OLD | NEW |
| (Empty) |
1 // Copyright 2015 The Chromium Authors. All rights reserved. | |
2 // Use of this source code is governed by a BSD-style license that can be | |
3 // found in the LICENSE file. | |
4 | |
5 #include "chrome/browser/ssl/connection_security.h" | |
6 | |
7 #include "base/command_line.h" | |
8 #include "base/metrics/field_trial.h" | |
9 #include "base/metrics/histogram_macros.h" | |
10 #include "base/prefs/pref_service.h" | |
11 #include "chrome/browser/profiles/profile.h" | |
12 #include "chrome/browser/ssl/ssl_error_info.h" | |
13 #include "chrome/common/chrome_constants.h" | |
14 #include "chrome/common/chrome_switches.h" | |
15 #include "chrome/common/pref_names.h" | |
16 #include "content/public/browser/cert_store.h" | |
17 #include "content/public/browser/navigation_controller.h" | |
18 #include "content/public/browser/navigation_entry.h" | |
19 #include "content/public/browser/web_contents.h" | |
20 #include "content/public/common/origin_util.h" | |
21 #include "content/public/common/ssl_status.h" | |
22 #include "net/base/net_util.h" | |
23 #include "net/cert/cert_status_flags.h" | |
24 #include "net/cert/x509_certificate.h" | |
25 #include "net/ssl/ssl_connection_status_flags.h" | |
26 | |
27 #if defined(OS_CHROMEOS) | |
28 #include "chrome/browser/chromeos/policy/policy_cert_service.h" | |
29 #include "chrome/browser/chromeos/policy/policy_cert_service_factory.h" | |
30 #endif | |
31 | |
32 namespace { | |
33 | |
34 connection_security::SecurityLevel GetSecurityLevelForNonSecureFieldTrial() { | |
35 std::string choice = | |
36 base::CommandLine::ForCurrentProcess()->GetSwitchValueASCII( | |
37 switches::kMarkNonSecureAs); | |
38 std::string group = base::FieldTrialList::FindFullName("MarkNonSecureAs"); | |
39 | |
40 // Do not change this enum. It is used in the histogram. | |
41 enum MarkNonSecureStatus { NEUTRAL, DUBIOUS, NON_SECURE, LAST_STATUS }; | |
42 const char kEnumeration[] = "MarkNonSecureAs"; | |
43 | |
44 connection_security::SecurityLevel level; | |
45 MarkNonSecureStatus status; | |
46 | |
47 if (choice == switches::kMarkNonSecureAsNeutral) { | |
48 status = NEUTRAL; | |
49 level = connection_security::NONE; | |
50 } else if (choice == switches::kMarkNonSecureAsNonSecure) { | |
51 status = NON_SECURE; | |
52 level = connection_security::SECURITY_ERROR; | |
53 } else if (group == switches::kMarkNonSecureAsNeutral) { | |
54 status = NEUTRAL; | |
55 level = connection_security::NONE; | |
56 } else if (group == switches::kMarkNonSecureAsNonSecure) { | |
57 status = NON_SECURE; | |
58 level = connection_security::SECURITY_ERROR; | |
59 } else { | |
60 status = NEUTRAL; | |
61 level = connection_security::NONE; | |
62 } | |
63 | |
64 UMA_HISTOGRAM_ENUMERATION(kEnumeration, status, LAST_STATUS); | |
65 return level; | |
66 } | |
67 | |
68 scoped_refptr<net::X509Certificate> GetCertForSSLStatus( | |
69 const content::SSLStatus& ssl) { | |
70 scoped_refptr<net::X509Certificate> cert; | |
71 return content::CertStore::GetInstance()->RetrieveCert(ssl.cert_id, &cert) | |
72 ? cert | |
73 : nullptr; | |
74 } | |
75 | |
76 connection_security::SHA1DeprecationStatus GetSHA1DeprecationStatus( | |
77 scoped_refptr<net::X509Certificate> cert, | |
78 const content::SSLStatus& ssl) { | |
79 if (!cert || !(ssl.cert_status & net::CERT_STATUS_SHA1_SIGNATURE_PRESENT)) | |
80 return connection_security::NO_DEPRECATED_SHA1; | |
81 | |
82 // The internal representation of the dates for UI treatment of SHA-1. | |
83 // See http://crbug.com/401365 for details. | |
84 static const int64_t kJanuary2017 = INT64_C(13127702400000000); | |
85 if (cert->valid_expiry() >= base::Time::FromInternalValue(kJanuary2017)) | |
86 return connection_security::DEPRECATED_SHA1_BROKEN; | |
87 // kJanuary2016 needs to be kept in sync with | |
88 // ToolbarModelAndroid::IsDeprecatedSHA1Present(). | |
89 static const int64_t kJanuary2016 = INT64_C(13096080000000000); | |
90 if (cert->valid_expiry() >= base::Time::FromInternalValue(kJanuary2016)) | |
91 return connection_security::DEPRECATED_SHA1_WARNING; | |
92 | |
93 return connection_security::NO_DEPRECATED_SHA1; | |
94 } | |
95 | |
96 connection_security::MixedContentStatus GetMixedContentStatus( | |
97 const content::SSLStatus& ssl) { | |
98 bool ran_insecure_content = false; | |
99 bool displayed_insecure_content = false; | |
100 if (ssl.content_status & content::SSLStatus::RAN_INSECURE_CONTENT) | |
101 ran_insecure_content = true; | |
102 if (ssl.content_status & content::SSLStatus::DISPLAYED_INSECURE_CONTENT) | |
103 displayed_insecure_content = true; | |
104 | |
105 if (ran_insecure_content && displayed_insecure_content) | |
106 return connection_security::RAN_AND_DISPLAYED_MIXED_CONTENT; | |
107 if (ran_insecure_content) | |
108 return connection_security::RAN_MIXED_CONTENT; | |
109 if (displayed_insecure_content) | |
110 return connection_security::DISPLAYED_MIXED_CONTENT; | |
111 | |
112 return connection_security::NO_MIXED_CONTENT; | |
113 } | |
114 | |
115 } // namespace | |
116 | |
117 namespace connection_security { | |
118 | |
119 SecurityLevel GetSecurityLevelForWebContents( | |
120 const content::WebContents* web_contents) { | |
121 if (!web_contents) | |
122 return NONE; | |
123 | |
124 content::NavigationEntry* entry = | |
125 web_contents->GetController().GetVisibleEntry(); | |
126 if (!entry) | |
127 return NONE; | |
128 | |
129 const content::SSLStatus& ssl = entry->GetSSL(); | |
130 switch (ssl.security_style) { | |
131 case content::SECURITY_STYLE_UNKNOWN: | |
132 return NONE; | |
133 | |
134 case content::SECURITY_STYLE_UNAUTHENTICATED: { | |
135 const GURL& url = entry->GetURL(); | |
136 if (!content::IsOriginSecure(url) && url.IsStandard()) | |
137 return GetSecurityLevelForNonSecureFieldTrial(); | |
138 return NONE; | |
139 } | |
140 | |
141 case content::SECURITY_STYLE_AUTHENTICATION_BROKEN: | |
142 return SECURITY_ERROR; | |
143 | |
144 case content::SECURITY_STYLE_AUTHENTICATED: { | |
145 #if defined(OS_CHROMEOS) | |
146 // Report if there is a policy cert first, before reporting any other | |
147 // authenticated-but-with-errors cases. A policy cert is a strong | |
148 // indicator of a MITM being present (the enterprise), while the | |
149 // other authenticated-but-with-errors indicate something may | |
150 // be wrong, or may be wrong in the future, but is unclear now. | |
151 policy::PolicyCertService* service = | |
152 policy::PolicyCertServiceFactory::GetForProfile( | |
153 Profile::FromBrowserContext(web_contents->GetBrowserContext())); | |
154 if (service && service->UsedPolicyCertificates()) | |
155 return SECURITY_POLICY_WARNING; | |
156 #endif | |
157 | |
158 scoped_refptr<net::X509Certificate> cert = GetCertForSSLStatus(ssl); | |
159 SHA1DeprecationStatus sha1_status = GetSHA1DeprecationStatus(cert, ssl); | |
160 if (sha1_status == DEPRECATED_SHA1_BROKEN) | |
161 return SECURITY_ERROR; | |
162 if (sha1_status == DEPRECATED_SHA1_WARNING) | |
163 return NONE; | |
164 | |
165 MixedContentStatus mixed_content_status = GetMixedContentStatus(ssl); | |
166 // Active mixed content is downgraded to the BROKEN style and | |
167 // handled above. | |
168 DCHECK_NE(RAN_MIXED_CONTENT, mixed_content_status); | |
169 DCHECK_NE(RAN_AND_DISPLAYED_MIXED_CONTENT, mixed_content_status); | |
170 // This should be kept in sync with | |
171 // |kDisplayedInsecureContentStyle|. That is: the treatment | |
172 // given to passive mixed content here should be expressed by | |
173 // |kDisplayedInsecureContentStyle|, which is used to coordinate | |
174 // the treatment of passive mixed content with other security UI | |
175 // elements. | |
176 if (mixed_content_status == DISPLAYED_MIXED_CONTENT) | |
177 return NONE; | |
178 | |
179 if (net::IsCertStatusError(ssl.cert_status)) { | |
180 DCHECK(net::IsCertStatusMinorError(ssl.cert_status)); | |
181 return NONE; | |
182 } | |
183 if (net::SSLConnectionStatusToVersion(ssl.connection_status) == | |
184 net::SSL_CONNECTION_VERSION_SSL3) { | |
185 // SSLv3 will be removed in the future. | |
186 return SECURITY_WARNING; | |
187 } | |
188 if ((ssl.cert_status & net::CERT_STATUS_IS_EV) && cert) | |
189 return EV_SECURE; | |
190 return SECURE; | |
191 } | |
192 | |
193 default: | |
194 NOTREACHED(); | |
195 return NONE; | |
196 } | |
197 } | |
198 | |
199 void GetSecurityInfoForWebContents(const content::WebContents* web_contents, | |
200 SecurityInfo* security_info) { | |
201 content::NavigationEntry* entry = | |
202 web_contents ? web_contents->GetController().GetVisibleEntry() : nullptr; | |
203 if (!entry) { | |
204 security_info->security_style = content::SECURITY_STYLE_UNKNOWN; | |
205 return; | |
206 } | |
207 | |
208 security_info->scheme_is_cryptographic = | |
209 entry->GetURL().SchemeIsCryptographic(); | |
210 | |
211 SecurityLevel security_level = GetSecurityLevelForWebContents(web_contents); | |
212 switch (security_level) { | |
213 case SECURITY_WARNING: | |
214 case NONE: | |
215 security_info->security_style = content::SECURITY_STYLE_UNAUTHENTICATED; | |
216 break; | |
217 case EV_SECURE: | |
218 case SECURE: | |
219 security_info->security_style = content::SECURITY_STYLE_AUTHENTICATED; | |
220 break; | |
221 case SECURITY_POLICY_WARNING: | |
222 security_info->security_style = content::SECURITY_STYLE_WARNING; | |
223 break; | |
224 case SECURITY_ERROR: | |
225 security_info->security_style = | |
226 content::SECURITY_STYLE_AUTHENTICATION_BROKEN; | |
227 break; | |
228 } | |
229 | |
230 const content::SSLStatus& ssl = entry->GetSSL(); | |
231 scoped_refptr<net::X509Certificate> cert = GetCertForSSLStatus(ssl); | |
232 security_info->sha1_deprecation_status = GetSHA1DeprecationStatus(cert, ssl); | |
233 security_info->mixed_content_status = GetMixedContentStatus(ssl); | |
234 security_info->cert_status = ssl.cert_status; | |
235 } | |
236 | |
237 } // namespace connection_security | |
OLD | NEW |