1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. 2 // Use of this source code is governed by a BSD-style license that can be 3 // found in the LICENSE file. 4 5 #include "content/browser/ssl/ssl_manager.h" 6 7 #include <set> 8 9 #include "base/bind.h" 10 #include "base/strings/utf_string_conversions.h" 11 #include "base/supports_user_data.h" 12 #include "content/browser/frame_host/navigation_entry_impl.h" 13 #include "content/browser/loader/resource_dispatcher_host_impl.h" 14 #include "content/browser/loader/resource_request_info_impl.h" 15 #include "content/browser/ssl/ssl_cert_error_handler.h" 16 #include "content/browser/ssl/ssl_policy.h" 17 #include "content/browser/ssl/ssl_request_info.h" 18 #include "content/browser/web_contents/web_contents_impl.h" 19 #include "content/common/ssl_status_serialization.h" 20 #include "content/public/browser/browser_context.h" 21 #include "content/public/browser/browser_thread.h" 22 #include "content/public/browser/load_from_memory_cache_details.h" 23 #include "content/public/browser/navigation_details.h" 24 #include "content/public/browser/resource_request_details.h" 25 #include "content/public/common/ssl_status.h" 26 #include "net/url_request/url_request.h" 27 28 namespace content { 29 30 namespace { 31 32 const char kSSLManagerKeyName[] = "content_ssl_manager"; 33 34 class SSLManagerSet : public base::SupportsUserData::Data { 35 public: 36 SSLManagerSet() { 37 } 38 39 std::set<SSLManager*>& get() { return set_; } 40 41 private: 42 std::set<SSLManager*> set_; 43 44 DISALLOW_COPY_AND_ASSIGN(SSLManagerSet); 45 }; 46 47 } // namespace 48 49 // static 50 void SSLManager::OnSSLCertificateError( 51 const base::WeakPtr<SSLErrorHandler::Delegate>& delegate, 52 const GlobalRequestID& id, 53 const ResourceType::Type resource_type, 54 const GURL& url, 55 int render_process_id, 56 int render_view_id, 57 const net::SSLInfo& ssl_info, 58 bool fatal) { 59 DCHECK(delegate.get()); 60 DVLOG(1) << "OnSSLCertificateError() cert_error: " 61 << net::MapCertStatusToNetError(ssl_info.cert_status) << " id: " 62 << id.child_id << "," << id.request_id << " resource_type: " 63 << resource_type << " url: " << url.spec() << " render_process_id: " 64 << render_process_id << " render_view_id: " << render_view_id 65 << " cert_status: " << std::hex << ssl_info.cert_status; 66 67 // A certificate error occurred. Construct a SSLCertErrorHandler object and 68 // hand it over to the UI thread for processing. 69 BrowserThread::PostTask( 70 BrowserThread::UI, FROM_HERE, 71 base::Bind(&SSLCertErrorHandler::Dispatch, 72 new SSLCertErrorHandler(delegate, 73 id, 74 resource_type, 75 url, 76 render_process_id, 77 render_view_id, 78 ssl_info, 79 fatal))); 80 } 81 82 // static 83 void SSLManager::NotifySSLInternalStateChanged(BrowserContext* context) { 84 SSLManagerSet* managers = static_cast<SSLManagerSet*>( 85 context->GetUserData(kSSLManagerKeyName)); 86 87 for (std::set<SSLManager*>::iterator i = managers->get().begin(); 88 i != managers->get().end(); ++i) { 89 (*i)->UpdateEntry(NavigationEntryImpl::FromNavigationEntry( 90 (*i)->controller()->GetLastCommittedEntry())); 91 } 92 } 93 94 SSLManager::SSLManager(NavigationControllerImpl* controller) 95 : backend_(controller), 96 policy_(new SSLPolicy(&backend_)), 97 controller_(controller) { 98 DCHECK(controller_); 99 100 SSLManagerSet* managers = static_cast<SSLManagerSet*>( 101 controller_->GetBrowserContext()->GetUserData(kSSLManagerKeyName)); 102 if (!managers) { 103 managers = new SSLManagerSet; 104 controller_->GetBrowserContext()->SetUserData(kSSLManagerKeyName, managers); 105 } 106 managers->get().insert(this); 107 } 108 109 SSLManager::~SSLManager() { 110 SSLManagerSet* managers = static_cast<SSLManagerSet*>( 111 controller_->GetBrowserContext()->GetUserData(kSSLManagerKeyName)); 112 managers->get().erase(this); 113 } 114 115 void SSLManager::DidCommitProvisionalLoad(const LoadCommittedDetails& details) { 116 NavigationEntryImpl* entry = 117 NavigationEntryImpl::FromNavigationEntry( 118 controller_->GetLastCommittedEntry()); 119 120 if (details.is_main_frame) { 121 if (entry) { 122 // Decode the security details. 123 int ssl_cert_id; 124 net::CertStatus ssl_cert_status; 125 int ssl_security_bits; 126 int ssl_connection_status; 127 SignedCertificateTimestampIDStatusList 128 ssl_signed_certificate_timestamp_ids; 129 DeserializeSecurityInfo(details.serialized_security_info, 130 &ssl_cert_id, 131 &ssl_cert_status, 132 &ssl_security_bits, 133 &ssl_connection_status, 134 &ssl_signed_certificate_timestamp_ids); 135 136 // We may not have an entry if this is a navigation to an initial blank 137 // page. Reset the SSL information and add the new data we have. 138 entry->GetSSL() = SSLStatus(); 139 entry->GetSSL().cert_id = ssl_cert_id; 140 entry->GetSSL().cert_status = ssl_cert_status; 141 entry->GetSSL().security_bits = ssl_security_bits; 142 entry->GetSSL().connection_status = ssl_connection_status; 143 entry->GetSSL().signed_certificate_timestamp_ids = 144 ssl_signed_certificate_timestamp_ids; 145 } 146 } 147 148 UpdateEntry(entry); 149 } 150 151 void SSLManager::DidDisplayInsecureContent() { 152 UpdateEntry( 153 NavigationEntryImpl::FromNavigationEntry( 154 controller_->GetLastCommittedEntry())); 155 } 156 157 void SSLManager::DidRunInsecureContent(const std::string& security_origin) { 158 NavigationEntryImpl* navigation_entry = 159 NavigationEntryImpl::FromNavigationEntry( 160 controller_->GetLastCommittedEntry()); 161 policy()->DidRunInsecureContent(navigation_entry, security_origin); 162 UpdateEntry(navigation_entry); 163 } 164 165 void SSLManager::DidLoadFromMemoryCache( 166 const LoadFromMemoryCacheDetails& details) { 167 // Simulate loading this resource through the usual path. 168 // Note that we specify SUB_RESOURCE as the resource type as WebCore only 169 // caches sub-resources. 170 // This resource must have been loaded with no filtering because filtered 171 // resouces aren't cachable. 172 scoped_refptr<SSLRequestInfo> info(new SSLRequestInfo( 173 details.url, 174 ResourceType::SUB_RESOURCE, 175 details.pid, 176 details.cert_id, 177 details.cert_status)); 178 179 // Simulate loading this resource through the usual path. 180 policy()->OnRequestStarted(info.get()); 181 } 182 183 void SSLManager::DidStartResourceResponse( 184 const ResourceRequestDetails& details) { 185 scoped_refptr<SSLRequestInfo> info(new SSLRequestInfo( 186 details.url, 187 details.resource_type, 188 details.origin_child_id, 189 details.ssl_cert_id, 190 details.ssl_cert_status)); 191 192 // Notify our policy that we started a resource request. Ideally, the 193 // policy should have the ability to cancel the request, but we can't do 194 // that yet. 195 policy()->OnRequestStarted(info.get()); 196 } 197 198 void SSLManager::DidReceiveResourceRedirect( 199 const ResourceRedirectDetails& details) { 200 // TODO(abarth): Make sure our redirect behavior is correct. If we ever see a 201 // non-HTTPS resource in the redirect chain, we want to trigger 202 // insecure content, even if the redirect chain goes back to 203 // HTTPS. This is because the network attacker can redirect the 204 // HTTP request to https://attacker.com/payload.js. 205 } 206 207 void SSLManager::UpdateEntry(NavigationEntryImpl* entry) { 208 // We don't always have a navigation entry to update, for example in the 209 // case of the Web Inspector. 210 if (!entry) 211 return; 212 213 SSLStatus original_ssl_status = entry->GetSSL(); // Copy! 214 215 WebContentsImpl* contents = 216 static_cast<WebContentsImpl*>(controller_->delegate()->GetWebContents()); 217 policy()->UpdateEntry(entry, contents); 218 219 if (!entry->GetSSL().Equals(original_ssl_status)) 220 contents->DidChangeVisibleSSLState(); 221 } 222 223 } // namespace content 224