Chromium Code Reviews
chromiumcodereview-hr@appspot.gserviceaccount.com (chromiumcodereview-hr) | Please choose your nickname with Settings | Help | Chromium Project | Gerrit Changes | Sign out
(202)

Issues Search
    My Issues | Starred     Open | Closed | All

Side by Side Diff: chrome/browser/ssl/connection_security_helper.cc

Issue 1124383007: Revert of Revert of Move SecurityLevel into a class of its own (Closed) Base URL: https://chromium.googlesource.com/chromium/src.git@master
Patch Set: Created 5 years, 7 months ago
Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.
Jump to:
View unified diff | Download patch
« no previous file with comments | « chrome/browser/ssl/connection_security_helper.h ('k') | chrome/browser/ssl/connection_security_helper_android.h » ('j') | no next file with comments »
Toggle Intra-line Diffs ('i') | Expand Comments ('e') | Collapse Comments ('c') | Show Comments Hide Comments ('s')
OLDNEW
(Empty)
1 // Copyright 2015 The Chromium Authors. All rights reserved.
2 // Use of this source code is governed by a BSD-style license that can be
3 // found in the LICENSE file.
4
5 #include "chrome/browser/ssl/connection_security_helper.h"
6
7 #include "base/command_line.h"
8 #include "base/metrics/field_trial.h"
9 #include "base/prefs/pref_service.h"
10 #include "chrome/browser/profiles/profile.h"
11 #include "chrome/browser/ssl/ssl_error_info.h"
12 #include "chrome/common/chrome_constants.h"
13 #include "chrome/common/chrome_switches.h"
14 #include "chrome/common/pref_names.h"
15 #include "content/public/browser/cert_store.h"
16 #include "content/public/browser/navigation_controller.h"
17 #include "content/public/browser/navigation_entry.h"
18 #include "content/public/browser/web_contents.h"
19 #include "content/public/common/ssl_status.h"
20 #include "net/base/net_util.h"
21 #include "net/cert/cert_status_flags.h"
22 #include "net/cert/x509_certificate.h"
23 #include "net/ssl/ssl_connection_status_flags.h"
24 #include "url/url_constants.h"
25
26 #if defined(OS_CHROMEOS)
27 #include "chrome/browser/chromeos/policy/policy_cert_service.h"
28 #include "chrome/browser/chromeos/policy/policy_cert_service_factory.h"
29 #endif
30
31 namespace {
32
33 ConnectionSecurityHelper::SecurityLevel
34 GetSecurityLevelForNonSecureFieldTrial() {
35 std::string choice =
36 base::CommandLine::ForCurrentProcess()->GetSwitchValueASCII(
37 switches::kMarkNonSecureAs);
38 if (choice == switches::kMarkNonSecureAsNeutral)
39 return ConnectionSecurityHelper::NONE;
40 if (choice == switches::kMarkNonSecureAsDubious)
41 return ConnectionSecurityHelper::SECURITY_WARNING;
42 if (choice == switches::kMarkNonSecureAsNonSecure)
43 return ConnectionSecurityHelper::SECURITY_ERROR;
44
45 std::string group = base::FieldTrialList::FindFullName("MarkNonSecureAs");
46 if (group == switches::kMarkNonSecureAsNeutral)
47 return ConnectionSecurityHelper::NONE;
48 if (group == switches::kMarkNonSecureAsDubious)
49 return ConnectionSecurityHelper::SECURITY_WARNING;
50 if (group == switches::kMarkNonSecureAsNonSecure)
51 return ConnectionSecurityHelper::SECURITY_ERROR;
52
53 return ConnectionSecurityHelper::NONE;
54 }
55
56 } // namespace
57
58 ConnectionSecurityHelper::SecurityLevel
59 ConnectionSecurityHelper::GetSecurityLevelForWebContents(
60 content::WebContents* web_contents) {
61 if (!web_contents)
62 return NONE;
63
64 content::NavigationEntry* entry =
65 web_contents->GetController().GetVisibleEntry();
66 if (!entry)
67 return NONE;
68
69 const content::SSLStatus& ssl = entry->GetSSL();
70 switch (ssl.security_style) {
71 case content::SECURITY_STYLE_UNKNOWN:
72 return NONE;
73
74 case content::SECURITY_STYLE_UNAUTHENTICATED: {
75 const GURL& url = entry->GetURL();
76 if (url.SchemeIs(url::kHttpScheme) || url.SchemeIs(url::kFtpScheme))
77 return GetSecurityLevelForNonSecureFieldTrial();
78 return NONE;
79 }
80
81 case content::SECURITY_STYLE_AUTHENTICATION_BROKEN:
82 return SECURITY_ERROR;
83
84 case content::SECURITY_STYLE_AUTHENTICATED: {
85 #if defined(OS_CHROMEOS)
86 policy::PolicyCertService* service =
87 policy::PolicyCertServiceFactory::GetForProfile(
88 Profile::FromBrowserContext(web_contents->GetBrowserContext()));
89 if (service && service->UsedPolicyCertificates())
90 return SECURITY_POLICY_WARNING;
91 #endif
92 if (ssl.content_status & content::SSLStatus::DISPLAYED_INSECURE_CONTENT)
93 return SECURITY_WARNING;
94 scoped_refptr<net::X509Certificate> cert;
95 if (content::CertStore::GetInstance()->RetrieveCert(ssl.cert_id, &cert) &&
96 (ssl.cert_status & net::CERT_STATUS_SHA1_SIGNATURE_PRESENT)) {
97 // The internal representation of the dates for UI treatment of SHA-1.
98 // See http://crbug.com/401365 for details.
99 static const int64_t kJanuary2017 = INT64_C(13127702400000000);
100 // kJanuary2016 needs to be kept in sync with
101 // ToolbarModelAndroid::IsDeprecatedSHA1Present().
102 static const int64_t kJanuary2016 = INT64_C(13096080000000000);
103 if (cert->valid_expiry() >=
104 base::Time::FromInternalValue(kJanuary2017)) {
105 return SECURITY_ERROR;
106 }
107 if (cert->valid_expiry() >=
108 base::Time::FromInternalValue(kJanuary2016)) {
109 return SECURITY_WARNING;
110 }
111 }
112 if (net::IsCertStatusError(ssl.cert_status)) {
113 DCHECK(net::IsCertStatusMinorError(ssl.cert_status));
114 return SECURITY_WARNING;
115 }
116 if (net::SSLConnectionStatusToVersion(ssl.connection_status) ==
117 net::SSL_CONNECTION_VERSION_SSL3) {
118 // SSLv3 will be removed in the future.
119 return SECURITY_WARNING;
120 }
121 if ((ssl.cert_status & net::CERT_STATUS_IS_EV) && cert)
122 return EV_SECURE;
123 return SECURE;
124 }
125
126 default:
127 NOTREACHED();
128 return NONE;
129 }
130 }
OLDNEW
« no previous file with comments | « chrome/browser/ssl/connection_security_helper.h ('k') | chrome/browser/ssl/connection_security_helper_android.h » ('j') | no next file with comments »

Powered by Google App Engine
This is Rietveld 408576698