chrome/browser/ssl/connection_security.cc - Issue 1314843007: Refactor connection_security into SecurityStateModel

Side by Side Diff: chrome/browser/ssl/connection_security.cc

Issue 1314843007: Refactor connection_security into SecurityStateModel (Closed) Base URL: https://chromium.googlesource.com/chromium/src.git@master

Patch Set: rebase fix up and other cleanups Created 5 years, 3 months ago

Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.

Jump to:

View unified diff | Download patch

OLD	NEW
	(Empty)
1 // Copyright 2015 The Chromium Authors. All rights reserved.

2 // Use of this source code is governed by a BSD-style license that can be

3 // found in the LICENSE file.

4

5 #include "chrome/browser/ssl/connection_security.h"

6

7 #include "base/command_line.h"

8 #include "base/metrics/field_trial.h"

9 #include "base/metrics/histogram_macros.h"

10 #include "base/prefs/pref_service.h"

11 #include "chrome/browser/profiles/profile.h"

12 #include "chrome/browser/ssl/ssl_error_info.h"

13 #include "chrome/common/chrome_constants.h"

14 #include "chrome/common/chrome_switches.h"

15 #include "chrome/common/pref_names.h"

16 #include "content/public/browser/cert_store.h"

17 #include "content/public/browser/navigation_controller.h"

18 #include "content/public/browser/navigation_entry.h"

19 #include "content/public/browser/web_contents.h"

20 #include "content/public/common/origin_util.h"

21 #include "content/public/common/ssl_status.h"

22 #include "net/base/net_util.h"

23 #include "net/cert/cert_status_flags.h"

24 #include "net/cert/x509_certificate.h"

25 #include "net/ssl/ssl_connection_status_flags.h"

26

27 #if defined(OS_CHROMEOS)

28 #include "chrome/browser/chromeos/policy/policy_cert_service.h"

29 #include "chrome/browser/chromeos/policy/policy_cert_service_factory.h"

30 #endif

31

32 namespace {

33

34 connection_security::SecurityLevel GetSecurityLevelForNonSecureFieldTrial() {

35 std::string choice =

36 base::CommandLine::ForCurrentProcess()->GetSwitchValueASCII(

37 switches::kMarkNonSecureAs);

38 std::string group = base::FieldTrialList::FindFullName("MarkNonSecureAs");

39

40 // Do not change this enum. It is used in the histogram.

41 enum MarkNonSecureStatus { NEUTRAL, DUBIOUS, NON_SECURE, LAST_STATUS };

42 const char kEnumeration[] = "MarkNonSecureAs";

43

44 connection_security::SecurityLevel level;

45 MarkNonSecureStatus status;

46

47 if (choice == switches::kMarkNonSecureAsNeutral) {

48 status = NEUTRAL;

49 level = connection_security::NONE;

50 } else if (choice == switches::kMarkNonSecureAsNonSecure) {

51 status = NON_SECURE;

52 level = connection_security::SECURITY_ERROR;

53 } else if (group == switches::kMarkNonSecureAsNeutral) {

54 status = NEUTRAL;

55 level = connection_security::NONE;

56 } else if (group == switches::kMarkNonSecureAsNonSecure) {

57 status = NON_SECURE;

58 level = connection_security::SECURITY_ERROR;

59 } else {

60 status = NEUTRAL;

61 level = connection_security::NONE;

62 }

63

64 UMA_HISTOGRAM_ENUMERATION(kEnumeration, status, LAST_STATUS);

65 return level;

66 }

67

68 scoped_refptr<net::X509Certificate> GetCertForSSLStatus(

69 const content::SSLStatus& ssl) {

70 scoped_refptr<net::X509Certificate> cert;

71 return content::CertStore::GetInstance()->RetrieveCert(ssl.cert_id, &cert)

72 ? cert

73 : nullptr;

74 }

75

76 connection_security::SHA1DeprecationStatus GetSHA1DeprecationStatus(

77 scoped_refptr<net::X509Certificate> cert,

78 const content::SSLStatus& ssl) {

79 if (!cert \|\| !(ssl.cert_status & net::CERT_STATUS_SHA1_SIGNATURE_PRESENT))

80 return connection_security::NO_DEPRECATED_SHA1;

81

82 // The internal representation of the dates for UI treatment of SHA-1.

83 // See http://crbug.com/401365 for details.

84 static const int64_t kJanuary2017 = INT64_C(13127702400000000);

85 if (cert->valid_expiry() >= base::Time::FromInternalValue(kJanuary2017))

86 return connection_security::DEPRECATED_SHA1_BROKEN;

87 // kJanuary2016 needs to be kept in sync with

88 // ToolbarModelAndroid::IsDeprecatedSHA1Present().

89 static const int64_t kJanuary2016 = INT64_C(13096080000000000);

90 if (cert->valid_expiry() >= base::Time::FromInternalValue(kJanuary2016))

91 return connection_security::DEPRECATED_SHA1_WARNING;

92

93 return connection_security::NO_DEPRECATED_SHA1;

94 }

95

96 connection_security::MixedContentStatus GetMixedContentStatus(

97 const content::SSLStatus& ssl) {

98 bool ran_insecure_content = false;

99 bool displayed_insecure_content = false;

100 if (ssl.content_status & content::SSLStatus::RAN_INSECURE_CONTENT)

101 ran_insecure_content = true;

102 if (ssl.content_status & content::SSLStatus::DISPLAYED_INSECURE_CONTENT)

103 displayed_insecure_content = true;

104

105 if (ran_insecure_content && displayed_insecure_content)

106 return connection_security::RAN_AND_DISPLAYED_MIXED_CONTENT;

107 if (ran_insecure_content)

108 return connection_security::RAN_MIXED_CONTENT;

109 if (displayed_insecure_content)

110 return connection_security::DISPLAYED_MIXED_CONTENT;

111

112 return connection_security::NO_MIXED_CONTENT;

113 }

114

115 } // namespace

116

117 namespace connection_security {

118

119 SecurityLevel GetSecurityLevelForWebContents(

120 const content::WebContents* web_contents) {

121 if (!web_contents)

122 return NONE;

123

124 content::NavigationEntry* entry =

125 web_contents->GetController().GetVisibleEntry();

126 if (!entry)

127 return NONE;

128

129 const content::SSLStatus& ssl = entry->GetSSL();

130 switch (ssl.security_style) {

131 case content::SECURITY_STYLE_UNKNOWN:

132 return NONE;

133

134 case content::SECURITY_STYLE_UNAUTHENTICATED: {

135 const GURL& url = entry->GetURL();

136 if (!content::IsOriginSecure(url) && url.IsStandard())

137 return GetSecurityLevelForNonSecureFieldTrial();

138 return NONE;

139 }

140

141 case content::SECURITY_STYLE_AUTHENTICATION_BROKEN:

142 return SECURITY_ERROR;

143

144 case content::SECURITY_STYLE_AUTHENTICATED: {

145 #if defined(OS_CHROMEOS)

146 // Report if there is a policy cert first, before reporting any other

147 // authenticated-but-with-errors cases. A policy cert is a strong

148 // indicator of a MITM being present (the enterprise), while the

149 // other authenticated-but-with-errors indicate something may

150 // be wrong, or may be wrong in the future, but is unclear now.

151 policy::PolicyCertService* service =

152 policy::PolicyCertServiceFactory::GetForProfile(

153 Profile::FromBrowserContext(web_contents->GetBrowserContext()));

154 if (service && service->UsedPolicyCertificates())

155 return SECURITY_POLICY_WARNING;

156 #endif

157

158 scoped_refptr<net::X509Certificate> cert = GetCertForSSLStatus(ssl);

159 SHA1DeprecationStatus sha1_status = GetSHA1DeprecationStatus(cert, ssl);

160 if (sha1_status == DEPRECATED_SHA1_BROKEN)

161 return SECURITY_ERROR;

162 if (sha1_status == DEPRECATED_SHA1_WARNING)

163 return NONE;

164

165 MixedContentStatus mixed_content_status = GetMixedContentStatus(ssl);

166 // Active mixed content is downgraded to the BROKEN style and

167 // handled above.

168 DCHECK_NE(RAN_MIXED_CONTENT, mixed_content_status);

169 DCHECK_NE(RAN_AND_DISPLAYED_MIXED_CONTENT, mixed_content_status);

170 // This should be kept in sync with

171 // \|kDisplayedInsecureContentStyle\|. That is: the treatment

172 // given to passive mixed content here should be expressed by

173 // \|kDisplayedInsecureContentStyle\|, which is used to coordinate

174 // the treatment of passive mixed content with other security UI

175 // elements.

176 if (mixed_content_status == DISPLAYED_MIXED_CONTENT)

177 return NONE;

178

179 if (net::IsCertStatusError(ssl.cert_status)) {

180 DCHECK(net::IsCertStatusMinorError(ssl.cert_status));

181 return NONE;

182 }

183 if (net::SSLConnectionStatusToVersion(ssl.connection_status) ==

184 net::SSL_CONNECTION_VERSION_SSL3) {

185 // SSLv3 will be removed in the future.

186 return SECURITY_WARNING;

187 }

188 if ((ssl.cert_status & net::CERT_STATUS_IS_EV) && cert)

189 return EV_SECURE;

190 return SECURE;

191 }

192

193 default:

194 NOTREACHED();

195 return NONE;

196 }

197 }

198

199 void GetSecurityInfoForWebContents(const content::WebContents* web_contents,

200 SecurityInfo* security_info) {

201 content::NavigationEntry* entry =

202 web_contents ? web_contents->GetController().GetVisibleEntry() : nullptr;

203 if (!entry) {

204 security_info->security_style = content::SECURITY_STYLE_UNKNOWN;

205 return;

206 }

207

208 security_info->scheme_is_cryptographic =

209 entry->GetURL().SchemeIsCryptographic();

210

211 SecurityLevel security_level = GetSecurityLevelForWebContents(web_contents);

212 switch (security_level) {

213 case SECURITY_WARNING:

214 case NONE:

215 security_info->security_style = content::SECURITY_STYLE_UNAUTHENTICATED;

216 break;

217 case EV_SECURE:

218 case SECURE:

219 security_info->security_style = content::SECURITY_STYLE_AUTHENTICATED;

220 break;

221 case SECURITY_POLICY_WARNING:

222 security_info->security_style = content::SECURITY_STYLE_WARNING;

223 break;

224 case SECURITY_ERROR:

225 security_info->security_style =

226 content::SECURITY_STYLE_AUTHENTICATION_BROKEN;

227 break;

228 }

229

230 const content::SSLStatus& ssl = entry->GetSSL();

231 scoped_refptr<net::X509Certificate> cert = GetCertForSSLStatus(ssl);

232 security_info->sha1_deprecation_status = GetSHA1DeprecationStatus(cert, ssl);

233 security_info->mixed_content_status = GetMixedContentStatus(ssl);

234 security_info->cert_status = ssl.cert_status;

235 }

236

237 } // namespace connection_security

OLD	NEW