HideInterstitialPage) and the
- // new NavigationEntry will not be set until DidNavigate. This is ok,
- // because the new NavigationEntry will have its max security style set
- // within DidNavigate.
- //
- // While AllowCertForHost() executes synchronously on this thread,
- // ContinueRequest() gets posted to a different thread. Calling
- // AllowCertForHost() first ensures deterministic ordering.
- backend_->AllowCertForHost(handler->ssl_info().cert,
- handler->request_url().host());
- handler->ContinueRequest();
+void SSLPolicy::OnAllowCertificate(SSLCertErrorHandler* handler, bool allow) {
+ if (allow) {
+ // Default behavior for accepting a certificate.
+ // Note that we should not call SetMaxSecurityStyle here, because the active
+ // NavigationEntry has just been deleted (in HideInterstitialPage) and the
+ // new NavigationEntry will not be set until DidNavigate. This is ok,
+ // because the new NavigationEntry will have its max security style set
+ // within DidNavigate.
+ //
+ // While AllowCertForHost() executes synchronously on this thread,
+ // ContinueRequest() gets posted to a different thread. Calling
+ // AllowCertForHost() first ensures deterministic ordering.
+ backend_->AllowCertForHost(handler->ssl_info().cert,
+ handler->request_url().host());
+ handler->ContinueRequest();
+ } else {
+ // Default behavior for rejecting a certificate.
+ //
+ // While DenyCertForHost() executes synchronously on this thread,
+ // CancelRequest() gets posted to a different thread. Calling
+ // DenyCertForHost() first ensures deterministic ordering.
+ backend_->DenyCertForHost(handler->ssl_info().cert,
+ handler->request_url().host());
+ handler->CancelRequest();
+ }
}
////////////////////////////////////////////////////////////////////////////////
// Certificate Error Routines
void SSLPolicy::OnCertErrorInternal(SSLCertErrorHandler* handler,
- SSLBlockingPage::ErrorLevel error_level) {
+ bool overridable) {
if (handler->resource_type() != ResourceType::MAIN_FRAME) {
// A sub-resource has a certificate error. The user doesn't really
// have a context for making the right decision, so block the
@@ -203,9 +194,11 @@ void SSLPolicy::OnCertErrorInternal(SSLCertErrorHandler* handler,
handler->DenyRequest();
return;
}
- SSLBlockingPage* blocking_page = new SSLBlockingPage(handler, this,
- error_level);
- blocking_page->Show();
+
+ Callback2<SSLCertErrorHandler*, bool>::Type* callback =
+ NewCallback(this, &SSLPolicy::OnAllowCertificate);
+ content::GetContentClient()->browser()->AllowCertificateError(
+ handler, overridable, callback);
}
void SSLPolicy::InitializeEntryIfNeeded(NavigationEntry* entry) {
diff --git a/content/browser/ssl/ssl_policy.h b/content/browser/ssl/ssl_policy.h
index b1bf5a0..302207d 100644
--- a/content/browser/ssl/ssl_policy.h
+++ b/content/browser/ssl/ssl_policy.h
@@ -8,13 +8,13 @@
#include <string>
-#include "chrome/browser/ssl/ssl_blocking_page.h"
#include "webkit/glue/resource_type.h"
class NavigationEntry;
class SSLCertErrorHandler;
class SSLPolicyBackend;
class SSLRequestInfo;
+class TabContents;
// SSLPolicy
//
@@ -22,7 +22,7 @@ class SSLRequestInfo;
// SSL trust indicators. It relies on the SSLPolicyBackend to actually enact
// the decisions it reaches.
//
-class SSLPolicy : public SSLBlockingPage::Delegate {
+class SSLPolicy {
public:
explicit SSLPolicy(SSLPolicyBackend* backend);
@@ -41,19 +41,16 @@ class SSLPolicy : public SSLBlockingPage::Delegate {
SSLPolicyBackend* backend() const { return backend_; }
- // SSLBlockingPage::Delegate methods.
- virtual SSLErrorInfo GetSSLErrorInfo(SSLCertErrorHandler* handler);
- virtual void OnDenyCertificate(SSLCertErrorHandler* handler);
- virtual void OnAllowCertificate(SSLCertErrorHandler* handler);
-
private:
+ // Callback that the user chose to accept or deny the certificate.
+ void OnAllowCertificate(SSLCertErrorHandler* handler, bool allow);
+
// Helper method for derived classes handling certificate errors.
// If the error can be overridden by the user, show a blocking page that
// lets the user continue or cancel the request.
// For fatal certificate errors, show a blocking page that only lets the
// user cancel the request.
- void OnCertErrorInternal(SSLCertErrorHandler* handler,
- SSLBlockingPage::ErrorLevel error_level);
+ void OnCertErrorInternal(SSLCertErrorHandler* handler, bool overridable);
// If the security style of |entry| has not been initialized, then initialize
// it with the default style for its URL.
generated by cgit v1.1 at 2025-04-01 15:56:41 +0000