OLD | NEW |
| (Empty) |
1 // Copyright 2015 The Chromium Authors. All rights reserved. | |
2 // Use of this source code is governed by a BSD-style license that can be | |
3 // found in the LICENSE file. | |
4 | |
5 #ifndef CHROME_BROWSER_SSL_CONNECTION_SECURITY_H_ | |
6 #define CHROME_BROWSER_SSL_CONNECTION_SECURITY_H_ | |
7 | |
8 #include "base/macros.h" | |
9 #include "content/public/common/security_style.h" | |
10 #include "net/cert/cert_status_flags.h" | |
11 | |
12 namespace content { | |
13 class WebContents; | |
14 } // namespace content | |
15 | |
16 // This namespace contains functions responsible for computing the | |
17 // connection security status of a page. | |
18 namespace connection_security { | |
19 | |
20 // These security styles describe the treatment given to pages that | |
21 // display and run mixed content. They are used to coordinate the | |
22 // treatment of mixed content with other security UI elements. | |
23 const content::SecurityStyle kDisplayedInsecureContentStyle = | |
24 content::SECURITY_STYLE_UNAUTHENTICATED; | |
25 const content::SecurityStyle kRanInsecureContentStyle = | |
26 content::SECURITY_STYLE_AUTHENTICATION_BROKEN; | |
27 | |
28 // TODO(wtc): unify this enum with SecurityStyle. We | |
29 // don't need two sets of security UI levels. SECURITY_STYLE_AUTHENTICATED | |
30 // needs to be refined into three levels: warning, standard, and EV. | |
31 // See crbug.com/425728 | |
32 // | |
33 // If you reorder, add, or delete values from this enum, you must also | |
34 // update the UI icons in ToolbarModelImpl::GetIconForSecurityLevel. | |
35 // | |
36 // A Java counterpart will be generated for this enum. | |
37 // GENERATED_JAVA_ENUM_PACKAGE: org.chromium.chrome.browser.ssl | |
38 // GENERATED_JAVA_CLASS_NAME_OVERRIDE: ConnectionSecurityLevel | |
39 enum SecurityLevel { | |
40 // HTTP/no URL | |
41 NONE, | |
42 | |
43 // HTTPS with valid EV cert | |
44 EV_SECURE, | |
45 | |
46 // HTTPS (non-EV) | |
47 SECURE, | |
48 | |
49 // HTTPS, but unable to check certificate revocation status or with insecure | |
50 // content on the page | |
51 SECURITY_WARNING, | |
52 | |
53 // HTTPS, but the certificate verification chain is anchored on a | |
54 // certificate that was installed by the system administrator | |
55 SECURITY_POLICY_WARNING, | |
56 | |
57 // Attempted HTTPS and failed, page not authenticated | |
58 SECURITY_ERROR, | |
59 }; | |
60 | |
61 // Describes how the SHA1 deprecation policy applies to an HTTPS | |
62 // connection. | |
63 enum SHA1DeprecationStatus { | |
64 // No SHA1 deprecation policy applies. | |
65 NO_DEPRECATED_SHA1, | |
66 // The connection used a certificate with a SHA1 signature in the | |
67 // chain, and policy says that the connection should be treated as | |
68 // broken HTTPS. | |
69 DEPRECATED_SHA1_BROKEN, | |
70 // The connection used a certificate with a SHA1 signature in the | |
71 // chain, and policy says that the connection should be treated with a | |
72 // warning. | |
73 DEPRECATED_SHA1_WARNING, | |
74 }; | |
75 | |
76 // Describes the type of mixed content (if any) that a site | |
77 // displayed/ran. | |
78 enum MixedContentStatus { | |
79 NO_MIXED_CONTENT, | |
80 // The site displayed nonsecure resources (passive mixed content). | |
81 DISPLAYED_MIXED_CONTENT, | |
82 // The site ran nonsecure resources (active mixed content). | |
83 RAN_MIXED_CONTENT, | |
84 // The site both ran and displayed nonsecure resources. | |
85 RAN_AND_DISPLAYED_MIXED_CONTENT, | |
86 }; | |
87 | |
88 // Contains information about a page's security status, including a | |
89 // SecurityStyle and the information that was used to decide which | |
90 // SecurityStyle to assign. | |
91 struct SecurityInfo { | |
92 content::SecurityStyle security_style; | |
93 SHA1DeprecationStatus sha1_deprecation_status; | |
94 MixedContentStatus mixed_content_status; | |
95 net::CertStatus cert_status; | |
96 bool scheme_is_cryptographic; | |
97 }; | |
98 | |
99 // Returns a security level describing the overall security state of | |
100 // the given |WebContents|. | |
101 SecurityLevel GetSecurityLevelForWebContents( | |
102 const content::WebContents* web_contents); | |
103 | |
104 // Populates |security_info| with information describing the given | |
105 // |web_contents|, including a content::SecurityStyle value and security | |
106 // properties that caused that value to be chosen. | |
107 // | |
108 // Note: This is a lossy operation. Not all of the policies | |
109 // that can be expressed by a SecurityLevel (a //chrome concept) can | |
110 // be expressed by a content::SecurityStyle. | |
111 // In general, code in //chrome should prefer to use | |
112 // GetSecurityLevelForWebContents() to determine security policy, and | |
113 // only use this function when policy needs to be supplied back to | |
114 // layers in //content. | |
115 void GetSecurityInfoForWebContents(const content::WebContents* web_contents, | |
116 SecurityInfo* security_info); | |
117 | |
118 } // namespace connection_security | |
119 | |
120 #endif // CHROME_BROWSER_SSL_CONNECTION_SECURITY_H_ | |
OLD | NEW |