1// Copyright (c) 2012 The Chromium Authors. All rights reserved.
2// Use of this source code is governed by a BSD-style license that can be
3// found in the LICENSE file.
4
5#include "content/browser/ssl/ssl_manager.h"
6
7#include <set>
8
9#include "base/bind.h"
10#include "base/strings/utf_string_conversions.h"
11#include "base/supports_user_data.h"
12#include "content/browser/frame_host/navigation_entry_impl.h"
13#include "content/browser/loader/resource_dispatcher_host_impl.h"
14#include "content/browser/loader/resource_request_info_impl.h"
15#include "content/browser/ssl/ssl_cert_error_handler.h"
16#include "content/browser/ssl/ssl_policy.h"
17#include "content/browser/ssl/ssl_request_info.h"
18#include "content/browser/web_contents/web_contents_impl.h"
19#include "content/common/ssl_status_serialization.h"
20#include "content/public/browser/browser_context.h"
21#include "content/public/browser/browser_thread.h"
22#include "content/public/browser/load_from_memory_cache_details.h"
23#include "content/public/browser/navigation_details.h"
24#include "content/public/browser/resource_request_details.h"
25#include "content/public/common/ssl_status.h"
26#include "net/url_request/url_request.h"
27
28namespace content {
29
30namespace {
31
32const char kSSLManagerKeyName[] = "content_ssl_manager";
33
34class SSLManagerSet : public base::SupportsUserData::Data {
35 public:
36  SSLManagerSet() {
37  }
38
39  std::set<SSLManager*>& get() { return set_; }
40
41 private:
42  std::set<SSLManager*> set_;
43
44  DISALLOW_COPY_AND_ASSIGN(SSLManagerSet);
45};
46
47}  // namespace
48
49// static
50void SSLManager::OnSSLCertificateError(
51    const base::WeakPtr<SSLErrorHandler::Delegate>& delegate,
52    const GlobalRequestID& id,
53    const ResourceType::Type resource_type,
54    const GURL& url,
55    int render_process_id,
56    int render_view_id,
57    const net::SSLInfo& ssl_info,
58    bool fatal) {
59  DCHECK(delegate.get());
60  DVLOG(1) << "OnSSLCertificateError() cert_error: "
61           << net::MapCertStatusToNetError(ssl_info.cert_status) << " id: "
62           << id.child_id << "," << id.request_id << " resource_type: "
63           << resource_type << " url: " << url.spec() << " render_process_id: "
64           << render_process_id << " render_view_id: " << render_view_id
65           << " cert_status: " << std::hex << ssl_info.cert_status;
66
67  // A certificate error occurred.  Construct a SSLCertErrorHandler object and
68  // hand it over to the UI thread for processing.
69  BrowserThread::PostTask(
70      BrowserThread::UI, FROM_HERE,
71      base::Bind(&SSLCertErrorHandler::Dispatch,
72                 new SSLCertErrorHandler(delegate,
73                                         id,
74                                         resource_type,
75                                         url,
76                                         render_process_id,
77                                         render_view_id,
78                                         ssl_info,
79                                         fatal)));
80}
81
82// static
83void SSLManager::NotifySSLInternalStateChanged(BrowserContext* context) {
84  SSLManagerSet* managers = static_cast<SSLManagerSet*>(
85      context->GetUserData(kSSLManagerKeyName));
86
87  for (std::set<SSLManager*>::iterator i = managers->get().begin();
88       i != managers->get().end(); ++i) {
89    (*i)->UpdateEntry(NavigationEntryImpl::FromNavigationEntry(
90                          (*i)->controller()->GetLastCommittedEntry()));
91  }
92}
93
94SSLManager::SSLManager(NavigationControllerImpl* controller)
95    : backend_(controller),
96      policy_(new SSLPolicy(&backend_)),
97      controller_(controller) {
98  DCHECK(controller_);
99
100  SSLManagerSet* managers = static_cast<SSLManagerSet*>(
101      controller_->GetBrowserContext()->GetUserData(kSSLManagerKeyName));
102  if (!managers) {
103    managers = new SSLManagerSet;
104    controller_->GetBrowserContext()->SetUserData(kSSLManagerKeyName, managers);
105  }
106  managers->get().insert(this);
107}
108
109SSLManager::~SSLManager() {
110  SSLManagerSet* managers = static_cast<SSLManagerSet*>(
111      controller_->GetBrowserContext()->GetUserData(kSSLManagerKeyName));
112  managers->get().erase(this);
113}
114
115void SSLManager::DidCommitProvisionalLoad(const LoadCommittedDetails& details) {
116  NavigationEntryImpl* entry =
117      NavigationEntryImpl::FromNavigationEntry(
118          controller_->GetLastCommittedEntry());
119
120  if (details.is_main_frame) {
121    if (entry) {
122      // Decode the security details.
123      int ssl_cert_id;
124      net::CertStatus ssl_cert_status;
125      int ssl_security_bits;
126      int ssl_connection_status;
127      SignedCertificateTimestampIDStatusList
128          ssl_signed_certificate_timestamp_ids;
129      DeserializeSecurityInfo(details.serialized_security_info,
130                              &ssl_cert_id,
131                              &ssl_cert_status,
132                              &ssl_security_bits,
133                              &ssl_connection_status,
134                              &ssl_signed_certificate_timestamp_ids);
135
136      // We may not have an entry if this is a navigation to an initial blank
137      // page. Reset the SSL information and add the new data we have.
138      entry->GetSSL() = SSLStatus();
139      entry->GetSSL().cert_id = ssl_cert_id;
140      entry->GetSSL().cert_status = ssl_cert_status;
141      entry->GetSSL().security_bits = ssl_security_bits;
142      entry->GetSSL().connection_status = ssl_connection_status;
143      entry->GetSSL().signed_certificate_timestamp_ids =
144          ssl_signed_certificate_timestamp_ids;
145    }
146  }
147
148  UpdateEntry(entry);
149}
150
151void SSLManager::DidDisplayInsecureContent() {
152  UpdateEntry(
153      NavigationEntryImpl::FromNavigationEntry(
154          controller_->GetLastCommittedEntry()));
155}
156
157void SSLManager::DidRunInsecureContent(const std::string& security_origin) {
158  NavigationEntryImpl* navigation_entry =
159      NavigationEntryImpl::FromNavigationEntry(
160          controller_->GetLastCommittedEntry());
161  policy()->DidRunInsecureContent(navigation_entry, security_origin);
162  UpdateEntry(navigation_entry);
163}
164
165void SSLManager::DidLoadFromMemoryCache(
166    const LoadFromMemoryCacheDetails& details) {
167  // Simulate loading this resource through the usual path.
168  // Note that we specify SUB_RESOURCE as the resource type as WebCore only
169  // caches sub-resources.
170  // This resource must have been loaded with no filtering because filtered
171  // resouces aren't cachable.
172  scoped_refptr<SSLRequestInfo> info(new SSLRequestInfo(
173      details.url,
174      ResourceType::SUB_RESOURCE,
175      details.pid,
176      details.cert_id,
177      details.cert_status));
178
179  // Simulate loading this resource through the usual path.
180  policy()->OnRequestStarted(info.get());
181}
182
183void SSLManager::DidStartResourceResponse(
184    const ResourceRequestDetails& details) {
185  scoped_refptr<SSLRequestInfo> info(new SSLRequestInfo(
186      details.url,
187      details.resource_type,
188      details.origin_child_id,
189      details.ssl_cert_id,
190      details.ssl_cert_status));
191
192  // Notify our policy that we started a resource request.  Ideally, the
193  // policy should have the ability to cancel the request, but we can't do
194  // that yet.
195  policy()->OnRequestStarted(info.get());
196}
197
198void SSLManager::DidReceiveResourceRedirect(
199    const ResourceRedirectDetails& details) {
200  // TODO(abarth): Make sure our redirect behavior is correct.  If we ever see a
201  //               non-HTTPS resource in the redirect chain, we want to trigger
202  //               insecure content, even if the redirect chain goes back to
203  //               HTTPS.  This is because the network attacker can redirect the
204  //               HTTP request to https://attacker.com/payload.js.
205}
206
207void SSLManager::UpdateEntry(NavigationEntryImpl* entry) {
208  // We don't always have a navigation entry to update, for example in the
209  // case of the Web Inspector.
210  if (!entry)
211    return;
212
213  SSLStatus original_ssl_status = entry->GetSSL();  // Copy!
214
215  WebContentsImpl* contents =
216      static_cast<WebContentsImpl*>(controller_->delegate()->GetWebContents());
217  policy()->UpdateEntry(entry, contents);
218
219  if (!entry->GetSSL().Equals(original_ssl_status))
220    contents->DidChangeVisibleSSLState();
221}
222
223}  // namespace content
224