src/content/browser/ssl/ssl_policy.cc

   1 // Copyright (c) 2012 The Chromium Authors. All rights reserved.
   2 // Use of this source code is governed by a BSD-style license that can be
   3 // found in the LICENSE file.
   4
   5 #include "content/browser/ssl/ssl_policy.h"
   6
   7 #include "base/base_switches.h"
   8 #include "base/bind.h"
   9 #include "base/command_line.h"
  10 #include "base/memory/singleton.h"
  11 #include "base/strings/string_piece.h"
  12 #include "base/strings/string_util.h"
  13 #include "content/browser/frame_host/navigation_entry_impl.h"
  14 #include "content/browser/renderer_host/render_process_host_impl.h"
  15 #include "content/browser/renderer_host/render_view_host_impl.h"
  16 #include "content/browser/site_instance_impl.h"
  17 #include "content/browser/ssl/ssl_cert_error_handler.h"
  18 #include "content/browser/ssl/ssl_request_info.h"
  19 #include "content/browser/web_contents/web_contents_impl.h"
  20 #include "content/public/browser/content_browser_client.h"
  21 #include "content/public/common/ssl_status.h"
  22 #include "content/public/common/url_constants.h"
  23 #include "net/ssl/ssl_info.h"
  24 #include "webkit/common/resource_type.h"
  25
  26
  27 namespace content {
  28
  29 SSLPolicy::SSLPolicy(SSLPolicyBackend* backend)
  30     : backend_(backend) {
  31   DCHECK(backend_);
  32 }
  33
  34 void SSLPolicy::OnCertError(SSLCertErrorHandler* handler) {
  35   // First we check if we know the policy for this error.
  36   net::CertPolicy::Judgment judgment = backend_->QueryPolicy(
  37       handler->ssl_info().cert.get(),
  38       handler->request_url().host(),
  39       handler->cert_error());
  40
  41   if (judgment == net::CertPolicy::ALLOWED) {
  42     handler->ContinueRequest();
  43     return;
  44   }
  45
  46   // The judgment is either DENIED or UNKNOWN.
  47   // For now we handle the DENIED as the UNKNOWN, which means a blocking
  48   // page is shown to the user every time he comes back to the page.
  49
  50   switch (handler->cert_error()) {
  51     case net::ERR_CERT_COMMON_NAME_INVALID:
  52     case net::ERR_CERT_DATE_INVALID:
  53     case net::ERR_CERT_AUTHORITY_INVALID:
  54     case net::ERR_CERT_WEAK_SIGNATURE_ALGORITHM:
  55     case net::ERR_CERT_WEAK_KEY:
  56       OnCertErrorInternal(handler, !handler->fatal(), handler->fatal());
  57       break;
  58     case net::ERR_CERT_NO_REVOCATION_MECHANISM:
  59       // Ignore this error.
  60       handler->ContinueRequest();
  61       break;
  62     case net::ERR_CERT_UNABLE_TO_CHECK_REVOCATION:
  63       // We ignore this error but will show a warning status in the location
  64       // bar.
  65       handler->ContinueRequest();
  66       break;
  67     case net::ERR_CERT_CONTAINS_ERRORS:
  68     case net::ERR_CERT_REVOKED:
  69     case net::ERR_CERT_INVALID:
  70     case net::ERR_SSL_WEAK_SERVER_EPHEMERAL_DH_KEY:
  71     case net::ERR_SSL_PINNED_KEY_NOT_IN_CERT_CHAIN:
  72       OnCertErrorInternal(handler, false, handler->fatal());
  73       break;
  74     default:
  75       NOTREACHED();
  76       handler->CancelRequest();
  77       break;
  78   }
  79 }
  80
  81 void SSLPolicy::DidRunInsecureContent(NavigationEntryImpl* entry,
  82                                       const std::string& security_origin) {
  83   if (!entry)
  84     return;
  85
  86   SiteInstance* site_instance = entry->site_instance();
  87   if (!site_instance)
  88       return;
  89
  90   backend_->HostRanInsecureContent(GURL(security_origin).host(),
  91                                    site_instance->GetProcess()->GetID());
  92 }
  93
  94 void SSLPolicy::OnRequestStarted(SSLRequestInfo* info) {
  95   // TODO(abarth): This mechanism is wrong.  What we should be doing is sending
  96   // this information back through WebKit and out some FrameLoaderClient
  97   // methods.
  98
  99   if (net::IsCertStatusError(info->ssl_cert_status()))
 100     backend_->HostRanInsecureContent(info->url().host(), info->child_id());
 101 }
 102
 103 void SSLPolicy::UpdateEntry(NavigationEntryImpl* entry,
 104                             WebContentsImpl* web_contents) {
 105   DCHECK(entry);
 106
 107   InitializeEntryIfNeeded(entry);
 108
 109   if (!entry->GetURL().SchemeIsSecure())
 110     return;
 111
 112   // An HTTPS response may not have a certificate for some reason.  When that
 113   // happens, use the unauthenticated (HTTP) rather than the authentication
 114   // broken security style so that we can detect this error condition.
 115   if (!entry->GetSSL().cert_id) {
 116     entry->GetSSL().security_style = SECURITY_STYLE_UNAUTHENTICATED;
 117     return;
 118   }
 119
 120   if (net::IsCertStatusError(entry->GetSSL().cert_status)) {
 121     // Minor errors don't lower the security style to
 122     // SECURITY_STYLE_AUTHENTICATION_BROKEN.
 123     if (!net::IsCertStatusMinorError(entry->GetSSL().cert_status)) {
 124       entry->GetSSL().security_style =
 125           SECURITY_STYLE_AUTHENTICATION_BROKEN;
 126     }
 127     return;
 128   }
 129
 130   SiteInstance* site_instance = entry->site_instance();
 131   // Note that |site_instance| can be NULL here because NavigationEntries don't
 132   // necessarily have site instances.  Without a process, the entry can't
 133   // possibly have insecure content.  See bug http://crbug.com/12423.
 134   if (site_instance &&
 135       backend_->DidHostRunInsecureContent(
 136           entry->GetURL().host(), site_instance->GetProcess()->GetID())) {
 137     entry->GetSSL().security_style =
 138         SECURITY_STYLE_AUTHENTICATION_BROKEN;
 139     entry->GetSSL().content_status |= SSLStatus::RAN_INSECURE_CONTENT;
 140     return;
 141   }
 142
 143   if (web_contents->DisplayedInsecureContent())
 144     entry->GetSSL().content_status |= SSLStatus::DISPLAYED_INSECURE_CONTENT;
 145   else
 146     entry->GetSSL().content_status &= ~SSLStatus::DISPLAYED_INSECURE_CONTENT;
 147 }
 148
 149 void SSLPolicy::OnAllowCertificate(scoped_refptr<SSLCertErrorHandler> handler,
 150                                    bool allow) {
 151   if (allow) {
 152     // Default behavior for accepting a certificate.
 153     // Note that we should not call SetMaxSecurityStyle here, because the active
 154     // NavigationEntry has just been deleted (in HideInterstitialPage) and the
 155     // new NavigationEntry will not be set until DidNavigate.  This is ok,
 156     // because the new NavigationEntry will have its max security style set
 157     // within DidNavigate.
 158     //
 159     // While AllowCertForHost() executes synchronously on this thread,
 160     // ContinueRequest() gets posted to a different thread. Calling
 161     // AllowCertForHost() first ensures deterministic ordering.
 162     backend_->AllowCertForHost(handler->ssl_info().cert.get(),
 163                                handler->request_url().host(),
 164                                handler->cert_error());
 165     handler->ContinueRequest();
 166   } else {
 167     // Default behavior for rejecting a certificate.
 168     //
 169     // While DenyCertForHost() executes synchronously on this thread,
 170     // CancelRequest() gets posted to a different thread. Calling
 171     // DenyCertForHost() first ensures deterministic ordering.
 172     backend_->DenyCertForHost(handler->ssl_info().cert.get(),
 173                               handler->request_url().host(),
 174                               handler->cert_error());
 175     handler->CancelRequest();
 176   }
 177 }
 178
 179 ////////////////////////////////////////////////////////////////////////////////
 180 // Certificate Error Routines
 181
 182 void SSLPolicy::OnCertErrorInternal(SSLCertErrorHandler* handler,
 183                                     bool overridable,
 184                                     bool strict_enforcement) {
 185   CertificateRequestResultType result =
 186       CERTIFICATE_REQUEST_RESULT_TYPE_CONTINUE;
 187   GetContentClient()->browser()->AllowCertificateError(
 188       handler->render_process_id(),
 189       handler->render_view_id(),
 190       handler->cert_error(),
 191       handler->ssl_info(),
 192       handler->request_url(),
 193       handler->resource_type(),
 194       overridable,
 195       strict_enforcement,
 196       base::Bind(&SSLPolicy::OnAllowCertificate, base::Unretained(this),
 197                  make_scoped_refptr(handler)),
 198       &result);
 199   switch (result) {
 200     case CERTIFICATE_REQUEST_RESULT_TYPE_CONTINUE:
 201       break;
 202     case CERTIFICATE_REQUEST_RESULT_TYPE_CANCEL:
 203       handler->CancelRequest();
 204       break;
 205     case CERTIFICATE_REQUEST_RESULT_TYPE_DENY:
 206       handler->DenyRequest();
 207       break;
 208     default:
 209       NOTREACHED();
 210   }
 211 }
 212
 213 void SSLPolicy::InitializeEntryIfNeeded(NavigationEntryImpl* entry) {
 214   if (entry->GetSSL().security_style != SECURITY_STYLE_UNKNOWN)
 215     return;
 216
 217   entry->GetSSL().security_style = entry->GetURL().SchemeIsSecure() ?
 218       SECURITY_STYLE_AUTHENTICATED : SECURITY_STYLE_UNAUTHENTICATED;
 219 }
 220
 221 void SSLPolicy::OriginRanInsecureContent(const std::string& origin, int pid) {
 222   GURL parsed_origin(origin);
 223   if (parsed_origin.SchemeIsSecure())
 224     backend_->HostRanInsecureContent(parsed_origin.host(), pid);
 225 }
 226
 227 }  // namespace content