Move SecurityLevel into a class of its own

chrome/browser/ssl/security_level_policy.cc

Index: chrome/browser/ssl/security_level_policy.cc
diff --git a/chrome/browser/ssl/security_level_policy.cc b/chrome/browser/ssl/security_level_policy.cc
new file mode 100644
index 0000000000000000000000000000000000000000..6dc8ed8c4e2ba6dc13e9cae2192a3cc6f8613d05
--- /dev/null
+++ b/chrome/browser/ssl/security_level_policy.cc
@@ -0,0 +1,129 @@
+// Copyright 2015 The Chromium Authors. All rights reserved.
+// Use of this source code is governed by a BSD-style license that can be
+// found in the LICENSE file.
+
+#include "chrome/browser/ssl/security_level_policy.h"
+
+#include "base/command_line.h"
+#include "base/metrics/field_trial.h"
+#include "base/prefs/pref_service.h"
+#include "chrome/browser/profiles/profile.h"
+#include "chrome/browser/ssl/ssl_error_info.h"
+#include "chrome/common/chrome_constants.h"
+#include "chrome/common/chrome_switches.h"
+#include "chrome/common/pref_names.h"
+#include "content/public/browser/cert_store.h"
+#include "content/public/browser/navigation_controller.h"
+#include "content/public/browser/navigation_entry.h"
+#include "content/public/browser/web_contents.h"
+#include "content/public/common/ssl_status.h"
+#include "net/base/net_util.h"
+#include "net/cert/cert_status_flags.h"
+#include "net/cert/x509_certificate.h"
+#include "net/ssl/ssl_connection_status_flags.h"
+
+#if defined(OS_CHROMEOS)
+#include "chrome/browser/chromeos/policy/policy_cert_service.h"
+#include "chrome/browser/chromeos/policy/policy_cert_service_factory.h"
+#endif
+
+using content::SSLStatus;

[Peter Kasting, 2015/05/07 21:35:37]

Nit: Avoid this unless is significantly improves readability below (IMO it
doesn't).

[estark, 2015/05/09 02:29:08]

Done.

+
+namespace {
+
+SecurityLevelPolicy::SecurityLevel GetSecurityLevelForNonSecureFieldTrial() {
+  std::string choice =
+      base::CommandLine::ForCurrentProcess()->GetSwitchValueASCII(
+          switches::kMarkNonSecureAs);
+  if (choice == switches::kMarkNonSecureAsNeutral)
+    return SecurityLevelPolicy::NONE;
+  if (choice == switches::kMarkNonSecureAsDubious)
+    return SecurityLevelPolicy::SECURITY_WARNING;
+  if (choice == switches::kMarkNonSecureAsNonSecure)
+    return SecurityLevelPolicy::SECURITY_ERROR;
+
+  std::string group = base::FieldTrialList::FindFullName("MarkNonSecureAs");
+  if (group == switches::kMarkNonSecureAsNeutral)
+    return SecurityLevelPolicy::NONE;
+  if (group == switches::kMarkNonSecureAsDubious)
+    return SecurityLevelPolicy::SECURITY_WARNING;
+  if (group == switches::kMarkNonSecureAsNonSecure)
+    return SecurityLevelPolicy::SECURITY_ERROR;
+
+  return SecurityLevelPolicy::NONE;
+}
+
+}  // namespace
+
+SecurityLevelPolicy::SecurityLevel
+SecurityLevelPolicy::GetSecurityLevelForWebContents(
+    content::WebContents* web_contents) {
+  if (!web_contents)
+    return NONE;
+
+  content::NavigationEntry* entry =
+      web_contents->GetController().GetVisibleEntry();
+  if (!entry)
+    return NONE;
+
+  const SSLStatus& ssl = entry->GetSSL();
+  switch (ssl.security_style) {
+    case content::SECURITY_STYLE_UNKNOWN:
+      return NONE;
+
+    case content::SECURITY_STYLE_UNAUTHENTICATED: {
+      const GURL& url = entry->GetURL();
+      if (url.SchemeIs("http") || url.SchemeIs("ftp"))

[Peter Kasting, 2015/05/07 21:35:37]

Nit: Should probably be using the scheme constants in src/url/url_constants.h

[estark, 2015/05/09 02:29:08]

Done.

+        return GetSecurityLevelForNonSecureFieldTrial();
+      return NONE;
+    }
+
+    case content::SECURITY_STYLE_AUTHENTICATION_BROKEN:
+      return SECURITY_ERROR;
+
+    case content::SECURITY_STYLE_AUTHENTICATED: {
+#if defined(OS_CHROMEOS)
+      policy::PolicyCertService* service =
+          policy::PolicyCertServiceFactory::GetForProfile(
+              Profile::FromBrowserContext(web_contents->GetBrowserContext()));
+      if (service && service->UsedPolicyCertificates())
+        return SECURITY_POLICY_WARNING;
+#endif
+      if (!!(ssl.content_status & SSLStatus::DISPLAYED_INSECURE_CONTENT))

[Peter Kasting, 2015/05/07 21:35:37]

Is the !! here really necessary (to prevent warnings)?

[estark, 2015/05/09 02:29:08]

Looks like it isn't. Done.

+        return SECURITY_WARNING;
+      scoped_refptr<net::X509Certificate> cert;
+      if (content::CertStore::GetInstance()->RetrieveCert(ssl.cert_id, &cert) &&
+          (ssl.cert_status & net::CERT_STATUS_SHA1_SIGNATURE_PRESENT)) {
+        // The internal representation of the dates for UI treatment of SHA-1.
+        // See http://crbug.com/401365 for details

[Peter Kasting, 2015/05/07 21:35:37]

Nit: Trailing period

[estark, 2015/05/09 02:29:08]

Done.

+        static const int64_t kJanuary2017 = INT64_C(13127702400000000);
+        // kJanuary2016 needs to be kept in sync with
+        // ToolbarModelAndroid::IsDeprecatedSHA1Present().
+        static const int64_t kJanuary2016 = INT64_C(13096080000000000);
+        if (cert->valid_expiry() >=
+            base::Time::FromInternalValue(kJanuary2017)) {
+          return SECURITY_ERROR;
+        }
+        if (cert->valid_expiry() >=
+            base::Time::FromInternalValue(kJanuary2016)) {
+          return SECURITY_WARNING;
+        }
+      }
+      if (net::IsCertStatusError(ssl.cert_status)) {
+        DCHECK(net::IsCertStatusMinorError(ssl.cert_status));
+        return SECURITY_WARNING;
+      }
+      if (net::SSLConnectionStatusToVersion(ssl.connection_status) ==
+          net::SSL_CONNECTION_VERSION_SSL3) {
+        // SSLv3 will be removed in the future.
+        return SECURITY_WARNING;
+      }
+      if ((ssl.cert_status & net::CERT_STATUS_IS_EV) && cert.get())

[Peter Kasting, 2015/05/07 21:35:37]

Nit: Is explicit .get() necessary with scoped_refptr?

[estark, 2015/05/09 02:29:08]

Looks like it isn't. Done.

+        return EV_SECURE;
+      return SECURE;
+    }
+    default:

[Peter Kasting, 2015/05/07 21:35:37]

Nit: Blank line above this

[estark, 2015/05/09 02:29:08]

Done.

+      NOTREACHED();
+      return NONE;
+  }
+}