| OLD | NEW |
|---|
| 1 // Copyright 2012 The Chromium Authors. All rights reserved. | 1 // Copyright 2012 The Chromium Authors. All rights reserved. |
| 2 // Use of this source code is governed by a BSD-style license that can be | 2 // Use of this source code is governed by a BSD-style license that can be |
| 3 // found in the LICENSE file. | 3 // found in the LICENSE file. |
| 4 | 4 |
| 5 #include "chrome/browser/ui/toolbar/toolbar_model_impl.h" | 5 #include "chrome/browser/ui/toolbar/toolbar_model_impl.h" |
| 6 | 6 |
| 7 #include "base/command_line.h" | 7 #include "base/command_line.h" |
| 8 #include "base/metrics/field_trial.h" | 8 #include "base/metrics/field_trial.h" |
| 9 #include "base/prefs/pref_service.h" | 9 #include "base/prefs/pref_service.h" |
| 10 #include "base/strings/utf_string_conversions.h" | 10 #include "base/strings/utf_string_conversions.h" |
| (...skipping 33 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 44 #include "chrome/browser/chromeos/policy/policy_cert_service_factory.h" | 44 #include "chrome/browser/chromeos/policy/policy_cert_service_factory.h" |
| 45 #endif | 45 #endif |
| 46 | 46 |
| 47 using content::NavigationController; | 47 using content::NavigationController; |
| 48 using content::NavigationEntry; | 48 using content::NavigationEntry; |
| 49 using content::SSLStatus; | 49 using content::SSLStatus; |
| 50 using content::WebContents; | 50 using content::WebContents; |
| 51 | 51 |
| 52 namespace { | 52 namespace { |
| 53 | 53 |
| 54 // Converts a SHA-1 field trial group into the appropriate SecurityLevel. | |
| 55 bool GetSecurityLevelForFieldTrialGroup(const std::string& group, | |
| 56 ToolbarModel::SecurityLevel* level) { | |
| 57 if (group == "Error") | |
| 58 *level = ToolbarModel::SECURITY_ERROR; | |
| 59 else if (group == "Warning") | |
| 60 *level = ToolbarModel::SECURITY_WARNING; | |
| 61 else if (group == "HTTP") | |
| 62 *level = ToolbarModel::NONE; | |
| 63 else | |
| 64 return false; | |
| 65 return true; | |
| 66 } | |
| 67 | |
| 68 ToolbarModel::SecurityLevel GetSecurityLevelForNonSecureFieldTrial() { | 54 ToolbarModel::SecurityLevel GetSecurityLevelForNonSecureFieldTrial() { |
| 69 std::string choice = base::CommandLine::ForCurrentProcess()-> | 55 std::string choice = base::CommandLine::ForCurrentProcess()-> |
| 70 GetSwitchValueASCII(switches::kMarkNonSecureAs); | 56 GetSwitchValueASCII(switches::kMarkNonSecureAs); |
| 71 if (choice == switches::kMarkNonSecureAsNeutral) | 57 if (choice == switches::kMarkNonSecureAsNeutral) |
| 72 return ToolbarModel::NONE; | 58 return ToolbarModel::NONE; |
| 73 if (choice == switches::kMarkNonSecureAsDubious) | 59 if (choice == switches::kMarkNonSecureAsDubious) |
| 74 return ToolbarModel::SECURITY_WARNING; | 60 return ToolbarModel::SECURITY_WARNING; |
| 75 if (choice == switches::kMarkNonSecureAsNonSecure) | 61 if (choice == switches::kMarkNonSecureAsNonSecure) |
| 76 return ToolbarModel::SECURITY_ERROR; | 62 return ToolbarModel::SECURITY_ERROR; |
| 77 | 63 |
| (...skipping 51 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 129 return SECURITY_POLICY_WARNING; | 115 return SECURITY_POLICY_WARNING; |
| 130 #endif | 116 #endif |
| 131 if (!!(ssl.content_status & SSLStatus::DISPLAYED_INSECURE_CONTENT)) | 117 if (!!(ssl.content_status & SSLStatus::DISPLAYED_INSECURE_CONTENT)) |
| 132 return SECURITY_WARNING; | 118 return SECURITY_WARNING; |
| 133 scoped_refptr<net::X509Certificate> cert; | 119 scoped_refptr<net::X509Certificate> cert; |
| 134 if (content::CertStore::GetInstance()->RetrieveCert(ssl.cert_id, &cert) && | 120 if (content::CertStore::GetInstance()->RetrieveCert(ssl.cert_id, &cert) && |
| 135 (ssl.cert_status & net::CERT_STATUS_SHA1_SIGNATURE_PRESENT)) { | 121 (ssl.cert_status & net::CERT_STATUS_SHA1_SIGNATURE_PRESENT)) { |
| 136 // The internal representation of the dates for UI treatment of SHA-1. | 122 // The internal representation of the dates for UI treatment of SHA-1. |
| 137 // See http://crbug.com/401365 for details | 123 // See http://crbug.com/401365 for details |
| 138 static const int64_t kJanuary2017 = INT64_C(13127702400000000); | 124 static const int64_t kJanuary2017 = INT64_C(13127702400000000); |
| 139 static const int64_t kJune2016 = INT64_C(13109213000000000); | |
| 140 // kJanuary2016 needs to be kept in sync with | 125 // kJanuary2016 needs to be kept in sync with |
| 141 // ToolbarModelAndroid::IsDeprecatedSHA1Present(). | 126 // ToolbarModelAndroid::IsDeprecatedSHA1Present(). |
| 142 static const int64_t kJanuary2016 = INT64_C(13096080000000000); | 127 static const int64_t kJanuary2016 = INT64_C(13096080000000000); |
| 143 | |
| 144 ToolbarModel::SecurityLevel security_level = NONE; | |
| 145 // Gated behind a field trial, so that it is possible to adjust the | |
| 146 // UI treatment (to be more or less severe, as necessary) over the | |
| 147 // course of multiple releases. | |
| 148 // See http://crbug.com/401365 for the timeline, with the end state | |
| 149 // being that > kJanuary2017 = Error, and > kJanuary2016 = | |
| 150 // Warning, and kJune2016 disappearing entirely. | |
| 151 if (cert->valid_expiry() >= | 128 if (cert->valid_expiry() >= |
| 152 base::Time::FromInternalValue(kJanuary2017) && | 129 base::Time::FromInternalValue(kJanuary2017)) { |
| 153 GetSecurityLevelForFieldTrialGroup( | 130 return SECURITY_ERROR; |
| 154 base::FieldTrialList::FindFullName("SHA1ToolbarUIJanuary2017"), | |
| 155 &security_level)) { | |
| 156 return security_level; | |
| 157 } | |
| 158 if (cert->valid_expiry() >= base::Time::FromInternalValue(kJune2016) && | |
| 159 GetSecurityLevelForFieldTrialGroup( | |
| 160 base::FieldTrialList::FindFullName("SHA1ToolbarUIJune2016"), | |
| 161 &security_level)) { | |
| 162 return security_level; | |
| 163 } | 131 } |
| 164 if (cert->valid_expiry() >= | 132 if (cert->valid_expiry() >= |
| 165 base::Time::FromInternalValue(kJanuary2016) && | 133 base::Time::FromInternalValue(kJanuary2016)) { |
| 166 GetSecurityLevelForFieldTrialGroup( | 134 return SECURITY_WARNING; |
| 167 base::FieldTrialList::FindFullName("SHA1ToolbarUIJanuary2016"), | |
| 168 &security_level)) { | |
| 169 return security_level; | |
| 170 } | 135 } |
| 171 } | 136 } |
| 172 if (net::IsCertStatusError(ssl.cert_status)) { | 137 if (net::IsCertStatusError(ssl.cert_status)) { |
| 173 DCHECK(net::IsCertStatusMinorError(ssl.cert_status)); | 138 DCHECK(net::IsCertStatusMinorError(ssl.cert_status)); |
| 174 return SECURITY_WARNING; | 139 return SECURITY_WARNING; |
| 175 } | 140 } |
| 176 if (net::SSLConnectionStatusToVersion(ssl.connection_status) == | 141 if (net::SSLConnectionStatusToVersion(ssl.connection_status) == |
| 177 net::SSL_CONNECTION_VERSION_SSL3) { | 142 net::SSL_CONNECTION_VERSION_SSL3) { |
| 178 // SSLv3 will be removed in the future. | 143 // SSLv3 will be removed in the future. |
| 179 return SECURITY_WARNING; | 144 return SECURITY_WARNING; |
| (...skipping 189 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 369 if (entry && | 334 if (entry && |
| 370 google_util::StartsWithCommandLineGoogleBaseURL(entry->GetVirtualURL())) | 335 google_util::StartsWithCommandLineGoogleBaseURL(entry->GetVirtualURL())) |
| 371 return search_terms; | 336 return search_terms; |
| 372 | 337 |
| 373 // Otherwise, extract search terms for HTTPS pages that do not have a security | 338 // Otherwise, extract search terms for HTTPS pages that do not have a security |
| 374 // error. | 339 // error. |
| 375 ToolbarModel::SecurityLevel security_level = GetSecurityLevel(ignore_editing); | 340 ToolbarModel::SecurityLevel security_level = GetSecurityLevel(ignore_editing); |
| 376 return ((security_level == NONE) || (security_level == SECURITY_ERROR)) ? | 341 return ((security_level == NONE) || (security_level == SECURITY_ERROR)) ? |
| 377 base::string16() : search_terms; | 342 base::string16() : search_terms; |
| 378 } | 343 } |
| OLD | NEW |
|---|
Chromium Code Reviews
Issue 1102063002:
Remove the SHA-1 deprecation field trial code; the plan is live (Closed)
Base URL: https://chromium.googlesource.com/chromium/src.git@master