1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301
302
303
304
305
306
307
308
309
310
311
312
313
314
315
316
317
318
319
320
321
322
323
324
325
326
327
328
329
330
331
332
333
334
335
336
337
338
339
340
341
342
343
344
345
346
347
348
349
350
351
352
353
354
355
356
357
358
359
360
361
362
363
364
365
366
367
368
369
370
371
372
373
374
375
376
377
378
379
380
381
382
383
384
385
386
387
388
389
390
391
392
393
394
395
396
397
398
399
400
401
402
403
404
405
406
407
408
409
410
411
412
413
414
415
416
417
418
419
420
421
422
423
424
425
426
427
428
429
430
431
432
433
434
435
436
437
438
439
440
441
442
443
444
445
446
447
448
449
450
451
452
453
454
455
456
457
458
459
460
461
462
463
464
465
466
467
468
469
470
471
472
473
474
475
476
477
478
479
480
481
482
483
484
485
486
487
488
489
490
491
492
493
494
495
496
497
498
499
500
501
502
503
504
505
506
507
508
509
510
511
512
513
514
515
516
517
518
519
520
521
522
523
524
525
526
527
528
529
530
531
532
533
534
535
536
537
538
539
540
541
542
543
544
545
546
547
|
// Copyright (c) 2006-2008 The Chromium Authors. All rights reserved.
// Use of this source code is governed by a BSD-style license that can be
// found in the LICENSE file.
#ifndef CHROME_BROWSER_SSL_SSL_MANAGER_H_
#define CHROME_BROWSER_SSL_SSL_MANAGER_H_
#include <string>
#include <map>
#include <vector>
#include "base/basictypes.h"
#include "base/observer_list.h"
#include "base/ref_counted.h"
#include "chrome/browser/renderer_host/resource_dispatcher_host.h"
#include "chrome/browser/tab_contents/provisional_load_details.h"
#include "chrome/browser/tab_contents/security_style.h"
#include "chrome/common/notification_observer.h"
#include "chrome/common/notification_registrar.h"
#include "googleurl/src/gurl.h"
#include "net/base/net_errors.h"
#include "net/base/ssl_info.h"
#include "net/base/x509_certificate.h"
#include "third_party/WebKit/WebKit/chromium/public/WebConsoleMessage.h"
#include "webkit/glue/resource_type.h"
class AutomationProvider;
class NavigationEntry;
class LoadFromMemoryCacheDetails;
class LoadNotificationDetails;
class NavigationController;
class PrefService;
class ResourceRedirectDetails;
class ResourceRequestDetails;
class SSLErrorInfo;
class SSLHostState;
class Task;
class URLRequest;
class WebContents;
// The SSLManager SSLManager controls the SSL UI elements in a TabContents. It
// listens for various events that influence when these elements should or
// should not be displayed and adjusts them accordingly.
//
// There is one SSLManager per tab.
// The security state (secure/insecure) is stored in the navigation entry.
// Along with it are stored any SSL error code and the associated cert.
class SSLManager : public NotificationObserver {
public:
class CertError;
// An ErrorHandler carries information from the IO thread to the UI thread
// and is dispatched to the appropriate SSLManager when it arrives on the
// UI thread. Subclasses should override the OnDispatched/OnDispatchFailed
// methods to implement the actions that should be taken on the UI thread.
// These methods can call the different convenience methods ContinueRequest/
// CancelRequest/StartRequest to perform any required action on the URLRequest
// the ErrorHandler was created with.
// IMPORTANT NOTE: if you are not doing anything in
// OnDispatched/OnDispatchFailed, make sure you call TakeNoAction(). This is
// necessary for ensuring the instance is not leaked.
class ErrorHandler : public base::RefCountedThreadSafe<ErrorHandler> {
public:
virtual ~ErrorHandler() { }
virtual CertError* AsCertError() { return NULL; }
// Find the appropriate SSLManager for the URLRequest and begin handling
// this error.
//
// Call on UI thread.
void Dispatch();
// Available on either thread.
const GURL& request_url() const { return request_url_; }
// Available on either thread.
ResourceType::Type resource_type() const { return resource_type_; }
// Available on either thread.
const std::string& frame_origin() const { return frame_origin_; }
// Available on either thread.
const std::string& main_frame_origin() const { return main_frame_origin_; }
// Call on the UI thread.
SSLManager* manager() const { return manager_; }
// Returns the WebContents this object is associated with. Should be
// called from the UI thread.
WebContents* GetWebContents();
// Cancels the associated URLRequest.
// This method can be called from OnDispatchFailed and OnDispatched.
void CancelRequest();
// Continue the URLRequest ignoring any previous errors. Note that some
// errors cannot be ignored, in which case this will result in the request
// being canceled.
// This method can be called from OnDispatchFailed and OnDispatched.
void ContinueRequest();
// Cancels the associated URLRequest and mark it as denied. The renderer
// processes such request in a special manner, optionally replacing them
// with alternate content (typically frames content is replaced with a
// warning message).
// This method can be called from OnDispatchFailed and OnDispatched.
void DenyRequest();
// Starts the associated URLRequest. |filter_policy| specifies whether the
// ResourceDispatcher should attempt to filter the loaded content in order
// to make it secure (ex: images are made slightly transparent and are
// stamped).
// Should only be called when the URLRequest has not already been started.
// This method can be called from OnDispatchFailed and OnDispatched.
void StartRequest(FilterPolicy::Type filter_policy);
// Does nothing on the URLRequest but ensures the current instance ref
// count is decremented appropriately. Subclasses that do not want to
// take any specific actions in their OnDispatched/OnDispatchFailed should
// call this.
void TakeNoAction();
protected:
// Construct on the IO thread.
ErrorHandler(ResourceDispatcherHost* resource_dispatcher_host,
URLRequest* request,
ResourceType::Type resource_type,
const std::string& frame_origin,
const std::string& main_frame_origin,
MessageLoop* ui_loop);
// The following 2 methods are the methods subclasses should implement.
virtual void OnDispatchFailed() { TakeNoAction(); }
// Can use the manager_ member.
virtual void OnDispatched() { TakeNoAction(); }
// We cache the message loops to be able to proxy events across the thread
// boundaries.
MessageLoop* ui_loop_;
MessageLoop* io_loop_;
// Should only be accessed on the UI thread.
SSLManager* manager_; // Our manager.
// The id of the URLRequest associated with this object.
// Should only be accessed from the IO thread.
ResourceDispatcherHost::GlobalRequestID request_id_;
// The ResourceDispatcherHost we are associated with.
ResourceDispatcherHost* resource_dispatcher_host_;
private:
// Completes the CancelRequest operation on the IO thread.
// Call on the IO thread.
void CompleteCancelRequest(int error);
// Completes the ContinueRequest operation on the IO thread.
//
// Call on the IO thread.
void CompleteContinueRequest();
// Completes the StartRequest operation on the IO thread.
// Call on the IO thread.
void CompleteStartRequest(FilterPolicy::Type filter_policy);
// Derefs this instance.
// Call on the IO thread.
void CompleteTakeNoAction();
// We use these members to find the correct SSLManager when we arrive on
// the UI thread.
int render_process_host_id_;
int tab_contents_id_;
// The URL that we requested.
// This read-only member can be accessed on any thread.
const GURL request_url_;
// What kind of resource is associated with the requested that generated
// that error.
// This read-only member can be accessed on any thread.
const ResourceType::Type resource_type_;
// The origin of the frame associated with this request.
// This read-only member can be accessed on any thread.
const std::string frame_origin_;
// The origin of the main frame associated with this request.
// This read-only member can be accessed on any thread.
const std::string main_frame_origin_;
// A flag to make sure we notify the URLRequest exactly once.
// Should only be accessed on the IO thread
bool request_has_been_notified_;
DISALLOW_COPY_AND_ASSIGN(ErrorHandler);
};
// A CertError represents an error that occurred with the certificate in an
// SSL session. A CertError object exists both on the IO thread and on the UI
// thread and allows us to cancel/continue a request it is associated with.
class CertError : public ErrorHandler {
public:
virtual CertError* AsCertError() { return this; }
// These accessors are available on either thread
const net::SSLInfo& ssl_info() const { return ssl_info_; }
int cert_error() const { return cert_error_; }
private:
// SSLManager is responsible for creating CertError objects.
friend class SSLManager;
// Construct on the IO thread.
// We mark this method as private because it is tricky to correctly
// construct a CertError object.
CertError(ResourceDispatcherHost* resource_dispatcher_host,
URLRequest* request,
ResourceType::Type resource_type,
const std::string& frame_origin,
const std::string& main_frame_origin,
int cert_error,
net::X509Certificate* cert,
MessageLoop* ui_loop);
// ErrorHandler methods
virtual void OnDispatchFailed() { CancelRequest(); }
virtual void OnDispatched() { manager_->OnCertError(this); }
// These read-only members can be accessed on any thread.
net::SSLInfo ssl_info_;
const int cert_error_; // The error we represent.
DISALLOW_COPY_AND_ASSIGN(CertError);
};
// The MixedContentHandler class is used to query what to do with
// mixed content, from the IO thread to the UI thread.
class MixedContentHandler : public ErrorHandler {
public:
// Created on the IO thread.
MixedContentHandler(ResourceDispatcherHost* rdh,
URLRequest* request,
ResourceType::Type resource_type,
const std::string& frame_origin,
const std::string& main_frame_origin,
MessageLoop* ui_loop)
: ErrorHandler(rdh, request, resource_type, frame_origin,
main_frame_origin, ui_loop) { }
protected:
virtual void OnDispatchFailed() { TakeNoAction(); }
virtual void OnDispatched() { manager()->OnMixedContent(this); }
private:
DISALLOW_COPY_AND_ASSIGN(MixedContentHandler);
};
// RequestInfo wraps up the information SSLPolicy needs about a request in
// order to update our security IU. RequestInfo is RefCounted in case we need
// to deal with the request asynchronously.
class RequestInfo : public base::RefCounted<RequestInfo> {
public:
RequestInfo(SSLManager* manager,
const GURL& url,
ResourceType::Type resource_type,
const std::string& frame_origin,
const std::string& main_frame_origin,
FilterPolicy::Type filter_policy,
int ssl_cert_id,
int ssl_cert_status)
: manager_(manager),
url_(url),
resource_type_(resource_type),
frame_origin_(frame_origin),
main_frame_origin_(main_frame_origin),
filter_policy_(filter_policy),
ssl_cert_id_(ssl_cert_id),
ssl_cert_status_(ssl_cert_status) {
}
SSLManager* manager() const { return manager_; }
const GURL& url() const { return url_; }
ResourceType::Type resource_type() const { return resource_type_; }
const std::string& frame_origin() const { return frame_origin_; }
const std::string& main_frame_origin() const { return main_frame_origin_; }
FilterPolicy::Type filter_policy() const { return filter_policy_; }
int ssl_cert_id() const { return ssl_cert_id_; }
int ssl_cert_status() const { return ssl_cert_status_; }
private:
SSLManager* manager_;
GURL url_;
ResourceType::Type resource_type_;
std::string frame_origin_;
std::string main_frame_origin_;
FilterPolicy::Type filter_policy_;
int ssl_cert_id_;
int ssl_cert_status_;
DISALLOW_COPY_AND_ASSIGN(RequestInfo);
};
// The SSLManager will ask its delegate to decide how to handle events
// relevant to SSL. Delegates are expected to be stateless and intended to be
// easily implementable.
//
// Delegates should interact with the rest of the browser only through their
// parameters and through the delegate API of the SSLManager.
//
// If a delegate needs to do something tricky, consider having the SSLManager
// do it instead.
class Delegate {
public:
// An error occurred with the certificate in an SSL connection.
virtual void OnCertError(CertError* error) = 0;
// A request for a mixed-content resource was made. Note that the resource
// request was not started yet and the delegate is responsible for starting
// it.
virtual void OnMixedContent(MixedContentHandler* handler) = 0;
// We have started a resource request with the given info.
virtual void OnRequestStarted(RequestInfo* info) = 0;
// Update the SSL information in |entry| to match the current state.
virtual void UpdateEntry(SSLManager* manager, NavigationEntry* entry) = 0;
};
static void RegisterUserPrefs(PrefService* prefs);
// Construct an SSLManager for the specified tab.
// If |delegate| is NULL, SSLPolicy::GetDefaultPolicy() is used.
SSLManager(NavigationController* controller, Delegate* delegate);
~SSLManager();
//////////////////////////////////////////////////////////////////////////////
// Delegate API
//
// The SSL manager expects these methods to be called by its delegate. They
// exist to make Delegates easy to implement.
// Ensure that the specified message is displayed to the user. This will
// display an InfoBar at the top of the associated tab.
void ShowMessage(const std::wstring& msg);
// Same as ShowMessage but also contains a link that when clicked run the
// specified task. The SSL Manager becomes the owner of the task.
void ShowMessageWithLink(const std::wstring& msg,
const std::wstring& link_text,
Task* task);
// Records that a host is "broken," that is, the origin for that host has been
// contaminated with insecure content, either via HTTP or via HTTPS with a
// bad certificate.
void MarkHostAsBroken(const std::string& host);
// Returns whether the specified host was marked as broken.
bool DidMarkHostAsBroken(const std::string& host) const;
// Sets the maximum security style for the page. If the current security
// style is lower than |style|, this will not have an effect on the security
// indicators.
//
// It will return true if the navigation entry was updated or false if
// nothing changed. The caller is responsible for broadcasting
// NOTIFY_SSY_STATE_CHANGED if it returns true.
bool SetMaxSecurityStyle(SecurityStyle style);
// Logs a message to the console of the page.
void AddMessageToConsole(const string16& message,
const WebKit::WebConsoleMessage::Level&);
// Records that |cert| is permitted to be used for |host| in the future.
void DenyCertForHost(net::X509Certificate* cert, const std::string& host);
// Records that |cert| is not permitted to be used for |host| in the future.
void AllowCertForHost(net::X509Certificate* cert, const std::string& host);
// Queries whether |cert| is allowed or denied for |host|.
net::X509Certificate::Policy::Judgment QueryPolicy(
net::X509Certificate* cert, const std::string& host);
// Allow mixed content to be visible (non filtered).
void AllowMixedContentForHost(const std::string& host);
// Returns whether the specified host is allowed to show mixed content.
bool DidAllowMixedContentForHost(const std::string& host) const;
//
//////////////////////////////////////////////////////////////////////////////
// The delegate of the SSLManager. This value may be changed at any time,
// but it is not permissible for it to be NULL.
Delegate* delegate() const { return delegate_; }
void set_delegate(Delegate* delegate) { delegate_ = delegate; }
// Entry point for SSLCertificateErrors. This function begins the process
// of resolving a certificate error during an SSL connection. SSLManager
// will adjust the security UI and either call |Cancel| or
// |ContinueDespiteLastError| on the URLRequest.
//
// Called on the IO thread.
static void OnSSLCertificateError(ResourceDispatcherHost* resource_dispatcher,
URLRequest* request,
int cert_error,
net::X509Certificate* cert,
MessageLoop* ui_loop);
// Called before a URL request is about to be started. Returns false if the
// resource request should be delayed while we figure out what to do. We use
// this function as the entry point for our mixed content detection.
//
// TODO(jcampan): Implement a way to just cancel the request. This is not
// straight-forward as canceling a request that has not been started will
// not remove from the pending_requests_ of the ResourceDispatcherHost.
// Called on the IO thread.
static bool ShouldStartRequest(ResourceDispatcherHost* resource_dispatcher,
URLRequest* request,
MessageLoop* ui_loop);
// Called by CertError::Dispatch to kick off processing of the cert error by
// the SSL manager. The error originated from the ResourceDispatcherHost.
//
// Called on the UI thread.
void OnCertError(CertError* error);
// Called by MixedContentHandler::Dispatch to kick off processing of the
// mixed-content resource request. The info originated from the
// ResourceDispatcherHost.
//
// Called on the UI thread.
void OnMixedContent(MixedContentHandler* handler);
// Entry point for navigation. This function begins the process of updating
// the security UI when the main frame navigates to a new URL.
//
// Called on the UI thread.
virtual void Observe(NotificationType type,
const NotificationSource& source,
const NotificationDetails& details);
// This entry point is called directly (instead of via the notification
// service) because we need more precise control of the order in which folks
// are notified of this event.
void DidCommitProvisionalLoad(const NotificationDetails& details);
// Called to determine if there were any processed SSL errors from request.
bool ProcessedSSLErrorFromRequest() const;
// The navigation controller associated with this SSLManager. The
// NavigationController is guaranteed to outlive the SSLManager.
NavigationController* controller() { return controller_; }
// Convenience methods for serializing/deserializing the security info.
static std::string SerializeSecurityInfo(int cert_id,
int cert_status,
int security_bits);
static bool DeserializeSecurityInfo(const std::string& state,
int* cert_id,
int* cert_status,
int* security_bits);
// Sets |short_name| to <organization_name> [<country>] and |ca_name|
// to something like:
// "Verified by <issuer_organization_name>"
static bool GetEVCertNames(const net::X509Certificate& cert,
std::wstring* short_name,
std::wstring* ca_name);
private:
// SSLMessageInfo contains the information necessary for displaying a message
// in an info-bar.
struct SSLMessageInfo {
public:
explicit SSLMessageInfo(const std::wstring& text)
: message(text),
action(NULL) { }
SSLMessageInfo(const std::wstring& message,
const std::wstring& link_text,
Task* action)
: message(message), link_text(link_text), action(action) { }
// Overridden so that std::find works.
bool operator==(const std::wstring& other_message) const {
// We are uniquing SSLMessageInfo by their message only.
return message == other_message;
}
std::wstring message;
std::wstring link_text;
Task* action;
};
// Entry points for notifications to which we subscribe. Note that
// DidCommitProvisionalLoad uses the abstract NotificationDetails type since
// the type we need is in NavigationController which would create a circular
// header file dependency.
void DidLoadFromMemoryCache(LoadFromMemoryCacheDetails* details);
void DidFailProvisionalLoadWithError(ProvisionalLoadDetails* details);
void DidStartResourceResponse(ResourceRequestDetails* details);
void DidReceiveResourceRedirect(ResourceRedirectDetails* details);
void DidChangeSSLInternalState();
// Dispatch NotificationType::SSL_INTERNAL_STATE_CHANGED notification.
void DispatchSSLInternalStateChanged();
// Dispatch NotificationType::SSL_VISIBLE_STATE_CHANGED notification.
void DispatchSSLVisibleStateChanged();
// Update the NavigationEntry with our current state.
void UpdateEntry(NavigationEntry* entry);
// Shows the pending messages (in info-bars) if any.
void ShowPendingMessages();
// Clears any pending messages.
void ClearPendingMessages();
// Our delegate. The delegate is responsible for making policy decisions.
// Must not be NULL.
Delegate* delegate_;
// The NavigationController that owns this SSLManager. We are responsible
// for the security UI of this tab.
NavigationController* controller_;
// Handles registering notifications with the NotificationService.
NotificationRegistrar registrar_;
// SSL state specific for each host.
SSLHostState* ssl_host_state_;
// The list of messages that should be displayed (in info bars) when the page
// currently loading had loaded.
std::vector<SSLMessageInfo> pending_messages_;
DISALLOW_COPY_AND_ASSIGN(SSLManager);
};
#endif // CHROME_BROWSER_SSL_SSL_MANAGER_H_
|
