OLD | NEW |
1 // Copyright 2015 The Chromium Authors. All rights reserved. | 1 // Copyright 2015 The Chromium Authors. All rights reserved. |
2 // Use of this source code is governed by a BSD-style license that can be | 2 // Use of this source code is governed by a BSD-style license that can be |
3 // found in the LICENSE file. | 3 // found in the LICENSE file. |
4 | 4 |
5 #include "chrome/browser/ssl/connection_security.h" | 5 #include "chrome/browser/ssl/security_state_model.h" |
6 | 6 |
7 #include "base/command_line.h" | 7 #include "base/command_line.h" |
8 #include "base/metrics/field_trial.h" | 8 #include "base/metrics/field_trial.h" |
9 #include "base/metrics/histogram_macros.h" | 9 #include "base/metrics/histogram_macros.h" |
10 #include "base/prefs/pref_service.h" | 10 #include "base/prefs/pref_service.h" |
11 #include "chrome/browser/profiles/profile.h" | 11 #include "chrome/browser/profiles/profile.h" |
12 #include "chrome/browser/ssl/ssl_error_info.h" | |
13 #include "chrome/common/chrome_constants.h" | 12 #include "chrome/common/chrome_constants.h" |
14 #include "chrome/common/chrome_switches.h" | 13 #include "chrome/common/chrome_switches.h" |
15 #include "chrome/common/pref_names.h" | 14 #include "chrome/common/pref_names.h" |
| 15 #include "chrome/common/pref_names.h" |
16 #include "content/public/browser/cert_store.h" | 16 #include "content/public/browser/cert_store.h" |
17 #include "content/public/browser/navigation_controller.h" | |
18 #include "content/public/browser/navigation_entry.h" | 17 #include "content/public/browser/navigation_entry.h" |
19 #include "content/public/browser/web_contents.h" | 18 #include "content/public/browser/web_contents.h" |
20 #include "content/public/common/origin_util.h" | 19 #include "content/public/common/origin_util.h" |
21 #include "content/public/common/ssl_status.h" | |
22 #include "net/base/net_util.h" | |
23 #include "net/cert/cert_status_flags.h" | |
24 #include "net/cert/x509_certificate.h" | |
25 #include "net/ssl/ssl_connection_status_flags.h" | 20 #include "net/ssl/ssl_connection_status_flags.h" |
26 | 21 |
27 #if defined(OS_CHROMEOS) | 22 #if defined(OS_CHROMEOS) |
28 #include "chrome/browser/chromeos/policy/policy_cert_service.h" | 23 #include "chrome/browser/chromeos/policy/policy_cert_service.h" |
29 #include "chrome/browser/chromeos/policy/policy_cert_service_factory.h" | 24 #include "chrome/browser/chromeos/policy/policy_cert_service_factory.h" |
30 #endif | 25 #endif |
31 | 26 |
| 27 DEFINE_WEB_CONTENTS_USER_DATA_KEY(SecurityStateModel); |
| 28 |
32 namespace { | 29 namespace { |
33 | 30 |
34 connection_security::SecurityLevel GetSecurityLevelForNonSecureFieldTrial() { | 31 SecurityStateModel::SecurityLevel GetSecurityLevelForNonSecureFieldTrial() { |
35 std::string choice = | 32 std::string choice = |
36 base::CommandLine::ForCurrentProcess()->GetSwitchValueASCII( | 33 base::CommandLine::ForCurrentProcess()->GetSwitchValueASCII( |
37 switches::kMarkNonSecureAs); | 34 switches::kMarkNonSecureAs); |
38 std::string group = base::FieldTrialList::FindFullName("MarkNonSecureAs"); | 35 std::string group = base::FieldTrialList::FindFullName("MarkNonSecureAs"); |
39 | 36 |
40 // Do not change this enum. It is used in the histogram. | 37 // Do not change this enum. It is used in the histogram. |
41 enum MarkNonSecureStatus { NEUTRAL, DUBIOUS, NON_SECURE, LAST_STATUS }; | 38 enum MarkNonSecureStatus { NEUTRAL, DUBIOUS, NON_SECURE, LAST_STATUS }; |
42 const char kEnumeration[] = "MarkNonSecureAs"; | 39 const char kEnumeration[] = "MarkNonSecureAs"; |
43 | 40 |
44 connection_security::SecurityLevel level; | 41 SecurityStateModel::SecurityLevel level = SecurityStateModel::NONE; |
45 MarkNonSecureStatus status; | 42 MarkNonSecureStatus status; |
46 | 43 |
47 if (choice == switches::kMarkNonSecureAsNeutral) { | 44 if (choice == switches::kMarkNonSecureAsNeutral) { |
48 status = NEUTRAL; | 45 status = NEUTRAL; |
49 level = connection_security::NONE; | 46 level = SecurityStateModel::NONE; |
50 } else if (choice == switches::kMarkNonSecureAsNonSecure) { | 47 } else if (choice == switches::kMarkNonSecureAsNonSecure) { |
51 status = NON_SECURE; | 48 status = NON_SECURE; |
52 level = connection_security::SECURITY_ERROR; | 49 level = SecurityStateModel::SECURITY_ERROR; |
53 } else if (group == switches::kMarkNonSecureAsNeutral) { | 50 } else if (group == switches::kMarkNonSecureAsNeutral) { |
54 status = NEUTRAL; | 51 status = NEUTRAL; |
55 level = connection_security::NONE; | 52 level = SecurityStateModel::NONE; |
56 } else if (group == switches::kMarkNonSecureAsNonSecure) { | 53 } else if (group == switches::kMarkNonSecureAsNonSecure) { |
57 status = NON_SECURE; | 54 status = NON_SECURE; |
58 level = connection_security::SECURITY_ERROR; | 55 level = SecurityStateModel::SECURITY_ERROR; |
59 } else { | 56 } else { |
60 status = NEUTRAL; | 57 status = NEUTRAL; |
61 level = connection_security::NONE; | 58 level = SecurityStateModel::NONE; |
62 } | 59 } |
63 | 60 |
64 UMA_HISTOGRAM_ENUMERATION(kEnumeration, status, LAST_STATUS); | 61 UMA_HISTOGRAM_ENUMERATION(kEnumeration, status, LAST_STATUS); |
65 return level; | 62 return level; |
66 } | 63 } |
67 | 64 |
68 scoped_refptr<net::X509Certificate> GetCertForSSLStatus( | 65 scoped_refptr<net::X509Certificate> GetCertForSSLStatus( |
69 const content::SSLStatus& ssl) { | 66 const content::SSLStatus& ssl) { |
70 scoped_refptr<net::X509Certificate> cert; | 67 scoped_refptr<net::X509Certificate> cert; |
71 return content::CertStore::GetInstance()->RetrieveCert(ssl.cert_id, &cert) | 68 return content::CertStore::GetInstance()->RetrieveCert(ssl.cert_id, &cert) |
72 ? cert | 69 ? cert |
73 : nullptr; | 70 : nullptr; |
74 } | 71 } |
75 | 72 |
76 connection_security::SHA1DeprecationStatus GetSHA1DeprecationStatus( | 73 SecurityStateModel::SHA1DeprecationStatus GetSHA1DeprecationStatus( |
77 scoped_refptr<net::X509Certificate> cert, | 74 scoped_refptr<net::X509Certificate> cert, |
78 const content::SSLStatus& ssl) { | 75 const content::SSLStatus& ssl) { |
79 if (!cert || !(ssl.cert_status & net::CERT_STATUS_SHA1_SIGNATURE_PRESENT)) | 76 if (!cert || !(ssl.cert_status & net::CERT_STATUS_SHA1_SIGNATURE_PRESENT)) |
80 return connection_security::NO_DEPRECATED_SHA1; | 77 return SecurityStateModel::NO_DEPRECATED_SHA1; |
81 | 78 |
82 // The internal representation of the dates for UI treatment of SHA-1. | 79 // The internal representation of the dates for UI treatment of SHA-1. |
83 // See http://crbug.com/401365 for details. | 80 // See http://crbug.com/401365 for details. |
84 static const int64_t kJanuary2017 = INT64_C(13127702400000000); | 81 static const int64_t kJanuary2017 = INT64_C(13127702400000000); |
85 if (cert->valid_expiry() >= base::Time::FromInternalValue(kJanuary2017)) | 82 if (cert->valid_expiry() >= base::Time::FromInternalValue(kJanuary2017)) |
86 return connection_security::DEPRECATED_SHA1_BROKEN; | 83 return SecurityStateModel::DEPRECATED_SHA1_BROKEN; |
87 // kJanuary2016 needs to be kept in sync with | |
88 // ToolbarModelAndroid::IsDeprecatedSHA1Present(). | |
89 static const int64_t kJanuary2016 = INT64_C(13096080000000000); | 84 static const int64_t kJanuary2016 = INT64_C(13096080000000000); |
90 if (cert->valid_expiry() >= base::Time::FromInternalValue(kJanuary2016)) | 85 if (cert->valid_expiry() >= base::Time::FromInternalValue(kJanuary2016)) |
91 return connection_security::DEPRECATED_SHA1_WARNING; | 86 return SecurityStateModel::DEPRECATED_SHA1_WARNING; |
92 | 87 |
93 return connection_security::NO_DEPRECATED_SHA1; | 88 return SecurityStateModel::NO_DEPRECATED_SHA1; |
94 } | 89 } |
95 | 90 |
96 connection_security::MixedContentStatus GetMixedContentStatus( | 91 SecurityStateModel::MixedContentStatus GetMixedContentStatus( |
97 const content::SSLStatus& ssl) { | 92 const content::SSLStatus& ssl) { |
98 bool ran_insecure_content = false; | 93 bool ran_insecure_content = false; |
99 bool displayed_insecure_content = false; | 94 bool displayed_insecure_content = false; |
100 if (ssl.content_status & content::SSLStatus::RAN_INSECURE_CONTENT) | 95 if (ssl.content_status & content::SSLStatus::RAN_INSECURE_CONTENT) |
101 ran_insecure_content = true; | 96 ran_insecure_content = true; |
102 if (ssl.content_status & content::SSLStatus::DISPLAYED_INSECURE_CONTENT) | 97 if (ssl.content_status & content::SSLStatus::DISPLAYED_INSECURE_CONTENT) |
103 displayed_insecure_content = true; | 98 displayed_insecure_content = true; |
104 | 99 |
105 if (ran_insecure_content && displayed_insecure_content) | 100 if (ran_insecure_content && displayed_insecure_content) |
106 return connection_security::RAN_AND_DISPLAYED_MIXED_CONTENT; | 101 return SecurityStateModel::RAN_AND_DISPLAYED_MIXED_CONTENT; |
107 if (ran_insecure_content) | 102 if (ran_insecure_content) |
108 return connection_security::RAN_MIXED_CONTENT; | 103 return SecurityStateModel::RAN_MIXED_CONTENT; |
109 if (displayed_insecure_content) | 104 if (displayed_insecure_content) |
110 return connection_security::DISPLAYED_MIXED_CONTENT; | 105 return SecurityStateModel::DISPLAYED_MIXED_CONTENT; |
111 | 106 |
112 return connection_security::NO_MIXED_CONTENT; | 107 return SecurityStateModel::NO_MIXED_CONTENT; |
113 } | 108 } |
114 | 109 |
115 } // namespace | 110 SecurityStateModel::SecurityLevel GetSecurityLevelForRequest( |
116 | 111 const GURL& url, |
117 namespace connection_security { | 112 const content::SSLStatus& ssl, |
118 | 113 Profile* profile, |
119 SecurityLevel GetSecurityLevelForWebContents( | 114 scoped_refptr<net::X509Certificate> cert, |
120 const content::WebContents* web_contents) { | 115 SecurityStateModel::SHA1DeprecationStatus sha1_status, |
121 if (!web_contents) | 116 SecurityStateModel::MixedContentStatus mixed_content_status) { |
122 return NONE; | |
123 | |
124 content::NavigationEntry* entry = | |
125 web_contents->GetController().GetVisibleEntry(); | |
126 if (!entry) | |
127 return NONE; | |
128 | |
129 const content::SSLStatus& ssl = entry->GetSSL(); | |
130 switch (ssl.security_style) { | 117 switch (ssl.security_style) { |
131 case content::SECURITY_STYLE_UNKNOWN: | 118 case content::SECURITY_STYLE_UNKNOWN: |
132 return NONE; | 119 return SecurityStateModel::NONE; |
133 | 120 |
134 case content::SECURITY_STYLE_UNAUTHENTICATED: { | 121 case content::SECURITY_STYLE_UNAUTHENTICATED: { |
135 const GURL& url = entry->GetURL(); | |
136 if (!content::IsOriginSecure(url) && url.IsStandard()) | 122 if (!content::IsOriginSecure(url) && url.IsStandard()) |
137 return GetSecurityLevelForNonSecureFieldTrial(); | 123 return GetSecurityLevelForNonSecureFieldTrial(); |
138 return NONE; | 124 return SecurityStateModel::NONE; |
139 } | 125 } |
140 | 126 |
141 case content::SECURITY_STYLE_AUTHENTICATION_BROKEN: | 127 case content::SECURITY_STYLE_AUTHENTICATION_BROKEN: |
142 return SECURITY_ERROR; | 128 return SecurityStateModel::SECURITY_ERROR; |
| 129 |
| 130 case content::SECURITY_STYLE_WARNING: |
| 131 NOTREACHED(); |
| 132 return SecurityStateModel::SECURITY_WARNING; |
143 | 133 |
144 case content::SECURITY_STYLE_AUTHENTICATED: { | 134 case content::SECURITY_STYLE_AUTHENTICATED: { |
145 #if defined(OS_CHROMEOS) | 135 #if defined(OS_CHROMEOS) |
146 // Report if there is a policy cert first, before reporting any other | 136 // Report if there is a policy cert first, before reporting any other |
147 // authenticated-but-with-errors cases. A policy cert is a strong | 137 // authenticated-but-with-errors cases. A policy cert is a strong |
148 // indicator of a MITM being present (the enterprise), while the | 138 // indicator of a MITM being present (the enterprise), while the |
149 // other authenticated-but-with-errors indicate something may | 139 // other authenticated-but-with-errors indicate something may |
150 // be wrong, or may be wrong in the future, but is unclear now. | 140 // be wrong, or may be wrong in the future, but is unclear now. |
151 policy::PolicyCertService* service = | 141 policy::PolicyCertService* service = |
152 policy::PolicyCertServiceFactory::GetForProfile( | 142 policy::PolicyCertServiceFactory::GetForProfile(profile); |
153 Profile::FromBrowserContext(web_contents->GetBrowserContext())); | |
154 if (service && service->UsedPolicyCertificates()) | 143 if (service && service->UsedPolicyCertificates()) |
155 return SECURITY_POLICY_WARNING; | 144 return SecurityStateModel::SECURITY_POLICY_WARNING; |
156 #endif | 145 #endif |
157 | 146 |
158 scoped_refptr<net::X509Certificate> cert = GetCertForSSLStatus(ssl); | 147 if (sha1_status == SecurityStateModel::DEPRECATED_SHA1_BROKEN) |
159 SHA1DeprecationStatus sha1_status = GetSHA1DeprecationStatus(cert, ssl); | 148 return SecurityStateModel::SECURITY_ERROR; |
160 if (sha1_status == DEPRECATED_SHA1_BROKEN) | 149 if (sha1_status == SecurityStateModel::DEPRECATED_SHA1_WARNING) |
161 return SECURITY_ERROR; | 150 return SecurityStateModel::NONE; |
162 if (sha1_status == DEPRECATED_SHA1_WARNING) | |
163 return NONE; | |
164 | 151 |
165 MixedContentStatus mixed_content_status = GetMixedContentStatus(ssl); | |
166 // Active mixed content is downgraded to the BROKEN style and | 152 // Active mixed content is downgraded to the BROKEN style and |
167 // handled above. | 153 // handled above. |
168 DCHECK_NE(RAN_MIXED_CONTENT, mixed_content_status); | 154 DCHECK_NE(SecurityStateModel::RAN_MIXED_CONTENT, mixed_content_status); |
169 DCHECK_NE(RAN_AND_DISPLAYED_MIXED_CONTENT, mixed_content_status); | 155 DCHECK_NE(SecurityStateModel::RAN_AND_DISPLAYED_MIXED_CONTENT, |
| 156 mixed_content_status); |
170 // This should be kept in sync with | 157 // This should be kept in sync with |
171 // |kDisplayedInsecureContentStyle|. That is: the treatment | 158 // |kDisplayedInsecureContentStyle|. That is: the treatment |
172 // given to passive mixed content here should be expressed by | 159 // given to passive mixed content here should be expressed by |
173 // |kDisplayedInsecureContentStyle|, which is used to coordinate | 160 // |kDisplayedInsecureContentStyle|, which is used to coordinate |
174 // the treatment of passive mixed content with other security UI | 161 // the treatment of passive mixed content with other security UI |
175 // elements. | 162 // elements outside of //chrome. |
176 if (mixed_content_status == DISPLAYED_MIXED_CONTENT) | 163 if (mixed_content_status == SecurityStateModel::DISPLAYED_MIXED_CONTENT) |
177 return NONE; | 164 return SecurityStateModel::NONE; |
178 | 165 |
179 if (net::IsCertStatusError(ssl.cert_status)) { | 166 if (net::IsCertStatusError(ssl.cert_status)) { |
180 DCHECK(net::IsCertStatusMinorError(ssl.cert_status)); | 167 DCHECK(net::IsCertStatusMinorError(ssl.cert_status)); |
181 return NONE; | 168 return SecurityStateModel::NONE; |
182 } | 169 } |
183 if (net::SSLConnectionStatusToVersion(ssl.connection_status) == | 170 if (net::SSLConnectionStatusToVersion(ssl.connection_status) == |
184 net::SSL_CONNECTION_VERSION_SSL3) { | 171 net::SSL_CONNECTION_VERSION_SSL3) { |
185 // SSLv3 will be removed in the future. | 172 // SSLv3 will be removed in the future. |
186 return SECURITY_WARNING; | 173 return SecurityStateModel::SECURITY_WARNING; |
187 } | 174 } |
188 if ((ssl.cert_status & net::CERT_STATUS_IS_EV) && cert) | 175 if ((ssl.cert_status & net::CERT_STATUS_IS_EV) && cert) |
189 return EV_SECURE; | 176 return SecurityStateModel::EV_SECURE; |
190 return SECURE; | 177 return SecurityStateModel::SECURE; |
191 } | 178 } |
| 179 } |
192 | 180 |
193 default: | 181 return SecurityStateModel::NONE; |
194 NOTREACHED(); | |
195 return NONE; | |
196 } | |
197 } | 182 } |
198 | 183 |
199 void GetSecurityInfoForWebContents(const content::WebContents* web_contents, | 184 } // namespace |
200 SecurityInfo* security_info) { | 185 |
| 186 const content::SecurityStyle |
| 187 SecurityStateModel::kDisplayedInsecureContentStyle = |
| 188 content::SECURITY_STYLE_UNAUTHENTICATED; |
| 189 const content::SecurityStyle SecurityStateModel::kRanInsecureContentStyle = |
| 190 content::SECURITY_STYLE_AUTHENTICATION_BROKEN; |
| 191 |
| 192 SecurityStateModel::SecurityInfo::SecurityInfo() |
| 193 : security_level(SecurityStateModel::NONE), |
| 194 sha1_deprecation_status(SecurityStateModel::NO_DEPRECATED_SHA1), |
| 195 mixed_content_status(SecurityStateModel::NO_MIXED_CONTENT), |
| 196 scheme_is_cryptographic(false), |
| 197 cert_status(0), |
| 198 cert_id(0), |
| 199 security_bits(-1), |
| 200 connection_status(0) {} |
| 201 |
| 202 SecurityStateModel::SecurityInfo::~SecurityInfo() {} |
| 203 |
| 204 SecurityStateModel::~SecurityStateModel() {} |
| 205 |
| 206 void SecurityStateModel::SecurityStateChanged() { |
| 207 DCHECK(web_contents_); |
201 content::NavigationEntry* entry = | 208 content::NavigationEntry* entry = |
202 web_contents ? web_contents->GetController().GetVisibleEntry() : nullptr; | 209 web_contents_->GetController().GetVisibleEntry(); |
203 if (!entry) { | 210 if (!entry) |
204 security_info->security_style = content::SECURITY_STYLE_UNKNOWN; | |
205 return; | 211 return; |
| 212 |
| 213 SecurityInfoForRequest( |
| 214 entry->GetURL(), entry->GetSSL(), |
| 215 Profile::FromBrowserContext(web_contents_->GetBrowserContext()), |
| 216 &security_info_); |
| 217 } |
| 218 |
| 219 const SecurityStateModel::SecurityInfo& SecurityStateModel::security_info() |
| 220 const { |
| 221 return security_info_; |
| 222 } |
| 223 |
| 224 // static |
| 225 void SecurityStateModel::SecurityInfoForRequest(const GURL& url, |
| 226 const content::SSLStatus& ssl, |
| 227 Profile* profile, |
| 228 SecurityInfo* security_info) { |
| 229 scoped_refptr<net::X509Certificate> cert = GetCertForSSLStatus(ssl); |
| 230 security_info->cert_id = ssl.cert_id; |
| 231 security_info->sha1_deprecation_status = GetSHA1DeprecationStatus(cert, ssl); |
| 232 security_info->mixed_content_status = GetMixedContentStatus(ssl); |
| 233 security_info->security_bits = ssl.security_bits; |
| 234 security_info->connection_status = ssl.connection_status; |
| 235 security_info->cert_status = ssl.cert_status; |
| 236 security_info->scheme_is_cryptographic = url.SchemeIsCryptographic(); |
| 237 |
| 238 security_info->sct_verify_statuses.clear(); |
| 239 for (const auto& sct : ssl.signed_certificate_timestamp_ids) { |
| 240 security_info->sct_verify_statuses.push_back(sct.status); |
206 } | 241 } |
207 | 242 |
208 security_info->scheme_is_cryptographic = | 243 security_info->security_level = GetSecurityLevelForRequest( |
209 entry->GetURL().SchemeIsCryptographic(); | 244 url, ssl, profile, cert, security_info->sha1_deprecation_status, |
210 | 245 security_info->mixed_content_status); |
211 SecurityLevel security_level = GetSecurityLevelForWebContents(web_contents); | |
212 switch (security_level) { | |
213 case SECURITY_WARNING: | |
214 case NONE: | |
215 security_info->security_style = content::SECURITY_STYLE_UNAUTHENTICATED; | |
216 break; | |
217 case EV_SECURE: | |
218 case SECURE: | |
219 security_info->security_style = content::SECURITY_STYLE_AUTHENTICATED; | |
220 break; | |
221 case SECURITY_POLICY_WARNING: | |
222 security_info->security_style = content::SECURITY_STYLE_WARNING; | |
223 break; | |
224 case SECURITY_ERROR: | |
225 security_info->security_style = | |
226 content::SECURITY_STYLE_AUTHENTICATION_BROKEN; | |
227 break; | |
228 } | |
229 | |
230 const content::SSLStatus& ssl = entry->GetSSL(); | |
231 scoped_refptr<net::X509Certificate> cert = GetCertForSSLStatus(ssl); | |
232 security_info->sha1_deprecation_status = GetSHA1DeprecationStatus(cert, ssl); | |
233 security_info->mixed_content_status = GetMixedContentStatus(ssl); | |
234 security_info->cert_status = ssl.cert_status; | |
235 security_info->cert_id = ssl.cert_id; | |
236 } | 246 } |
237 | 247 |
238 } // namespace connection_security | 248 SecurityStateModel::SecurityStateModel(content::WebContents* web_contents) |
| 249 : web_contents_(web_contents) {} |
OLD | NEW |