1// Copyright (c) 2011 The Chromium Authors. All rights reserved. 2// Use of this source code is governed by a BSD-style license that can be 3// found in the LICENSE file. 4 5#include "chrome/browser/ssl/ssl_policy.h" 6 7#include "base/base_switches.h" 8#include "base/command_line.h" 9#include "base/memory/singleton.h" 10#include "base/string_piece.h" 11#include "base/string_util.h" 12#include "chrome/browser/ssl/ssl_cert_error_handler.h" 13#include "chrome/browser/ssl/ssl_error_info.h" 14#include "chrome/browser/ssl/ssl_request_info.h" 15#include "chrome/common/jstemplate_builder.h" 16#include "chrome/common/time_format.h" 17#include "chrome/common/url_constants.h" 18#include "content/browser/renderer_host/render_process_host.h" 19#include "content/browser/renderer_host/render_view_host.h" 20#include "content/browser/site_instance.h" 21#include "content/browser/tab_contents/navigation_entry.h" 22#include "content/browser/tab_contents/tab_contents.h" 23#include "grit/generated_resources.h" 24#include "net/base/cert_status_flags.h" 25#include "net/base/ssl_info.h" 26#include "webkit/glue/resource_type.h" 27 28namespace { 29 30static const char kDot = '.'; 31 32static bool IsIntranetHost(const std::string& host) { 33 const size_t dot = host.find(kDot); 34 return dot == std::string::npos || dot == host.length() - 1; 35} 36 37} // namespace 38 39SSLPolicy::SSLPolicy(SSLPolicyBackend* backend) 40 : backend_(backend) { 41 DCHECK(backend_); 42} 43 44void SSLPolicy::OnCertError(SSLCertErrorHandler* handler) { 45 // First we check if we know the policy for this error. 46 net::CertPolicy::Judgment judgment = 47 backend_->QueryPolicy(handler->ssl_info().cert, 48 handler->request_url().host()); 49 50 if (judgment == net::CertPolicy::ALLOWED) { 51 handler->ContinueRequest(); 52 return; 53 } 54 55 // The judgment is either DENIED or UNKNOWN. 56 // For now we handle the DENIED as the UNKNOWN, which means a blocking 57 // page is shown to the user every time he comes back to the page. 58 59 switch (handler->cert_error()) { 60 case net::ERR_CERT_COMMON_NAME_INVALID: 61 case net::ERR_CERT_DATE_INVALID: 62 case net::ERR_CERT_AUTHORITY_INVALID: 63 case net::ERR_CERT_WEAK_SIGNATURE_ALGORITHM: 64 OnCertErrorInternal(handler, SSLBlockingPage::ERROR_OVERRIDABLE); 65 break; 66 case net::ERR_CERT_NO_REVOCATION_MECHANISM: 67 // Ignore this error. 68 handler->ContinueRequest(); 69 break; 70 case net::ERR_CERT_UNABLE_TO_CHECK_REVOCATION: 71 // We ignore this error but will show a warning status in the location 72 // bar. 73 handler->ContinueRequest(); 74 break; 75 case net::ERR_CERT_CONTAINS_ERRORS: 76 case net::ERR_CERT_REVOKED: 77 case net::ERR_CERT_INVALID: 78 case net::ERR_CERT_NOT_IN_DNS: 79 OnCertErrorInternal(handler, SSLBlockingPage::ERROR_FATAL); 80 break; 81 default: 82 NOTREACHED(); 83 handler->CancelRequest(); 84 break; 85 } 86} 87 88void SSLPolicy::DidRunInsecureContent(NavigationEntry* entry, 89 const std::string& security_origin) { 90 if (!entry) 91 return; 92 93 SiteInstance* site_instance = entry->site_instance(); 94 if (!site_instance) 95 return; 96 97 backend_->HostRanInsecureContent(GURL(security_origin).host(), 98 site_instance->GetProcess()->id()); 99} 100 101void SSLPolicy::OnRequestStarted(SSLRequestInfo* info) { 102 // TODO(abarth): This mechanism is wrong. What we should be doing is sending 103 // this information back through WebKit and out some FrameLoaderClient 104 // methods. 105 106 if (net::IsCertStatusError(info->ssl_cert_status())) 107 backend_->HostRanInsecureContent(info->url().host(), info->child_id()); 108} 109 110void SSLPolicy::UpdateEntry(NavigationEntry* entry, TabContents* tab_contents) { 111 DCHECK(entry); 112 113 InitializeEntryIfNeeded(entry); 114 115 if (!entry->url().SchemeIsSecure()) 116 return; 117 118 // An HTTPS response may not have a certificate for some reason. When that 119 // happens, use the unauthenticated (HTTP) rather than the authentication 120 // broken security style so that we can detect this error condition. 121 if (!entry->ssl().cert_id()) { 122 entry->ssl().set_security_style(SECURITY_STYLE_UNAUTHENTICATED); 123 return; 124 } 125 126 if (!(entry->ssl().cert_status() & net::CERT_STATUS_COMMON_NAME_INVALID)) { 127 // CAs issue certificates for intranet hosts to everyone. Therefore, we 128 // mark intranet hosts as being non-unique. 129 if (IsIntranetHost(entry->url().host())) { 130 entry->ssl().set_cert_status(entry->ssl().cert_status() | 131 net::CERT_STATUS_NON_UNIQUE_NAME); 132 } 133 } 134 135 // If CERT_STATUS_UNABLE_TO_CHECK_REVOCATION is the only certificate error, 136 // don't lower the security style to SECURITY_STYLE_AUTHENTICATION_BROKEN. 137 int cert_errors = entry->ssl().cert_status() & net::CERT_STATUS_ALL_ERRORS; 138 if (cert_errors) { 139 if (cert_errors != net::CERT_STATUS_UNABLE_TO_CHECK_REVOCATION) 140 entry->ssl().set_security_style(SECURITY_STYLE_AUTHENTICATION_BROKEN); 141 return; 142 } 143 144 SiteInstance* site_instance = entry->site_instance(); 145 // Note that |site_instance| can be NULL here because NavigationEntries don't 146 // necessarily have site instances. Without a process, the entry can't 147 // possibly have insecure content. See bug http://crbug.com/12423. 148 if (site_instance && 149 backend_->DidHostRunInsecureContent(entry->url().host(), 150 site_instance->GetProcess()->id())) { 151 entry->ssl().set_security_style(SECURITY_STYLE_AUTHENTICATION_BROKEN); 152 entry->ssl().set_ran_insecure_content(); 153 return; 154 } 155 156 if (tab_contents->displayed_insecure_content()) 157 entry->ssl().set_displayed_insecure_content(); 158} 159 160//////////////////////////////////////////////////////////////////////////////// 161// SSLBlockingPage::Delegate methods 162 163SSLErrorInfo SSLPolicy::GetSSLErrorInfo(SSLCertErrorHandler* handler) { 164 return SSLErrorInfo::CreateError( 165 SSLErrorInfo::NetErrorToErrorType(handler->cert_error()), 166 handler->ssl_info().cert, handler->request_url()); 167} 168 169void SSLPolicy::OnDenyCertificate(SSLCertErrorHandler* handler) { 170 // Default behavior for rejecting a certificate. 171 // 172 // While DenyCertForHost() executes synchronously on this thread, 173 // CancelRequest() gets posted to a different thread. Calling 174 // DenyCertForHost() first ensures deterministic ordering. 175 backend_->DenyCertForHost(handler->ssl_info().cert, 176 handler->request_url().host()); 177 handler->CancelRequest(); 178} 179 180void SSLPolicy::OnAllowCertificate(SSLCertErrorHandler* handler) { 181 // Default behavior for accepting a certificate. 182 // Note that we should not call SetMaxSecurityStyle here, because the active 183 // NavigationEntry has just been deleted (in HideInterstitialPage) and the 184 // new NavigationEntry will not be set until DidNavigate. This is ok, 185 // because the new NavigationEntry will have its max security style set 186 // within DidNavigate. 187 // 188 // While AllowCertForHost() executes synchronously on this thread, 189 // ContinueRequest() gets posted to a different thread. Calling 190 // AllowCertForHost() first ensures deterministic ordering. 191 backend_->AllowCertForHost(handler->ssl_info().cert, 192 handler->request_url().host()); 193 handler->ContinueRequest(); 194} 195 196//////////////////////////////////////////////////////////////////////////////// 197// Certificate Error Routines 198 199void SSLPolicy::OnCertErrorInternal(SSLCertErrorHandler* handler, 200 SSLBlockingPage::ErrorLevel error_level) { 201 if (handler->resource_type() != ResourceType::MAIN_FRAME) { 202 // A sub-resource has a certificate error. The user doesn't really 203 // have a context for making the right decision, so block the 204 // request hard, without an info bar to allow showing the insecure 205 // content. 206 handler->DenyRequest(); 207 return; 208 } 209 SSLBlockingPage* blocking_page = new SSLBlockingPage(handler, this, 210 error_level); 211 blocking_page->Show(); 212} 213 214void SSLPolicy::InitializeEntryIfNeeded(NavigationEntry* entry) { 215 if (entry->ssl().security_style() != SECURITY_STYLE_UNKNOWN) 216 return; 217 218 entry->ssl().set_security_style(entry->url().SchemeIsSecure() ? 219 SECURITY_STYLE_AUTHENTICATED : SECURITY_STYLE_UNAUTHENTICATED); 220} 221 222void SSLPolicy::OriginRanInsecureContent(const std::string& origin, int pid) { 223 GURL parsed_origin(origin); 224 if (parsed_origin.SchemeIsSecure()) 225 backend_->HostRanInsecureContent(parsed_origin.host(), pid); 226} 227