OLD | NEW |
---|---|
(Empty) | |
1 // Copyright 2015 The Chromium Authors. All rights reserved. | |
2 // Use of this source code is governed by a BSD-style license that can be | |
3 // found in the LICENSE file. | |
4 | |
5 #ifndef CHROME_BROWSER_SSL_SECURITY_STATE_MODEL_H_ | |
6 #define CHROME_BROWSER_SSL_SECURITY_STATE_MODEL_H_ | |
7 | |
8 #include "base/macros.h" | |
9 #include "content/public/browser/web_contents_user_data.h" | |
10 #include "content/public/common/security_style.h" | |
11 #include "content/public/common/ssl_status.h" | |
12 #include "net/cert/cert_status_flags.h" | |
13 #include "net/cert/sct_status_flags.h" | |
14 #include "net/cert/x509_certificate.h" | |
15 | |
16 namespace content { | |
17 class WebContents; | |
18 } // namespace content | |
19 | |
20 class Profile; | |
21 | |
22 // SecurityStateModel provides high-level security information about a | |
23 // page or request. It is attached to a WebContents and will provide the | |
24 // security info for that WebContents. SecurityStateModel must be | |
25 // notified when its WebContents's security state changes, by calling | |
26 // SecurityStateModel::SecurityStateChanged(). | |
27 // | |
28 // SecurityStateModel::SecurityInfo is the main data structure computed | |
29 // by a SecurityStateModel. SecurityInfo contains a SecurityLevel (which | |
30 // is a single value describing the overall security state) along with | |
31 // information that a consumer might want to display in UI to explain or | |
32 // elaborate on the SecurityLevel. | |
33 class SecurityStateModel | |
34 : public content::WebContentsUserData<SecurityStateModel> { | |
35 public: | |
36 // Describes the overall security state of the page. | |
37 // | |
38 // If you reorder, add, or delete values from this enum, you must also | |
39 // update the UI icons in ToolbarModelImpl::GetIconForSecurityLevel. | |
40 // | |
41 // A Java counterpart will be generated for this enum. | |
42 // GENERATED_JAVA_ENUM_PACKAGE: org.chromium.chrome.browser.ssl | |
43 // GENERATED_JAVA_CLASS_NAME_OVERRIDE: ConnectionSecurityLevel | |
44 enum SecurityLevel { | |
45 // HTTP/no URL | |
46 NONE, | |
47 | |
48 // HTTPS with valid EV cert | |
49 EV_SECURE, | |
50 | |
51 // HTTPS (non-EV) | |
palmer
2015/09/01 17:39:40
Specify valid cert
estark
2015/09/02 16:27:20
Done.
| |
52 SECURE, | |
53 | |
54 // HTTPS, but unable to check certificate revocation status or with insecure | |
palmer
2015/09/01 17:39:40
Insecure passive content
estark
2015/09/02 16:27:20
I moved this description and made this change on t
| |
55 // content on the page | |
56 SECURITY_WARNING, | |
57 | |
58 // HTTPS, but the certificate verification chain is anchored on a | |
59 // certificate that was installed by the system administrator | |
60 SECURITY_POLICY_WARNING, | |
61 | |
62 // Attempted HTTPS and failed, page not authenticated | |
palmer
2015/09/01 17:39:40
Does this the case in which include active mixed c
estark
2015/09/02 16:27:20
Yes, updated the comment to say so.
| |
63 SECURITY_ERROR, | |
64 }; | |
65 | |
66 // Describes how the SHA1 deprecation policy applies to an HTTPS | |
67 // connection. | |
68 enum SHA1DeprecationStatus { | |
69 // No SHA1 deprecation policy applies. | |
70 NO_DEPRECATED_SHA1, | |
palmer
2015/09/01 17:39:40
Reorder these from good to bad to worse? I.e. put
estark
2015/09/02 16:27:20
Done.
| |
71 // The connection used a certificate with a SHA1 signature in the | |
72 // chain, and policy says that the connection should be treated as | |
73 // broken HTTPS. | |
74 DEPRECATED_SHA1_BROKEN, | |
75 // The connection used a certificate with a SHA1 signature in the | |
76 // chain, and policy says that the connection should be treated with a | |
77 // warning. | |
78 DEPRECATED_SHA1_WARNING, | |
79 }; | |
80 | |
81 // Describes the type of mixed content (if any) that a site | |
82 // displayed/ran. | |
83 enum MixedContentStatus { | |
84 NO_MIXED_CONTENT, | |
85 // The site displayed nonsecure resources (passive mixed content). | |
86 DISPLAYED_MIXED_CONTENT, | |
87 // The site ran nonsecure resources (active mixed content). | |
88 RAN_MIXED_CONTENT, | |
89 // The site both ran and displayed nonsecure resources. | |
90 RAN_AND_DISPLAYED_MIXED_CONTENT, | |
91 }; | |
92 | |
93 // Describes the security status of a page or request. This is the | |
94 // main data structure provided by this class. | |
95 struct SecurityInfo { | |
96 SecurityInfo(); | |
97 ~SecurityInfo(); | |
98 SecurityLevel security_level; | |
99 SHA1DeprecationStatus sha1_deprecation_status; | |
100 MixedContentStatus mixed_content_status; | |
101 // The verification statuses of the signed certificate timestamps | |
102 // for the connection. | |
103 std::vector<net::ct::SCTVerifyStatus> sct_verify_statuses; | |
104 bool scheme_is_cryptographic; | |
105 net::CertStatus cert_status; | |
106 int cert_id; | |
107 int security_bits; | |
palmer
2015/09/01 17:39:40
This could use a comment (and/or a better name).
estark
2015/09/02 16:27:20
Done.
| |
108 int connection_status; | |
109 }; | |
110 | |
111 // These security styles describe the treatment given to pages that | |
112 // display and run mixed content. They are used to coordinate the | |
113 // treatment of mixed content with other security UI elements. | |
114 static const content::SecurityStyle kDisplayedInsecureContentStyle; | |
115 static const content::SecurityStyle kRanInsecureContentStyle; | |
116 | |
117 ~SecurityStateModel() override; | |
118 | |
119 // Notifies the SecurityStateModel that the security status of the | |
120 // page has changed and that the SecurityInfo should be updated | |
121 // accordingly. | |
122 void SecurityStateChanged(); | |
123 | |
124 // Returns a SecurityInfo describing the page as of the last call to | |
125 // SecurityStateChanged(). | |
126 const SecurityInfo& security_info() const; | |
127 | |
128 // Returns a SecurityInfo describing an individual request for the | |
129 // given |profile|. | |
130 static void SecurityInfoForRequest(const GURL& url, | |
131 const content::SSLStatus& ssl, | |
132 Profile* profile, | |
133 SecurityInfo* security_info); | |
134 | |
135 private: | |
136 explicit SecurityStateModel(content::WebContents* web_contents); | |
137 friend class content::WebContentsUserData<SecurityStateModel>; | |
138 | |
139 // The WebContents for which this class describes the security status. | |
140 content::WebContents* web_contents_; | |
141 SecurityInfo security_info_; | |
142 | |
143 DISALLOW_COPY_AND_ASSIGN(SecurityStateModel); | |
144 }; | |
145 | |
146 #endif // CHROME_BROWSER_SSL_SECURITY_STATE_MODEL_H_ | |
OLD | NEW |