Merge lp:~chrisccoulson/oxide/lp1504853 into lp:~oxide-developers/oxide/oxide.trunk
- lp1504853
- Merge into oxide.trunk
Proposed by
Chris Coulson
Status: | Merged |
---|---|
Merged at revision: | 1232 |
Proposed branch: | lp:~chrisccoulson/oxide/lp1504853 |
Merge into: | lp:~oxide-developers/oxide/oxide.trunk |
Diff against target: |
2354 lines (+1100/-732) 22 files modified
qt/core/api/oxideqcertificateerror.cc (+3/-3) qt/core/browser/oxide_qt_web_view.cc (+16/-9) qt/core/browser/oxide_qt_web_view.h (+5/-1) qt/tests/qmltests/ssl/tst_CertificateError.qml (+329/-217) qt/tests/qmltests/ssl/tst_CertificateError_initial.html (+5/-0) shared/browser/oxide_content_browser_client.cc (+21/-21) shared/browser/oxide_web_frame_tree.cc (+6/-0) shared/browser/oxide_web_view.cc (+28/-80) shared/browser/oxide_web_view.h (+0/-26) shared/browser/oxide_web_view_client.cc (+0/-2) shared/browser/oxide_web_view_client.h (+0/-2) shared/browser/oxide_web_view_contents_helper.cc (+7/-1) shared/browser/ssl/oxide_certificate_error.cc (+50/-268) shared/browser/ssl/oxide_certificate_error.h (+20/-100) shared/browser/ssl/oxide_certificate_error_dispatcher.cc (+196/-0) shared/browser/ssl/oxide_certificate_error_dispatcher.h (+77/-0) shared/browser/ssl/oxide_certificate_error_dispatcher_client.h (+36/-0) shared/browser/ssl/oxide_certificate_error_placeholder_page.cc (+58/-0) shared/browser/ssl/oxide_certificate_error_placeholder_page.h (+64/-0) shared/browser/ssl/oxide_certificate_error_proxy.cc (+105/-0) shared/browser/ssl/oxide_certificate_error_proxy.h (+65/-0) shared/shared.gyp (+9/-2) |
To merge this branch: | bzr merge lp:~chrisccoulson/oxide/lp1504853 |
Related bugs: |
Reviewer | Review Type | Date Requested | Status |
---|---|---|---|
Chris Coulson | Pending | ||
Review via email: mp+274525@code.launchpad.net |
Commit message
Description of the change
To post a comment you must log in.
- 1218. By Chris Coulson
-
Remove spurious printf
- 1219. By Chris Coulson
-
Add missing file
- 1220. By Chris Coulson
-
Add missing file
- 1221. By Chris Coulson
-
Merge from trunk
- 1222. By Chris Coulson
-
Merge from trunk
- 1223. By Chris Coulson
-
Merge from trunk
- 1224. By Chris Coulson
-
Remove unnecessary DCHECK
- 1225. By Chris Coulson
-
Fix a test crash
- 1226. By Chris Coulson
-
Merge from trunk
- 1227. By Chris Coulson
-
Merge from trunk
- 1228. By Chris Coulson
-
Clean up WebFrameTreeObs
erver
Preview Diff
[H/L] Next/Prev Comment, [J/K] Next/Prev File, [N/P] Next/Prev Hunk
1 | === modified file 'qt/core/api/oxideqcertificateerror.cc' |
2 | --- qt/core/api/oxideqcertificateerror.cc 2015-07-02 15:53:48 +0000 |
3 | +++ qt/core/api/oxideqcertificateerror.cc 2015-10-21 20:26:37 +0000 |
4 | @@ -27,8 +27,8 @@ |
5 | #include "base/macros.h" |
6 | #include "net/cert/x509_certificate.h" |
7 | |
8 | -#include "shared/browser/oxide_certificate_error.h" |
9 | #include "shared/browser/oxide_security_types.h" |
10 | +#include "shared/browser/ssl/oxide_certificate_error.h" |
11 | |
12 | #include "oxideqsslcertificate_p.h" |
13 | |
14 | @@ -58,7 +58,7 @@ |
15 | return; |
16 | } |
17 | |
18 | - if (error_->is_cancelled()) { |
19 | + if (error_->IsCancelled()) { |
20 | qWarning() << "Cannot respond to a CertificateError that has been cancelled"; |
21 | return; |
22 | } |
23 | @@ -138,7 +138,7 @@ |
24 | bool OxideQCertificateError::isCancelled() const { |
25 | Q_D(const OxideQCertificateError); |
26 | |
27 | - return d->error_->is_cancelled(); |
28 | + return d->error_->IsCancelled(); |
29 | } |
30 | |
31 | bool OxideQCertificateError::isMainFrame() const { |
32 | |
33 | === modified file 'qt/core/browser/oxide_qt_web_view.cc' |
34 | --- qt/core/browser/oxide_qt_web_view.cc 2015-10-21 17:09:06 +0000 |
35 | +++ qt/core/browser/oxide_qt_web_view.cc 2015-10-21 20:26:37 +0000 |
36 | @@ -81,6 +81,8 @@ |
37 | #include "shared/browser/oxide_web_view.h" |
38 | #include "shared/browser/permissions/oxide_permission_request.h" |
39 | #include "shared/browser/permissions/oxide_permission_request_dispatcher.h" |
40 | +#include "shared/browser/ssl/oxide_certificate_error.h" |
41 | +#include "shared/browser/ssl/oxide_certificate_error_dispatcher.h" |
42 | #include "shared/common/oxide_enum_flags.h" |
43 | |
44 | #include "oxide_qt_file_picker.h" |
45 | @@ -408,6 +410,8 @@ |
46 | void WebView::CommonInit(OxideQFindController* find_controller) { |
47 | content::WebContents* contents = view_->GetWebContents(); |
48 | |
49 | + oxide::CertificateErrorDispatcher::FromWebContents( |
50 | + contents)->set_client(this); |
51 | oxide::PermissionRequestDispatcher::FromWebContents( |
52 | contents)->set_client(this); |
53 | OxideQSecurityStatusPrivate::get(security_status_)->view = this; |
54 | @@ -854,14 +858,6 @@ |
55 | OxideQSecurityStatusPrivate::get(security_status_)->Update(old); |
56 | } |
57 | |
58 | -void WebView::OnCertificateError(scoped_ptr<oxide::CertificateError> error) { |
59 | - scoped_ptr<OxideQCertificateError> qerror( |
60 | - OxideQCertificateErrorPrivate::Create(error.Pass())); |
61 | - |
62 | - // Embedder takes ownership of qerror |
63 | - client_->CertificateError(qerror.release()); |
64 | -} |
65 | - |
66 | void WebView::ContentBlocked() { |
67 | client_->ContentBlocked(); |
68 | } |
69 | @@ -952,6 +948,14 @@ |
70 | f->client()->LoadCommitted(); |
71 | } |
72 | |
73 | +void WebView::OnCertificateError(scoped_ptr<oxide::CertificateError> error) { |
74 | + scoped_ptr<OxideQCertificateError> qerror( |
75 | + OxideQCertificateErrorPrivate::Create(error.Pass())); |
76 | + |
77 | + // Embedder takes ownership of qerror |
78 | + client_->CertificateError(qerror.release()); |
79 | +} |
80 | + |
81 | QUrl WebView::url() const { |
82 | return QUrl(QString::fromStdString(view_->GetURL().spec())); |
83 | } |
84 | @@ -1428,12 +1432,15 @@ |
85 | } |
86 | |
87 | WebView::~WebView() { |
88 | + content::WebContents* contents = view_->GetWebContents(); |
89 | + oxide::CertificateErrorDispatcher::FromWebContents( |
90 | + contents)->set_client(nullptr); |
91 | DCHECK(frame_tree_torn_down_); |
92 | |
93 | input_method_context_->DetachClient(); |
94 | |
95 | oxide::PermissionRequestDispatcher::FromWebContents( |
96 | - view_->GetWebContents())->set_client(nullptr); |
97 | + contents)->set_client(nullptr); |
98 | } |
99 | |
100 | // static |
101 | |
102 | === modified file 'qt/core/browser/oxide_qt_web_view.h' |
103 | --- qt/core/browser/oxide_qt_web_view.h 2015-10-21 16:44:08 +0000 |
104 | +++ qt/core/browser/oxide_qt_web_view.h 2015-10-21 20:26:37 +0000 |
105 | @@ -34,6 +34,7 @@ |
106 | #include "shared/browser/oxide_web_view_client.h" |
107 | #include "shared/browser/oxide_web_frame_tree_observer.h" |
108 | #include "shared/browser/permissions/oxide_permission_request_dispatcher_client.h" |
109 | +#include "shared/browser/ssl/oxide_certificate_error_dispatcher_client.h" |
110 | |
111 | QT_BEGIN_NAMESPACE |
112 | class QFocusEvent; |
113 | @@ -61,6 +62,7 @@ |
114 | public oxide::WebViewClient, |
115 | public oxide::PermissionRequestDispatcherClient, |
116 | public oxide::WebFrameTreeObserver, |
117 | + public oxide::CertificateErrorDispatcherClient, |
118 | public WebViewProxy { |
119 | public: |
120 | WebView(WebViewProxyClient* client, |
121 | @@ -166,7 +168,6 @@ |
122 | oxide::InputMethodContext* GetInputMethodContext() const override; |
123 | void UpdateCursor(const content::WebCursor& cursor) override; |
124 | void SecurityStatusChanged(const oxide::SecurityStatus& old) override; |
125 | - void OnCertificateError(scoped_ptr<oxide::CertificateError> error) override; |
126 | void ContentBlocked() override; |
127 | void PrepareToCloseResponseReceived(bool proceed) override; |
128 | void CloseRequested() override; |
129 | @@ -189,6 +190,9 @@ |
130 | void FrameDeleted(oxide::WebFrame* frame) override; |
131 | void LoadCommittedInFrame(oxide::WebFrame* frame) override; |
132 | |
133 | + // oxide::CertificateErrorDispatcherClient implementation |
134 | + void OnCertificateError(scoped_ptr<oxide::CertificateError> error) override; |
135 | + |
136 | // WebViewProxy implementation |
137 | QUrl url() const override; |
138 | void setUrl(const QUrl& url) override; |
139 | |
140 | === modified file 'qt/tests/qmltests/ssl/tst_CertificateError.qml' |
141 | --- qt/tests/qmltests/ssl/tst_CertificateError.qml 2015-06-22 22:57:01 +0000 |
142 | +++ qt/tests/qmltests/ssl/tst_CertificateError.qml 2015-10-21 20:26:37 +0000 |
143 | @@ -19,11 +19,22 @@ |
144 | signalName: "cancelled" |
145 | } |
146 | |
147 | + SignalSpy { |
148 | + id: urlSpy |
149 | + target: webView |
150 | + signalName: "urlChanged" |
151 | + } |
152 | + |
153 | + SignalSpy { |
154 | + id: titleSpy |
155 | + target: webView |
156 | + signalName: "titleChanged" |
157 | + } |
158 | + |
159 | property var certError: null |
160 | |
161 | onCertificateError: { |
162 | if (certError) { |
163 | - error.allow(); |
164 | return; |
165 | } |
166 | certError = error; |
167 | @@ -38,23 +49,16 @@ |
168 | spy.clear(); |
169 | cancelSpy.target = null; |
170 | cancelSpy.clear(); |
171 | + urlSpy.clear(); |
172 | + titleSpy.clear(); |
173 | certError = null; |
174 | webView.clearLoadEventCounters(); |
175 | } |
176 | |
177 | - function test_CertificateError1_denials_data() { |
178 | + function test_CertificateError1_subresource_deny_data() { |
179 | function _verify_1() { |
180 | // This verifies that either there is no document or it is an error page |
181 | try { |
182 | - compare(webView.getTestApi().documentURI, "data:text/html,chromewebdata"); |
183 | - } catch(e) { |
184 | - compare(e.error, ScriptMessageRequest.ErrorDestinationNotFound); |
185 | - } |
186 | - } |
187 | - |
188 | - function _verify_2() { |
189 | - // This verifies that either there is no document or it is an error page |
190 | - try { |
191 | compare(webView.getTestApiForFrame(webView.rootFrame.childFrames[0]).documentURI, |
192 | "data:text/html,chromewebdata"); |
193 | } catch(e) { |
194 | @@ -62,15 +66,15 @@ |
195 | } |
196 | } |
197 | |
198 | + function _verify_2() { |
199 | + var colour = webView.getTestApi().evaluateCode(" |
200 | +var elem = document.getElementById(\"foo\"); |
201 | +var style = window.getComputedStyle(elem); |
202 | +return style.getPropertyValue(\"color\");", true); |
203 | + compare(colour, "rgb(0, 0, 0)"); |
204 | + } |
205 | + |
206 | function _verify_3() { |
207 | - var colour = webView.getTestApi().evaluateCode(" |
208 | -var elem = document.getElementById(\"foo\"); |
209 | -var style = window.getComputedStyle(elem); |
210 | -return style.getPropertyValue(\"color\");", true); |
211 | - compare(colour, "rgb(0, 0, 0)"); |
212 | - } |
213 | - |
214 | - function _verify_4() { |
215 | var colour = webView.getTestApiForFrame(webView.rootFrame.childFrames[0]).evaluateCode(" |
216 | var elem = document.getElementById(\"foo\"); |
217 | var style = window.getComputedStyle(elem); |
218 | @@ -81,234 +85,342 @@ |
219 | // FIXME: Test overridable and strictEnforcement properties |
220 | return [ |
221 | { |
222 | - loadUrl: "https://expired.testsuite/tst_CertificateError_broken_iframe.html", |
223 | - url: "https://expired.testsuite/tst_CertificateError_broken_iframe.html", |
224 | - mainframe: true, subresource: false, overridable: true, |
225 | - strictEnforcement: false, error: CertificateError.ErrorExpired, |
226 | - certificate: "df17c8da033e2d5ed64d1f187fdf419e1fc68e47", |
227 | - verifyFunc: _verify_1 |
228 | - }, |
229 | - { |
230 | loadUrl: "https://testsuite/tst_CertificateError_broken_iframe.html", |
231 | url: "https://selfsigned.testsuite/empty.html", |
232 | - mainframe: false, subresource: false, overridable: false, |
233 | + mainframe: false, subresource: false, |
234 | strictEnforcement: false, error: CertificateError.ErrorAuthorityInvalid, |
235 | certificate: "f0357f544e27adaa51211663a28cc8d64b057e63", |
236 | + verifyFunc: _verify_1 |
237 | + }, |
238 | + { |
239 | + loadUrl: "https://testsuite/tst_CertificateError_broken_subresource.html", |
240 | + url: "https://badidentity.testsuite/tst_CertificateError_broken_subresource.css", |
241 | + mainframe: true, subresource: true, |
242 | + strictEnforcement: false, error: CertificateError.ErrorBadIdentity, |
243 | + certificate: "89c5760286e897ad32b9dd500d70755e1e026588", |
244 | verifyFunc: _verify_2 |
245 | }, |
246 | { |
247 | - loadUrl: "https://testsuite/tst_CertificateError_broken_subresource.html", |
248 | + loadUrl: "https://testsuite/tst_CertificateError_broken_subresource_in_iframe.html", |
249 | url: "https://badidentity.testsuite/tst_CertificateError_broken_subresource.css", |
250 | - mainframe: true, subresource: true, overridable: false, |
251 | + mainframe: false, subresource: true, |
252 | strictEnforcement: false, error: CertificateError.ErrorBadIdentity, |
253 | certificate: "89c5760286e897ad32b9dd500d70755e1e026588", |
254 | verifyFunc: _verify_3 |
255 | - }, |
256 | - { |
257 | - loadUrl: "https://testsuite/tst_CertificateError_broken_subresource_in_iframe.html", |
258 | - url: "https://badidentity.testsuite/tst_CertificateError_broken_subresource.css", |
259 | - mainframe: false, subresource: true, overridable: false, |
260 | - strictEnforcement: false, error: CertificateError.ErrorBadIdentity, |
261 | - certificate: "89c5760286e897ad32b9dd500d70755e1e026588", |
262 | - verifyFunc: _verify_4 |
263 | } |
264 | ]; |
265 | } |
266 | |
267 | - // Verify that CertificateError.deny() works correctly, and check that other |
268 | - // properties behave as expected |
269 | - function test_CertificateError1_denials(data) { |
270 | + // This tests CertificateError for various subresource errors, and verifies |
271 | + // that those subresources are always blocked |
272 | + function test_CertificateError1_subresource_deny(data) { |
273 | webView.url = data.loadUrl; |
274 | + verify(webView.waitForLoadSucceeded()); |
275 | + |
276 | spy.wait(); |
277 | |
278 | + if (!data.mainframe) { |
279 | + // This is a bit of a hack, but we don't have another event we can |
280 | + // fire off for subframe loads |
281 | + wait(100); |
282 | + } |
283 | + |
284 | compare(certError.url, data.url); |
285 | verify(!certError.isCancelled); |
286 | compare(certError.isMainFrame, data.mainframe); |
287 | compare(certError.isSubresource, data.subresource); |
288 | + compare(certError.overridable, false); |
289 | + compare(certError.strictEnforcement, data.strictEnforcement); |
290 | + compare(certError.certError, data.error); |
291 | + compare(certError.certificate.fingerprintSHA1, data.certificate); |
292 | + |
293 | + compare(webView.url, data.loadUrl); |
294 | + |
295 | + compare(webView.securityStatus.securityLevel,SecurityStatus.SecurityLevelSecure); |
296 | + compare(webView.securityStatus.contentStatus, SecurityStatus.ContentStatusNormal); |
297 | + compare(webView.securityStatus.certStatus, SecurityStatus.CertStatusOk); |
298 | + |
299 | + data.verifyFunc(); |
300 | + |
301 | + // There's nothing to deny, but it shouldn't crash |
302 | + certError.deny(); |
303 | + } |
304 | + |
305 | + function test_CertificateError2_mainframe_deny_data() { |
306 | + function _verify_1() { |
307 | + // This verifies that the old document still exists |
308 | + compare(webView.getTestApi().documentURI, "https://testsuite/tst_CertificateError_initial.html"); |
309 | + } |
310 | + |
311 | + // FIXME: Test non-overridable errors too |
312 | + return [ |
313 | + { |
314 | + loadUrl: "https://expired.testsuite/empty.html", |
315 | + overridable: true, |
316 | + strictEnforcement: false, error: CertificateError.ErrorExpired, |
317 | + certificate: "df17c8da033e2d5ed64d1f187fdf419e1fc68e47", |
318 | + verifyFunc: _verify_1 |
319 | + }, |
320 | + ]; |
321 | + |
322 | + } |
323 | + |
324 | + // This test CertificateError for main frame errors, and verifies that |
325 | + // calling deny() blocks them |
326 | + function test_CertificateError2_mainframe_deny(data) { |
327 | + webView.url = "https://testsuite/tst_CertificateError_initial.html"; |
328 | + verify(webView.waitForLoadSucceeded()); |
329 | + |
330 | + compare(webView.title, "Test"); |
331 | + |
332 | + webView.clearLoadEventCounters(); |
333 | + titleSpy.clear(); |
334 | + |
335 | + webView.url = data.loadUrl; |
336 | + spy.wait(); |
337 | + titleSpy.wait(); |
338 | + if (!data.overridable) { |
339 | + verify(webView.waitForLoadStopped()); |
340 | + } |
341 | + |
342 | + compare(certError.url, data.loadUrl); |
343 | + verify(!certError.isCancelled); |
344 | + compare(certError.isMainFrame, true); |
345 | + compare(certError.isSubresource, false); |
346 | compare(certError.overridable, data.overridable); |
347 | compare(certError.strictEnforcement, data.strictEnforcement); |
348 | compare(certError.certError, data.error); |
349 | compare(certError.certificate.fingerprintSHA1, data.certificate); |
350 | |
351 | + compare(webView.loadsStartedCount, 1); |
352 | + compare(webView.loadsCommittedCount, 0); |
353 | + compare(webView.loadsFailedCount, 0); |
354 | + compare(webView.loadsSucceededCount, 0); |
355 | + |
356 | + // WebView.url should indicate the URL of the failing resource even for |
357 | + // non-overridable errors, as we show a placeholder transient page |
358 | + compare(webView.url, data.loadUrl); |
359 | + compare(webView.title, data.loadUrl); |
360 | + |
361 | + data.verifyFunc(); |
362 | + |
363 | + urlSpy.clear(); |
364 | + titleSpy.clear(); |
365 | + |
366 | certError.deny(); |
367 | |
368 | - if (data.mainframe && !data.subresource) { |
369 | - verify(webView.waitForLoadStopped()); |
370 | - compare(webView.loadsFailedCount, 0); |
371 | - compare(webView.loadsStoppedCount, 1); |
372 | - compare(webView.loadsSucceededCount, 0); |
373 | - } else { |
374 | + if (data.overridable) { |
375 | + verify(webView.waitForLoadStopped()); |
376 | + } |
377 | + urlSpy.wait(); |
378 | + titleSpy.wait(); |
379 | + |
380 | + compare(webView.url, "https://testsuite/tst_CertificateError_initial.html"); |
381 | + compare(webView.title, "Test"); |
382 | + |
383 | + data.verifyFunc(); |
384 | + } |
385 | + |
386 | + function test_CertificateError3_subresource_allow_data() { |
387 | + function _verify_1() { |
388 | + // This verifies that either there is no document or it is an error page |
389 | + try { |
390 | + compare(webView.getTestApiForFrame(webView.rootFrame.childFrames[0]).documentURI, |
391 | + "data:text/html,chromewebdata"); |
392 | + } catch(e) { |
393 | + compare(e.error, ScriptMessageRequest.ErrorDestinationNotFound); |
394 | + } |
395 | + } |
396 | + |
397 | + function _verify_2() { |
398 | + var colour = webView.getTestApi().evaluateCode(" |
399 | +var elem = document.getElementById(\"foo\"); |
400 | +var style = window.getComputedStyle(elem); |
401 | +return style.getPropertyValue(\"color\");", true); |
402 | + compare(colour, "rgb(0, 0, 0)"); |
403 | + } |
404 | + |
405 | + function _verify_3() { |
406 | + var colour = webView.getTestApiForFrame(webView.rootFrame.childFrames[0]).evaluateCode(" |
407 | +var elem = document.getElementById(\"foo\"); |
408 | +var style = window.getComputedStyle(elem); |
409 | +return style.getPropertyValue(\"color\");", true); |
410 | + compare(colour, "rgb(0, 0, 0)"); |
411 | + } |
412 | + |
413 | + return [ |
414 | + { |
415 | + loadUrl: "https://testsuite/tst_CertificateError_broken_iframe.html", |
416 | + verifyFunc: _verify_1 |
417 | + }, |
418 | + { |
419 | + loadUrl: "https://testsuite/tst_CertificateError_broken_subresource.html", |
420 | + verifyFunc: _verify_2 |
421 | + }, |
422 | + { |
423 | + loadUrl: "https://testsuite/tst_CertificateError_broken_subresource_in_iframe.html", |
424 | + verifyFunc: _verify_3 |
425 | + } |
426 | + ]; |
427 | + } |
428 | + |
429 | + // Verifies that calling allow() on subresource errors cannot override |
430 | + // them |
431 | + function test_CertificateError3_subresource_allow(data) { |
432 | + webView.url = data.loadUrl; |
433 | + verify(webView.waitForLoadSucceeded()); |
434 | + |
435 | + spy.wait(); |
436 | + |
437 | + certError.allow(); |
438 | + |
439 | + // This is a bit of a hack, but we don't have another event we can fire off |
440 | + wait(100); |
441 | + |
442 | + data.verifyFunc(); |
443 | + } |
444 | + |
445 | + function test_CertificateError4_mainframe_allow_data() { |
446 | + function _verify_1() { |
447 | + compare(webView.getTestApi().documentURI, "https://expired.testsuite/empty.html"); |
448 | + } |
449 | + |
450 | + // FIXME: Test non-overridable errors too |
451 | + return [ |
452 | + { |
453 | + loadUrl: "https://expired.testsuite/empty.html", |
454 | + overridable: true, verifyFunc: _verify_1 |
455 | + }, |
456 | + ]; |
457 | + } |
458 | + |
459 | + // Verifies that calling allow() on overridable main frame errors allows |
460 | + // the page to continue loading |
461 | + function test_CertificateError4_mainframe_allow(data) { |
462 | + webView.url = "https://testsuite/tst_CertificateError_initial.html"; |
463 | + verify(webView.waitForLoadSucceeded()); |
464 | + |
465 | + webView.clearLoadEventCounters(); |
466 | + |
467 | + webView.url = data.loadUrl; |
468 | + spy.wait(); |
469 | + if (!data.overridable) { |
470 | + verify(webView.waitForLoadStopped()); |
471 | + } |
472 | + |
473 | + compare(webView.loadsStartedCount, 1); |
474 | + compare(webView.loadsCommittedCount, 0); |
475 | + compare(webView.loadsFailedCount, 0); |
476 | + compare(webView.loadsSucceededCount, 0); |
477 | + |
478 | + certError.allow(); |
479 | + |
480 | + if (data.overridable) { |
481 | verify(webView.waitForLoadSucceeded()); |
482 | - if (!data.mainframe) { |
483 | - // This is a bit of a hack, but we don't have another event we can |
484 | - // fire off for subframe loads |
485 | - wait(100); |
486 | - } |
487 | - } |
488 | - |
489 | - compare(webView.securityStatus.securityLevel, |
490 | - data.mainframe && !data.subresource ? |
491 | - SecurityStatus.SecurityLevelNone : SecurityStatus.SecurityLevelSecure); |
492 | - compare(webView.securityStatus.contentStatus, SecurityStatus.ContentStatusNormal); |
493 | - compare(webView.securityStatus.certStatus, SecurityStatus.CertStatusOk); |
494 | - |
495 | - data.verifyFunc(); |
496 | - } |
497 | - |
498 | - function test_CertificateError2_allow_data() { |
499 | - function _verify_1() { |
500 | - compare(webView.getTestApi().documentURI, "https://expired.testsuite/tst_CertificateError_broken_iframe.html"); |
501 | - } |
502 | - |
503 | - function _verify_2() { |
504 | - // This verifies that either there is no document or it is an error page |
505 | - try { |
506 | - compare(webView.getTestApiForFrame(webView.rootFrame.childFrames[0]).documentURI, |
507 | - "data:text/html,chromewebdata"); |
508 | - } catch(e) { |
509 | - compare(e.error, ScriptMessageRequest.ErrorDestinationNotFound); |
510 | - } |
511 | - } |
512 | - |
513 | - function _verify_3() { |
514 | - var colour = webView.getTestApi().evaluateCode(" |
515 | -var elem = document.getElementById(\"foo\"); |
516 | -var style = window.getComputedStyle(elem); |
517 | -return style.getPropertyValue(\"color\");", true); |
518 | - compare(colour, "rgb(0, 0, 0)"); |
519 | - } |
520 | - |
521 | - function _verify_4() { |
522 | - var colour = webView.getTestApiForFrame(webView.rootFrame.childFrames[0]).evaluateCode(" |
523 | -var elem = document.getElementById(\"foo\"); |
524 | -var style = window.getComputedStyle(elem); |
525 | -return style.getPropertyValue(\"color\");", true); |
526 | - compare(colour, "rgb(0, 0, 0)"); |
527 | - } |
528 | - |
529 | - return [ |
530 | - { |
531 | - loadUrl: "https://expired.testsuite/tst_CertificateError_broken_iframe.html", |
532 | - mainframe: true, overridable: true, verifyFunc: _verify_1 |
533 | - }, |
534 | - { |
535 | - loadUrl: "https://testsuite/tst_CertificateError_broken_iframe.html", |
536 | - mainframe: false, overridable: false, verifyFunc: _verify_2 |
537 | - }, |
538 | - { |
539 | - loadUrl: "https://testsuite/tst_CertificateError_broken_subresource.html", |
540 | - mainframe: false, overridable: false, verifyFunc: _verify_3 |
541 | - }, |
542 | - { |
543 | - loadUrl: "https://testsuite/tst_CertificateError_broken_subresource_in_iframe.html", |
544 | - mainframe: false, overridable: false, verifyFunc: _verify_4 |
545 | - } |
546 | - ]; |
547 | - } |
548 | - |
549 | - // Verify that CertificateError.allow works correctly for overridable errors |
550 | - function test_CertificateError2_allow(data) { |
551 | - webView.url = data.loadUrl; |
552 | - spy.wait(); |
553 | - |
554 | - certError.allow(); |
555 | - |
556 | - verify(webView.waitForLoadSucceeded()); |
557 | - |
558 | - if (data.mainframe) { |
559 | - compare(webView.loadsFailedCount, 0); |
560 | - compare(webView.loadsStoppedCount, 0); |
561 | - compare(webView.loadsSucceededCount, 1); |
562 | - } else { |
563 | - // This is a bit of a hack, but we don't have another event we can fire off |
564 | - wait(100); |
565 | - } |
566 | - |
567 | - data.verifyFunc(); |
568 | - } |
569 | - |
570 | - function test_CertificateError3_cancellation_data() { |
571 | - // Test that starting a new load cancels pending frame errors |
572 | - function _action_1() { |
573 | - webView.url = "http://testsuite/empty.html"; |
574 | - verify(webView.waitForLoadStarted()); |
575 | - } |
576 | - |
577 | - // Test that stopping a load cancels pending frame errors |
578 | - function _action_2() { |
579 | - webView.stop(); |
580 | - verify(webView.waitForLoadStopped()); |
581 | - } |
582 | - |
583 | - // Test that committing a load cancels non-overridable frame errors |
584 | - function _action_3() { |
585 | - var frame = webView.rootFrame.childFrames[0]; |
586 | - webView.getTestApiForFrame(frame).evaluateCode( |
587 | - "window.location = \"https://testsuite/empty.html\";", |
588 | - true); |
589 | - TestUtils.waitFor(function() { return frame.url == "https://testsuite/empty.html" }); |
590 | - } |
591 | - |
592 | - // Test that deleting a frame cancels errors |
593 | - function _action_4() { |
594 | - var frame = webView.rootFrame.childFrames[0]; |
595 | - var obs = Utils.createDestructionObserver(frame); |
596 | - webView.getTestApi().evaluateCode(" |
597 | -var f = document.getElementsByTagName(\"iframe\")[0]; |
598 | -f.parentElement.removeChild(f);", true); |
599 | - TestUtils.waitFor(function() { return obs.destroyed; }); |
600 | - } |
601 | - |
602 | - // Test that interrupting a load before it's committed doesn't cancel |
603 | - // subresource errors |
604 | - function _action_5() { |
605 | - var savedError = certError; |
606 | - certError = null; |
607 | - |
608 | - webView.url = "https://expired.testsuite/empty.html"; |
609 | - spy.wait(); |
610 | - webView.stop(); |
611 | - verify(webView.waitForLoadStopped()); |
612 | - |
613 | - certError = savedError; |
614 | - } |
615 | - |
616 | - // Test that committing a load cancels subresource errors |
617 | - function _action_6() { |
618 | - webView.url = "https://testsuite/empty.html"; |
619 | - verify(webView.waitForLoadCommitted()); |
620 | - } |
621 | - |
622 | - return [ |
623 | - { url: "https://expired.testsuite/tst_CertificateError_broken_iframe.html", |
624 | - action: _action_1, expectCancel: true }, |
625 | - { url: "https://expired.testsuite/tst_CertificateError_broken_iframe.html", |
626 | - action: _action_2, expectCancel: true }, |
627 | - { url: "https://testsuite/tst_CertificateError_broken_iframe.html", |
628 | - action: _action_3, expectCancel: true }, |
629 | - { url: "https://testsuite/tst_CertificateError_broken_iframe.html", |
630 | - action: _action_4, expectCancel: true }, |
631 | - { url: "https://testsuite/tst_CertificateError_broken_subresource.html", |
632 | - action: _action_5, expectCancel: false }, |
633 | - { url: "https://testsuite/tst_CertificateError_broken_subresource.html", |
634 | - action: _action_6, expectCancel: true } |
635 | - ]; |
636 | - } |
637 | - |
638 | - // Verify that CertificateError cancellation works as expected |
639 | - function test_CertificateError3_cancellation(data) { |
640 | - webView.url = data.url; |
641 | - spy.wait(); |
642 | - |
643 | - verify(!certError.isCancelled); |
644 | - |
645 | - cancelSpy.target = certError; |
646 | - |
647 | - webView.clearLoadEventCounters(); |
648 | - data.action(); |
649 | - |
650 | - compare(certError.isCancelled, data.expectCancel); |
651 | - compare(cancelSpy.count, data.expectCancel ? 1 : 0); |
652 | + } |
653 | + |
654 | + data.verifyFunc(); |
655 | + } |
656 | + |
657 | + function test_CertificateError5_cancellation_browser_initiated_navigation_data() { |
658 | + // Test non-overridable too |
659 | + return [ |
660 | + { loadUrl: "https://badidentity.testsuite/empty.html", overridable: true } |
661 | + ]; |
662 | + } |
663 | + |
664 | + // Verify that main frame errors are cancelled on a browser-initiated navigation |
665 | + function test_CertificateError5_cancellation_browser_initiated_navigation(data) { |
666 | + webView.url = "https://testsuite/empty.html"; |
667 | + verify(webView.waitForLoadSucceeded()); |
668 | + |
669 | + webView.url = data.loadUrl; |
670 | + spy.wait(); |
671 | + if (!data.overridable) { |
672 | + verify(webView.waitForLoadStopped()); |
673 | + } |
674 | + |
675 | + cancelSpy.target = certError; |
676 | + verify(!certError.isCancelled); |
677 | + |
678 | + webView.clearLoadEventCounters(); |
679 | + |
680 | + webView.url = "https://foo.testsuite/empty.html"; |
681 | + verify(webView.waitForLoadCommitted()); |
682 | + |
683 | + compare(cancelSpy.count, 1); |
684 | + verify(certError.isCancelled); |
685 | + |
686 | + verify(webView.waitForLoadSucceeded()); |
687 | + compare(webView.url, "https://foo.testsuite/empty.html"); |
688 | + } |
689 | + |
690 | + function test_CertificateError6_cancellation_history_navigation_data() { |
691 | + return test_CertificateError5_cancellation_browser_initiated_navigation_data(); |
692 | + } |
693 | + |
694 | + function test_CertificateError6_cancellation_history_navigation(data) { |
695 | + webView.url = "https://testsuite/empty.html"; |
696 | + verify(webView.waitForLoadSucceeded()); |
697 | + |
698 | + webView.url = data.loadUrl; |
699 | + spy.wait(); |
700 | + if (!data.overridable) { |
701 | + verify(webView.waitForLoadStopped()); |
702 | + } |
703 | + |
704 | + cancelSpy.target = certError; |
705 | + verify(!certError.isCancelled); |
706 | + |
707 | + urlSpy.clear(); |
708 | + |
709 | + // FIXME(chrisccoulson): The test fails without the delay - cancellation |
710 | + // never happens. I suspect this is because we go back before getting |
711 | + // the commit from the renderer, which means that the interstitial is |
712 | + // not attached to the WebContents and DontProceed doesn't get called |
713 | + wait(100); |
714 | + |
715 | + webView.goBack(); |
716 | + // There's no new load here, so just wait for the URL to change back |
717 | + urlSpy.wait(); |
718 | + cancelSpy.wait(); |
719 | + |
720 | + compare(cancelSpy.count, 1); |
721 | + verify(certError.isCancelled); |
722 | + compare(webView.url, "https://testsuite/empty.html"); |
723 | + } |
724 | + |
725 | + function test_CertificateError7_content_initiated_navigation_data() { |
726 | + return test_CertificateError5_cancellation_browser_initiated_navigation_data(); |
727 | + } |
728 | + |
729 | + function test_CertificateError7_content_initiated_navigation(data) { |
730 | + webView.url = "https://testsuite/tst_CertificateError_initial.html"; |
731 | + verify(webView.waitForLoadSucceeded()); |
732 | + |
733 | + urlSpy.clear(); |
734 | + titleSpy.clear(); |
735 | + webView.clearLoadEventCounters(); |
736 | + |
737 | + webView.getTestApi().evaluateCode("window.location = \"" + data.loadUrl + "\";"); |
738 | + spy.wait(); |
739 | + urlSpy.wait(); |
740 | + titleSpy.wait(); |
741 | + if (!data.overridable) { |
742 | + verify(webView.waitForLoadStopped()); |
743 | + } |
744 | + |
745 | + compare(webView.loadsStartedCount, 1); |
746 | + compare(webView.loadsCommittedCount, 0); |
747 | + compare(webView.loadsFailedCount, 0); |
748 | + compare(webView.loadsSucceededCount, 0); |
749 | + |
750 | + compare(webView.url, data.loadUrl); |
751 | + compare(webView.loadsStartedCount, 1); |
752 | + compare(webView.loadsCommittedCount, 0); |
753 | + compare(webView.loadsFailedCount, 0); |
754 | + compare(webView.loadsSucceededCount, 0); |
755 | + compare(webView.title, data.loadUrl); |
756 | } |
757 | } |
758 | } |
759 | |
760 | === added file 'qt/tests/qmltests/ssl/tst_CertificateError_initial.html' |
761 | --- qt/tests/qmltests/ssl/tst_CertificateError_initial.html 1970-01-01 00:00:00 +0000 |
762 | +++ qt/tests/qmltests/ssl/tst_CertificateError_initial.html 2015-10-21 20:26:37 +0000 |
763 | @@ -0,0 +1,5 @@ |
764 | +<html> |
765 | +<head> |
766 | + <title>Test</title> |
767 | +</head> |
768 | +</html> |
769 | |
770 | === modified file 'shared/browser/oxide_content_browser_client.cc' |
771 | --- shared/browser/oxide_content_browser_client.cc 2015-10-07 01:36:57 +0000 |
772 | +++ shared/browser/oxide_content_browser_client.cc 2015-10-21 20:26:37 +0000 |
773 | @@ -36,6 +36,7 @@ |
774 | #include "shared/browser/compositor/oxide_compositor_utils.h" |
775 | #include "shared/browser/media/oxide_media_capture_devices_dispatcher.h" |
776 | #include "shared/browser/notifications/oxide_platform_notification_service.h" |
777 | +#include "shared/browser/ssl/oxide_certificate_error_dispatcher.h" |
778 | #include "shared/common/oxide_constants.h" |
779 | #include "shared/common/oxide_content_client.h" |
780 | #include "shared/common/oxide_form_factor.h" |
781 | @@ -169,25 +170,16 @@ |
782 | bool expired_previous_decision, |
783 | const base::Callback<void(bool)>& callback, |
784 | content::CertificateRequestResultType* result) { |
785 | - DCHECK_CURRENTLY_ON(content::BrowserThread::UI); |
786 | - |
787 | - content::RenderFrameHost* rfh = content::RenderFrameHost::FromID( |
788 | - render_process_id, render_frame_id); |
789 | - if (!rfh) { |
790 | - *result = content::CERTIFICATE_REQUEST_RESULT_TYPE_CANCEL; |
791 | - return; |
792 | - } |
793 | - |
794 | - WebView* webview = WebView::FromRenderFrameHost(rfh); |
795 | - if (!webview) { |
796 | - *result = content::CERTIFICATE_REQUEST_RESULT_TYPE_CANCEL; |
797 | - return; |
798 | - } |
799 | - |
800 | - webview->AllowCertificateError(rfh, cert_error, ssl_info, request_url, |
801 | - resource_type, overridable, |
802 | - strict_enforcement, callback, |
803 | - result); |
804 | + CertificateErrorDispatcher::AllowCertificateError(render_process_id, |
805 | + render_frame_id, |
806 | + cert_error, |
807 | + ssl_info, |
808 | + request_url, |
809 | + resource_type, |
810 | + overridable, |
811 | + strict_enforcement, |
812 | + callback, |
813 | + result); |
814 | } |
815 | |
816 | content::MediaObserver* ContentBrowserClient::GetMediaObserver() { |
817 | @@ -241,7 +233,13 @@ |
818 | WebViewContentsHelper* contents_helper = |
819 | WebViewContentsHelper::FromRenderViewHost(render_view_host); |
820 | |
821 | - WebPreferences* web_prefs = contents_helper->GetWebPreferences(); |
822 | + WebPreferences* web_prefs = nullptr; |
823 | + if (contents_helper) { |
824 | + // If RVH is for an InterstitialPage, we can't map to WebContents |
825 | + // XXX: If we ever expose transient pages in the public API, we should find |
826 | + // a way around this, so that transient pages get the same preferences |
827 | + web_prefs = contents_helper->GetWebPreferences(); |
828 | + } |
829 | if (!web_prefs) { |
830 | web_prefs = WebPreferences::GetFallback(); |
831 | } |
832 | @@ -253,7 +251,9 @@ |
833 | prefs->device_supports_touch = platform_integration_->IsTouchSupported(); |
834 | |
835 | prefs->javascript_can_open_windows_automatically = |
836 | - !contents_helper->GetBrowserContext()->IsPopupBlockerEnabled(); |
837 | + !BrowserContext::FromContent( |
838 | + render_view_host->GetProcess()->GetBrowserContext()) |
839 | + ->IsPopupBlockerEnabled(); |
840 | |
841 | FormFactor form_factor = GetFormFactorHint(); |
842 | if (form_factor == FORM_FACTOR_TABLET || form_factor == FORM_FACTOR_PHONE) { |
843 | |
844 | === modified file 'shared/browser/oxide_web_frame_tree.cc' |
845 | --- shared/browser/oxide_web_frame_tree.cc 2015-10-16 21:36:30 +0000 |
846 | +++ shared/browser/oxide_web_frame_tree.cc 2015-10-21 20:26:37 +0000 |
847 | @@ -83,6 +83,12 @@ |
848 | return; |
849 | } |
850 | |
851 | + if (!content::WebContents::FromRenderFrameHost(old_host)) { |
852 | + // This is from an interstitial |
853 | + // XXX(chrisccoulson): Is there a better way to detect this? |
854 | + return; |
855 | + } |
856 | + |
857 | WebFrame* frame = WebFrame::FromRenderFrameHost(old_host); |
858 | DCHECK(frame); |
859 | |
860 | |
861 | === modified file 'shared/browser/oxide_web_view.cc' |
862 | --- shared/browser/oxide_web_view.cc 2015-10-21 20:14:13 +0000 |
863 | +++ shared/browser/oxide_web_view.cc 2015-10-21 20:26:37 +0000 |
864 | @@ -75,6 +75,7 @@ |
865 | #include "shared/browser/media/oxide_media_capture_devices_dispatcher.h" |
866 | #include "shared/browser/permissions/oxide_permission_request_dispatcher.h" |
867 | #include "shared/browser/permissions/oxide_temporary_saved_permission_context.h" |
868 | +#include "shared/browser/ssl/oxide_certificate_error_dispatcher.h" |
869 | #include "shared/common/oxide_content_client.h" |
870 | #include "shared/common/oxide_enum_flags.h" |
871 | #include "shared/common/oxide_messages.h" |
872 | @@ -137,6 +138,7 @@ |
873 | void CreateHelpers(content::WebContents* contents, |
874 | content::WebContents* opener = nullptr) { |
875 | new WebViewContentsHelper(contents, opener); |
876 | + CertificateErrorDispatcher::CreateForWebContents(contents); |
877 | PermissionRequestDispatcher::CreateForWebContents(contents); |
878 | ScriptMessageContentsHelper::CreateForWebContents(contents); |
879 | #if defined(ENABLE_MEDIAHUB) |
880 | @@ -850,22 +852,6 @@ |
881 | return status == TEMPORARY_SAVED_PERMISSION_STATUS_ALLOWED; |
882 | } |
883 | |
884 | -void WebView::RenderFrameDeleted(content::RenderFrameHost* render_frame_host) { |
885 | - // XXX(chrisccoulson): Make CertificateErrorManager a WebContentsObserver so |
886 | - // that we can get rid of this |
887 | - certificate_error_manager_.FrameDetached(render_frame_host); |
888 | -} |
889 | - |
890 | -void WebView::RenderFrameHostChanged(content::RenderFrameHost* old_host, |
891 | - content::RenderFrameHost* new_host) { |
892 | - // XXX(chrisccoulson): Make CertificateErrorManager a WebContentsObserver so |
893 | - // that we can get rid of this |
894 | - if (!old_host) { |
895 | - return; |
896 | - } |
897 | - certificate_error_manager_.FrameDetached(old_host); |
898 | -} |
899 | - |
900 | void WebView::RenderViewReady() { |
901 | client_->CrashedStatusChanged(); |
902 | } |
903 | @@ -951,14 +937,11 @@ |
904 | return; |
905 | } |
906 | |
907 | - if (!render_frame_host->GetParent()) { |
908 | - client_->LoadStarted(validated_url); |
909 | + if (render_frame_host->GetParent()) { |
910 | + return; |
911 | } |
912 | |
913 | - // XXX(chrisccoulson): Make CertificateErrorManager a WebContentsObserver so |
914 | - // that we can get rid of this |
915 | - certificate_error_manager_.DidStartProvisionalLoadForFrame( |
916 | - render_frame_host); |
917 | + client_->LoadStarted(validated_url); |
918 | } |
919 | |
920 | void WebView::DidCommitProvisionalLoadForFrame( |
921 | @@ -982,18 +965,15 @@ |
922 | int error_code, |
923 | const base::string16& error_description, |
924 | bool was_ignored_by_handler) { |
925 | - if (!render_frame_host->GetParent() && |
926 | - validated_url.spec() != content::kUnreachableWebDataURL) { |
927 | - DispatchLoadFailed(validated_url, error_code, error_description, true); |
928 | - } |
929 | - |
930 | - if (error_code != net::ERR_ABORTED) { |
931 | - return; |
932 | - } |
933 | - |
934 | - // XXX(chrisccoulson): Make CertificateErrorManager a WebContentsObserverso |
935 | - // that we can get rid of this |
936 | - certificate_error_manager_.DidStopProvisionalLoadForFrame(render_frame_host); |
937 | + if (render_frame_host->GetParent()) { |
938 | + return; |
939 | + } |
940 | + |
941 | + if (validated_url.spec() == content::kUnreachableWebDataURL) { |
942 | + return; |
943 | + } |
944 | + |
945 | + DispatchLoadFailed(validated_url, error_code, error_description, true); |
946 | } |
947 | |
948 | void WebView::DidNavigateMainFrame( |
949 | @@ -1010,18 +990,6 @@ |
950 | } |
951 | } |
952 | |
953 | -void WebView::DidNavigateAnyFrame( |
954 | - content::RenderFrameHost* render_frame_host, |
955 | - const content::LoadCommittedDetails& details, |
956 | - const content::FrameNavigateParams& params) { |
957 | - // XXX(chrisccoulson): Make CertificateErrorManager a WebContentsObserver |
958 | - if (details.is_in_page) { |
959 | - return; |
960 | - } |
961 | - |
962 | - certificate_error_manager_.DidNavigateFrame(render_frame_host); |
963 | -} |
964 | - |
965 | void WebView::DidGetRedirectForResourceRequest( |
966 | content::RenderFrameHost* render_frame_host, |
967 | const content::ResourceRedirectDetails& details) { |
968 | @@ -1205,12 +1173,24 @@ |
969 | |
970 | // static |
971 | WebView* WebView::FromRenderViewHost(content::RenderViewHost* rvh) { |
972 | - return FromWebContents(content::WebContents::FromRenderViewHost(rvh)); |
973 | + content::WebContents* contents = |
974 | + content::WebContents::FromRenderViewHost(rvh); |
975 | + if (!contents) { |
976 | + return nullptr; |
977 | + } |
978 | + |
979 | + return FromWebContents(contents); |
980 | } |
981 | |
982 | // static |
983 | WebView* WebView::FromRenderFrameHost(content::RenderFrameHost* rfh) { |
984 | - return FromWebContents(content::WebContents::FromRenderFrameHost(rfh)); |
985 | + content::WebContents* contents = |
986 | + content::WebContents::FromRenderFrameHost(rfh); |
987 | + if (!contents) { |
988 | + return nullptr; |
989 | + } |
990 | + |
991 | + return FromWebContents(contents); |
992 | } |
993 | |
994 | const GURL& WebView::GetURL() const { |
995 | @@ -1663,38 +1643,6 @@ |
996 | web_contents_->DispatchBeforeUnload(false); |
997 | } |
998 | |
999 | -void WebView::AllowCertificateError( |
1000 | - content::RenderFrameHost* rfh, |
1001 | - int cert_error, |
1002 | - const net::SSLInfo& ssl_info, |
1003 | - const GURL& request_url, |
1004 | - content::ResourceType resource_type, |
1005 | - bool overridable, |
1006 | - bool strict_enforcement, |
1007 | - const base::Callback<void(bool)>& callback, |
1008 | - content::CertificateRequestResultType* result) { |
1009 | - // We can't safely allow the embedder to override errors for subresources or |
1010 | - // subframes because they don't always result in the API indicating a |
1011 | - // degraded security level. Mark these non-overridable for now and just |
1012 | - // deny them outright |
1013 | - // See https://launchpad.net/bugs/1368385 |
1014 | - if (!overridable || resource_type != content::RESOURCE_TYPE_MAIN_FRAME) { |
1015 | - overridable = false; |
1016 | - *result = content::CERTIFICATE_REQUEST_RESULT_TYPE_DENY; |
1017 | - } |
1018 | - |
1019 | - scoped_ptr<CertificateError> error(new CertificateError( |
1020 | - &certificate_error_manager_, |
1021 | - rfh, |
1022 | - cert_error, |
1023 | - ssl_info, |
1024 | - request_url, |
1025 | - resource_type, |
1026 | - strict_enforcement, |
1027 | - overridable ? callback : base::Callback<void(bool)>())); |
1028 | - client_->OnCertificateError(error.Pass()); |
1029 | -} |
1030 | - |
1031 | void WebView::HandleKeyEvent(const content::NativeWebKeyboardEvent& event) { |
1032 | content::RenderViewHost* rvh = GetRenderViewHost(); |
1033 | if (!rvh) { |
1034 | |
1035 | === modified file 'shared/browser/oxide_web_view.h' |
1036 | --- shared/browser/oxide_web_view.h 2015-10-21 20:14:13 +0000 |
1037 | +++ shared/browser/oxide_web_view.h 2015-10-21 20:26:37 +0000 |
1038 | @@ -29,14 +29,12 @@ |
1039 | #include "base/strings/string16.h" |
1040 | #include "cc/output/compositor_frame_metadata.h" |
1041 | #include "components/sessions/core/serialized_navigation_entry.h" |
1042 | -#include "content/public/browser/certificate_request_result_type.h" |
1043 | #include "content/public/browser/navigation_controller.h" |
1044 | #include "content/public/browser/notification_observer.h" |
1045 | #include "content/public/browser/notification_registrar.h" |
1046 | #include "content/public/browser/web_contents_delegate.h" |
1047 | #include "content/public/browser/web_contents_observer.h" |
1048 | #include "content/public/common/javascript_message_type.h" |
1049 | -#include "content/public/common/resource_type.h" |
1050 | #include "third_party/WebKit/public/platform/WebScreenInfo.h" |
1051 | #include "third_party/WebKit/public/platform/WebTopControlsState.h" |
1052 | #include "ui/gfx/geometry/point.h" |
1053 | @@ -46,7 +44,6 @@ |
1054 | #include "shared/browser/compositor/oxide_compositor_client.h" |
1055 | #include "shared/browser/compositor/oxide_compositor_observer.h" |
1056 | #include "shared/browser/input/oxide_input_method_context_observer.h" |
1057 | -#include "shared/browser/oxide_certificate_error.h" |
1058 | #include "shared/browser/oxide_content_types.h" |
1059 | #include "shared/browser/oxide_render_widget_host_view_container.h" |
1060 | #include "shared/browser/oxide_script_message_target.h" |
1061 | @@ -85,10 +82,6 @@ |
1062 | class Size; |
1063 | } |
1064 | |
1065 | -namespace net { |
1066 | -class SSLInfo; |
1067 | -} |
1068 | - |
1069 | namespace ui { |
1070 | class TouchEvent; |
1071 | } |
1072 | @@ -261,16 +254,6 @@ |
1073 | |
1074 | void PrepareToClose(); |
1075 | |
1076 | - void AllowCertificateError(content::RenderFrameHost* rfh, |
1077 | - int cert_error, |
1078 | - const net::SSLInfo& ssl_info, |
1079 | - const GURL& request_url, |
1080 | - content::ResourceType resource_type, |
1081 | - bool overridable, |
1082 | - bool strict_enforcement, |
1083 | - const base::Callback<void(bool)>& callback, |
1084 | - content::CertificateRequestResultType* result); |
1085 | - |
1086 | void HandleKeyEvent(const content::NativeWebKeyboardEvent& event); |
1087 | void HandleMouseEvent(const blink::WebMouseEvent& event); |
1088 | void HandleTouchEvent(const ui::TouchEvent& event); |
1089 | @@ -434,9 +417,6 @@ |
1090 | content::MediaStreamType type) final; |
1091 | |
1092 | // content::WebContentsObserver implementation |
1093 | - void RenderFrameDeleted(content::RenderFrameHost* render_frame_host) final; |
1094 | - void RenderFrameHostChanged(content::RenderFrameHost* old_host, |
1095 | - content::RenderFrameHost* new_host) final; |
1096 | void RenderViewReady() final; |
1097 | void RenderProcessGone(base::TerminationStatus status) final; |
1098 | void RenderViewHostChanged(content::RenderViewHost* old_host, |
1099 | @@ -468,10 +448,6 @@ |
1100 | void DidNavigateMainFrame( |
1101 | const content::LoadCommittedDetails& details, |
1102 | const content::FrameNavigateParams& params) final; |
1103 | - void DidNavigateAnyFrame( |
1104 | - content::RenderFrameHost* render_frame_host, |
1105 | - const content::LoadCommittedDetails& details, |
1106 | - const content::FrameNavigateParams& params) final; |
1107 | void DidGetRedirectForResourceRequest( |
1108 | content::RenderFrameHost* render_frame_host, |
1109 | const content::ResourceRedirectDetails& details) final; |
1110 | @@ -510,8 +486,6 @@ |
1111 | base::WeakPtr<WebPopupMenu> active_popup_menu_; |
1112 | base::WeakPtr<FilePicker> active_file_picker_; |
1113 | |
1114 | - CertificateErrorManager certificate_error_manager_; |
1115 | - |
1116 | ContentType blocked_content_; |
1117 | |
1118 | cc::CompositorFrameMetadata pending_compositor_frame_metadata_; |
1119 | |
1120 | === modified file 'shared/browser/oxide_web_view_client.cc' |
1121 | --- shared/browser/oxide_web_view_client.cc 2015-10-21 15:17:02 +0000 |
1122 | +++ shared/browser/oxide_web_view_client.cc 2015-10-21 20:26:37 +0000 |
1123 | @@ -141,8 +141,6 @@ |
1124 | |
1125 | void WebViewClient::SecurityStatusChanged(const SecurityStatus& old) {} |
1126 | |
1127 | -void WebViewClient::OnCertificateError(scoped_ptr<CertificateError> error) {} |
1128 | - |
1129 | void WebViewClient::ContentBlocked() {} |
1130 | |
1131 | void WebViewClient::PrepareToCloseResponseReceived(bool proceed) {} |
1132 | |
1133 | === modified file 'shared/browser/oxide_web_view_client.h' |
1134 | --- shared/browser/oxide_web_view_client.h 2015-10-21 15:17:02 +0000 |
1135 | +++ shared/browser/oxide_web_view_client.h 2015-10-21 20:26:37 +0000 |
1136 | @@ -173,8 +173,6 @@ |
1137 | // TODO(chrisccoulson): Get rid of |old| and add |changed_flags| |
1138 | virtual void SecurityStatusChanged(const SecurityStatus& old); |
1139 | |
1140 | - virtual void OnCertificateError(scoped_ptr<CertificateError> error); |
1141 | - |
1142 | // TODO(chrisccoulson): Rename to BlockedContentChanged or something |
1143 | // TODO(chrisccoulson): Move content tracking to a separate class with its |
1144 | // own delegate, as this is going to be expanded with content settings |
1145 | |
1146 | === modified file 'shared/browser/oxide_web_view_contents_helper.cc' |
1147 | --- shared/browser/oxide_web_view_contents_helper.cc 2015-09-24 15:53:36 +0000 |
1148 | +++ shared/browser/oxide_web_view_contents_helper.cc 2015-10-21 20:26:37 +0000 |
1149 | @@ -111,7 +111,13 @@ |
1150 | // static |
1151 | WebViewContentsHelper* WebViewContentsHelper::FromRenderViewHost( |
1152 | content::RenderViewHost* rvh) { |
1153 | - return FromWebContents(content::WebContents::FromRenderViewHost(rvh)); |
1154 | + content::WebContents* contents = |
1155 | + content::WebContents::FromRenderViewHost(rvh); |
1156 | + if (!contents) { |
1157 | + return nullptr; |
1158 | + } |
1159 | + |
1160 | + return FromWebContents(contents); |
1161 | } |
1162 | |
1163 | content::WebContents* WebViewContentsHelper::GetWebContents() const { |
1164 | |
1165 | === added directory 'shared/browser/ssl' |
1166 | === renamed file 'shared/browser/oxide_certificate_error.cc' => 'shared/browser/ssl/oxide_certificate_error.cc' |
1167 | --- shared/browser/oxide_certificate_error.cc 2015-10-07 17:20:23 +0000 |
1168 | +++ shared/browser/ssl/oxide_certificate_error.cc 2015-10-21 20:26:37 +0000 |
1169 | @@ -17,293 +17,75 @@ |
1170 | |
1171 | #include "oxide_certificate_error.h" |
1172 | |
1173 | -#include <algorithm> |
1174 | - |
1175 | #include "base/logging.h" |
1176 | -#include "content/public/browser/render_frame_host.h" |
1177 | -#include "net/base/net_errors.h" |
1178 | #include "net/cert/x509_certificate.h" |
1179 | -#include "net/ssl/ssl_info.h" |
1180 | + |
1181 | +#include "oxide_certificate_error_proxy.h" |
1182 | |
1183 | namespace oxide { |
1184 | |
1185 | -namespace { |
1186 | - |
1187 | -CertError ToCertError(int error, net::X509Certificate* cert) { |
1188 | - DCHECK(net::IsCertificateError(error)); |
1189 | - |
1190 | - switch (error) { |
1191 | - case net::ERR_CERT_COMMON_NAME_INVALID: |
1192 | - return CERT_ERROR_BAD_IDENTITY; |
1193 | - case net::ERR_CERT_DATE_INVALID: { |
1194 | - if (cert && cert->HasExpired()) { |
1195 | - return CERT_ERROR_EXPIRED; |
1196 | - } |
1197 | - return CERT_ERROR_DATE_INVALID; |
1198 | - } |
1199 | - case net::ERR_CERT_AUTHORITY_INVALID: |
1200 | - return CERT_ERROR_AUTHORITY_INVALID; |
1201 | - case net::ERR_CERT_CONTAINS_ERRORS: |
1202 | - case net::ERR_CERT_INVALID: |
1203 | - case net::ERR_CERT_VALIDITY_TOO_LONG: |
1204 | - return CERT_ERROR_INVALID; |
1205 | - case net::ERR_CERT_REVOKED: |
1206 | - return CERT_ERROR_REVOKED; |
1207 | - case net::ERR_CERT_WEAK_SIGNATURE_ALGORITHM: |
1208 | - case net::ERR_CERT_WEAK_KEY: |
1209 | - return CERT_ERROR_INSECURE; |
1210 | - //case net::ERR_CERT_NO_REVOCATION_MECHANISM: |
1211 | - //case net::ERR_CERT_UNABLE_TO_CHECK_REVOCATION: |
1212 | - //case net::ERR_CERT_NON_UNIQUE_NAME: |
1213 | - //case net::ERR_CERT_NAME_CONSTRAINT_VIOLATION: |
1214 | - default: |
1215 | - return CERT_ERROR_GENERIC; |
1216 | - } |
1217 | -} |
1218 | - |
1219 | -} |
1220 | - |
1221 | -class CertificateErrorManager::IteratorGuard { |
1222 | - public: |
1223 | - IteratorGuard(CertificateErrorManager* manager); |
1224 | - ~IteratorGuard(); |
1225 | - |
1226 | - private: |
1227 | - base::WeakPtr<CertificateErrorManager> manager_; |
1228 | - bool iterating_original_; |
1229 | - |
1230 | - DISALLOW_COPY_AND_ASSIGN(IteratorGuard); |
1231 | -}; |
1232 | - |
1233 | -CertificateErrorManager::IteratorGuard::IteratorGuard( |
1234 | - CertificateErrorManager* manager) |
1235 | - : manager_(manager->weak_factory_.GetWeakPtr()), |
1236 | - iterating_original_(manager->iterating_) { |
1237 | - manager->iterating_ = true; |
1238 | -} |
1239 | - |
1240 | -CertificateErrorManager::IteratorGuard::~IteratorGuard() { |
1241 | - if (!manager_) { |
1242 | - return; |
1243 | - } |
1244 | - |
1245 | - manager_->iterating_ = iterating_original_; |
1246 | - if (!manager_->iterating_) { |
1247 | - manager_->Compact(); |
1248 | - } |
1249 | -} |
1250 | - |
1251 | -void CertificateErrorManager::AddError(CertificateError* error) { |
1252 | - DCHECK_EQ(error->manager_, this); |
1253 | - DCHECK(std::find(errors_.begin(), errors_.end(), error) == errors_.end()); |
1254 | - |
1255 | - errors_.push_back(error); |
1256 | -} |
1257 | - |
1258 | -void CertificateErrorManager::RemoveError(CertificateError* error) { |
1259 | - auto it = std::find(errors_.begin(), errors_.end(), error); |
1260 | - DCHECK(it != errors_.end()); |
1261 | - if (iterating_) { |
1262 | - *it = nullptr; |
1263 | - } else { |
1264 | - errors_.erase(it); |
1265 | - } |
1266 | - |
1267 | - error->manager_ = nullptr; |
1268 | -} |
1269 | - |
1270 | -void CertificateErrorManager::Compact() { |
1271 | - DCHECK(!iterating_); |
1272 | - |
1273 | - errors_.erase( |
1274 | - std::remove(errors_.begin(), errors_.end(), nullptr), |
1275 | - errors_.end()); |
1276 | -} |
1277 | - |
1278 | -void CertificateErrorManager::CancelPendingFrameErrorsForFrame( |
1279 | - content::RenderFrameHost* frame) { |
1280 | - RenderFrameHostID frame_id = RenderFrameHostID::FromHost(frame); |
1281 | - |
1282 | - IteratorGuard guard(this); |
1283 | - |
1284 | - for (auto it = errors_.begin(); it != errors_.end(); ++it) { |
1285 | - CertificateError* error = *it; |
1286 | - if (!error) { |
1287 | - continue; |
1288 | - } |
1289 | - |
1290 | - if (error->frame_id_ != frame_id) { |
1291 | - continue; |
1292 | - } |
1293 | - |
1294 | - if (error->is_subresource()) { |
1295 | - continue; |
1296 | - } |
1297 | - |
1298 | - if (error->non_overridable_frame_error_committed_) { |
1299 | - continue; |
1300 | - } |
1301 | - |
1302 | - RemoveError(error); |
1303 | - error->Cancel(); |
1304 | - } |
1305 | -} |
1306 | - |
1307 | -CertificateErrorManager::CertificateErrorManager() |
1308 | - : iterating_(false), |
1309 | - weak_factory_(this) {} |
1310 | - |
1311 | -CertificateErrorManager::~CertificateErrorManager() { |
1312 | - IteratorGuard guard(this); |
1313 | - for (auto it = errors_.begin(); it != errors_.end(); ++it) { |
1314 | - CertificateError* error = *it; |
1315 | - if (!error) { |
1316 | - continue; |
1317 | - } |
1318 | - |
1319 | - RemoveError(error); |
1320 | - error->Cancel(); |
1321 | - } |
1322 | -} |
1323 | - |
1324 | -void CertificateErrorManager::DidStartProvisionalLoadForFrame( |
1325 | - content::RenderFrameHost* frame) { |
1326 | - DCHECK(frame); |
1327 | - CancelPendingFrameErrorsForFrame(frame); |
1328 | -} |
1329 | - |
1330 | -void CertificateErrorManager::DidNavigateFrame( |
1331 | - content::RenderFrameHost* frame) { |
1332 | - DCHECK(frame); |
1333 | - |
1334 | - RenderFrameHostID frame_id = RenderFrameHostID::FromHost(frame); |
1335 | - |
1336 | - IteratorGuard guard(this); |
1337 | - |
1338 | - for (auto it = errors_.begin(); it != errors_.end(); ++it) { |
1339 | - CertificateError* error = *it; |
1340 | - if (!error) { |
1341 | - continue; |
1342 | - } |
1343 | - |
1344 | - if (error->frame_id_ != frame_id) { |
1345 | - continue; |
1346 | - } |
1347 | - |
1348 | - if (!error->is_subresource() && |
1349 | - !error->non_overridable_frame_error_committed_) { |
1350 | - error->non_overridable_frame_error_committed_ = true; |
1351 | - continue; |
1352 | - } |
1353 | - |
1354 | - RemoveError(error); |
1355 | - error->Cancel(); |
1356 | - } |
1357 | -} |
1358 | - |
1359 | -void CertificateErrorManager::DidStopProvisionalLoadForFrame( |
1360 | - content::RenderFrameHost* frame) { |
1361 | - DCHECK(frame); |
1362 | - CancelPendingFrameErrorsForFrame(frame); |
1363 | -} |
1364 | - |
1365 | -void CertificateErrorManager::FrameDetached(content::RenderFrameHost* frame) { |
1366 | - DCHECK(frame); |
1367 | - |
1368 | - RenderFrameHostID frame_id = RenderFrameHostID::FromHost(frame); |
1369 | - |
1370 | - IteratorGuard guard(this); |
1371 | - |
1372 | - for (auto it = errors_.begin(); it != errors_.end(); ++it) { |
1373 | - CertificateError* error = *it; |
1374 | - if (!error) { |
1375 | - continue; |
1376 | - } |
1377 | - |
1378 | - if (error->frame_id_ != frame_id) { |
1379 | - continue; |
1380 | - } |
1381 | - |
1382 | - RemoveError(error); |
1383 | - error->Cancel(); |
1384 | - } |
1385 | -} |
1386 | - |
1387 | -void CertificateError::Cancel() { |
1388 | - DCHECK(!is_cancelled_); |
1389 | - DCHECK(!callback_.is_null() || !overridable_); |
1390 | - |
1391 | - is_cancelled_ = true; |
1392 | - |
1393 | - if (!callback_.is_null()) { |
1394 | - callback_.Run(false); |
1395 | - callback_.Reset(); |
1396 | - } |
1397 | - |
1398 | - if (!cancel_callback_.is_null()) { |
1399 | - cancel_callback_.Run(); |
1400 | - cancel_callback_.Reset(); |
1401 | - } |
1402 | -} |
1403 | - |
1404 | -CertificateError::CertificateError( |
1405 | - CertificateErrorManager* manager, |
1406 | - content::RenderFrameHost* frame, |
1407 | - int cert_error, |
1408 | - const net::SSLInfo& ssl_info, |
1409 | - const GURL& url, |
1410 | - content::ResourceType resource_type, |
1411 | - bool strict_enforcement, |
1412 | - const base::Callback<void(bool)>& callback) |
1413 | - : manager_(manager), |
1414 | - frame_id_(RenderFrameHostID::FromHost(frame)), |
1415 | - is_main_frame_(!frame->GetParent()), |
1416 | - is_subresource_(!content::IsResourceTypeFrame(resource_type)), |
1417 | - cert_error_(ToCertError(cert_error, ssl_info.cert.get())), |
1418 | - cert_(ssl_info.cert), |
1419 | +CertificateError::CertificateError(bool is_main_frame, |
1420 | + bool is_subresource, |
1421 | + CertError cert_error, |
1422 | + net::X509Certificate* cert, |
1423 | + const GURL& url, |
1424 | + bool strict_enforcement, |
1425 | + bool overridable, |
1426 | + CertificateErrorProxy* proxy) |
1427 | + : is_main_frame_(is_main_frame), |
1428 | + is_subresource_(is_subresource), |
1429 | + cert_error_(cert_error), |
1430 | + cert_(cert), |
1431 | url_(url), |
1432 | - overridable_(!callback.is_null()), |
1433 | strict_enforcement_(strict_enforcement), |
1434 | - callback_(callback), |
1435 | - is_cancelled_(false), |
1436 | - non_overridable_frame_error_committed_(false) { |
1437 | - DCHECK(manager_); |
1438 | - DCHECK(frame); |
1439 | - CHECK(!overridable_ || !strict_enforcement_) << |
1440 | - "overridable and strict_enforcement are expected to be mutually exclusive"; |
1441 | - |
1442 | - manager_->AddError(this); |
1443 | -} |
1444 | + overridable_(overridable), |
1445 | + proxy_(proxy) {} |
1446 | |
1447 | CertificateError::~CertificateError() { |
1448 | - if (!callback_.is_null()) { |
1449 | - Deny(); |
1450 | - } else if (manager_) { |
1451 | - manager_->RemoveError(this); |
1452 | + if (!proxy_->did_respond() && !proxy_->is_cancelled()) { |
1453 | + proxy_->Deny(); |
1454 | } |
1455 | } |
1456 | |
1457 | +bool CertificateError::IsCancelled() const { |
1458 | + return proxy_->is_cancelled(); |
1459 | +} |
1460 | + |
1461 | void CertificateError::SetCancelCallback(const base::Closure& callback) { |
1462 | - DCHECK(!is_cancelled_); |
1463 | - cancel_callback_ = callback; |
1464 | + proxy_->set_cancel_callback(callback); |
1465 | } |
1466 | |
1467 | void CertificateError::Allow() { |
1468 | - DCHECK(!callback_.is_null()); |
1469 | - |
1470 | - callback_.Run(true); |
1471 | - callback_.Reset(); |
1472 | - |
1473 | - manager_->RemoveError(this); |
1474 | + if (!overridable()) { |
1475 | + LOG(WARNING) << "Can't override a non-overridable error"; |
1476 | + return; |
1477 | + } |
1478 | + |
1479 | + if (proxy_->is_cancelled()) { |
1480 | + LOG(WARNING) << "Can't override an error that's been cancelled"; |
1481 | + return; |
1482 | + } |
1483 | + |
1484 | + if (proxy_->did_respond()) { |
1485 | + LOG(WARNING) << "Can't respond more than once to a CertificateError"; |
1486 | + return; |
1487 | + } |
1488 | + |
1489 | + proxy_->Allow(); |
1490 | } |
1491 | |
1492 | void CertificateError::Deny() { |
1493 | - DCHECK(!callback_.is_null()); |
1494 | - |
1495 | - callback_.Run(false); |
1496 | - callback_.Reset(); |
1497 | - |
1498 | - manager_->RemoveError(this); |
1499 | + if (proxy_->is_cancelled()) { |
1500 | + LOG(WARNING) << "Can't override an error that's been cancelled"; |
1501 | + return; |
1502 | + } |
1503 | + |
1504 | + if (proxy_->did_respond()) { |
1505 | + LOG(WARNING) << "Can't respond more than once to a CertificateError"; |
1506 | + return; |
1507 | + } |
1508 | + |
1509 | + proxy_->Deny(); |
1510 | } |
1511 | |
1512 | } // namespace oxide |
1513 | |
1514 | === renamed file 'shared/browser/oxide_certificate_error.h' => 'shared/browser/ssl/oxide_certificate_error.h' |
1515 | --- shared/browser/oxide_certificate_error.h 2015-10-07 17:20:23 +0000 |
1516 | +++ shared/browser/ssl/oxide_certificate_error.h 2015-10-21 20:26:37 +0000 |
1517 | @@ -15,96 +15,36 @@ |
1518 | // License along with this library; if not, write to the Free Software |
1519 | // Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA |
1520 | |
1521 | -#ifndef _OXIDE_SHARED_BROWSER_CERTIFICATE_ERROR_H_ |
1522 | -#define _OXIDE_SHARED_BROWSER_CERTIFICATE_ERROR_H_ |
1523 | - |
1524 | -#include <vector> |
1525 | +#ifndef _OXIDE_SHARED_BROWSER_SSL_CERTIFICATE_ERROR_H_ |
1526 | +#define _OXIDE_SHARED_BROWSER_SSL_CERTIFICATE_ERROR_H_ |
1527 | |
1528 | #include "base/callback.h" |
1529 | #include "base/macros.h" |
1530 | #include "base/memory/ref_counted.h" |
1531 | -#include "base/memory/weak_ptr.h" |
1532 | -#include "content/public/common/resource_type.h" |
1533 | #include "url/gurl.h" |
1534 | |
1535 | -#include "shared/browser/oxide_render_frame_host_id.h" |
1536 | #include "shared/browser/oxide_security_types.h" |
1537 | |
1538 | -namespace content { |
1539 | -class RenderFrameHost; |
1540 | -} |
1541 | - |
1542 | namespace net { |
1543 | -class SSLInfo; |
1544 | class X509Certificate; |
1545 | } |
1546 | |
1547 | namespace oxide { |
1548 | |
1549 | -class CertificateError; |
1550 | - |
1551 | -// This class tracks CertificateErrors |
1552 | -class CertificateErrorManager { |
1553 | - public: |
1554 | - CertificateErrorManager(); |
1555 | - ~CertificateErrorManager(); |
1556 | - |
1557 | - // Cancels any pending frame errors for |frame| |
1558 | - void DidStartProvisionalLoadForFrame(content::RenderFrameHost* frame); |
1559 | - |
1560 | - // Cancels any errors for |frame| with the exception of |
1561 | - // non-overridable frame errors if this is the corresponding error page |
1562 | - void DidNavigateFrame(content::RenderFrameHost* frame); |
1563 | - |
1564 | - // Cancels any pending frame errors for |frame| |
1565 | - void DidStopProvisionalLoadForFrame(content::RenderFrameHost* frame); |
1566 | - |
1567 | - // Cancels all errors for frame |
1568 | - void FrameDetached(content::RenderFrameHost* frame); |
1569 | - |
1570 | - private: |
1571 | - friend class CertificateError; |
1572 | - class IteratorGuard; |
1573 | - |
1574 | - // Add a CertificateError |
1575 | - void AddError(CertificateError* error); |
1576 | - |
1577 | - // Remove a CertificateError, clearing its pointers to this |
1578 | - // and the frame that generated the error |
1579 | - void RemoveError(CertificateError* error); |
1580 | - |
1581 | - // Remove empty slots from errors_ |
1582 | - void Compact(); |
1583 | - |
1584 | - void CancelPendingFrameErrorsForFrame(content::RenderFrameHost* frame); |
1585 | - |
1586 | - typedef std::vector<CertificateError*> CertErrorVector; |
1587 | - |
1588 | - // Used to indicate that errors_ is being iterated over, and |
1589 | - // will prevent RemoveError from removing entries from it |
1590 | - bool iterating_; |
1591 | - |
1592 | - // The list of CertificateErrors |
1593 | - CertErrorVector errors_; |
1594 | - |
1595 | - base::WeakPtrFactory<CertificateErrorManager> weak_factory_; |
1596 | - |
1597 | - DISALLOW_COPY_AND_ASSIGN(CertificateErrorManager); |
1598 | -}; |
1599 | +class CertificateErrorProxy; |
1600 | |
1601 | // Represents a SSL certificate error. It provides access to the relevant |
1602 | // information about the error, as well as methods to accept or deny it |
1603 | class CertificateError { |
1604 | public: |
1605 | - CertificateError( |
1606 | - CertificateErrorManager* manager, |
1607 | - content::RenderFrameHost* frame, |
1608 | - int cert_error, |
1609 | - const net::SSLInfo& ssl_info, |
1610 | - const GURL& url, |
1611 | - content::ResourceType resource_type, |
1612 | - bool strict_enforcement, |
1613 | - const base::Callback<void(bool)>& callback); |
1614 | + CertificateError(bool is_main_frame, |
1615 | + bool is_subresource, |
1616 | + CertError cert_error, |
1617 | + net::X509Certificate* cert, |
1618 | + const GURL& url, |
1619 | + bool strict_enforcement, |
1620 | + bool overridable, |
1621 | + CertificateErrorProxy* proxy); |
1622 | ~CertificateError(); |
1623 | |
1624 | // If the error is from the main frame |
1625 | @@ -128,55 +68,35 @@ |
1626 | // Whether the error was generated from a URL that uses HSTS |
1627 | bool strict_enforcement() const { return strict_enforcement_; } |
1628 | |
1629 | - // Whether the error has been cancelled by Oxide. A cancelled error is no |
1630 | - // longer relevant. This can happen if the frame navigates or goes away |
1631 | - bool is_cancelled() const { return is_cancelled_; } |
1632 | + // Whether the error has been cancelled by Oxide. This is only relevant |
1633 | + // for main frame errors (is_main_frame_ && !is_subresource_) and is used |
1634 | + // to signal to the application when it should hide its certificate error UI |
1635 | + bool IsCancelled() const; |
1636 | |
1637 | // Set a callback to be invoked when this error is cancelled |
1638 | void SetCancelCallback(const base::Closure& callback); |
1639 | |
1640 | // Allow the request that generated the error to continue, ignoring the |
1641 | - // error. Only possible if overridable() returns true |
1642 | + // error. Only possible if IsOverridable() returns true |
1643 | void Allow(); |
1644 | |
1645 | // Cancel the request that generated the error |
1646 | void Deny(); |
1647 | |
1648 | private: |
1649 | - friend class CertificateErrorManager; |
1650 | - |
1651 | - // Cancel the request that generated the error and run the cancel callback. |
1652 | - // This is only called from CertificateErrorManager |
1653 | - void Cancel(); |
1654 | - |
1655 | - CertificateErrorManager* manager_; |
1656 | - |
1657 | - // The ID of the frame the generated this error |
1658 | - RenderFrameHostID frame_id_; |
1659 | - |
1660 | bool is_main_frame_; |
1661 | bool is_subresource_; |
1662 | CertError cert_error_; |
1663 | scoped_refptr<net::X509Certificate> cert_; |
1664 | GURL url_; |
1665 | + bool strict_enforcement_; |
1666 | bool overridable_; |
1667 | - bool strict_enforcement_; |
1668 | - |
1669 | - // The callback provided by Chromium, which we use to respond to the error |
1670 | - base::Callback<void(bool)> callback_; |
1671 | - |
1672 | - bool is_cancelled_; |
1673 | - base::Closure cancel_callback_; |
1674 | - |
1675 | - // Subresource errors are cancelled when a frame is committed. |
1676 | - // However, non-overridable frame errors should persist beyond the error |
1677 | - // page commit for this failed load and then be cancelled on a subsequent |
1678 | - // commit. This is used for tracking that |
1679 | - bool non_overridable_frame_error_committed_; |
1680 | + |
1681 | + scoped_refptr<CertificateErrorProxy> proxy_; |
1682 | |
1683 | DISALLOW_COPY_AND_ASSIGN(CertificateError); |
1684 | }; |
1685 | |
1686 | } // namespace oxide |
1687 | |
1688 | -#endif // _OXIDE_SHARED_BROWSER_CERTIFICATE_ERROR_H_ |
1689 | +#endif // _OXIDE_SHARED_BROWSER_SSL_CERTIFICATE_ERROR_H_ |
1690 | |
1691 | === added file 'shared/browser/ssl/oxide_certificate_error_dispatcher.cc' |
1692 | --- shared/browser/ssl/oxide_certificate_error_dispatcher.cc 1970-01-01 00:00:00 +0000 |
1693 | +++ shared/browser/ssl/oxide_certificate_error_dispatcher.cc 2015-10-21 20:26:37 +0000 |
1694 | @@ -0,0 +1,196 @@ |
1695 | +// vim:expandtab:shiftwidth=2:tabstop=2: |
1696 | +// Copyright (C) 2015 Canonical Ltd. |
1697 | + |
1698 | +// This library is free software; you can redistribute it and/or |
1699 | +// modify it under the terms of the GNU Lesser General Public |
1700 | +// License as published by the Free Software Foundation; either |
1701 | +// version 2.1 of the License, or (at your option) any later version. |
1702 | + |
1703 | +// This library is distributed in the hope that it will be useful, |
1704 | +// but WITHOUT ANY WARRANTY; without even the implied warranty of |
1705 | +// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU |
1706 | +// Lesser General Public License for more details. |
1707 | + |
1708 | +// You should have received a copy of the GNU Lesser General Public |
1709 | +// License along with this library; if not, write to the Free Software |
1710 | +// Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA |
1711 | + |
1712 | +#include "oxide_certificate_error_dispatcher.h" |
1713 | + |
1714 | +#include "base/logging.h" |
1715 | +#include "base/memory/ref_counted.h" |
1716 | +#include "content/public/browser/browser_thread.h" |
1717 | +#include "content/public/browser/certificate_request_result_type.h" |
1718 | +#include "content/public/browser/render_frame_host.h" |
1719 | +#include "content/public/browser/web_contents.h" |
1720 | +#include "net/base/net_errors.h" |
1721 | +#include "net/cert/x509_certificate.h" |
1722 | +#include "net/ssl/ssl_info.h" |
1723 | +#include "url/gurl.h" |
1724 | + |
1725 | +#include "shared/browser/oxide_security_types.h" |
1726 | + |
1727 | +#include "oxide_certificate_error.h" |
1728 | +#include "oxide_certificate_error_dispatcher_client.h" |
1729 | +#include "oxide_certificate_error_placeholder_page.h" |
1730 | +#include "oxide_certificate_error_proxy.h" |
1731 | + |
1732 | +namespace oxide { |
1733 | + |
1734 | +namespace { |
1735 | + |
1736 | +CertError ToCertError(int error, net::X509Certificate* cert) { |
1737 | + DCHECK(net::IsCertificateError(error)); |
1738 | + |
1739 | + switch (error) { |
1740 | + case net::ERR_CERT_COMMON_NAME_INVALID: |
1741 | + return CERT_ERROR_BAD_IDENTITY; |
1742 | + case net::ERR_CERT_DATE_INVALID: { |
1743 | + if (cert && cert->HasExpired()) { |
1744 | + return CERT_ERROR_EXPIRED; |
1745 | + } |
1746 | + return CERT_ERROR_DATE_INVALID; |
1747 | + } |
1748 | + case net::ERR_CERT_AUTHORITY_INVALID: |
1749 | + return CERT_ERROR_AUTHORITY_INVALID; |
1750 | + case net::ERR_CERT_CONTAINS_ERRORS: |
1751 | + case net::ERR_CERT_INVALID: |
1752 | + case net::ERR_CERT_VALIDITY_TOO_LONG: |
1753 | + return CERT_ERROR_INVALID; |
1754 | + case net::ERR_CERT_REVOKED: |
1755 | + return CERT_ERROR_REVOKED; |
1756 | + case net::ERR_CERT_WEAK_SIGNATURE_ALGORITHM: |
1757 | + case net::ERR_CERT_WEAK_KEY: |
1758 | + return CERT_ERROR_INSECURE; |
1759 | + //case net::ERR_CERT_NO_REVOCATION_MECHANISM: |
1760 | + //case net::ERR_CERT_UNABLE_TO_CHECK_REVOCATION: |
1761 | + //case net::ERR_CERT_NON_UNIQUE_NAME: |
1762 | + //case net::ERR_CERT_NAME_CONSTRAINT_VIOLATION: |
1763 | + default: |
1764 | + return CERT_ERROR_GENERIC; |
1765 | + } |
1766 | +} |
1767 | + |
1768 | +} |
1769 | + |
1770 | +DEFINE_WEB_CONTENTS_USER_DATA_KEY(CertificateErrorDispatcher); |
1771 | + |
1772 | +CertificateErrorDispatcher::CertificateErrorDispatcher() |
1773 | + : client_(nullptr) {} |
1774 | + |
1775 | +bool CertificateErrorDispatcher::CanDispatch() const { |
1776 | + return !!client_; |
1777 | +} |
1778 | + |
1779 | +void CertificateErrorDispatcher::Dispatch(scoped_ptr<CertificateError> error) { |
1780 | + client_->OnCertificateError(error.Pass()); |
1781 | +} |
1782 | + |
1783 | +CertificateErrorDispatcher::~CertificateErrorDispatcher() {} |
1784 | + |
1785 | +// static |
1786 | +void CertificateErrorDispatcher::CreateForWebContents( |
1787 | + content::WebContents* contents) { |
1788 | + DCHECK(contents); |
1789 | + if (!FromWebContents(contents)) { |
1790 | + contents->SetUserData(UserDataKey(), new CertificateErrorDispatcher()); |
1791 | + } |
1792 | +} |
1793 | + |
1794 | +// static |
1795 | +void CertificateErrorDispatcher::AllowCertificateError( |
1796 | + int render_process_id, |
1797 | + int render_frame_id, |
1798 | + int cert_error, |
1799 | + const net::SSLInfo& ssl_info, |
1800 | + const GURL& request_url, |
1801 | + content::ResourceType resource_type, |
1802 | + bool overridable, |
1803 | + bool strict_enforcement, |
1804 | + const base::Callback<void(bool)>& callback, |
1805 | + content::CertificateRequestResultType* result) { |
1806 | + DCHECK_CURRENTLY_ON(content::BrowserThread::UI); |
1807 | + DCHECK_IMPLIES(strict_enforcement, !overridable); |
1808 | + |
1809 | + // Note, CANCEL will stop the resource load associated with the error, and |
1810 | + // DENY will fail it, resulting in an error page being loaded if it's |
1811 | + // for the document request |
1812 | + |
1813 | + content::RenderFrameHost* rfh = |
1814 | + content::RenderFrameHost::FromID(render_process_id, render_frame_id); |
1815 | + if (!rfh) { |
1816 | + *result = content::CERTIFICATE_REQUEST_RESULT_TYPE_CANCEL; |
1817 | + return; |
1818 | + } |
1819 | + |
1820 | + content::WebContents* contents = |
1821 | + content::WebContents::FromRenderFrameHost(rfh); |
1822 | + if (!contents) { |
1823 | + *result = content::CERTIFICATE_REQUEST_RESULT_TYPE_CANCEL; |
1824 | + return; |
1825 | + } |
1826 | + |
1827 | + CertificateErrorDispatcher* dispatcher = FromWebContents(contents); |
1828 | + |
1829 | + if (!dispatcher->CanDispatch()) { |
1830 | + *result = content::CERTIFICATE_REQUEST_RESULT_TYPE_DENY; |
1831 | + return; |
1832 | + } |
1833 | + |
1834 | + if (resource_type != content::RESOURCE_TYPE_MAIN_FRAME) { |
1835 | + // Only errors for main frame document resources are overridable, as it's |
1836 | + // the only case where we can guarantee that the security status for the |
1837 | + // webview is correct (see https://launchpad.net/bugs/1368385), and it's |
1838 | + // the only case where we trust the application to be able to display a |
1839 | + // meaningful UI |
1840 | + overridable = false; |
1841 | + *result = content::CERTIFICATE_REQUEST_RESULT_TYPE_DENY; |
1842 | + } else if (!overridable) { |
1843 | + // Don't load an error page for main frame document errors, as we're going |
1844 | + // to load a placeholder transient page |
1845 | + *result = content::CERTIFICATE_REQUEST_RESULT_TYPE_CANCEL; |
1846 | + } |
1847 | + |
1848 | + |
1849 | + scoped_refptr<CertificateErrorProxy> proxy = |
1850 | + new CertificateErrorProxy( |
1851 | + overridable ? callback : base::Callback<void(bool)>()); |
1852 | + scoped_ptr<CertificateError> error( |
1853 | + new CertificateError(!rfh->GetParent(), |
1854 | + !content::IsResourceTypeFrame(resource_type), |
1855 | + ToCertError(cert_error, ssl_info.cert.get()), |
1856 | + ssl_info.cert.get(), |
1857 | + request_url, |
1858 | + strict_enforcement, |
1859 | + overridable, |
1860 | + proxy.get())); |
1861 | + |
1862 | + dispatcher->Dispatch(error.Pass()); |
1863 | + |
1864 | + if (proxy->did_respond()) { |
1865 | + // If the application responded explicitly or by CertificateError being |
1866 | + // destroyed, there's nothing more to do |
1867 | + return; |
1868 | + } |
1869 | + |
1870 | + if (resource_type != content::RESOURCE_TYPE_MAIN_FRAME) { |
1871 | + // If this error isn't for a main frame document resource, there's nothing |
1872 | + // more to do |
1873 | + return; |
1874 | + } |
1875 | + |
1876 | + // For main frame document resources, we insert a placeholder transient page |
1877 | + // as long as CertificateError is alive and not responded to. This is |
1878 | + // intended to help the embedder when it displays a certificate error UI by |
1879 | + // ensuring the visible URL is correct, navigation history is consistent, the |
1880 | + // webview is marked as not loading and the back button behaves correctly |
1881 | + // (should dismiss the error via the cancel callback and go back to the last |
1882 | + // committed page) |
1883 | + |
1884 | + // This gets owned by the |contents| |
1885 | + new CertificateErrorPlaceholderPage(contents, |
1886 | + request_url, |
1887 | + proxy.get()); |
1888 | +} |
1889 | + |
1890 | +} // namespace oxide |
1891 | |
1892 | === added file 'shared/browser/ssl/oxide_certificate_error_dispatcher.h' |
1893 | --- shared/browser/ssl/oxide_certificate_error_dispatcher.h 1970-01-01 00:00:00 +0000 |
1894 | +++ shared/browser/ssl/oxide_certificate_error_dispatcher.h 2015-10-21 20:26:37 +0000 |
1895 | @@ -0,0 +1,77 @@ |
1896 | +// vim:expandtab:shiftwidth=2:tabstop=2: |
1897 | +// Copyright (C) 2015 Canonical Ltd. |
1898 | + |
1899 | +// This library is free software; you can redistribute it and/or |
1900 | +// modify it under the terms of the GNU Lesser General Public |
1901 | +// License as published by the Free Software Foundation; either |
1902 | +// version 2.1 of the License, or (at your option) any later version. |
1903 | + |
1904 | +// This library is distributed in the hope that it will be useful, |
1905 | +// but WITHOUT ANY WARRANTY; without even the implied warranty of |
1906 | +// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU |
1907 | +// Lesser General Public License for more details. |
1908 | + |
1909 | +// You should have received a copy of the GNU Lesser General Public |
1910 | +// License along with this library; if not, write to the Free Software |
1911 | +// Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA |
1912 | + |
1913 | +#ifndef _OXIDE_SHARED_BROWSER_SSL_CERTIFICATE_ERROR_DISPATCHER_H_ |
1914 | +#define _OXIDE_SHARED_BROWSER_SSL_CERTIFICATE_ERROR_DISPATCHER_H_ |
1915 | + |
1916 | +#include "base/callback.h" |
1917 | +#include "base/macros.h" |
1918 | +#include "content/public/browser/certificate_request_result_type.h" |
1919 | +#include "content/public/browser/web_contents_user_data.h" |
1920 | +#include "content/public/common/resource_type.h" |
1921 | + |
1922 | +class GURL; |
1923 | + |
1924 | +namespace net { |
1925 | +class SSLInfo; |
1926 | +} |
1927 | + |
1928 | +namespace oxide { |
1929 | + |
1930 | +class CertificateError; |
1931 | +class CertificateErrorDispatcherClient; |
1932 | + |
1933 | +// A helper class for dispatching certificate errors from Chromium to |
1934 | +// CertificateErrorDispatcherClient |
1935 | +class CertificateErrorDispatcher |
1936 | + : public content::WebContentsUserData<CertificateErrorDispatcher> { |
1937 | + public: |
1938 | + ~CertificateErrorDispatcher(); |
1939 | + |
1940 | + static void CreateForWebContents(content::WebContents* contents); |
1941 | + |
1942 | + // Entry point from Chromium |
1943 | + static void AllowCertificateError( |
1944 | + int render_process_id, |
1945 | + int render_frame_id, |
1946 | + int cert_error, |
1947 | + const net::SSLInfo& ssl_info, |
1948 | + const GURL& request_url, |
1949 | + content::ResourceType resource_type, |
1950 | + bool overridable, |
1951 | + bool strict_enforcement, |
1952 | + const base::Callback<void(bool)>& callback, |
1953 | + content::CertificateRequestResultType* result); |
1954 | + |
1955 | + void set_client(CertificateErrorDispatcherClient* client) { |
1956 | + client_ = client; |
1957 | + } |
1958 | + |
1959 | + private: |
1960 | + CertificateErrorDispatcher(); |
1961 | + |
1962 | + bool CanDispatch() const; |
1963 | + void Dispatch(scoped_ptr<CertificateError> error); |
1964 | + |
1965 | + CertificateErrorDispatcherClient* client_; |
1966 | + |
1967 | + DISALLOW_COPY_AND_ASSIGN(CertificateErrorDispatcher); |
1968 | +}; |
1969 | + |
1970 | +} // namespace oxide |
1971 | + |
1972 | +#endif // _OXIDE_SHARED_BROWSER_SSL_CERTIFICATE_ERROR_DISPATCHER_H_ |
1973 | |
1974 | === added file 'shared/browser/ssl/oxide_certificate_error_dispatcher_client.h' |
1975 | --- shared/browser/ssl/oxide_certificate_error_dispatcher_client.h 1970-01-01 00:00:00 +0000 |
1976 | +++ shared/browser/ssl/oxide_certificate_error_dispatcher_client.h 2015-10-21 20:26:37 +0000 |
1977 | @@ -0,0 +1,36 @@ |
1978 | +// vim:expandtab:shiftwidth=2:tabstop=2: |
1979 | +// Copyright (C) 2015 Canonical Ltd. |
1980 | + |
1981 | +// This library is free software; you can redistribute it and/or |
1982 | +// modify it under the terms of the GNU Lesser General Public |
1983 | +// License as published by the Free Software Foundation; either |
1984 | +// version 2.1 of the License, or (at your option) any later version. |
1985 | + |
1986 | +// This library is distributed in the hope that it will be useful, |
1987 | +// but WITHOUT ANY WARRANTY; without even the implied warranty of |
1988 | +// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU |
1989 | +// Lesser General Public License for more details. |
1990 | + |
1991 | +// You should have received a copy of the GNU Lesser General Public |
1992 | +// License along with this library; if not, write to the Free Software |
1993 | +// Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA |
1994 | + |
1995 | +#ifndef _OXIDE_SHARED_BROWSER_SSL_CERTIFICATE_ERROR_DISPATCHER_CLIENT_H_ |
1996 | +#define _OXIDE_SHARED_BROWSER_SSL_CERTIFICATE_ERROR_DISPATCHER_CLIENT_H_ |
1997 | + |
1998 | +#include "base/memory/scoped_ptr.h" |
1999 | + |
2000 | +namespace oxide { |
2001 | + |
2002 | +class CertificateError; |
2003 | + |
2004 | +class CertificateErrorDispatcherClient { |
2005 | + public: |
2006 | + virtual ~CertificateErrorDispatcherClient() {} |
2007 | + |
2008 | + virtual void OnCertificateError(scoped_ptr<CertificateError> error) = 0; |
2009 | +}; |
2010 | + |
2011 | +} // namespace oxide |
2012 | + |
2013 | +#endif // _OXIDE_SHARED_BROWSER_SSL_CERTIFICATE_ERROR_DISPATCHER_CLIENT_H_ |
2014 | |
2015 | === added file 'shared/browser/ssl/oxide_certificate_error_placeholder_page.cc' |
2016 | --- shared/browser/ssl/oxide_certificate_error_placeholder_page.cc 1970-01-01 00:00:00 +0000 |
2017 | +++ shared/browser/ssl/oxide_certificate_error_placeholder_page.cc 2015-10-21 20:26:37 +0000 |
2018 | @@ -0,0 +1,58 @@ |
2019 | +// vim:expandtab:shiftwidth=2:tabstop=2: |
2020 | +// Copyright (C) 2015 Canonical Ltd. |
2021 | + |
2022 | +// This library is free software; you can redistribute it and/or |
2023 | +// modify it under the terms of the GNU Lesser General Public |
2024 | +// License as published by the Free Software Foundation; either |
2025 | +// version 2.1 of the License, or (at your option) any later version. |
2026 | + |
2027 | +// This library is distributed in the hope that it will be useful, |
2028 | +// but WITHOUT ANY WARRANTY; without even the implied warranty of |
2029 | +// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU |
2030 | +// Lesser General Public License for more details. |
2031 | + |
2032 | +// You should have received a copy of the GNU Lesser General Public |
2033 | +// License along with this library; if not, write to the Free Software |
2034 | +// Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA |
2035 | + |
2036 | +#include "oxide_certificate_error_placeholder_page.h" |
2037 | + |
2038 | +#include "base/logging.h" |
2039 | +#include "content/public/browser/interstitial_page.h" |
2040 | + |
2041 | +#include "oxide_certificate_error_proxy.h" |
2042 | + |
2043 | +namespace oxide { |
2044 | + |
2045 | +CertificateErrorPlaceholderPage::~CertificateErrorPlaceholderPage() {} |
2046 | + |
2047 | +std::string CertificateErrorPlaceholderPage::GetHTMLContents() { |
2048 | + return "<html></html>"; |
2049 | +} |
2050 | + |
2051 | +void CertificateErrorPlaceholderPage::OnDontProceed() { |
2052 | + error_->Cancel(); |
2053 | +} |
2054 | + |
2055 | +CertificateErrorPlaceholderPage::CertificateErrorPlaceholderPage( |
2056 | + content::WebContents* contents, |
2057 | + const GURL& request_url, |
2058 | + CertificateErrorProxy* error) |
2059 | + : interstitial_(content::InterstitialPage::Create(contents, |
2060 | + true, |
2061 | + request_url, |
2062 | + this)), |
2063 | + error_(error) { |
2064 | + error_->SetPlaceholderPage(this); |
2065 | + interstitial_->Show(); |
2066 | +} |
2067 | + |
2068 | +void CertificateErrorPlaceholderPage::Proceed() { |
2069 | + interstitial_->Proceed(); |
2070 | +} |
2071 | + |
2072 | +void CertificateErrorPlaceholderPage::DontProceed() { |
2073 | + interstitial_->DontProceed(); |
2074 | +} |
2075 | + |
2076 | +} // namespace oxide |
2077 | |
2078 | === added file 'shared/browser/ssl/oxide_certificate_error_placeholder_page.h' |
2079 | --- shared/browser/ssl/oxide_certificate_error_placeholder_page.h 1970-01-01 00:00:00 +0000 |
2080 | +++ shared/browser/ssl/oxide_certificate_error_placeholder_page.h 2015-10-21 20:26:37 +0000 |
2081 | @@ -0,0 +1,64 @@ |
2082 | +// vim:expandtab:shiftwidth=2:tabstop=2: |
2083 | +// Copyright (C) 2015 Canonical Ltd. |
2084 | + |
2085 | +// This library is free software; you can redistribute it and/or |
2086 | +// modify it under the terms of the GNU Lesser General Public |
2087 | +// License as published by the Free Software Foundation; either |
2088 | +// version 2.1 of the License, or (at your option) any later version. |
2089 | + |
2090 | +// This library is distributed in the hope that it will be useful, |
2091 | +// but WITHOUT ANY WARRANTY; without even the implied warranty of |
2092 | +// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU |
2093 | +// Lesser General Public License for more details. |
2094 | + |
2095 | +// You should have received a copy of the GNU Lesser General Public |
2096 | +// License along with this library; if not, write to the Free Software |
2097 | +// Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA |
2098 | + |
2099 | +#ifndef _OXIDE_SHARED_BROWSER_SSL_CERTIFICATE_ERROR_PLACEHOLDER_PAGE_H_ |
2100 | +#define _OXIDE_SHARED_BROWSER_SSL_CERTIFICATE_ERROR_PLACEHOLDER_PAGE_H_ |
2101 | + |
2102 | +#include "base/macros.h" |
2103 | +#include "base/memory/ref_counted.h" |
2104 | +#include "content/public/browser/interstitial_page_delegate.h" |
2105 | + |
2106 | +class GURL; |
2107 | + |
2108 | +namespace content { |
2109 | +class InterstitialPage; |
2110 | +class WebContents; |
2111 | +} |
2112 | + |
2113 | +namespace oxide { |
2114 | + |
2115 | +class CertificateErrorProxy; |
2116 | + |
2117 | +// This class inserts a placeholder transient page in to a WebContents' |
2118 | +// navigation list whilst an application displays a certificate error UI |
2119 | +class CertificateErrorPlaceholderPage |
2120 | + : public content::InterstitialPageDelegate { |
2121 | + public: |
2122 | + CertificateErrorPlaceholderPage(content::WebContents* contents, |
2123 | + const GURL& request_url, |
2124 | + CertificateErrorProxy* error); |
2125 | + |
2126 | + void Proceed(); |
2127 | + void DontProceed(); |
2128 | + |
2129 | + private: |
2130 | + ~CertificateErrorPlaceholderPage() override; |
2131 | + |
2132 | + // content::InterstitialPageDelegate implementation |
2133 | + std::string GetHTMLContents() override; |
2134 | + void OnDontProceed() override; |
2135 | + |
2136 | + content::InterstitialPage* interstitial_; // This owns us |
2137 | + |
2138 | + scoped_refptr<CertificateErrorProxy> error_; |
2139 | + |
2140 | + DISALLOW_COPY_AND_ASSIGN(CertificateErrorPlaceholderPage); |
2141 | +}; |
2142 | + |
2143 | +} // namespace oxide |
2144 | + |
2145 | +#endif // _OXIDE_SHARED_BROWSER_SSL_CERTIFICATE_ERROR_PLACEHOLDER_PAGE_H_ |
2146 | |
2147 | === added file 'shared/browser/ssl/oxide_certificate_error_proxy.cc' |
2148 | --- shared/browser/ssl/oxide_certificate_error_proxy.cc 1970-01-01 00:00:00 +0000 |
2149 | +++ shared/browser/ssl/oxide_certificate_error_proxy.cc 2015-10-21 20:26:37 +0000 |
2150 | @@ -0,0 +1,105 @@ |
2151 | +// vim:expandtab:shiftwidth=2:tabstop=2: |
2152 | +// Copyright (C) 2015 Canonical Ltd. |
2153 | + |
2154 | +// This library is free software; you can redistribute it and/or |
2155 | +// modify it under the terms of the GNU Lesser General Public |
2156 | +// License as published by the Free Software Foundation; either |
2157 | +// version 2.1 of the License, or (at your option) any later version. |
2158 | + |
2159 | +// This library is distributed in the hope that it will be useful, |
2160 | +// but WITHOUT ANY WARRANTY; without even the implied warranty of |
2161 | +// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU |
2162 | +// Lesser General Public License for more details. |
2163 | + |
2164 | +// You should have received a copy of the GNU Lesser General Public |
2165 | +// License along with this library; if not, write to the Free Software |
2166 | +// Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA |
2167 | + |
2168 | +#include "oxide_certificate_error_proxy.h" |
2169 | + |
2170 | +#include "base/logging.h" |
2171 | + |
2172 | +#include "oxide_certificate_error_placeholder_page.h" |
2173 | + |
2174 | +namespace oxide { |
2175 | + |
2176 | +CertificateErrorProxy::~CertificateErrorProxy() { |
2177 | + DCHECK(did_respond_ || is_cancelled_); |
2178 | +} |
2179 | + |
2180 | +CertificateErrorProxy::CertificateErrorProxy( |
2181 | + const base::Callback<void(bool)>& callback) |
2182 | + : callback_(callback), |
2183 | + is_cancelled_(false), |
2184 | + did_respond_(false), |
2185 | + placeholder_page_(nullptr) {} |
2186 | + |
2187 | +void CertificateErrorProxy::Allow() { |
2188 | + DCHECK(!did_respond_); |
2189 | + DCHECK(!is_cancelled_); |
2190 | + DCHECK(!callback_.is_null()); |
2191 | + |
2192 | + did_respond_ = true; |
2193 | + |
2194 | + callback_.Run(true); |
2195 | + callback_.Reset(); |
2196 | + |
2197 | + if (placeholder_page_) { |
2198 | + placeholder_page_->Proceed(); |
2199 | + placeholder_page_ = nullptr; |
2200 | + } |
2201 | +} |
2202 | + |
2203 | +void CertificateErrorProxy::Deny() { |
2204 | + DCHECK(!did_respond_); |
2205 | + DCHECK(!is_cancelled_); |
2206 | + |
2207 | + did_respond_ = true; |
2208 | + |
2209 | + if (!callback_.is_null()) { |
2210 | + callback_.Run(false); |
2211 | + callback_.Reset(); |
2212 | + } |
2213 | + |
2214 | + if (placeholder_page_) { |
2215 | + placeholder_page_->DontProceed(); |
2216 | + placeholder_page_ = nullptr; |
2217 | + } |
2218 | +} |
2219 | + |
2220 | +void CertificateErrorProxy::Cancel() { |
2221 | + DCHECK(!is_cancelled_); |
2222 | + |
2223 | + if (did_respond_) { |
2224 | + // Calling Deny() ends up re-entering here via |
2225 | + // InterstitialPageDelegate::OnDontProceed |
2226 | + return; |
2227 | + } |
2228 | + |
2229 | + // Chromium can call in to us after we've responded, if we responded |
2230 | + // before the interstitial navigation was committed. This is why this check |
2231 | + // is here, and not higher up |
2232 | + DCHECK(placeholder_page_); |
2233 | + |
2234 | + is_cancelled_ = true; |
2235 | + placeholder_page_ = nullptr; |
2236 | + |
2237 | + if (!callback_.is_null()) { |
2238 | + callback_.Run(false); |
2239 | + callback_.Reset(); |
2240 | + } |
2241 | + |
2242 | + if (!cancel_callback_.is_null()) { |
2243 | + cancel_callback_.Run(); |
2244 | + cancel_callback_.Reset(); |
2245 | + } |
2246 | +} |
2247 | + |
2248 | +void CertificateErrorProxy::SetPlaceholderPage( |
2249 | + CertificateErrorPlaceholderPage* placeholder) { |
2250 | + DCHECK(!did_respond_); |
2251 | + DCHECK(!is_cancelled_); |
2252 | + placeholder_page_ = placeholder; |
2253 | +} |
2254 | + |
2255 | +} // namespace oxide |
2256 | |
2257 | === added file 'shared/browser/ssl/oxide_certificate_error_proxy.h' |
2258 | --- shared/browser/ssl/oxide_certificate_error_proxy.h 1970-01-01 00:00:00 +0000 |
2259 | +++ shared/browser/ssl/oxide_certificate_error_proxy.h 2015-10-21 20:26:37 +0000 |
2260 | @@ -0,0 +1,65 @@ |
2261 | +// vim:expandtab:shiftwidth=2:tabstop=2: |
2262 | +// Copyright (C) 2015 Canonical Ltd. |
2263 | + |
2264 | +// This library is free software; you can redistribute it and/or |
2265 | +// modify it under the terms of the GNU Lesser General Public |
2266 | +// License as published by the Free Software Foundation; either |
2267 | +// version 2.1 of the License, or (at your option) any later version. |
2268 | + |
2269 | +// This library is distributed in the hope that it will be useful, |
2270 | +// but WITHOUT ANY WARRANTY; without even the implied warranty of |
2271 | +// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU |
2272 | +// Lesser General Public License for more details. |
2273 | + |
2274 | +// You should have received a copy of the GNU Lesser General Public |
2275 | +// License along with this library; if not, write to the Free Software |
2276 | +// Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA |
2277 | + |
2278 | +#ifndef _OXIDE_SHARED_BROWSER_SSL_CERTIFICATE_ERROR_PROXY_H_ |
2279 | +#define _OXIDE_SHARED_BROWSER_SSL_CERTIFICATE_ERROR_PROXY_H_ |
2280 | + |
2281 | +#include "base/callback.h" |
2282 | +#include "base/macros.h" |
2283 | +#include "base/memory/ref_counted.h" |
2284 | + |
2285 | +namespace oxide { |
2286 | + |
2287 | +class CertificateErrorPlaceholderPage; |
2288 | + |
2289 | +// This class sits between CertificateError and CertificateErrorPlaceholderPage |
2290 | +class CertificateErrorProxy : public base::RefCounted<CertificateErrorProxy> { |
2291 | + public: |
2292 | + CertificateErrorProxy(const base::Callback<void(bool)>& callback); |
2293 | + |
2294 | + bool is_cancelled() const { return is_cancelled_; } |
2295 | + bool did_respond() const { return did_respond_; } |
2296 | + |
2297 | + void set_cancel_callback(const base::Closure& cancel_callback) { |
2298 | + cancel_callback_ = cancel_callback; |
2299 | + } |
2300 | + |
2301 | + void Allow(); |
2302 | + void Deny(); |
2303 | + |
2304 | + void Cancel(); |
2305 | + |
2306 | + void SetPlaceholderPage(CertificateErrorPlaceholderPage* placeholder); |
2307 | + |
2308 | + private: |
2309 | + friend class base::RefCounted<CertificateErrorProxy>; |
2310 | + ~CertificateErrorProxy(); |
2311 | + |
2312 | + base::Callback<void(bool)> callback_; |
2313 | + |
2314 | + bool is_cancelled_; |
2315 | + bool did_respond_; |
2316 | + base::Closure cancel_callback_; |
2317 | + |
2318 | + CertificateErrorPlaceholderPage* placeholder_page_; |
2319 | + |
2320 | + DISALLOW_COPY_AND_ASSIGN(CertificateErrorProxy); |
2321 | +}; |
2322 | + |
2323 | +} // namespace oxide |
2324 | + |
2325 | +#endif // _OXIDE_SHARED_BROWSER_SSL_CERTIFICATE_ERROR_PROXY_H_ |
2326 | |
2327 | === modified file 'shared/shared.gyp' |
2328 | --- shared/shared.gyp 2015-10-21 17:07:17 +0000 |
2329 | +++ shared/shared.gyp 2015-10-21 20:26:37 +0000 |
2330 | @@ -352,8 +352,6 @@ |
2331 | 'browser/oxide_browser_platform_integration_observer.h', |
2332 | 'browser/oxide_browser_process_main.cc', |
2333 | 'browser/oxide_browser_process_main.h', |
2334 | - 'browser/oxide_certificate_error.cc', |
2335 | - 'browser/oxide_certificate_error.h', |
2336 | 'browser/oxide_content_browser_client.cc', |
2337 | 'browser/oxide_content_browser_client.h', |
2338 | 'browser/oxide_content_types.h', |
2339 | @@ -475,6 +473,15 @@ |
2340 | 'browser/permissions/oxide_permission_request_response.h', |
2341 | 'browser/permissions/oxide_temporary_saved_permission_context.cc', |
2342 | 'browser/permissions/oxide_temporary_saved_permission_context.h', |
2343 | + 'browser/ssl/oxide_certificate_error.cc', |
2344 | + 'browser/ssl/oxide_certificate_error.h', |
2345 | + 'browser/ssl/oxide_certificate_error_dispatcher.cc', |
2346 | + 'browser/ssl/oxide_certificate_error_dispatcher.h', |
2347 | + 'browser/ssl/oxide_certificate_error_dispatcher_client.h', |
2348 | + 'browser/ssl/oxide_certificate_error_placeholder_page.cc', |
2349 | + 'browser/ssl/oxide_certificate_error_placeholder_page.h', |
2350 | + 'browser/ssl/oxide_certificate_error_proxy.cc', |
2351 | + 'browser/ssl/oxide_certificate_error_proxy.h', |
2352 | 'common/oxide_constants.cc', |
2353 | 'common/oxide_constants.h', |
2354 | 'common/oxide_content_client.cc', |