Refactor connection_security into SecurityStateModel

chrome/browser/ssl/security_state_model.h

Index: chrome/browser/ssl/security_state_model.h
diff --git a/chrome/browser/ssl/security_state_model.h b/chrome/browser/ssl/security_state_model.h
new file mode 100644
index 0000000000000000000000000000000000000000..fbc480a9dd695bac9f5b2f97b2062ee619ec03b9
--- /dev/null
+++ b/chrome/browser/ssl/security_state_model.h
@@ -0,0 +1,146 @@
+// Copyright 2015 The Chromium Authors. All rights reserved.
+// Use of this source code is governed by a BSD-style license that can be
+// found in the LICENSE file.
+
+#ifndef CHROME_BROWSER_SSL_SECURITY_STATE_MODEL_H_
+#define CHROME_BROWSER_SSL_SECURITY_STATE_MODEL_H_
+
+#include "base/macros.h"
+#include "content/public/browser/web_contents_user_data.h"
+#include "content/public/common/security_style.h"
+#include "content/public/common/ssl_status.h"
+#include "net/cert/cert_status_flags.h"
+#include "net/cert/sct_status_flags.h"
+#include "net/cert/x509_certificate.h"
+
+namespace content {
+class WebContents;
+}  // namespace content
+
+class Profile;
+
+// SecurityStateModel provides high-level security information about a
+// page or request. It is attached to a WebContents and will provide the
+// security info for that WebContents. SecurityStateModel must be
+// notified when its WebContents's security state changes, by calling
+// SecurityStateModel::SecurityStateChanged().
+//
+// SecurityStateModel::SecurityInfo is the main data structure computed
+// by a SecurityStateModel. SecurityInfo contains a SecurityLevel (which
+// is a single value describing the overall security state) along with
+// information that a consumer might want to display in UI to explain or
+// elaborate on the SecurityLevel.
+class SecurityStateModel
+    : public content::WebContentsUserData<SecurityStateModel> {
+ public:
+  // Describes the overall security state of the page.
+  //
+  // If you reorder, add, or delete values from this enum, you must also
+  // update the UI icons in ToolbarModelImpl::GetIconForSecurityLevel.
+  //
+  // A Java counterpart will be generated for this enum.
+  // GENERATED_JAVA_ENUM_PACKAGE: org.chromium.chrome.browser.ssl
+  // GENERATED_JAVA_CLASS_NAME_OVERRIDE: ConnectionSecurityLevel
+  enum SecurityLevel {
+    // HTTP/no URL
+    NONE,
+
+    // HTTPS with valid EV cert
+    EV_SECURE,
+
+    // HTTPS (non-EV)

[palmer, 2015/09/01 17:39:40]

Specify valid cert

[estark, 2015/09/02 16:27:20]

Done.

+    SECURE,
+
+    // HTTPS, but unable to check certificate revocation status or with insecure

[palmer, 2015/09/01 17:39:40]

Insecure passive content

[estark, 2015/09/02 16:27:20]

I moved this description and made this change on the NONE value.

The only thing we actually use SECURITY_WARNING for now is SSLv3, and I thought
SSLv3 was completely disabled now (or behind a flag or something). So maybe we
should now use NONE for sslv3 and get rid of SECURITY_WARNING all together. I
can do that in a separate follow-up CL if you think it's reasonable.

+    // content on the page
+    SECURITY_WARNING,
+
+    // HTTPS, but the certificate verification chain is anchored on a
+    // certificate that was installed by the system administrator
+    SECURITY_POLICY_WARNING,
+
+    // Attempted HTTPS and failed, page not authenticated

[palmer, 2015/09/01 17:39:40]

Does this the case in which include active mixed content ran?

[estark, 2015/09/02 16:27:20]

Yes, updated the comment to say so.

+    SECURITY_ERROR,
+  };
+
+  // Describes how the SHA1 deprecation policy applies to an HTTPS
+  // connection.
+  enum SHA1DeprecationStatus {
+    // No SHA1 deprecation policy applies.
+    NO_DEPRECATED_SHA1,

[palmer, 2015/09/01 17:39:40]

Reorder these from good to bad to worse? I.e. put DEPRECATED_SHA1_WARNING before
DEPRECATED_SHA1_BROKEN?

[estark, 2015/09/02 16:27:20]

Done.

+    // The connection used a certificate with a SHA1 signature in the
+    // chain, and policy says that the connection should be treated as
+    // broken HTTPS.
+    DEPRECATED_SHA1_BROKEN,
+    // The connection used a certificate with a SHA1 signature in the
+    // chain, and policy says that the connection should be treated with a
+    // warning.
+    DEPRECATED_SHA1_WARNING,
+  };
+
+  // Describes the type of mixed content (if any) that a site
+  // displayed/ran.
+  enum MixedContentStatus {
+    NO_MIXED_CONTENT,
+    // The site displayed nonsecure resources (passive mixed content).
+    DISPLAYED_MIXED_CONTENT,
+    // The site ran nonsecure resources (active mixed content).
+    RAN_MIXED_CONTENT,
+    // The site both ran and displayed nonsecure resources.
+    RAN_AND_DISPLAYED_MIXED_CONTENT,
+  };
+
+  // Describes the security status of a page or request. This is the
+  // main data structure provided by this class.
+  struct SecurityInfo {
+    SecurityInfo();
+    ~SecurityInfo();
+    SecurityLevel security_level;
+    SHA1DeprecationStatus sha1_deprecation_status;
+    MixedContentStatus mixed_content_status;
+    // The verification statuses of the signed certificate timestamps
+    // for the connection.
+    std::vector<net::ct::SCTVerifyStatus> sct_verify_statuses;
+    bool scheme_is_cryptographic;
+    net::CertStatus cert_status;
+    int cert_id;
+    int security_bits;

[palmer, 2015/09/01 17:39:40]

This could use a comment (and/or a better name).

[estark, 2015/09/02 16:27:20]

Done.

+    int connection_status;
+  };
+
+  // These security styles describe the treatment given to pages that
+  // display and run mixed content. They are used to coordinate the
+  // treatment of mixed content with other security UI elements.
+  static const content::SecurityStyle kDisplayedInsecureContentStyle;
+  static const content::SecurityStyle kRanInsecureContentStyle;
+
+  ~SecurityStateModel() override;
+
+  // Notifies the SecurityStateModel that the security status of the
+  // page has changed and that the SecurityInfo should be updated
+  // accordingly.
+  void SecurityStateChanged();
+
+  // Returns a SecurityInfo describing the page as of the last call to
+  // SecurityStateChanged().
+  const SecurityInfo& security_info() const;
+
+  // Returns a SecurityInfo describing an individual request for the
+  // given |profile|.
+  static void SecurityInfoForRequest(const GURL& url,
+                                     const content::SSLStatus& ssl,
+                                     Profile* profile,
+                                     SecurityInfo* security_info);
+
+ private:
+  explicit SecurityStateModel(content::WebContents* web_contents);
+  friend class content::WebContentsUserData<SecurityStateModel>;
+
+  // The WebContents for which this class describes the security status.
+  content::WebContents* web_contents_;
+  SecurityInfo security_info_;
+
+  DISALLOW_COPY_AND_ASSIGN(SecurityStateModel);
+};
+
+#endif  // CHROME_BROWSER_SSL_SECURITY_STATE_MODEL_H_