1ddb351dbec246cf1fab5ec20d2d5520909041de1Kristian Monsen// Copyright (c) 2011 The Chromium Authors. All rights reserved. 2c407dc5cd9bdc5668497f21b26b09d988ab439deBen Murdoch// Use of this source code is governed by a BSD-style license that can be 3c407dc5cd9bdc5668497f21b26b09d988ab439deBen Murdoch// found in the LICENSE file. 4c407dc5cd9bdc5668497f21b26b09d988ab439deBen Murdoch 5c407dc5cd9bdc5668497f21b26b09d988ab439deBen Murdoch#ifndef CHROME_BROWSER_SSL_SSL_MANAGER_H_ 6c407dc5cd9bdc5668497f21b26b09d988ab439deBen Murdoch#define CHROME_BROWSER_SSL_SSL_MANAGER_H_ 73345a6884c488ff3a535c2c9acdd33d74b37e311Iain Merrick#pragma once 8c407dc5cd9bdc5668497f21b26b09d988ab439deBen Murdoch 9c407dc5cd9bdc5668497f21b26b09d988ab439deBen Murdoch#include <string> 10c407dc5cd9bdc5668497f21b26b09d988ab439deBen Murdoch 11c407dc5cd9bdc5668497f21b26b09d988ab439deBen Murdoch#include "base/basictypes.h" 12ddb351dbec246cf1fab5ec20d2d5520909041de1Kristian Monsen#include "base/memory/scoped_ptr.h" 133f50c38dc070f4bb515c1b64450dae14f316474eKristian Monsen#include "base/string16.h" 14c407dc5cd9bdc5668497f21b26b09d988ab439deBen Murdoch#include "chrome/browser/ssl/ssl_policy_backend.h" 15ddb351dbec246cf1fab5ec20d2d5520909041de1Kristian Monsen#include "content/common/notification_observer.h" 16ddb351dbec246cf1fab5ec20d2d5520909041de1Kristian Monsen#include "content/common/notification_registrar.h" 17c407dc5cd9bdc5668497f21b26b09d988ab439deBen Murdoch#include "googleurl/src/gurl.h" 18c407dc5cd9bdc5668497f21b26b09d988ab439deBen Murdoch#include "net/base/net_errors.h" 19c407dc5cd9bdc5668497f21b26b09d988ab439deBen Murdoch 20c407dc5cd9bdc5668497f21b26b09d988ab439deBen Murdochclass LoadFromMemoryCacheDetails; 21c407dc5cd9bdc5668497f21b26b09d988ab439deBen Murdochclass NavigationController; 22c407dc5cd9bdc5668497f21b26b09d988ab439deBen Murdochclass NavigationEntry; 23c407dc5cd9bdc5668497f21b26b09d988ab439deBen Murdochclass ProvisionalLoadDetails; 24c407dc5cd9bdc5668497f21b26b09d988ab439deBen Murdochclass ResourceDispatcherHost; 25c407dc5cd9bdc5668497f21b26b09d988ab439deBen Murdochclass ResourceRedirectDetails; 26c407dc5cd9bdc5668497f21b26b09d988ab439deBen Murdochclass ResourceRequestDetails; 27c407dc5cd9bdc5668497f21b26b09d988ab439deBen Murdochclass SSLPolicy; 28201ade2fbba22bfb27ae029f4d23fca6ded109a0Ben Murdoch 29201ade2fbba22bfb27ae029f4d23fca6ded109a0Ben Murdochnamespace net { 30c407dc5cd9bdc5668497f21b26b09d988ab439deBen Murdochclass URLRequest; 31201ade2fbba22bfb27ae029f4d23fca6ded109a0Ben Murdoch} // namespace net 32c407dc5cd9bdc5668497f21b26b09d988ab439deBen Murdoch 33c407dc5cd9bdc5668497f21b26b09d988ab439deBen Murdoch// The SSLManager SSLManager controls the SSL UI elements in a TabContents. It 34c407dc5cd9bdc5668497f21b26b09d988ab439deBen Murdoch// listens for various events that influence when these elements should or 35c407dc5cd9bdc5668497f21b26b09d988ab439deBen Murdoch// should not be displayed and adjusts them accordingly. 36c407dc5cd9bdc5668497f21b26b09d988ab439deBen Murdoch// 37c407dc5cd9bdc5668497f21b26b09d988ab439deBen Murdoch// There is one SSLManager per tab. 38c407dc5cd9bdc5668497f21b26b09d988ab439deBen Murdoch// The security state (secure/insecure) is stored in the navigation entry. 39c407dc5cd9bdc5668497f21b26b09d988ab439deBen Murdoch// Along with it are stored any SSL error code and the associated cert. 40c407dc5cd9bdc5668497f21b26b09d988ab439deBen Murdoch 41c407dc5cd9bdc5668497f21b26b09d988ab439deBen Murdochclass SSLManager : public NotificationObserver { 42c407dc5cd9bdc5668497f21b26b09d988ab439deBen Murdoch public: 43c407dc5cd9bdc5668497f21b26b09d988ab439deBen Murdoch // Entry point for SSLCertificateErrors. This function begins the process 44c407dc5cd9bdc5668497f21b26b09d988ab439deBen Murdoch // of resolving a certificate error during an SSL connection. SSLManager 45c407dc5cd9bdc5668497f21b26b09d988ab439deBen Murdoch // will adjust the security UI and either call |Cancel| or 4621d179b334e59e9a3bfcaed4c4430bef1bc5759dKristian Monsen // |ContinueDespiteLastError| on the net::URLRequest. 47c407dc5cd9bdc5668497f21b26b09d988ab439deBen Murdoch // 48c407dc5cd9bdc5668497f21b26b09d988ab439deBen Murdoch // Called on the IO thread. 49c407dc5cd9bdc5668497f21b26b09d988ab439deBen Murdoch static void OnSSLCertificateError(ResourceDispatcherHost* resource_dispatcher, 50201ade2fbba22bfb27ae029f4d23fca6ded109a0Ben Murdoch net::URLRequest* request, 51c407dc5cd9bdc5668497f21b26b09d988ab439deBen Murdoch int cert_error, 52c407dc5cd9bdc5668497f21b26b09d988ab439deBen Murdoch net::X509Certificate* cert); 53c407dc5cd9bdc5668497f21b26b09d988ab439deBen Murdoch 54c407dc5cd9bdc5668497f21b26b09d988ab439deBen Murdoch // Called when SSL state for a host or tab changes. Broadcasts the 55c407dc5cd9bdc5668497f21b26b09d988ab439deBen Murdoch // SSL_INTERNAL_STATE_CHANGED notification. 56c407dc5cd9bdc5668497f21b26b09d988ab439deBen Murdoch static void NotifySSLInternalStateChanged(); 57c407dc5cd9bdc5668497f21b26b09d988ab439deBen Murdoch 58c407dc5cd9bdc5668497f21b26b09d988ab439deBen Murdoch // Convenience methods for serializing/deserializing the security info. 59c407dc5cd9bdc5668497f21b26b09d988ab439deBen Murdoch static std::string SerializeSecurityInfo(int cert_id, 60c407dc5cd9bdc5668497f21b26b09d988ab439deBen Murdoch int cert_status, 61c407dc5cd9bdc5668497f21b26b09d988ab439deBen Murdoch int security_bits, 62c407dc5cd9bdc5668497f21b26b09d988ab439deBen Murdoch int connection_status); 63c407dc5cd9bdc5668497f21b26b09d988ab439deBen Murdoch static bool DeserializeSecurityInfo(const std::string& state, 64c407dc5cd9bdc5668497f21b26b09d988ab439deBen Murdoch int* cert_id, 65c407dc5cd9bdc5668497f21b26b09d988ab439deBen Murdoch int* cert_status, 66c407dc5cd9bdc5668497f21b26b09d988ab439deBen Murdoch int* security_bits, 67c407dc5cd9bdc5668497f21b26b09d988ab439deBen Murdoch int* connection_status); 68c407dc5cd9bdc5668497f21b26b09d988ab439deBen Murdoch 69c407dc5cd9bdc5668497f21b26b09d988ab439deBen Murdoch // Returns "<organization_name> [<country>]". 703f50c38dc070f4bb515c1b64450dae14f316474eKristian Monsen static string16 GetEVCertName(const net::X509Certificate& cert); 71c407dc5cd9bdc5668497f21b26b09d988ab439deBen Murdoch 72c407dc5cd9bdc5668497f21b26b09d988ab439deBen Murdoch // Construct an SSLManager for the specified tab. 73c407dc5cd9bdc5668497f21b26b09d988ab439deBen Murdoch // If |delegate| is NULL, SSLPolicy::GetDefaultPolicy() is used. 74c407dc5cd9bdc5668497f21b26b09d988ab439deBen Murdoch explicit SSLManager(NavigationController* controller); 75c407dc5cd9bdc5668497f21b26b09d988ab439deBen Murdoch ~SSLManager(); 76c407dc5cd9bdc5668497f21b26b09d988ab439deBen Murdoch 77c407dc5cd9bdc5668497f21b26b09d988ab439deBen Murdoch SSLPolicy* policy() { return policy_.get(); } 78c407dc5cd9bdc5668497f21b26b09d988ab439deBen Murdoch SSLPolicyBackend* backend() { return &backend_; } 79c407dc5cd9bdc5668497f21b26b09d988ab439deBen Murdoch 80c407dc5cd9bdc5668497f21b26b09d988ab439deBen Murdoch // The navigation controller associated with this SSLManager. The 81c407dc5cd9bdc5668497f21b26b09d988ab439deBen Murdoch // NavigationController is guaranteed to outlive the SSLManager. 82c407dc5cd9bdc5668497f21b26b09d988ab439deBen Murdoch NavigationController* controller() { return controller_; } 83c407dc5cd9bdc5668497f21b26b09d988ab439deBen Murdoch 84c407dc5cd9bdc5668497f21b26b09d988ab439deBen Murdoch // This entry point is called directly (instead of via the notification 85c407dc5cd9bdc5668497f21b26b09d988ab439deBen Murdoch // service) because we need more precise control of the order in which folks 86c407dc5cd9bdc5668497f21b26b09d988ab439deBen Murdoch // are notified of this event. 87c407dc5cd9bdc5668497f21b26b09d988ab439deBen Murdoch void DidCommitProvisionalLoad(const NotificationDetails& details); 88c407dc5cd9bdc5668497f21b26b09d988ab439deBen Murdoch 89c407dc5cd9bdc5668497f21b26b09d988ab439deBen Murdoch // Insecure content entry point. 90c407dc5cd9bdc5668497f21b26b09d988ab439deBen Murdoch void DidRunInsecureContent(const std::string& security_origin); 91c407dc5cd9bdc5668497f21b26b09d988ab439deBen Murdoch 92c407dc5cd9bdc5668497f21b26b09d988ab439deBen Murdoch // Called to determine if there were any processed SSL errors from request. 93c407dc5cd9bdc5668497f21b26b09d988ab439deBen Murdoch bool ProcessedSSLErrorFromRequest() const; 94c407dc5cd9bdc5668497f21b26b09d988ab439deBen Murdoch 95c407dc5cd9bdc5668497f21b26b09d988ab439deBen Murdoch // Entry point for navigation. This function begins the process of updating 96c407dc5cd9bdc5668497f21b26b09d988ab439deBen Murdoch // the security UI when the main frame navigates to a new URL. 97c407dc5cd9bdc5668497f21b26b09d988ab439deBen Murdoch // 98c407dc5cd9bdc5668497f21b26b09d988ab439deBen Murdoch // Called on the UI thread. 99c407dc5cd9bdc5668497f21b26b09d988ab439deBen Murdoch virtual void Observe(NotificationType type, 100c407dc5cd9bdc5668497f21b26b09d988ab439deBen Murdoch const NotificationSource& source, 101c407dc5cd9bdc5668497f21b26b09d988ab439deBen Murdoch const NotificationDetails& details); 102c407dc5cd9bdc5668497f21b26b09d988ab439deBen Murdoch 103c407dc5cd9bdc5668497f21b26b09d988ab439deBen Murdoch private: 104c407dc5cd9bdc5668497f21b26b09d988ab439deBen Murdoch // Entry points for notifications to which we subscribe. Note that 105c407dc5cd9bdc5668497f21b26b09d988ab439deBen Murdoch // DidCommitProvisionalLoad uses the abstract NotificationDetails type since 106c407dc5cd9bdc5668497f21b26b09d988ab439deBen Murdoch // the type we need is in NavigationController which would create a circular 107c407dc5cd9bdc5668497f21b26b09d988ab439deBen Murdoch // header file dependency. 108c407dc5cd9bdc5668497f21b26b09d988ab439deBen Murdoch void DidLoadFromMemoryCache(LoadFromMemoryCacheDetails* details); 109c407dc5cd9bdc5668497f21b26b09d988ab439deBen Murdoch void DidStartResourceResponse(ResourceRequestDetails* details); 110c407dc5cd9bdc5668497f21b26b09d988ab439deBen Murdoch void DidReceiveResourceRedirect(ResourceRedirectDetails* details); 111c407dc5cd9bdc5668497f21b26b09d988ab439deBen Murdoch void DidChangeSSLInternalState(); 112c407dc5cd9bdc5668497f21b26b09d988ab439deBen Murdoch 113c407dc5cd9bdc5668497f21b26b09d988ab439deBen Murdoch // Update the NavigationEntry with our current state. 114c407dc5cd9bdc5668497f21b26b09d988ab439deBen Murdoch void UpdateEntry(NavigationEntry* entry); 115c407dc5cd9bdc5668497f21b26b09d988ab439deBen Murdoch 116c407dc5cd9bdc5668497f21b26b09d988ab439deBen Murdoch // The backend for the SSLPolicy to actuate its decisions. 117c407dc5cd9bdc5668497f21b26b09d988ab439deBen Murdoch SSLPolicyBackend backend_; 118c407dc5cd9bdc5668497f21b26b09d988ab439deBen Murdoch 119c407dc5cd9bdc5668497f21b26b09d988ab439deBen Murdoch // The SSLPolicy instance for this manager. 120c407dc5cd9bdc5668497f21b26b09d988ab439deBen Murdoch scoped_ptr<SSLPolicy> policy_; 121c407dc5cd9bdc5668497f21b26b09d988ab439deBen Murdoch 122c407dc5cd9bdc5668497f21b26b09d988ab439deBen Murdoch // The NavigationController that owns this SSLManager. We are responsible 123c407dc5cd9bdc5668497f21b26b09d988ab439deBen Murdoch // for the security UI of this tab. 124c407dc5cd9bdc5668497f21b26b09d988ab439deBen Murdoch NavigationController* controller_; 125c407dc5cd9bdc5668497f21b26b09d988ab439deBen Murdoch 126c407dc5cd9bdc5668497f21b26b09d988ab439deBen Murdoch // Handles registering notifications with the NotificationService. 127c407dc5cd9bdc5668497f21b26b09d988ab439deBen Murdoch NotificationRegistrar registrar_; 128c407dc5cd9bdc5668497f21b26b09d988ab439deBen Murdoch 129c407dc5cd9bdc5668497f21b26b09d988ab439deBen Murdoch DISALLOW_COPY_AND_ASSIGN(SSLManager); 130c407dc5cd9bdc5668497f21b26b09d988ab439deBen Murdoch}; 131c407dc5cd9bdc5668497f21b26b09d988ab439deBen Murdoch 132c407dc5cd9bdc5668497f21b26b09d988ab439deBen Murdoch#endif // CHROME_BROWSER_SSL_SSL_MANAGER_H_ 133