Home | History | Annotate | Download | only in ssl
      1 // Copyright (c) 2012 The Chromium Authors. All rights reserved.
      2 // Use of this source code is governed by a BSD-style license that can be
      3 // found in the LICENSE file.
      4 
      5 #include "content/browser/ssl/ssl_manager.h"
      6 
      7 #include <set>
      8 
      9 #include "base/bind.h"
     10 #include "base/strings/utf_string_conversions.h"
     11 #include "base/supports_user_data.h"
     12 #include "content/browser/frame_host/navigation_entry_impl.h"
     13 #include "content/browser/loader/resource_dispatcher_host_impl.h"
     14 #include "content/browser/loader/resource_request_info_impl.h"
     15 #include "content/browser/ssl/ssl_cert_error_handler.h"
     16 #include "content/browser/ssl/ssl_policy.h"
     17 #include "content/browser/ssl/ssl_request_info.h"
     18 #include "content/browser/web_contents/web_contents_impl.h"
     19 #include "content/common/ssl_status_serialization.h"
     20 #include "content/public/browser/browser_context.h"
     21 #include "content/public/browser/browser_thread.h"
     22 #include "content/public/browser/load_from_memory_cache_details.h"
     23 #include "content/public/browser/navigation_details.h"
     24 #include "content/public/browser/resource_request_details.h"
     25 #include "content/public/common/ssl_status.h"
     26 #include "net/url_request/url_request.h"
     27 
     28 namespace content {
     29 
     30 namespace {
     31 
     32 const char kSSLManagerKeyName[] = "content_ssl_manager";
     33 
     34 class SSLManagerSet : public base::SupportsUserData::Data {
     35  public:
     36   SSLManagerSet() {
     37   }
     38 
     39   std::set<SSLManager*>& get() { return set_; }
     40 
     41  private:
     42   std::set<SSLManager*> set_;
     43 
     44   DISALLOW_COPY_AND_ASSIGN(SSLManagerSet);
     45 };
     46 
     47 }  // namespace
     48 
     49 // static
     50 void SSLManager::OnSSLCertificateError(
     51     const base::WeakPtr<SSLErrorHandler::Delegate>& delegate,
     52     const GlobalRequestID& id,
     53     const ResourceType::Type resource_type,
     54     const GURL& url,
     55     int render_process_id,
     56     int render_view_id,
     57     const net::SSLInfo& ssl_info,
     58     bool fatal) {
     59   DCHECK(delegate.get());
     60   DVLOG(1) << "OnSSLCertificateError() cert_error: "
     61            << net::MapCertStatusToNetError(ssl_info.cert_status) << " id: "
     62            << id.child_id << "," << id.request_id << " resource_type: "
     63            << resource_type << " url: " << url.spec() << " render_process_id: "
     64            << render_process_id << " render_view_id: " << render_view_id
     65            << " cert_status: " << std::hex << ssl_info.cert_status;
     66 
     67   // A certificate error occurred.  Construct a SSLCertErrorHandler object and
     68   // hand it over to the UI thread for processing.
     69   BrowserThread::PostTask(
     70       BrowserThread::UI, FROM_HERE,
     71       base::Bind(&SSLCertErrorHandler::Dispatch,
     72                  new SSLCertErrorHandler(delegate,
     73                                          id,
     74                                          resource_type,
     75                                          url,
     76                                          render_process_id,
     77                                          render_view_id,
     78                                          ssl_info,
     79                                          fatal)));
     80 }
     81 
     82 // static
     83 void SSLManager::NotifySSLInternalStateChanged(BrowserContext* context) {
     84   SSLManagerSet* managers = static_cast<SSLManagerSet*>(
     85       context->GetUserData(kSSLManagerKeyName));
     86 
     87   for (std::set<SSLManager*>::iterator i = managers->get().begin();
     88        i != managers->get().end(); ++i) {
     89     (*i)->UpdateEntry(NavigationEntryImpl::FromNavigationEntry(
     90                           (*i)->controller()->GetLastCommittedEntry()));
     91   }
     92 }
     93 
     94 SSLManager::SSLManager(NavigationControllerImpl* controller)
     95     : backend_(controller),
     96       policy_(new SSLPolicy(&backend_)),
     97       controller_(controller) {
     98   DCHECK(controller_);
     99 
    100   SSLManagerSet* managers = static_cast<SSLManagerSet*>(
    101       controller_->GetBrowserContext()->GetUserData(kSSLManagerKeyName));
    102   if (!managers) {
    103     managers = new SSLManagerSet;
    104     controller_->GetBrowserContext()->SetUserData(kSSLManagerKeyName, managers);
    105   }
    106   managers->get().insert(this);
    107 }
    108 
    109 SSLManager::~SSLManager() {
    110   SSLManagerSet* managers = static_cast<SSLManagerSet*>(
    111       controller_->GetBrowserContext()->GetUserData(kSSLManagerKeyName));
    112   managers->get().erase(this);
    113 }
    114 
    115 void SSLManager::DidCommitProvisionalLoad(const LoadCommittedDetails& details) {
    116   NavigationEntryImpl* entry =
    117       NavigationEntryImpl::FromNavigationEntry(
    118           controller_->GetLastCommittedEntry());
    119 
    120   if (details.is_main_frame) {
    121     if (entry) {
    122       // Decode the security details.
    123       int ssl_cert_id;
    124       net::CertStatus ssl_cert_status;
    125       int ssl_security_bits;
    126       int ssl_connection_status;
    127       SignedCertificateTimestampIDStatusList
    128           ssl_signed_certificate_timestamp_ids;
    129       DeserializeSecurityInfo(details.serialized_security_info,
    130                               &ssl_cert_id,
    131                               &ssl_cert_status,
    132                               &ssl_security_bits,
    133                               &ssl_connection_status,
    134                               &ssl_signed_certificate_timestamp_ids);
    135 
    136       // We may not have an entry if this is a navigation to an initial blank
    137       // page. Reset the SSL information and add the new data we have.
    138       entry->GetSSL() = SSLStatus();
    139       entry->GetSSL().cert_id = ssl_cert_id;
    140       entry->GetSSL().cert_status = ssl_cert_status;
    141       entry->GetSSL().security_bits = ssl_security_bits;
    142       entry->GetSSL().connection_status = ssl_connection_status;
    143       entry->GetSSL().signed_certificate_timestamp_ids =
    144           ssl_signed_certificate_timestamp_ids;
    145     }
    146   }
    147 
    148   UpdateEntry(entry);
    149 }
    150 
    151 void SSLManager::DidDisplayInsecureContent() {
    152   UpdateEntry(
    153       NavigationEntryImpl::FromNavigationEntry(
    154           controller_->GetLastCommittedEntry()));
    155 }
    156 
    157 void SSLManager::DidRunInsecureContent(const std::string& security_origin) {
    158   NavigationEntryImpl* navigation_entry =
    159       NavigationEntryImpl::FromNavigationEntry(
    160           controller_->GetLastCommittedEntry());
    161   policy()->DidRunInsecureContent(navigation_entry, security_origin);
    162   UpdateEntry(navigation_entry);
    163 }
    164 
    165 void SSLManager::DidLoadFromMemoryCache(
    166     const LoadFromMemoryCacheDetails& details) {
    167   // Simulate loading this resource through the usual path.
    168   // Note that we specify SUB_RESOURCE as the resource type as WebCore only
    169   // caches sub-resources.
    170   // This resource must have been loaded with no filtering because filtered
    171   // resouces aren't cachable.
    172   scoped_refptr<SSLRequestInfo> info(new SSLRequestInfo(
    173       details.url,
    174       ResourceType::SUB_RESOURCE,
    175       details.pid,
    176       details.cert_id,
    177       details.cert_status));
    178 
    179   // Simulate loading this resource through the usual path.
    180   policy()->OnRequestStarted(info.get());
    181 }
    182 
    183 void SSLManager::DidStartResourceResponse(
    184     const ResourceRequestDetails& details) {
    185   scoped_refptr<SSLRequestInfo> info(new SSLRequestInfo(
    186       details.url,
    187       details.resource_type,
    188       details.origin_child_id,
    189       details.ssl_cert_id,
    190       details.ssl_cert_status));
    191 
    192   // Notify our policy that we started a resource request.  Ideally, the
    193   // policy should have the ability to cancel the request, but we can't do
    194   // that yet.
    195   policy()->OnRequestStarted(info.get());
    196 }
    197 
    198 void SSLManager::DidReceiveResourceRedirect(
    199     const ResourceRedirectDetails& details) {
    200   // TODO(abarth): Make sure our redirect behavior is correct.  If we ever see a
    201   //               non-HTTPS resource in the redirect chain, we want to trigger
    202   //               insecure content, even if the redirect chain goes back to
    203   //               HTTPS.  This is because the network attacker can redirect the
    204   //               HTTP request to https://attacker.com/payload.js.
    205 }
    206 
    207 void SSLManager::UpdateEntry(NavigationEntryImpl* entry) {
    208   // We don't always have a navigation entry to update, for example in the
    209   // case of the Web Inspector.
    210   if (!entry)
    211     return;
    212 
    213   SSLStatus original_ssl_status = entry->GetSSL();  // Copy!
    214 
    215   WebContentsImpl* contents =
    216       static_cast<WebContentsImpl*>(controller_->delegate()->GetWebContents());
    217   policy()->UpdateEntry(entry, contents);
    218 
    219   if (!entry->GetSSL().Equals(original_ssl_status))
    220     contents->DidChangeVisibleSSLState();
    221 }
    222 
    223 }  // namespace content
    224