summaryrefslogtreecommitdiffstats
path: root/chrome/browser/ssl
diff options
context:
space:
mode:
Diffstat (limited to 'chrome/browser/ssl')
-rw-r--r--chrome/browser/ssl/ssl_blocking_page.cc31
-rw-r--r--chrome/browser/ssl/ssl_blocking_page.h6
-rw-r--r--chrome/browser/ssl/ssl_policy.cc64
-rw-r--r--chrome/browser/ssl/ssl_policy.h18
4 files changed, 37 insertions, 82 deletions
diff --git a/chrome/browser/ssl/ssl_blocking_page.cc b/chrome/browser/ssl/ssl_blocking_page.cc
index 904c083..aa3df31 100644
--- a/chrome/browser/ssl/ssl_blocking_page.cc
+++ b/chrome/browser/ssl/ssl_blocking_page.cc
@@ -45,11 +45,13 @@ void RecordSSLBlockingPageStats(SSLBlockingPageEvent event) {
// Note that we always create a navigation entry with SSL errors.
// No error happening loading a sub-resource triggers an interstitial so far.
SSLBlockingPage::SSLBlockingPage(SSLCertErrorHandler* handler,
- Delegate* delegate)
+ Delegate* delegate,
+ bool overridable)
: InterstitialPage(handler->GetTabContents(), true, handler->request_url()),
handler_(handler),
delegate_(delegate),
- delegate_has_been_notified_(false) {
+ delegate_has_been_notified_(false),
+ overridable_(overridable) {
RecordSSLBlockingPageStats(SHOW);
}
@@ -65,8 +67,6 @@ std::string SSLBlockingPage::GetHTMLContents() {
// Let's build the html error page.
DictionaryValue strings;
SSLErrorInfo error_info = delegate_->GetSSLErrorInfo(handler_);
- strings.SetString(L"title",
- l10n_util::GetString(IDS_SSL_BLOCKING_PAGE_TITLE));
strings.SetString(L"headLine", error_info.title());
strings.SetString(L"description", error_info.details());
@@ -74,16 +74,25 @@ std::string SSLBlockingPage::GetHTMLContents() {
l10n_util::GetString(IDS_CERT_ERROR_EXTRA_INFO_TITLE));
SetExtraInfo(&strings, error_info.extra_information());
- strings.SetString(L"proceed",
- l10n_util::GetString(IDS_SSL_BLOCKING_PAGE_PROCEED));
- strings.SetString(L"exit",
- l10n_util::GetString(IDS_SSL_BLOCKING_PAGE_EXIT));
+ int resource_id;
+ if (overridable_) {
+ resource_id = IDR_SSL_ROAD_BLOCK_HTML;
+ strings.SetString(L"title",
+ l10n_util::GetString(IDS_SSL_BLOCKING_PAGE_TITLE));
+ strings.SetString(L"proceed",
+ l10n_util::GetString(IDS_SSL_BLOCKING_PAGE_PROCEED));
+ strings.SetString(L"exit",
+ l10n_util::GetString(IDS_SSL_BLOCKING_PAGE_EXIT));
+ } else {
+ resource_id = IDR_SSL_ERROR_HTML;
+ strings.SetString(L"title", l10n_util::GetString(IDS_SSL_ERROR_PAGE_TITLE));
+ strings.SetString(L"back", l10n_util::GetString(IDS_SSL_ERROR_PAGE_BACK));
+ }
strings.SetString(L"textdirection", base::i18n::IsRTL() ? L"rtl" : L"ltr");
- static const base::StringPiece html(
- ResourceBundle::GetSharedInstance().GetRawDataResource(
- IDR_SSL_ROAD_BLOCK_HTML));
+ base::StringPiece html(
+ ResourceBundle::GetSharedInstance().GetRawDataResource(resource_id));
return jstemplate_builder::GetI18nTemplateHtml(html, &strings);
}
diff --git a/chrome/browser/ssl/ssl_blocking_page.h b/chrome/browser/ssl/ssl_blocking_page.h
index 8ef9b28..dd282ad 100644
--- a/chrome/browser/ssl/ssl_blocking_page.h
+++ b/chrome/browser/ssl/ssl_blocking_page.h
@@ -33,7 +33,8 @@ class SSLBlockingPage : public InterstitialPage {
virtual void OnAllowCertificate(SSLCertErrorHandler* handler) = 0;
};
- SSLBlockingPage(SSLCertErrorHandler* handler, Delegate* delegate);
+ SSLBlockingPage(SSLCertErrorHandler* handler, Delegate* delegate,
+ bool overridable);
virtual ~SSLBlockingPage();
// A method that sets strings in the specified dictionary from the passed
@@ -66,6 +67,9 @@ class SSLBlockingPage : public InterstitialPage {
// A flag to indicate if we've notified |delegate_| of the user's decision.
bool delegate_has_been_notified_;
+ // Can the user override the certificate error?
+ bool overridable_;
+
DISALLOW_COPY_AND_ASSIGN(SSLBlockingPage);
};
diff --git a/chrome/browser/ssl/ssl_policy.cc b/chrome/browser/ssl/ssl_policy.cc
index 5f15772..7f3ad87 100644
--- a/chrome/browser/ssl/ssl_policy.cc
+++ b/chrome/browser/ssl/ssl_policy.cc
@@ -60,7 +60,7 @@ void SSLPolicy::OnCertError(SSLCertErrorHandler* handler) {
case net::ERR_CERT_DATE_INVALID:
case net::ERR_CERT_AUTHORITY_INVALID:
case net::ERR_CERT_WEAK_SIGNATURE_ALGORITHM:
- OnOverridableCertError(handler);
+ OnCertErrorInternal(handler, true);
break;
case net::ERR_CERT_NO_REVOCATION_MECHANISM:
// Ignore this error.
@@ -74,7 +74,7 @@ void SSLPolicy::OnCertError(SSLCertErrorHandler* handler) {
case net::ERR_CERT_CONTAINS_ERRORS:
case net::ERR_CERT_REVOKED:
case net::ERR_CERT_INVALID:
- OnFatalCertError(handler);
+ OnCertErrorInternal(handler, false);
break;
default:
NOTREACHED();
@@ -184,7 +184,8 @@ void SSLPolicy::OnAllowCertificate(SSLCertErrorHandler* handler) {
////////////////////////////////////////////////////////////////////////////////
// Certificate Error Routines
-void SSLPolicy::OnOverridableCertError(SSLCertErrorHandler* handler) {
+void SSLPolicy::OnCertErrorInternal(SSLCertErrorHandler* handler,
+ bool overridable) {
if (handler->resource_type() != ResourceType::MAIN_FRAME) {
// A sub-resource has a certificate error. The user doesn't really
// have a context for making the right decision, so block the
@@ -193,64 +194,11 @@ void SSLPolicy::OnOverridableCertError(SSLCertErrorHandler* handler) {
handler->DenyRequest();
return;
}
- // We need to ask the user to approve this certificate.
- SSLBlockingPage* blocking_page = new SSLBlockingPage(handler, this);
+ SSLBlockingPage* blocking_page = new SSLBlockingPage(handler, this,
+ overridable);
blocking_page->Show();
}
-void SSLPolicy::OnFatalCertError(SSLCertErrorHandler* handler) {
- if (handler->resource_type() != ResourceType::MAIN_FRAME) {
- handler->DenyRequest();
- return;
- }
- handler->CancelRequest();
- ShowErrorPage(handler);
- // No need to degrade our security indicators because we didn't continue.
-}
-
-void SSLPolicy::ShowErrorPage(SSLCertErrorHandler* handler) {
- SSLErrorInfo error_info = GetSSLErrorInfo(handler);
-
- // Let's build the html error page.
- DictionaryValue strings;
- strings.SetString(L"title", l10n_util::GetString(IDS_SSL_ERROR_PAGE_TITLE));
- strings.SetString(L"headLine", error_info.title());
- strings.SetString(L"description", error_info.details());
- strings.SetString(L"moreInfoTitle",
- l10n_util::GetString(IDS_CERT_ERROR_EXTRA_INFO_TITLE));
- SSLBlockingPage::SetExtraInfo(&strings, error_info.extra_information());
-
- strings.SetString(L"back", l10n_util::GetString(IDS_SSL_ERROR_PAGE_BACK));
-
- strings.SetString(L"textdirection", base::i18n::IsRTL() ? L"rtl" : L"ltr");
-
- static const base::StringPiece html(
- ResourceBundle::GetSharedInstance().GetRawDataResource(
- IDR_SSL_ERROR_HTML));
-
- std::string html_text(jstemplate_builder::GetI18nTemplateHtml(html,
- &strings));
-
- TabContents* tab = handler->GetTabContents();
- int cert_id = CertStore::GetSharedInstance()->StoreCert(
- handler->ssl_info().cert,
- tab->render_view_host()->process()->id());
- std::string security_info =
- SSLManager::SerializeSecurityInfo(cert_id,
- handler->ssl_info().cert_status,
- handler->ssl_info().security_bits);
- tab->render_view_host()->LoadAlternateHTMLString(html_text,
- true,
- handler->request_url(),
- security_info);
-
- // TODO(jcampan): we may want to set the navigation entry type to
- // PageType::ERROR_PAGE. The navigation entry is not available at this point,
- // it is created when the renderer receives a DidNavigate (triggered by the
- // LoadAlternateHTMLString above). We'd probably need to pass the page type
- // along with the security_info.
-}
-
void SSLPolicy::InitializeEntryIfNeeded(NavigationEntry* entry) {
if (entry->ssl().security_style() != SECURITY_STYLE_UNKNOWN)
return;
diff --git a/chrome/browser/ssl/ssl_policy.h b/chrome/browser/ssl/ssl_policy.h
index 5a4b822..bd30df5 100644
--- a/chrome/browser/ssl/ssl_policy.h
+++ b/chrome/browser/ssl/ssl_policy.h
@@ -47,18 +47,12 @@ class SSLPolicy : public SSLBlockingPage::Delegate {
virtual void OnAllowCertificate(SSLCertErrorHandler* handler);
private:
- // Helper method for derived classes handling certificate errors that can be
- // overridden by the user.
- // Show a blocking page and let the user continue or cancel the request.
- void OnOverridableCertError(SSLCertErrorHandler* handler);
-
- // Helper method for derived classes handling fatal certificate errors.
- // Cancel the request and show an error page.
- void OnFatalCertError(SSLCertErrorHandler* handler);
-
- // Show an error page for this certificate error. This error page does not
- // give the user the opportunity to ingore the error.
- void ShowErrorPage(SSLCertErrorHandler* handler);
+ // Helper method for derived classes handling certificate errors.
+ // If the error can be overridden by the user, pass overriable=true, which
+ // shows a blocking page and lets the user continue or cancel the request.
+ // For fatal certificate errors, pass overridable=false, which show an error
+ // page.
+ void OnCertErrorInternal(SSLCertErrorHandler* handler, bool overridable);
// If the security style of |entry| has not been initialized, then initialize
// it with the default style for its URL.
generated by cgit v1.1 at 2025-04-02 00:55:39 +0000