chrome/browser/ssl/connection_security_helper.cc - Issue 1123943002: Move SecurityLevel into a class of its own

Side by Side Diff: chrome/browser/ssl/connection_security_helper.cc

Issue 1123943002: Move SecurityLevel into a class of its own (Closed) Base URL: https://chromium.googlesource.com/chromium/src.git@master

Patch Set: revert GetSecurityLevelForNonSecureFieldTrial change Created 5 years, 7 months ago

Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.

Jump to:

View unified diff | Download patch

« chrome/browser/ssl/connection_security_helper.h ('K') | « chrome/browser/ssl/connection_security_helper.h ('k') | chrome/browser/ssl/connection_security_helper_android.cc » ('j') | no next file with comments »
Toggle Intra-line Diffs ('i') | Expand Comments ('e') | Collapse Comments ('c') | Hide Comments ('s')

OLD	NEW
(Empty)
	1 // Copyright 2015 The Chromium Authors. All rights reserved.

	2 // Use of this source code is governed by a BSD-style license that can be

	3 // found in the LICENSE file.

	4

	5 #include "chrome/browser/ssl/connection_security_helper.h"

	6

	7 #include "base/command_line.h"

	8 #include "base/metrics/field_trial.h"

	9 #include "base/prefs/pref_service.h"

	10 #include "chrome/browser/profiles/profile.h"

	11 #include "chrome/browser/ssl/ssl_error_info.h"

	12 #include "chrome/common/chrome_constants.h"

	13 #include "chrome/common/chrome_switches.h"

	14 #include "chrome/common/pref_names.h"

	15 #include "content/public/browser/cert_store.h"

	16 #include "content/public/browser/navigation_controller.h"

	17 #include "content/public/browser/navigation_entry.h"

	18 #include "content/public/browser/web_contents.h"

	19 #include "content/public/common/ssl_status.h"

	20 #include "net/base/net_util.h"

	21 #include "net/cert/cert_status_flags.h"

	22 #include "net/cert/x509_certificate.h"

	23 #include "net/ssl/ssl_connection_status_flags.h"

	24 #include "url/url_constants.h"

	25

	26 #if defined(OS_CHROMEOS)

	27 #include "chrome/browser/chromeos/policy/policy_cert_service.h"

	28 #include "chrome/browser/chromeos/policy/policy_cert_service_factory.h"

	29 #endif

	30

	31 namespace {

	32

	33 ConnectionSecurityHelper::SecurityLevel

	34 GetSecurityLevelForNonSecureFieldTrial() {

	35 std::string choice =

	36 base::CommandLine::ForCurrentProcess()->GetSwitchValueASCII(

	37 switches::kMarkNonSecureAs);

	38 if (choice == switches::kMarkNonSecureAsNeutral)

	39 return ConnectionSecurityHelper::NONE;

	40 if (choice == switches::kMarkNonSecureAsDubious)

	41 return ConnectionSecurityHelper::SECURITY_WARNING;

	42 if (choice == switches::kMarkNonSecureAsNonSecure)

	43 return ConnectionSecurityHelper::SECURITY_ERROR;

	44

	45 std::string group = base::FieldTrialList::FindFullName("MarkNonSecureAs");

	46 if (group == switches::kMarkNonSecureAsNeutral)

	47 return ConnectionSecurityHelper::NONE;

	48 if (group == switches::kMarkNonSecureAsDubious)

	49 return ConnectionSecurityHelper::SECURITY_WARNING;

	50 if (group == switches::kMarkNonSecureAsNonSecure)

	51 return ConnectionSecurityHelper::SECURITY_ERROR;

	52

	53 return ConnectionSecurityHelper::NONE;

	54 }

	55

	56 } // namespace

	57

	58 ConnectionSecurityHelper::SecurityLevel

	59 ConnectionSecurityHelper::GetSecurityLevelForWebContents(

	60 content::WebContents* web_contents) {

	61 if (!web_contents)

	62 return NONE;

	63

	64 content::NavigationEntry* entry =

	65 web_contents->GetController().GetVisibleEntry();

	66 if (!entry)

	67 return NONE;

	68

	69 const content::SSLStatus& ssl = entry->GetSSL();

	70 switch (ssl.security_style) {

	71 case content::SECURITY_STYLE_UNKNOWN:

	72 return NONE;

	73

	74 case content::SECURITY_STYLE_UNAUTHENTICATED: {

	75 const GURL& url = entry->GetURL();

	76 if (url.SchemeIs(url::kHttpScheme) \|\| url.SchemeIs(url::kFtpScheme))
	felt 2015/05/12 00:01:26 for a follow-up (not in this CL): should this use for a follow-up (not in this CL): should this use palmer's new !SchemeIsCrytographic? (or maybe !IsOriginSecure depending on the meaning we want here...) Ryan Sleevi 2015/05/12 01:03:29 I don't think so. For example, chrome-extension:// Show quoted text On 2015/05/12 00:01:26, felt wrote: > for a follow-up (not in this CL): > should this use palmer's new !SchemeIsCrytographic? (or maybe !IsOriginSecure > depending on the meaning we want here...) I don't think so. For example, chrome-extension:// schemes (or any new arbitrary scheme). I mean, blacklist vs whitelist, yeah, I just see using SchemeIsCryptographic backfiring. (IsOriginSecure may be sufficient, but I'm less familiar w/ that) estark 2015/05/12 04:37:48 I'll ask Palmer about IsOriginSecure tomorrow. Show quoted text On 2015/05/12 01:03:29, Ryan Sleevi wrote: > On 2015/05/12 00:01:26, felt wrote: > > for a follow-up (not in this CL): > > should this use palmer's new !SchemeIsCrytographic? (or maybe !IsOriginSecure > > depending on the meaning we want here...) > > I don't think so. For example, chrome-extension:// schemes (or any new arbitrary > scheme). I mean, blacklist vs whitelist, yeah, I just see using > SchemeIsCryptographic backfiring. > > (IsOriginSecure may be sufficient, but I'm less familiar w/ that) I'll ask Palmer about IsOriginSecure tomorrow. estark 2015/05/13 04:37:14 Palmer gave a thumbs-up on \|!IsOriginSecure\| so I' Show quoted text On 2015/05/12 04:37:48, estark wrote: > On 2015/05/12 01:03:29, Ryan Sleevi wrote: > > On 2015/05/12 00:01:26, felt wrote: > > > for a follow-up (not in this CL): > > > should this use palmer's new !SchemeIsCrytographic? (or maybe > !IsOriginSecure > > > depending on the meaning we want here...) > > > > I don't think so. For example, chrome-extension:// schemes (or any new > arbitrary > > scheme). I mean, blacklist vs whitelist, yeah, I just see using > > SchemeIsCryptographic backfiring. > > > > (IsOriginSecure may be sufficient, but I'm less familiar w/ that) > > I'll ask Palmer about IsOriginSecure tomorrow. Palmer gave a thumbs-up on \|!IsOriginSecure\| so I'll do that in a follow-up CL.
	77 return GetSecurityLevelForNonSecureFieldTrial();

	78 return NONE;

	79 }

	80

	81 case content::SECURITY_STYLE_AUTHENTICATION_BROKEN:

	82 return SECURITY_ERROR;

	83

	84 case content::SECURITY_STYLE_AUTHENTICATED: {

	85 #if defined(OS_CHROMEOS)

	86 policy::PolicyCertService* service =

	87 policy::PolicyCertServiceFactory::GetForProfile(

	88 Profile::FromBrowserContext(web_contents->GetBrowserContext()));

	89 if (service && service->UsedPolicyCertificates())

	90 return SECURITY_POLICY_WARNING;

	91 #endif

	92 if (ssl.content_status & content::SSLStatus::DISPLAYED_INSECURE_CONTENT)

	93 return SECURITY_WARNING;

	94 scoped_refptr<net::X509Certificate> cert;

	95 if (content::CertStore::GetInstance()->RetrieveCert(ssl.cert_id, &cert) &&

	96 (ssl.cert_status & net::CERT_STATUS_SHA1_SIGNATURE_PRESENT)) {

	97 // The internal representation of the dates for UI treatment of SHA-1.

	98 // See http://crbug.com/401365 for details.

	99 static const int64_t kJanuary2017 = INT64_C(13127702400000000);

	100 // kJanuary2016 needs to be kept in sync with

	101 // ToolbarModelAndroid::IsDeprecatedSHA1Present().

	102 static const int64_t kJanuary2016 = INT64_C(13096080000000000);

	103 if (cert->valid_expiry() >=

	104 base::Time::FromInternalValue(kJanuary2017)) {

	105 return SECURITY_ERROR;

	106 }

	107 if (cert->valid_expiry() >=

	108 base::Time::FromInternalValue(kJanuary2016)) {

	109 return SECURITY_WARNING;

	110 }

	111 }

	112 if (net::IsCertStatusError(ssl.cert_status)) {

	113 DCHECK(net::IsCertStatusMinorError(ssl.cert_status));

	114 return SECURITY_WARNING;

	115 }

	116 if (net::SSLConnectionStatusToVersion(ssl.connection_status) ==

	117 net::SSL_CONNECTION_VERSION_SSL3) {

	118 // SSLv3 will be removed in the future.

	119 return SECURITY_WARNING;

	120 }

	121 if ((ssl.cert_status & net::CERT_STATUS_IS_EV) && cert)

	122 return EV_SECURE;

	123 return SECURE;

	124 }

	125

	126 default:

	127 NOTREACHED();

	128 return NONE;

	129 }

	130 }

OLD	NEW