OLD | NEW |
1 // Copyright 2015 The Chromium Authors. All rights reserved. | 1 // Copyright 2015 The Chromium Authors. All rights reserved. |
2 // Use of this source code is governed by a BSD-style license that can be | 2 // Use of this source code is governed by a BSD-style license that can be |
3 // found in the LICENSE file. | 3 // found in the LICENSE file. |
4 | 4 |
5 #include "chrome/browser/ssl/connection_security.h" | 5 #include "chrome/browser/ssl/security_state_model.h" |
6 | 6 |
7 #include "base/command_line.h" | 7 #include "base/command_line.h" |
8 #include "base/metrics/field_trial.h" | 8 #include "base/metrics/field_trial.h" |
9 #include "base/metrics/histogram_macros.h" | 9 #include "base/metrics/histogram_macros.h" |
10 #include "base/prefs/pref_service.h" | 10 #include "base/prefs/pref_service.h" |
11 #include "chrome/browser/profiles/profile.h" | 11 #include "chrome/browser/profiles/profile.h" |
12 #include "chrome/browser/ssl/ssl_error_info.h" | |
13 #include "chrome/common/chrome_constants.h" | 12 #include "chrome/common/chrome_constants.h" |
14 #include "chrome/common/chrome_switches.h" | 13 #include "chrome/common/chrome_switches.h" |
15 #include "chrome/common/pref_names.h" | 14 #include "chrome/common/pref_names.h" |
| 15 #include "chrome/common/pref_names.h" |
16 #include "content/public/browser/cert_store.h" | 16 #include "content/public/browser/cert_store.h" |
17 #include "content/public/browser/navigation_controller.h" | |
18 #include "content/public/browser/navigation_entry.h" | 17 #include "content/public/browser/navigation_entry.h" |
19 #include "content/public/browser/web_contents.h" | 18 #include "content/public/browser/web_contents.h" |
20 #include "content/public/common/origin_util.h" | 19 #include "content/public/common/origin_util.h" |
21 #include "content/public/common/ssl_status.h" | |
22 #include "net/base/net_util.h" | |
23 #include "net/cert/cert_status_flags.h" | |
24 #include "net/cert/x509_certificate.h" | |
25 #include "net/ssl/ssl_connection_status_flags.h" | 20 #include "net/ssl/ssl_connection_status_flags.h" |
26 | 21 |
27 #if defined(OS_CHROMEOS) | |
28 #include "chrome/browser/chromeos/policy/policy_cert_service.h" | |
29 #include "chrome/browser/chromeos/policy/policy_cert_service_factory.h" | |
30 #endif | |
31 | |
32 namespace { | 22 namespace { |
33 | 23 |
34 connection_security::SecurityLevel GetSecurityLevelForNonSecureFieldTrial() { | 24 SecurityStateModel::SecurityLevel GetSecurityLevelForNonSecureFieldTrial() { |
35 std::string choice = | 25 std::string choice = |
36 base::CommandLine::ForCurrentProcess()->GetSwitchValueASCII( | 26 base::CommandLine::ForCurrentProcess()->GetSwitchValueASCII( |
37 switches::kMarkNonSecureAs); | 27 switches::kMarkNonSecureAs); |
38 std::string group = base::FieldTrialList::FindFullName("MarkNonSecureAs"); | 28 std::string group = base::FieldTrialList::FindFullName("MarkNonSecureAs"); |
39 | 29 |
40 // Do not change this enum. It is used in the histogram. | 30 // Do not change this enum. It is used in the histogram. |
41 enum MarkNonSecureStatus { NEUTRAL, DUBIOUS, NON_SECURE, LAST_STATUS }; | 31 enum MarkNonSecureStatus { NEUTRAL, DUBIOUS, NON_SECURE, LAST_STATUS }; |
42 const char kEnumeration[] = "MarkNonSecureAs"; | 32 const char kEnumeration[] = "MarkNonSecureAs"; |
43 | 33 |
44 connection_security::SecurityLevel level; | 34 SecurityStateModel::SecurityLevel level = SecurityStateModel::NONE; |
45 MarkNonSecureStatus status; | 35 MarkNonSecureStatus status; |
46 | 36 |
47 if (choice == switches::kMarkNonSecureAsNeutral) { | 37 if (choice == switches::kMarkNonSecureAsNeutral) { |
48 status = NEUTRAL; | 38 status = NEUTRAL; |
49 level = connection_security::NONE; | 39 level = SecurityStateModel::NONE; |
50 } else if (choice == switches::kMarkNonSecureAsNonSecure) { | 40 } else if (choice == switches::kMarkNonSecureAsNonSecure) { |
51 status = NON_SECURE; | 41 status = NON_SECURE; |
52 level = connection_security::SECURITY_ERROR; | 42 level = SecurityStateModel::SECURITY_ERROR; |
53 } else if (group == switches::kMarkNonSecureAsNeutral) { | 43 } else if (group == switches::kMarkNonSecureAsNeutral) { |
54 status = NEUTRAL; | 44 status = NEUTRAL; |
55 level = connection_security::NONE; | 45 level = SecurityStateModel::NONE; |
56 } else if (group == switches::kMarkNonSecureAsNonSecure) { | 46 } else if (group == switches::kMarkNonSecureAsNonSecure) { |
57 status = NON_SECURE; | 47 status = NON_SECURE; |
58 level = connection_security::SECURITY_ERROR; | 48 level = SecurityStateModel::SECURITY_ERROR; |
59 } else { | 49 } else { |
60 status = NEUTRAL; | 50 status = NEUTRAL; |
61 level = connection_security::NONE; | 51 level = SecurityStateModel::NONE; |
62 } | 52 } |
63 | 53 |
64 UMA_HISTOGRAM_ENUMERATION(kEnumeration, status, LAST_STATUS); | 54 UMA_HISTOGRAM_ENUMERATION(kEnumeration, status, LAST_STATUS); |
65 return level; | 55 return level; |
66 } | 56 } |
67 | 57 |
68 scoped_refptr<net::X509Certificate> GetCertForSSLStatus( | 58 scoped_refptr<net::X509Certificate> GetCertForSSLStatus( |
69 const content::SSLStatus& ssl) { | 59 const content::SSLStatus& ssl) { |
70 scoped_refptr<net::X509Certificate> cert; | 60 scoped_refptr<net::X509Certificate> cert; |
71 return content::CertStore::GetInstance()->RetrieveCert(ssl.cert_id, &cert) | 61 return content::CertStore::GetInstance()->RetrieveCert(ssl.cert_id, &cert) |
72 ? cert | 62 ? cert |
73 : nullptr; | 63 : nullptr; |
74 } | 64 } |
75 | 65 |
76 connection_security::SHA1DeprecationStatus GetSHA1DeprecationStatus( | 66 SecurityStateModel::SHA1DeprecationStatus GetSHA1DeprecationStatus( |
77 scoped_refptr<net::X509Certificate> cert, | 67 scoped_refptr<net::X509Certificate> cert, |
78 const content::SSLStatus& ssl) { | 68 const content::SSLStatus& ssl) { |
79 if (!cert || !(ssl.cert_status & net::CERT_STATUS_SHA1_SIGNATURE_PRESENT)) | 69 if (!cert || !(ssl.cert_status & net::CERT_STATUS_SHA1_SIGNATURE_PRESENT)) |
80 return connection_security::NO_DEPRECATED_SHA1; | 70 return SecurityStateModel::NO_DEPRECATED_SHA1; |
81 | 71 |
82 // The internal representation of the dates for UI treatment of SHA-1. | 72 // The internal representation of the dates for UI treatment of SHA-1. |
83 // See http://crbug.com/401365 for details. | 73 // See http://crbug.com/401365 for details. |
84 static const int64_t kJanuary2017 = INT64_C(13127702400000000); | 74 static const int64_t kJanuary2017 = INT64_C(13127702400000000); |
85 if (cert->valid_expiry() >= base::Time::FromInternalValue(kJanuary2017)) | 75 if (cert->valid_expiry() >= base::Time::FromInternalValue(kJanuary2017)) |
86 return connection_security::DEPRECATED_SHA1_BROKEN; | 76 return SecurityStateModel::DEPRECATED_SHA1_BROKEN; |
87 // kJanuary2016 needs to be kept in sync with | 77 // kJanuary2016 needs to be kept in sync with |
88 // ToolbarModelAndroid::IsDeprecatedSHA1Present(). | 78 // ToolbarModelAndroid::IsDeprecatedSHA1Present(). |
89 static const int64_t kJanuary2016 = INT64_C(13096080000000000); | 79 static const int64_t kJanuary2016 = INT64_C(13096080000000000); |
90 if (cert->valid_expiry() >= base::Time::FromInternalValue(kJanuary2016)) | 80 if (cert->valid_expiry() >= base::Time::FromInternalValue(kJanuary2016)) |
91 return connection_security::DEPRECATED_SHA1_WARNING; | 81 return SecurityStateModel::DEPRECATED_SHA1_WARNING; |
92 | 82 |
93 return connection_security::NO_DEPRECATED_SHA1; | 83 return SecurityStateModel::NO_DEPRECATED_SHA1; |
94 } | 84 } |
95 | 85 |
96 connection_security::MixedContentStatus GetMixedContentStatus( | 86 SecurityStateModel::MixedContentStatus GetMixedContentStatus( |
97 const content::SSLStatus& ssl) { | 87 const content::SSLStatus& ssl) { |
98 bool ran_insecure_content = false; | 88 bool ran_insecure_content = false; |
99 bool displayed_insecure_content = false; | 89 bool displayed_insecure_content = false; |
100 if (ssl.content_status & content::SSLStatus::RAN_INSECURE_CONTENT) | 90 if (ssl.content_status & content::SSLStatus::RAN_INSECURE_CONTENT) |
101 ran_insecure_content = true; | 91 ran_insecure_content = true; |
102 if (ssl.content_status & content::SSLStatus::DISPLAYED_INSECURE_CONTENT) | 92 if (ssl.content_status & content::SSLStatus::DISPLAYED_INSECURE_CONTENT) |
103 displayed_insecure_content = true; | 93 displayed_insecure_content = true; |
104 | 94 |
105 if (ran_insecure_content && displayed_insecure_content) | 95 if (ran_insecure_content && displayed_insecure_content) |
106 return connection_security::RAN_AND_DISPLAYED_MIXED_CONTENT; | 96 return SecurityStateModel::RAN_AND_DISPLAYED_MIXED_CONTENT; |
107 if (ran_insecure_content) | 97 if (ran_insecure_content) |
108 return connection_security::RAN_MIXED_CONTENT; | 98 return SecurityStateModel::RAN_MIXED_CONTENT; |
109 if (displayed_insecure_content) | 99 if (displayed_insecure_content) |
110 return connection_security::DISPLAYED_MIXED_CONTENT; | 100 return SecurityStateModel::DISPLAYED_MIXED_CONTENT; |
111 | 101 |
112 return connection_security::NO_MIXED_CONTENT; | 102 return SecurityStateModel::NO_MIXED_CONTENT; |
113 } | 103 } |
114 | 104 |
115 } // namespace | 105 SecurityStateModel::SecurityLevel GetSecurityLevelForRequest( |
116 | 106 const GURL& url, |
117 namespace connection_security { | 107 const content::SSLStatus& ssl, |
118 | 108 const Profile* profile, |
119 SecurityLevel GetSecurityLevelForWebContents( | 109 scoped_refptr<net::X509Certificate> cert, |
120 const content::WebContents* web_contents) { | 110 SecurityStateModel::SHA1DeprecationStatus sha1_status, |
121 if (!web_contents) | 111 SecurityStateModel::MixedContentStatus mixed_content_status) { |
122 return NONE; | |
123 | |
124 content::NavigationEntry* entry = | |
125 web_contents->GetController().GetVisibleEntry(); | |
126 if (!entry) | |
127 return NONE; | |
128 | |
129 const content::SSLStatus& ssl = entry->GetSSL(); | |
130 switch (ssl.security_style) { | 112 switch (ssl.security_style) { |
131 case content::SECURITY_STYLE_UNKNOWN: | 113 case content::SECURITY_STYLE_UNKNOWN: |
132 return NONE; | 114 return SecurityStateModel::NONE; |
133 | 115 |
134 case content::SECURITY_STYLE_UNAUTHENTICATED: { | 116 case content::SECURITY_STYLE_UNAUTHENTICATED: { |
135 const GURL& url = entry->GetURL(); | |
136 if (!content::IsOriginSecure(url) && url.IsStandard()) | 117 if (!content::IsOriginSecure(url) && url.IsStandard()) |
137 return GetSecurityLevelForNonSecureFieldTrial(); | 118 return GetSecurityLevelForNonSecureFieldTrial(); |
138 return NONE; | 119 return SecurityStateModel::NONE; |
139 } | 120 } |
140 | 121 |
141 case content::SECURITY_STYLE_AUTHENTICATION_BROKEN: | 122 case content::SECURITY_STYLE_AUTHENTICATION_BROKEN: |
142 return SECURITY_ERROR; | 123 return SecurityStateModel::SECURITY_ERROR; |
| 124 |
| 125 case content::SECURITY_STYLE_WARNING: |
| 126 NOTREACHED(); |
| 127 return SecurityStateModel::SECURITY_WARNING; |
143 | 128 |
144 case content::SECURITY_STYLE_AUTHENTICATED: { | 129 case content::SECURITY_STYLE_AUTHENTICATED: { |
145 #if defined(OS_CHROMEOS) | 130 #if defined(OS_CHROMEOS) |
146 // Report if there is a policy cert first, before reporting any other | 131 // Report if there is a policy cert first, before reporting any other |
147 // authenticated-but-with-errors cases. A policy cert is a strong | 132 // authenticated-but-with-errors cases. A policy cert is a strong |
148 // indicator of a MITM being present (the enterprise), while the | 133 // indicator of a MITM being present (the enterprise), while the |
149 // other authenticated-but-with-errors indicate something may | 134 // other authenticated-but-with-errors indicate something may |
150 // be wrong, or may be wrong in the future, but is unclear now. | 135 // be wrong, or may be wrong in the future, but is unclear now. |
151 policy::PolicyCertService* service = | 136 policy::PolicyCertService* service = |
152 policy::PolicyCertServiceFactory::GetForProfile( | 137 policy::PolicyCertServiceFactory::GetForProfile(profile); |
153 Profile::FromBrowserContext(web_contents->GetBrowserContext())); | |
154 if (service && service->UsedPolicyCertificates()) | 138 if (service && service->UsedPolicyCertificates()) |
155 return SECURITY_POLICY_WARNING; | 139 return SecurityStateModel::SECURITY_POLICY_WARNING; |
156 #endif | 140 #endif |
157 | 141 |
158 scoped_refptr<net::X509Certificate> cert = GetCertForSSLStatus(ssl); | 142 if (sha1_status == SecurityStateModel::DEPRECATED_SHA1_BROKEN) |
159 SHA1DeprecationStatus sha1_status = GetSHA1DeprecationStatus(cert, ssl); | 143 return SecurityStateModel::SECURITY_ERROR; |
160 if (sha1_status == DEPRECATED_SHA1_BROKEN) | 144 if (sha1_status == SecurityStateModel::DEPRECATED_SHA1_WARNING) |
161 return SECURITY_ERROR; | 145 return SecurityStateModel::NONE; |
162 if (sha1_status == DEPRECATED_SHA1_WARNING) | |
163 return NONE; | |
164 | 146 |
165 MixedContentStatus mixed_content_status = GetMixedContentStatus(ssl); | |
166 // Active mixed content is downgraded to the BROKEN style and | 147 // Active mixed content is downgraded to the BROKEN style and |
167 // handled above. | 148 // handled above. |
168 DCHECK_NE(RAN_MIXED_CONTENT, mixed_content_status); | 149 DCHECK_NE(SecurityStateModel::RAN_MIXED_CONTENT, mixed_content_status); |
169 DCHECK_NE(RAN_AND_DISPLAYED_MIXED_CONTENT, mixed_content_status); | 150 DCHECK_NE(SecurityStateModel::RAN_AND_DISPLAYED_MIXED_CONTENT, |
| 151 mixed_content_status); |
170 // This should be kept in sync with | 152 // This should be kept in sync with |
171 // |kDisplayedInsecureContentStyle|. That is: the treatment | 153 // |kDisplayedInsecureContentStyle|. That is: the treatment |
172 // given to passive mixed content here should be expressed by | 154 // given to passive mixed content here should be expressed by |
173 // |kDisplayedInsecureContentStyle|, which is used to coordinate | 155 // |kDisplayedInsecureContentStyle|, which is used to coordinate |
174 // the treatment of passive mixed content with other security UI | 156 // the treatment of passive mixed content with other security UI |
175 // elements. | 157 // elements outside of //chrome. |
176 if (mixed_content_status == DISPLAYED_MIXED_CONTENT) | 158 if (mixed_content_status == SecurityStateModel::DISPLAYED_MIXED_CONTENT) |
177 return NONE; | 159 return SecurityStateModel::NONE; |
178 | 160 |
179 if (net::IsCertStatusError(ssl.cert_status)) { | 161 if (net::IsCertStatusError(ssl.cert_status)) { |
180 DCHECK(net::IsCertStatusMinorError(ssl.cert_status)); | 162 DCHECK(net::IsCertStatusMinorError(ssl.cert_status)); |
181 return NONE; | 163 return SecurityStateModel::NONE; |
182 } | 164 } |
183 if (net::SSLConnectionStatusToVersion(ssl.connection_status) == | 165 if (net::SSLConnectionStatusToVersion(ssl.connection_status) == |
184 net::SSL_CONNECTION_VERSION_SSL3) { | 166 net::SSL_CONNECTION_VERSION_SSL3) { |
185 // SSLv3 will be removed in the future. | 167 // SSLv3 will be removed in the future. |
186 return SECURITY_WARNING; | 168 return SecurityStateModel::SECURITY_WARNING; |
187 } | 169 } |
188 if ((ssl.cert_status & net::CERT_STATUS_IS_EV) && cert) | 170 if ((ssl.cert_status & net::CERT_STATUS_IS_EV) && cert) |
189 return EV_SECURE; | 171 return SecurityStateModel::EV_SECURE; |
190 return SECURE; | 172 return SecurityStateModel::SECURE; |
191 } | 173 } |
| 174 } |
192 | 175 |
193 default: | 176 return SecurityStateModel::NONE; |
194 NOTREACHED(); | |
195 return NONE; | |
196 } | |
197 } | 177 } |
198 | 178 |
199 void GetSecurityInfoForWebContents(const content::WebContents* web_contents, | 179 } // namespace |
200 SecurityInfo* security_info) { | 180 |
| 181 const content::SecurityStyle |
| 182 SecurityStateModel::kDisplayedInsecureContentStyle = |
| 183 content::SECURITY_STYLE_UNAUTHENTICATED; |
| 184 const content::SecurityStyle SecurityStateModel::kRanInsecureContentStyle = |
| 185 content::SECURITY_STYLE_AUTHENTICATION_BROKEN; |
| 186 |
| 187 SecurityStateModel::SecurityInfo::SecurityInfo() |
| 188 : security_level(SecurityStateModel::NONE), |
| 189 sha1_deprecation_status(SecurityStateModel::NO_DEPRECATED_SHA1), |
| 190 mixed_content_status(SecurityStateModel::NO_MIXED_CONTENT), |
| 191 scheme_is_cryptographic(false), |
| 192 cert_status(0), |
| 193 security_bits(-1), |
| 194 connection_status(0) {} |
| 195 |
| 196 SecurityStateModel::SecurityInfo::~SecurityInfo() {} |
| 197 |
| 198 SecurityStateModel::~SecurityStateModel() {} |
| 199 |
| 200 void SecurityStateModel::SecurityStateChanged() { |
| 201 DCHECK(web_contents_); |
201 content::NavigationEntry* entry = | 202 content::NavigationEntry* entry = |
202 web_contents ? web_contents->GetController().GetVisibleEntry() : nullptr; | 203 web_contents_->GetController().GetVisibleEntry(); |
203 if (!entry) { | 204 if (!entry) |
204 security_info->security_style = content::SECURITY_STYLE_UNKNOWN; | |
205 return; | 205 return; |
| 206 |
| 207 SecurityInfoForRequest( |
| 208 entry->GetURL(), entry->GetSSL(), |
| 209 Profile::FromBrowserContext(web_contents_->GetBrowserContext()), |
| 210 &security_info_); |
| 211 } |
| 212 |
| 213 const SecurityStateModel::SecurityInfo& SecurityStateModel::security_info() |
| 214 const { |
| 215 return security_info_; |
| 216 } |
| 217 |
| 218 // static |
| 219 void SecurityStateModel::SecurityInfoForRequest(const GURL& url, |
| 220 const content::SSLStatus& ssl, |
| 221 const Profile* profile, |
| 222 SecurityInfo* security_info) { |
| 223 scoped_refptr<net::X509Certificate> cert = GetCertForSSLStatus(ssl); |
| 224 security_info->cert_id = ssl.cert_id; |
| 225 security_info->sha1_deprecation_status = GetSHA1DeprecationStatus(cert, ssl); |
| 226 security_info->mixed_content_status = GetMixedContentStatus(ssl); |
| 227 security_info->security_bits = ssl.security_bits; |
| 228 security_info->connection_status = ssl.connection_status; |
| 229 security_info->cert_status = ssl.cert_status; |
| 230 security_info->scheme_is_cryptographic = url.SchemeIsCryptographic(); |
| 231 |
| 232 security_info->sct_verify_statuses.clear(); |
| 233 for (const auto& sct : ssl.signed_certificate_timestamp_ids) { |
| 234 security_info->sct_verify_statuses.push_back(sct.status); |
206 } | 235 } |
207 | 236 |
208 security_info->scheme_is_cryptographic = | 237 security_info->security_level = GetSecurityLevelForRequest( |
209 entry->GetURL().SchemeIsCryptographic(); | 238 url, ssl, profile, cert, security_info->sha1_deprecation_status, |
210 | 239 security_info->mixed_content_status); |
211 SecurityLevel security_level = GetSecurityLevelForWebContents(web_contents); | |
212 switch (security_level) { | |
213 case SECURITY_WARNING: | |
214 case NONE: | |
215 security_info->security_style = content::SECURITY_STYLE_UNAUTHENTICATED; | |
216 break; | |
217 case EV_SECURE: | |
218 case SECURE: | |
219 security_info->security_style = content::SECURITY_STYLE_AUTHENTICATED; | |
220 break; | |
221 case SECURITY_POLICY_WARNING: | |
222 security_info->security_style = content::SECURITY_STYLE_WARNING; | |
223 break; | |
224 case SECURITY_ERROR: | |
225 security_info->security_style = | |
226 content::SECURITY_STYLE_AUTHENTICATION_BROKEN; | |
227 break; | |
228 } | |
229 | |
230 const content::SSLStatus& ssl = entry->GetSSL(); | |
231 scoped_refptr<net::X509Certificate> cert = GetCertForSSLStatus(ssl); | |
232 security_info->sha1_deprecation_status = GetSHA1DeprecationStatus(cert, ssl); | |
233 security_info->mixed_content_status = GetMixedContentStatus(ssl); | |
234 security_info->cert_status = ssl.cert_status; | |
235 } | 240 } |
236 | 241 |
237 } // namespace connection_security | 242 SecurityStateModel::SecurityStateModel(content::WebContents* web_contents) |
| 243 : web_contents_(web_contents) {} |
| 244 |
| 245 DEFINE_WEB_CONTENTS_USER_DATA_KEY(SecurityStateModel); |
OLD | NEW |