Refactor connection_security into SecurityStateModel

chrome/android/java/src/org/chromium/chrome/browser/WebsiteSettingsPopup.java

 // Copyright 2013 The Chromium Authors. All rights reserved.
 // Use of this source code is governed by a BSD-style license that can be
 // found in the LICENSE file.
 
 package org.chromium.chrome.browser;
 
 import android.animation.Animator;
 import android.animation.AnimatorListenerAdapter;
 import android.animation.AnimatorSet;
 import android.animation.ObjectAnimator;
@@ skipping 35 matching lines @@
 
 import org.chromium.base.CommandLine;
 import org.chromium.base.annotations.CalledByNative;
 import org.chromium.chrome.R;
 import org.chromium.chrome.browser.omnibox.OmniboxUrlEmphasizer;
 import org.chromium.chrome.browser.preferences.PrefServiceBridge;
 import org.chromium.chrome.browser.preferences.Preferences;
 import org.chromium.chrome.browser.preferences.PreferencesLauncher;
 import org.chromium.chrome.browser.preferences.website.SingleWebsitePreferences;
 import org.chromium.chrome.browser.profiles.Profile;
-import org.chromium.chrome.browser.ssl.ConnectionSecurity;
 import org.chromium.chrome.browser.ssl.ConnectionSecurityLevel;
-import org.chromium.chrome.browser.toolbar.ToolbarModel;
+import org.chromium.chrome.browser.ssl.SecurityStateModel;
 import org.chromium.content.browser.ContentViewCore;
 import org.chromium.content_public.browser.WebContents;
 import org.chromium.content_public.browser.WebContentsObserver;
 import org.chromium.ui.base.Clipboard;
 import org.chromium.ui.base.DeviceFormFactor;
 import org.chromium.ui.base.WindowAndroid;
 import org.chromium.ui.base.WindowAndroid.PermissionCallback;
 import org.chromium.ui.interpolators.BakedBezierInterpolator;
 
 import java.net.URI;
@@ skipping 192 matching lines @@
     // Whether or not this page is an internal chrome page (e.g. the
     // chrome://settings page).
     private boolean mIsInternalPage;
 
     // The security level of the page (a valid ConnectionSecurityLevel).
     private int mSecurityLevel;
 
     // Whether the security level of the page was deprecated due to SHA-1.
     private boolean mDeprecatedSHA1Present;
 
+    // Whether the security level of the page was deprecated due to passive mixed content.

[palmer, 2015/09/01 17:39:40]

"downgraded", not "deprecated"

[estark, 2015/09/02 16:27:20]

Done.

+    private boolean mPassiveMixedContentPresent;
+
     // Whether to use the read-only permissions list.
     private boolean mIsReadOnlyDialog;
 
     // Permissions available to be displayed in mPermissionsList.
     private List<PageInfoPermissionEntry> mDisplayedPermissions;
 
     /**
      * Creates the WebsiteSettingsPopup, but does not display it. Also initializes the corresponding
      * C++ object and saves a pointer to it.
      *
@@ skipping 133 matching lines @@
 
         // Work out the URL and connection message.
         mFullUrl = mWebContents.getVisibleUrl();
         try {
             mParsedUrl = new URI(mFullUrl);
             mIsInternalPage = UrlUtilities.isInternalScheme(mParsedUrl);
         } catch (URISyntaxException e) {
             mParsedUrl = null;
             mIsInternalPage = false;
         }
-        mSecurityLevel = ConnectionSecurity.getSecurityLevelForWebContents(mWebContents);
-        mDeprecatedSHA1Present = ToolbarModel.isDeprecatedSHA1Present(mWebContents);
+        mSecurityLevel = SecurityStateModel.getSecurityLevelForWebContents(mWebContents);
+        mDeprecatedSHA1Present = SecurityStateModel.isDeprecatedSHA1Present(mWebContents);
+        mPassiveMixedContentPresent = SecurityStateModel.isPassiveMixedContentPresent(mWebContents);

[palmer, 2015/09/01 17:39:40]

I suppose I'll find out when I read more, but: How is active mixed content
handled?

[estark, 2015/09/02 16:27:20]

I think I haven't yet seen anywhere that Android UI does anything special with
active mixed content (i.e. treats it differently than broken-https). Is it
possible that there is no active mixed content shield on Android, and thus the
presence of active mixed content is impossible?

 
         SpannableStringBuilder urlBuilder = new SpannableStringBuilder(mFullUrl);
         OmniboxUrlEmphasizer.emphasizeUrl(urlBuilder, mContext.getResources(), mProfile,
                 mSecurityLevel, mIsInternalPage, true, true);
         mUrlTitle.setText(urlBuilder);
 
         // Set the URL connection message now, and the URL after layout (so it
         // can calculate its ideal height).
         mUrlConnectionMessage.setText(getUrlConnectionMessage());
         if (isConnectionDetailsLinkVisible()) mUrlConnectionMessage.setOnClickListener(this);
@@ skipping 62 matching lines @@
      */
     private int getConnectionMessageId(int securityLevel, boolean isInternalPage) {
         if (isInternalPage) return R.string.page_info_connection_internal_page;
 
         switch (securityLevel) {
             case ConnectionSecurityLevel.NONE:
                 return R.string.page_info_connection_http;
             case ConnectionSecurityLevel.SECURE:
             case ConnectionSecurityLevel.EV_SECURE:
                 return R.string.page_info_connection_https;
-            case ConnectionSecurityLevel.SECURITY_WARNING:
-            case ConnectionSecurityLevel.SECURITY_POLICY_WARNING:
-                return R.string.page_info_connection_mixed;
             default:
                 assert false : "Invalid security level specified: " + securityLevel;
                 return R.string.page_info_connection_http;
         }
     }
 
     /**
      * Whether to show a 'Details' link to the connection info popup. The link is only shown for
      * HTTPS connections.
      */
     private boolean isConnectionDetailsLinkVisible() {
         return !mIsInternalPage && mSecurityLevel != ConnectionSecurityLevel.NONE;
     }
 
     /**
      * Gets the styled connection message to display below the URL.
      */
     private Spannable getUrlConnectionMessage() {
         // Display the appropriate connection message.
         SpannableStringBuilder messageBuilder = new SpannableStringBuilder();
         if (mDeprecatedSHA1Present) {
             messageBuilder.append(
                     mContext.getResources().getString(R.string.page_info_connection_sha1));
-        } else if (mSecurityLevel != ConnectionSecurityLevel.SECURITY_ERROR) {
+        } else if (mPassiveMixedContentPresent) {
+            messageBuilder.append(
+                    mContext.getResources().getString(R.string.page_info_connection_mixed));
+        } else if (mSecurityLevel != ConnectionSecurityLevel.SECURITY_ERROR
+                && mSecurityLevel != ConnectionSecurityLevel.SECURITY_WARNING
+                && mSecurityLevel != ConnectionSecurityLevel.SECURITY_POLICY_WARNING) {
             messageBuilder.append(mContext.getResources().getString(
                     getConnectionMessageId(mSecurityLevel, mIsInternalPage)));
         } else {
             String originToDisplay;
             try {
                 URI parsedUrl = new URI(mFullUrl);
                 originToDisplay = UrlUtilities.getOriginForDisplay(parsedUrl, false);
             } catch (URISyntaxException e) {
                 // The URL is invalid - just display the full URL.
                 originToDisplay = mFullUrl;
@@ skipping 420 matching lines @@
         new WebsiteSettingsPopup(activity, profile, webContents);
     }
 
     private static native long nativeInit(WebsiteSettingsPopup popup, WebContents webContents);
 
     private native void nativeDestroy(long nativeWebsiteSettingsPopupAndroid);
 
     private native void nativeOnPermissionSettingChanged(long nativeWebsiteSettingsPopupAndroid,
             int type, int setting);
 }