OLD | NEW |
(Empty) | |
| 1 // Copyright 2015 The Chromium Authors. All rights reserved. |
| 2 // Use of this source code is governed by a BSD-style license that can be |
| 3 // found in the LICENSE file. |
| 4 |
| 5 #ifndef CHROME_BROWSER_SSL_SECURITY_STATE_MODEL_H_ |
| 6 #define CHROME_BROWSER_SSL_SECURITY_STATE_MODEL_H_ |
| 7 |
| 8 #include "base/macros.h" |
| 9 #include "content/public/browser/web_contents_user_data.h" |
| 10 #include "content/public/common/security_style.h" |
| 11 #include "content/public/common/ssl_status.h" |
| 12 #include "net/cert/cert_status_flags.h" |
| 13 #include "net/cert/sct_status_flags.h" |
| 14 #include "net/cert/x509_certificate.h" |
| 15 |
| 16 namespace content { |
| 17 class WebContents; |
| 18 } // namespace content |
| 19 |
| 20 class Profile; |
| 21 |
| 22 // SecurityStateModel provides high-level security information about a |
| 23 // page or request. It is attached to a WebContents and will provide the |
| 24 // security info for that WebContents. SecurityStateModel must be |
| 25 // notified when its WebContents's security state changes, by calling |
| 26 // SecurityStateModel::SecurityStateChanged(). |
| 27 // |
| 28 // SecurityStateModel::SecurityInfo is the main data structure computed |
| 29 // by a SecurityStateModel. SecurityInfo contains a SecurityLevel (which |
| 30 // is a single value describing the overall security state) along with |
| 31 // information that a consumer might want to display in UI to explain or |
| 32 // elaborate on the SecurityLevel. |
| 33 class SecurityStateModel |
| 34 : public content::WebContentsUserData<SecurityStateModel> { |
| 35 public: |
| 36 // Describes the overall security state of the page. |
| 37 // |
| 38 // If you reorder, add, or delete values from this enum, you must also |
| 39 // update the UI icons in ToolbarModelImpl::GetIconForSecurityLevel. |
| 40 // |
| 41 // A Java counterpart will be generated for this enum. |
| 42 // GENERATED_JAVA_ENUM_PACKAGE: org.chromium.chrome.browser.ssl |
| 43 // GENERATED_JAVA_CLASS_NAME_OVERRIDE: ConnectionSecurityLevel |
| 44 enum SecurityLevel { |
| 45 // HTTP/no URL |
| 46 NONE, |
| 47 |
| 48 // HTTPS with valid EV cert |
| 49 EV_SECURE, |
| 50 |
| 51 // HTTPS (non-EV) |
| 52 SECURE, |
| 53 |
| 54 // HTTPS, but unable to check certificate revocation status or with insecure |
| 55 // content on the page |
| 56 SECURITY_WARNING, |
| 57 |
| 58 // HTTPS, but the certificate verification chain is anchored on a |
| 59 // certificate that was installed by the system administrator |
| 60 SECURITY_POLICY_WARNING, |
| 61 |
| 62 // Attempted HTTPS and failed, page not authenticated |
| 63 SECURITY_ERROR, |
| 64 }; |
| 65 |
| 66 // Describes how the SHA1 deprecation policy applies to an HTTPS |
| 67 // connection. |
| 68 enum SHA1DeprecationStatus { |
| 69 // No SHA1 deprecation policy applies. |
| 70 NO_DEPRECATED_SHA1, |
| 71 // The connection used a certificate with a SHA1 signature in the |
| 72 // chain, and policy says that the connection should be treated as |
| 73 // broken HTTPS. |
| 74 DEPRECATED_SHA1_BROKEN, |
| 75 // The connection used a certificate with a SHA1 signature in the |
| 76 // chain, and policy says that the connection should be treated with a |
| 77 // warning. |
| 78 DEPRECATED_SHA1_WARNING, |
| 79 }; |
| 80 |
| 81 // Describes the type of mixed content (if any) that a site |
| 82 // displayed/ran. |
| 83 enum MixedContentStatus { |
| 84 NO_MIXED_CONTENT, |
| 85 // The site displayed nonsecure resources (passive mixed content). |
| 86 DISPLAYED_MIXED_CONTENT, |
| 87 // The site ran nonsecure resources (active mixed content). |
| 88 RAN_MIXED_CONTENT, |
| 89 // The site both ran and displayed nonsecure resources. |
| 90 RAN_AND_DISPLAYED_MIXED_CONTENT, |
| 91 }; |
| 92 |
| 93 // Describes the security status of a page or request. This is the |
| 94 // main data structure provided by this class. |
| 95 struct SecurityInfo { |
| 96 SecurityInfo(); |
| 97 ~SecurityInfo(); |
| 98 SecurityLevel security_level; |
| 99 SHA1DeprecationStatus sha1_deprecation_status; |
| 100 MixedContentStatus mixed_content_status; |
| 101 // The verification statuses of the signed certificate timestamps |
| 102 // for the connection. |
| 103 std::vector<net::ct::SCTVerifyStatus> sct_verify_statuses; |
| 104 bool scheme_is_cryptographic; |
| 105 net::CertStatus cert_status; |
| 106 int cert_id; |
| 107 int security_bits; |
| 108 int connection_status; |
| 109 }; |
| 110 |
| 111 // These security styles describe the treatment given to pages that |
| 112 // display and run mixed content. They are used to coordinate the |
| 113 // treatment of mixed content with other security UI elements. |
| 114 static const content::SecurityStyle kDisplayedInsecureContentStyle; |
| 115 static const content::SecurityStyle kRanInsecureContentStyle; |
| 116 |
| 117 ~SecurityStateModel() override; |
| 118 |
| 119 // Notifies the SecurityStateModel that the security status of the |
| 120 // page has changed and that the SecurityInfo should be updated |
| 121 // accordingly. |
| 122 void SecurityStateChanged(); |
| 123 |
| 124 // Returns a SecurityInfo describing the page as of the last call to |
| 125 // SecurityStateChanged(). |
| 126 const SecurityInfo& security_info() const; |
| 127 |
| 128 // Returns a SecurityInfo describing an individual request for the |
| 129 // given |profile|. |
| 130 static void SecurityInfoForRequest(const GURL& url, |
| 131 const content::SSLStatus& ssl, |
| 132 const Profile* profile, |
| 133 SecurityInfo* security_info); |
| 134 |
| 135 private: |
| 136 explicit SecurityStateModel(content::WebContents* web_contents); |
| 137 friend class content::WebContentsUserData<SecurityStateModel>; |
| 138 |
| 139 // The WebContents for which this class describes the security status. |
| 140 content::WebContents* web_contents_; |
| 141 SecurityInfo security_info_; |
| 142 |
| 143 DISALLOW_COPY_AND_ASSIGN(SecurityStateModel); |
| 144 }; |
| 145 |
| 146 #endif // CHROME_BROWSER_SSL_SECURITY_STATE_MODEL_H_ |
OLD | NEW |