Refactor connection_security into SecurityStateModel

chrome/browser/ui/browser.cc

Index: chrome/browser/ui/browser.cc
diff --git a/chrome/browser/ui/browser.cc b/chrome/browser/ui/browser.cc
index 5ad781c63e1c0d52ad5d5abeda232e7c3ee7c987..855e28b468e64c92a0272e4a22ce704974aa330d 100644
--- a/chrome/browser/ui/browser.cc
+++ b/chrome/browser/ui/browser.cc
@@ -77,6 +77,7 @@
 #include "chrome/browser/sessions/session_tab_helper.h"
 #include "chrome/browser/sessions/tab_restore_service.h"
 #include "chrome/browser/sessions/tab_restore_service_factory.h"
+#include "chrome/browser/ssl/security_state_model.h"
 #include "chrome/browser/sync/profile_sync_service.h"
 #include "chrome/browser/sync/profile_sync_service_factory.h"
 #include "chrome/browser/sync/sync_ui_util.h"
@@ -254,6 +255,27 @@ bool IsFastTabUnloadEnabled() {
       switches::kEnableFastUnload);
 }
 
+// Note: This is a lossy operation. Not all of the policies

[palmer, 2015/09/02 20:37:05]

Nit: Wrap this comment to 80 characters.

[estark, 2015/09/02 21:46:42]

Done.

+// that can be expressed by a SecurityLevel (a //chrome concept) can
+// be expressed by a content::SecurityStyle.
+content::SecurityStyle SecurityLevelToSecurityStyle(
+    SecurityStateModel::SecurityLevel security_level) {
+  switch (security_level) {
+    case SecurityStateModel::NONE:
+      return content::SECURITY_STYLE_UNAUTHENTICATED;
+    case SecurityStateModel::SECURITY_WARNING:
+    case SecurityStateModel::SECURITY_POLICY_WARNING:
+      return content::SECURITY_STYLE_WARNING;

[palmer, 2015/09/02 20:37:05]

Is this going to result in showing Dubious as Dubious, instead of as Neutral?

[estark, 2015/09/02 21:46:42]

No, SECURITY_WARNING doesn't actually get assigned to anything (except SSLv3,
which as previously discussed is probably not actually possible). So dubious
states will get assigned SecurityStateModel::NONE which will get translated in
SECURITY_STYLE_UNAUTHENTICATED here.

+    case SecurityStateModel::EV_SECURE:
+    case SecurityStateModel::SECURE:
+      return content::SECURITY_STYLE_AUTHENTICATED;
+    case SecurityStateModel::SECURITY_ERROR:
+      return content::SECURITY_STYLE_AUTHENTICATION_BROKEN;
+  }
+
+  return content::SECURITY_STYLE_UNKNOWN;
+}
+
 }  // namespace
 
 ////////////////////////////////////////////////////////////////////////////////
@@ -1296,14 +1318,15 @@ bool Browser::CanDragEnter(content::WebContents* source,
 content::SecurityStyle Browser::GetSecurityStyle(
     WebContents* web_contents,
     content::SecurityStyleExplanations* security_style_explanations) {
-  connection_security::SecurityInfo security_info;
-  connection_security::GetSecurityInfoForWebContents(web_contents,
-                                                     &security_info);
+  SecurityStateModel* model = SecurityStateModel::FromWebContents(web_contents);
+  DCHECK(model);
+  const SecurityStateModel::SecurityInfo& security_info =
+      model->security_info();
 
   security_style_explanations->ran_insecure_content_style =
-      connection_security::kRanInsecureContentStyle;
+      SecurityStateModel::kRanInsecureContentStyle;
   security_style_explanations->displayed_insecure_content_style =
-      connection_security::kDisplayedInsecureContentStyle;
+      SecurityStateModel::kDisplayedInsecureContentStyle;
 
   // Check if the page is HTTP; if so, no explanations are needed. Note
   // that SECURITY_STYLE_UNAUTHENTICATED does not necessarily mean that
@@ -1314,19 +1337,18 @@ content::SecurityStyle Browser::GetSecurityStyle(
   // algorithms with the same UI treatment as HTTP pages).
   security_style_explanations->scheme_is_cryptographic =
       security_info.scheme_is_cryptographic;
-  if (!security_info.scheme_is_cryptographic ||
-      security_info.security_style == content::SECURITY_STYLE_UNKNOWN) {
-    return security_info.security_style;
+  if (!security_info.scheme_is_cryptographic) {
+    return SecurityLevelToSecurityStyle(security_info.security_level);
   }
 
   if (security_info.sha1_deprecation_status ==
-      connection_security::DEPRECATED_SHA1_BROKEN) {
+      SecurityStateModel::DEPRECATED_SHA1_BROKEN) {
     security_style_explanations->broken_explanations.push_back(
         content::SecurityStyleExplanation(
             l10n_util::GetStringUTF8(IDS_BROKEN_SHA1),
             l10n_util::GetStringUTF8(IDS_BROKEN_SHA1_DESCRIPTION)));
   } else if (security_info.sha1_deprecation_status ==
-             connection_security::DEPRECATED_SHA1_WARNING) {
+             SecurityStateModel::DEPRECATED_SHA1_WARNING) {
     security_style_explanations->warning_explanations.push_back(
         content::SecurityStyleExplanation(
             l10n_util::GetStringUTF8(IDS_WARNING_SHA1),
@@ -1335,14 +1357,14 @@ content::SecurityStyle Browser::GetSecurityStyle(
 
   security_style_explanations->ran_insecure_content =
       security_info.mixed_content_status ==
-          connection_security::RAN_MIXED_CONTENT ||
+          SecurityStateModel::RAN_MIXED_CONTENT ||
       security_info.mixed_content_status ==
-          connection_security::RAN_AND_DISPLAYED_MIXED_CONTENT;
+          SecurityStateModel::RAN_AND_DISPLAYED_MIXED_CONTENT;
   security_style_explanations->displayed_insecure_content =
       security_info.mixed_content_status ==
-          connection_security::DISPLAYED_MIXED_CONTENT ||
+          SecurityStateModel::DISPLAYED_MIXED_CONTENT ||
       security_info.mixed_content_status ==
-          connection_security::RAN_AND_DISPLAYED_MIXED_CONTENT;
+          SecurityStateModel::RAN_AND_DISPLAYED_MIXED_CONTENT;
 
   if (net::IsCertStatusError(security_info.cert_status)) {
     base::string16 error_string = base::UTF8ToUTF16(net::ErrorToString(
@@ -1362,7 +1384,7 @@ content::SecurityStyle Browser::GetSecurityStyle(
     // deprecated SHA1, then add an explanation that the certificate is
     // valid.
     if (security_info.sha1_deprecation_status ==
-        connection_security::NO_DEPRECATED_SHA1) {
+        SecurityStateModel::NO_DEPRECATED_SHA1) {
       security_style_explanations->secure_explanations.push_back(
           content::SecurityStyleExplanation(
               l10n_util::GetStringUTF8(IDS_VALID_SERVER_CERTIFICATE),
@@ -1371,7 +1393,7 @@ content::SecurityStyle Browser::GetSecurityStyle(
     }
   }
 
-  return security_info.security_style;
+  return SecurityLevelToSecurityStyle(security_info.security_level);
 }
 
 bool Browser::IsMouseLocked() const {
@@ -1472,10 +1494,18 @@ void Browser::NavigationStateChanged(WebContents* source,
     hosted_app_controller_->UpdateLocationBarVisibility(true);
 }
 
-void Browser::VisibleSSLStateChanged(const WebContents* source) {
+void Browser::VisibleSSLStateChanged(WebContents* source) {
   // When the current tab's SSL state changes, we need to update the URL
   // bar to reflect the new state.
   DCHECK(source);
+
+  // Notify the model that the security state has changed, so that the
+  // URL bar updates with up-to-date data computed by the model.
+  SecurityStateModel::CreateForWebContents(source);
+  SecurityStateModel* model = SecurityStateModel::FromWebContents(source);
+  DCHECK(model);
+  model->SecurityStateChanged();
+
   if (tab_strip_model_->GetActiveWebContents() == source)
     UpdateToolbar(false);
 }