Chromium Code Reviews Chromium Code Reviews
Issue 1314953009:
Refactor WebsiteSettings to operate on a SecurityInfo (Closed)
Base URL: https://chromium.googlesource.com/chromium/src.git@master| OLD | NEW |
|---|---|
| 1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. | 1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. |
| 2 // Use of this source code is governed by a BSD-style license that can be | 2 // Use of this source code is governed by a BSD-style license that can be |
| 3 // found in the LICENSE file. | 3 // found in the LICENSE file. |
| 4 | 4 |
| 5 #include "chrome/browser/ui/website_settings/website_settings.h" | 5 #include "chrome/browser/ui/website_settings/website_settings.h" |
| 6 | 6 |
| 7 #include <string> | 7 #include <string> |
| 8 #include <vector> | 8 #include <vector> |
| 9 | 9 |
| 10 #include "base/command_line.h" | 10 #include "base/command_line.h" |
| (...skipping 28 matching lines...) Expand all Loading... | |
| 39 #include "components/content_settings/core/browser/host_content_settings_map.h" | 39 #include "components/content_settings/core/browser/host_content_settings_map.h" |
| 40 #include "components/content_settings/core/browser/local_shared_objects_counter. h" | 40 #include "components/content_settings/core/browser/local_shared_objects_counter. h" |
| 41 #include "components/content_settings/core/common/content_settings.h" | 41 #include "components/content_settings/core/common/content_settings.h" |
| 42 #include "components/content_settings/core/common/content_settings_pattern.h" | 42 #include "components/content_settings/core/common/content_settings_pattern.h" |
| 43 #include "components/rappor/rappor_utils.h" | 43 #include "components/rappor/rappor_utils.h" |
| 44 #include "components/url_formatter/elide_url.h" | 44 #include "components/url_formatter/elide_url.h" |
| 45 #include "content/public/browser/browser_thread.h" | 45 #include "content/public/browser/browser_thread.h" |
| 46 #include "content/public/browser/cert_store.h" | 46 #include "content/public/browser/cert_store.h" |
| 47 #include "content/public/browser/user_metrics.h" | 47 #include "content/public/browser/user_metrics.h" |
| 48 #include "content/public/common/content_switches.h" | 48 #include "content/public/common/content_switches.h" |
| 49 #include "content/public/common/ssl_status.h" | |
| 50 #include "content/public/common/url_constants.h" | 49 #include "content/public/common/url_constants.h" |
| 51 #include "net/cert/cert_status_flags.h" | 50 #include "net/cert/cert_status_flags.h" |
| 52 #include "net/cert/x509_certificate.h" | 51 #include "net/cert/x509_certificate.h" |
| 53 #include "net/ssl/ssl_cipher_suite_names.h" | 52 #include "net/ssl/ssl_cipher_suite_names.h" |
| 54 #include "net/ssl/ssl_connection_status_flags.h" | 53 #include "net/ssl/ssl_connection_status_flags.h" |
| 55 #include "ui/base/l10n/l10n_util.h" | 54 #include "ui/base/l10n/l10n_util.h" |
| 56 | 55 |
| 57 #if defined(OS_CHROMEOS) | 56 #if defined(OS_CHROMEOS) |
| 58 #include "chrome/browser/chromeos/policy/policy_cert_service.h" | 57 #include "chrome/browser/chromeos/policy/policy_cert_service.h" |
| 59 #include "chrome/browser/chromeos/policy/policy_cert_service_factory.h" | 58 #include "chrome/browser/chromeos/policy/policy_cert_service_factory.h" |
| (...skipping 32 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... | |
| 92 CONTENT_SETTINGS_TYPE_AUTOMATIC_DOWNLOADS, | 91 CONTENT_SETTINGS_TYPE_AUTOMATIC_DOWNLOADS, |
| 93 CONTENT_SETTINGS_TYPE_PLUGINS, | 92 CONTENT_SETTINGS_TYPE_PLUGINS, |
| 94 CONTENT_SETTINGS_TYPE_MOUSELOCK, | 93 CONTENT_SETTINGS_TYPE_MOUSELOCK, |
| 95 CONTENT_SETTINGS_TYPE_MIDI_SYSEX, | 94 CONTENT_SETTINGS_TYPE_MIDI_SYSEX, |
| 96 #if defined(OS_ANDROID) | 95 #if defined(OS_ANDROID) |
| 97 CONTENT_SETTINGS_TYPE_PUSH_MESSAGING, | 96 CONTENT_SETTINGS_TYPE_PUSH_MESSAGING, |
| 98 #endif | 97 #endif |
| 99 }; | 98 }; |
| 100 | 99 |
| 101 bool CertificateTransparencyStatusMatch( | 100 bool CertificateTransparencyStatusMatch( |
| 102 const content::SignedCertificateTimestampIDStatusList& scts, | 101 const std::vector<net::ct::SCTVerifyStatus>& sct_verify_statuses, |
| 103 net::ct::SCTVerifyStatus status) { | 102 net::ct::SCTVerifyStatus status) { |
| 104 for (content::SignedCertificateTimestampIDStatusList::const_iterator it = | 103 for (const auto& verify_status : sct_verify_statuses) { |
| 105 scts.begin(); | 104 if (verify_status == status) |
| 106 it != scts.end(); | |
| 107 ++it) { | |
| 108 if (it->status == status) | |
| 109 return true; | 105 return true; |
| 110 } | 106 } |
| 111 | |
| 112 return false; | 107 return false; |
| 113 } | 108 } |
| 114 | 109 |
| 115 int GetSiteIdentityDetailsMessageByCTInfo( | 110 int GetSiteIdentityDetailsMessageByCTInfo( |
| 116 const content::SignedCertificateTimestampIDStatusList& scts, | 111 const std::vector<net::ct::SCTVerifyStatus>& sct_verify_statuses, |
| 117 bool is_ev) { | 112 bool is_ev) { |
| 118 // No SCTs - no CT information. | 113 // No SCTs - no CT information. |
| 119 if (scts.empty()) | 114 if (sct_verify_statuses.empty()) |
| 120 return (is_ev ? IDS_PAGE_INFO_SECURITY_TAB_SECURE_IDENTITY_EV_NO_CT | 115 return (is_ev ? IDS_PAGE_INFO_SECURITY_TAB_SECURE_IDENTITY_EV_NO_CT |
| 121 : IDS_PAGE_INFO_SECURITY_TAB_SECURE_IDENTITY_NO_CT); | 116 : IDS_PAGE_INFO_SECURITY_TAB_SECURE_IDENTITY_NO_CT); |
| 122 | 117 |
| 123 if (CertificateTransparencyStatusMatch(scts, net::ct::SCT_STATUS_OK)) | 118 if (CertificateTransparencyStatusMatch(sct_verify_statuses, |
| 119 net::ct::SCT_STATUS_OK)) | |
| 124 return (is_ev ? IDS_PAGE_INFO_SECURITY_TAB_SECURE_IDENTITY_EV_CT_VERIFIED | 120 return (is_ev ? IDS_PAGE_INFO_SECURITY_TAB_SECURE_IDENTITY_EV_CT_VERIFIED |
| 125 : IDS_PAGE_INFO_SECURITY_TAB_SECURE_IDENTITY_CT_VERIFIED); | 121 : IDS_PAGE_INFO_SECURITY_TAB_SECURE_IDENTITY_CT_VERIFIED); |
| 126 | 122 |
| 127 if (CertificateTransparencyStatusMatch(scts, net::ct::SCT_STATUS_INVALID)) | 123 if (CertificateTransparencyStatusMatch(sct_verify_statuses, |
| 124 net::ct::SCT_STATUS_INVALID)) | |
| 128 return (is_ev ? IDS_PAGE_INFO_SECURITY_TAB_SECURE_IDENTITY_EV_CT_INVALID | 125 return (is_ev ? IDS_PAGE_INFO_SECURITY_TAB_SECURE_IDENTITY_EV_CT_INVALID |
| 129 : IDS_PAGE_INFO_SECURITY_TAB_SECURE_IDENTITY_CT_INVALID); | 126 : IDS_PAGE_INFO_SECURITY_TAB_SECURE_IDENTITY_CT_INVALID); |
| 130 | 127 |
| 131 // status is SCT_STATUS_LOG_UNKNOWN | 128 // status is SCT_STATUS_LOG_UNKNOWN |
| 132 return (is_ev ? IDS_PAGE_INFO_SECURITY_TAB_SECURE_IDENTITY_EV_CT_UNVERIFIED | 129 return (is_ev ? IDS_PAGE_INFO_SECURITY_TAB_SECURE_IDENTITY_EV_CT_UNVERIFIED |
| 133 : IDS_PAGE_INFO_SECURITY_TAB_SECURE_IDENTITY_CT_UNVERIFIED); | 130 : IDS_PAGE_INFO_SECURITY_TAB_SECURE_IDENTITY_CT_UNVERIFIED); |
| 134 } | 131 } |
| 135 | 132 |
| 136 // This function will return SITE_IDENTITY_STATUS_CERT or | 133 // This function will return SITE_IDENTITY_STATUS_CERT or |
| 137 // SITE_IDENTITY_STATUS_EV_CERT depending on |is_ev| unless there are SCTs | 134 // SITE_IDENTITY_STATUS_EV_CERT depending on |is_ev| unless there are SCTs |
| 138 // which failed verification, in which case it will return | 135 // which failed verification, in which case it will return |
| 139 // SITE_IDENTITY_STATUS_ERROR. | 136 // SITE_IDENTITY_STATUS_ERROR. |
| 140 WebsiteSettings::SiteIdentityStatus GetSiteIdentityStatusByCTInfo( | 137 WebsiteSettings::SiteIdentityStatus GetSiteIdentityStatusByCTInfo( |
| 141 const content::SignedCertificateTimestampIDStatusList& scts, | 138 const std::vector<net::ct::SCTVerifyStatus>& sct_verify_statuses, |
| 142 bool is_ev) { | 139 bool is_ev) { |
| 143 if (CertificateTransparencyStatusMatch(scts, net::ct::SCT_STATUS_INVALID)) | 140 if (CertificateTransparencyStatusMatch(sct_verify_statuses, |
| 141 net::ct::SCT_STATUS_INVALID)) | |
| 144 return WebsiteSettings::SITE_IDENTITY_STATUS_ERROR; | 142 return WebsiteSettings::SITE_IDENTITY_STATUS_ERROR; |
| 145 | 143 |
| 146 return is_ev ? WebsiteSettings::SITE_IDENTITY_STATUS_EV_CERT | 144 return is_ev ? WebsiteSettings::SITE_IDENTITY_STATUS_EV_CERT |
| 147 : WebsiteSettings::SITE_IDENTITY_STATUS_CERT; | 145 : WebsiteSettings::SITE_IDENTITY_STATUS_CERT; |
| 148 } | 146 } |
| 149 | 147 |
| 150 base::string16 GetSimpleSiteName(const GURL& url, Profile* profile) { | 148 base::string16 GetSimpleSiteName(const GURL& url, Profile* profile) { |
| 151 std::string languages; | 149 std::string languages; |
| 152 if (profile) | 150 if (profile) |
| 153 languages = profile->GetPrefs()->GetString(prefs::kAcceptLanguages); | 151 languages = profile->GetPrefs()->GetString(prefs::kAcceptLanguages); |
| 154 return url_formatter::FormatUrlForSecurityDisplayOmitScheme(url, languages); | 152 return url_formatter::FormatUrlForSecurityDisplayOmitScheme(url, languages); |
| 155 } | 153 } |
| 156 | 154 |
| 157 } // namespace | 155 } // namespace |
| 158 | 156 |
| 159 WebsiteSettings::WebsiteSettings( | 157 WebsiteSettings::WebsiteSettings( |
| 160 WebsiteSettingsUI* ui, | 158 WebsiteSettingsUI* ui, |
| 161 Profile* profile, | 159 Profile* profile, |
| 162 TabSpecificContentSettings* tab_specific_content_settings, | 160 TabSpecificContentSettings* tab_specific_content_settings, |
| 163 content::WebContents* web_contents, | 161 content::WebContents* web_contents, |
| 164 const GURL& url, | 162 const GURL& url, |
| 165 const content::SSLStatus& ssl, | 163 const SecurityStateModel::SecurityInfo& security_info, |
| 166 content::CertStore* cert_store) | 164 content::CertStore* cert_store) |
| 167 : TabSpecificContentSettings::SiteDataObserver( | 165 : TabSpecificContentSettings::SiteDataObserver( |
| 168 tab_specific_content_settings), | 166 tab_specific_content_settings), |
| 169 ui_(ui), | 167 ui_(ui), |
| 170 web_contents_(web_contents), | 168 web_contents_(web_contents), |
| 171 show_info_bar_(false), | 169 show_info_bar_(false), |
| 172 site_url_(url), | 170 site_url_(url), |
| 173 site_identity_status_(SITE_IDENTITY_STATUS_UNKNOWN), | 171 site_identity_status_(SITE_IDENTITY_STATUS_UNKNOWN), |
| 174 cert_id_(0), | 172 cert_id_(0), |
| 175 site_connection_status_(SITE_CONNECTION_STATUS_UNKNOWN), | 173 site_connection_status_(SITE_CONNECTION_STATUS_UNKNOWN), |
| 176 cert_store_(cert_store), | 174 cert_store_(cert_store), |
| 177 content_settings_(HostContentSettingsMapFactory::GetForProfile(profile)), | 175 content_settings_(HostContentSettingsMapFactory::GetForProfile(profile)), |
| 178 chrome_ssl_host_state_delegate_( | 176 chrome_ssl_host_state_delegate_( |
| 179 ChromeSSLHostStateDelegateFactory::GetForProfile(profile)), | 177 ChromeSSLHostStateDelegateFactory::GetForProfile(profile)), |
| 180 did_revoke_user_ssl_decisions_(false), | 178 did_revoke_user_ssl_decisions_(false), |
| 181 profile_(profile) { | 179 profile_(profile) { |
| 182 Init(url, ssl); | 180 Init(url, security_info); |
| 183 | 181 |
| 184 PresentSitePermissions(); | 182 PresentSitePermissions(); |
| 185 PresentSiteData(); | 183 PresentSiteData(); |
| 186 PresentSiteIdentity(); | 184 PresentSiteIdentity(); |
| 187 | 185 |
| 188 // Every time the Website Settings UI is opened a |WebsiteSettings| object is | 186 // Every time the Website Settings UI is opened a |WebsiteSettings| object is |
| 189 // created. So this counts how ofter the Website Settings UI is opened. | 187 // created. So this counts how ofter the Website Settings UI is opened. |
| 190 RecordWebsiteSettingsAction(WEBSITE_SETTINGS_OPENED); | 188 RecordWebsiteSettingsAction(WEBSITE_SETTINGS_OPENED); |
| 191 } | 189 } |
| 192 | 190 |
| (...skipping 156 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... | |
| 349 #endif | 347 #endif |
| 350 } | 348 } |
| 351 | 349 |
| 352 void WebsiteSettings::OnRevokeSSLErrorBypassButtonPressed() { | 350 void WebsiteSettings::OnRevokeSSLErrorBypassButtonPressed() { |
| 353 DCHECK(chrome_ssl_host_state_delegate_); | 351 DCHECK(chrome_ssl_host_state_delegate_); |
| 354 chrome_ssl_host_state_delegate_->RevokeUserAllowExceptionsHard( | 352 chrome_ssl_host_state_delegate_->RevokeUserAllowExceptionsHard( |
| 355 site_url().host()); | 353 site_url().host()); |
| 356 did_revoke_user_ssl_decisions_ = true; | 354 did_revoke_user_ssl_decisions_ = true; |
| 357 } | 355 } |
| 358 | 356 |
| 359 void WebsiteSettings::Init(const GURL& url, const content::SSLStatus& ssl) { | 357 void WebsiteSettings::Init( |
| 358 const GURL& url, | |
| 359 const SecurityStateModel::SecurityInfo& security_info) { | |
| 360 bool isChromeUINativeScheme = false; | 360 bool isChromeUINativeScheme = false; |
| 361 #if defined(OS_ANDROID) | 361 #if defined(OS_ANDROID) |
| 362 isChromeUINativeScheme = url.SchemeIs(chrome::kChromeUINativeScheme); | 362 isChromeUINativeScheme = url.SchemeIs(chrome::kChromeUINativeScheme); |
| 363 #endif | 363 #endif |
| 364 | 364 |
| 365 if (url.SchemeIs(content::kChromeUIScheme) || | 365 if (url.SchemeIs(content::kChromeUIScheme) || |
| 366 url.SchemeIs(url::kAboutScheme) || isChromeUINativeScheme) { | 366 url.SchemeIs(url::kAboutScheme) || isChromeUINativeScheme) { |
| 367 site_identity_status_ = SITE_IDENTITY_STATUS_INTERNAL_PAGE; | 367 site_identity_status_ = SITE_IDENTITY_STATUS_INTERNAL_PAGE; |
| 368 site_identity_details_ = | 368 site_identity_details_ = |
| 369 l10n_util::GetStringUTF16(IDS_PAGE_INFO_INTERNAL_PAGE); | 369 l10n_util::GetStringUTF16(IDS_PAGE_INFO_INTERNAL_PAGE); |
| 370 site_connection_status_ = SITE_CONNECTION_STATUS_INTERNAL_PAGE; | 370 site_connection_status_ = SITE_CONNECTION_STATUS_INTERNAL_PAGE; |
| 371 return; | 371 return; |
| 372 } | 372 } |
| 373 | 373 |
| 374 // Identity section. | 374 // Identity section. |
| 375 scoped_refptr<net::X509Certificate> cert; | 375 scoped_refptr<net::X509Certificate> cert; |
| 376 cert_id_ = ssl.cert_id; | 376 cert_id_ = security_info.cert_id; |
| 377 | 377 |
| 378 if (ssl.cert_id && | 378 // HTTPS with no or minor errors. |
| 379 cert_store_->RetrieveCert(ssl.cert_id, &cert) && | 379 if (security_info.cert_id && |
| 380 (!net::IsCertStatusError(ssl.cert_status) || | 380 cert_store_->RetrieveCert(security_info.cert_id, &cert) && |
| 381 net::IsCertStatusMinorError(ssl.cert_status))) { | 381 (!net::IsCertStatusError(security_info.cert_status) || |
| 382 net::IsCertStatusMinorError(security_info.cert_status))) { | |
| 382 // There are no major errors. Check for minor errors. | 383 // There are no major errors. Check for minor errors. |
| 383 #if defined(OS_CHROMEOS) | 384 if (security_info.security_level == |
| 384 policy::PolicyCertService* service = | 385 SecurityStateModel::SECURITY_POLICY_WARNING) { |
| 385 policy::PolicyCertServiceFactory::GetForProfile(profile_); | |
| 386 const bool used_policy_certs = service && service->UsedPolicyCertificates(); | |
| 387 #else | |
| 388 const bool used_policy_certs = false; | |
| 389 #endif | |
| 390 if (used_policy_certs) { | |
| 391 site_identity_status_ = SITE_IDENTITY_STATUS_ADMIN_PROVIDED_CERT; | 386 site_identity_status_ = SITE_IDENTITY_STATUS_ADMIN_PROVIDED_CERT; |
| 392 site_identity_details_ = l10n_util::GetStringFUTF16( | 387 site_identity_details_ = l10n_util::GetStringFUTF16( |
| 393 IDS_CERT_POLICY_PROVIDED_CERT_MESSAGE, UTF8ToUTF16(url.host())); | 388 IDS_CERT_POLICY_PROVIDED_CERT_MESSAGE, UTF8ToUTF16(url.host())); |
| 394 } else if (net::IsCertStatusMinorError(ssl.cert_status)) { | 389 } else if (net::IsCertStatusMinorError(security_info.cert_status)) { |
| 395 site_identity_status_ = SITE_IDENTITY_STATUS_CERT_REVOCATION_UNKNOWN; | 390 site_identity_status_ = SITE_IDENTITY_STATUS_CERT_REVOCATION_UNKNOWN; |
| 396 base::string16 issuer_name(UTF8ToUTF16(cert->issuer().GetDisplayName())); | 391 base::string16 issuer_name(UTF8ToUTF16(cert->issuer().GetDisplayName())); |
| 397 if (issuer_name.empty()) { | 392 if (issuer_name.empty()) { |
| 398 issuer_name.assign(l10n_util::GetStringUTF16( | 393 issuer_name.assign(l10n_util::GetStringUTF16( |
| 399 IDS_PAGE_INFO_SECURITY_TAB_UNKNOWN_PARTY)); | 394 IDS_PAGE_INFO_SECURITY_TAB_UNKNOWN_PARTY)); |
| 400 } | 395 } |
| 401 | 396 |
| 402 site_identity_details_.assign(l10n_util::GetStringFUTF16( | 397 site_identity_details_.assign(l10n_util::GetStringFUTF16( |
| 403 GetSiteIdentityDetailsMessageByCTInfo( | 398 GetSiteIdentityDetailsMessageByCTInfo( |
| 404 ssl.signed_certificate_timestamp_ids, false /* not EV */), | 399 security_info.sct_verify_statuses, false /* not EV */), |
| 405 issuer_name)); | 400 issuer_name)); |
| 406 | 401 |
| 407 site_identity_details_ += ASCIIToUTF16("\n\n"); | 402 site_identity_details_ += ASCIIToUTF16("\n\n"); |
| 408 if (ssl.cert_status & net::CERT_STATUS_UNABLE_TO_CHECK_REVOCATION) { | 403 if (security_info.cert_status & |
| 404 net::CERT_STATUS_UNABLE_TO_CHECK_REVOCATION) { | |
| 409 site_identity_details_ += l10n_util::GetStringUTF16( | 405 site_identity_details_ += l10n_util::GetStringUTF16( |
| 410 IDS_PAGE_INFO_SECURITY_TAB_UNABLE_TO_CHECK_REVOCATION); | 406 IDS_PAGE_INFO_SECURITY_TAB_UNABLE_TO_CHECK_REVOCATION); |
| 411 } else if (ssl.cert_status & net::CERT_STATUS_NO_REVOCATION_MECHANISM) { | 407 } else if (security_info.cert_status & |
| 408 net::CERT_STATUS_NO_REVOCATION_MECHANISM) { | |
| 412 site_identity_details_ += l10n_util::GetStringUTF16( | 409 site_identity_details_ += l10n_util::GetStringUTF16( |
| 413 IDS_PAGE_INFO_SECURITY_TAB_NO_REVOCATION_MECHANISM); | 410 IDS_PAGE_INFO_SECURITY_TAB_NO_REVOCATION_MECHANISM); |
| 414 } else { | 411 } else { |
| 415 NOTREACHED() << "Need to specify string for this warning"; | 412 NOTREACHED() << "Need to specify string for this warning"; |
| 416 } | 413 } |
| 417 } else { | 414 } else { |
| 418 if (ssl.cert_status & net::CERT_STATUS_IS_EV) { | 415 if (security_info.cert_status & net::CERT_STATUS_IS_EV) { |
| 419 // EV HTTPS page. | 416 // EV HTTPS page. |
| 420 site_identity_status_ = GetSiteIdentityStatusByCTInfo( | 417 site_identity_status_ = GetSiteIdentityStatusByCTInfo( |
| 421 ssl.signed_certificate_timestamp_ids, true); | 418 security_info.sct_verify_statuses, true); |
| 422 DCHECK(!cert->subject().organization_names.empty()); | 419 DCHECK(!cert->subject().organization_names.empty()); |
| 423 organization_name_ = UTF8ToUTF16(cert->subject().organization_names[0]); | 420 organization_name_ = UTF8ToUTF16(cert->subject().organization_names[0]); |
| 424 // An EV Cert is required to have a city (localityName) and country but | 421 // An EV Cert is required to have a city (localityName) and country but |
| 425 // state is "if any". | 422 // state is "if any". |
| 426 DCHECK(!cert->subject().locality_name.empty()); | 423 DCHECK(!cert->subject().locality_name.empty()); |
| 427 DCHECK(!cert->subject().country_name.empty()); | 424 DCHECK(!cert->subject().country_name.empty()); |
| 428 base::string16 locality; | 425 base::string16 locality; |
| 429 if (!cert->subject().state_or_province_name.empty()) { | 426 if (!cert->subject().state_or_province_name.empty()) { |
| 430 locality = l10n_util::GetStringFUTF16( | 427 locality = l10n_util::GetStringFUTF16( |
| 431 IDS_PAGEINFO_ADDRESS, | 428 IDS_PAGEINFO_ADDRESS, |
| 432 UTF8ToUTF16(cert->subject().locality_name), | 429 UTF8ToUTF16(cert->subject().locality_name), |
| 433 UTF8ToUTF16(cert->subject().state_or_province_name), | 430 UTF8ToUTF16(cert->subject().state_or_province_name), |
| 434 UTF8ToUTF16(cert->subject().country_name)); | 431 UTF8ToUTF16(cert->subject().country_name)); |
| 435 } else { | 432 } else { |
| 436 locality = l10n_util::GetStringFUTF16( | 433 locality = l10n_util::GetStringFUTF16( |
| 437 IDS_PAGEINFO_PARTIAL_ADDRESS, | 434 IDS_PAGEINFO_PARTIAL_ADDRESS, |
| 438 UTF8ToUTF16(cert->subject().locality_name), | 435 UTF8ToUTF16(cert->subject().locality_name), |
| 439 UTF8ToUTF16(cert->subject().country_name)); | 436 UTF8ToUTF16(cert->subject().country_name)); |
| 440 } | 437 } |
| 441 DCHECK(!cert->subject().organization_names.empty()); | 438 DCHECK(!cert->subject().organization_names.empty()); |
| 442 site_identity_details_.assign(l10n_util::GetStringFUTF16( | 439 site_identity_details_.assign(l10n_util::GetStringFUTF16( |
| 443 GetSiteIdentityDetailsMessageByCTInfo( | 440 GetSiteIdentityDetailsMessageByCTInfo( |
| 444 ssl.signed_certificate_timestamp_ids, true /* is EV */), | 441 security_info.sct_verify_statuses, true /* is EV */), |
| 445 UTF8ToUTF16(cert->subject().organization_names[0]), | 442 UTF8ToUTF16(cert->subject().organization_names[0]), locality, |
| 446 locality, | |
| 447 UTF8ToUTF16(cert->issuer().GetDisplayName()))); | 443 UTF8ToUTF16(cert->issuer().GetDisplayName()))); |
| 448 } else { | 444 } else { |
| 449 // Non-EV OK HTTPS page. | 445 // Non-EV OK HTTPS page. |
| 450 site_identity_status_ = GetSiteIdentityStatusByCTInfo( | 446 site_identity_status_ = GetSiteIdentityStatusByCTInfo( |
| 451 ssl.signed_certificate_timestamp_ids, false); | 447 security_info.sct_verify_statuses, false); |
| 452 base::string16 issuer_name( | 448 base::string16 issuer_name( |
| 453 UTF8ToUTF16(cert->issuer().GetDisplayName())); | 449 UTF8ToUTF16(cert->issuer().GetDisplayName())); |
| 454 if (issuer_name.empty()) { | 450 if (issuer_name.empty()) { |
| 455 issuer_name.assign(l10n_util::GetStringUTF16( | 451 issuer_name.assign(l10n_util::GetStringUTF16( |
| 456 IDS_PAGE_INFO_SECURITY_TAB_UNKNOWN_PARTY)); | 452 IDS_PAGE_INFO_SECURITY_TAB_UNKNOWN_PARTY)); |
| 457 } | 453 } |
| 458 | 454 |
| 459 site_identity_details_.assign(l10n_util::GetStringFUTF16( | 455 site_identity_details_.assign(l10n_util::GetStringFUTF16( |
| 460 GetSiteIdentityDetailsMessageByCTInfo( | 456 GetSiteIdentityDetailsMessageByCTInfo( |
| 461 ssl.signed_certificate_timestamp_ids, false /* not EV */), | 457 security_info.sct_verify_statuses, false /* not EV */), |
| 462 issuer_name)); | 458 issuer_name)); |
| 463 } | 459 } |
| 464 // The date after which no new SHA-1 certificates may be issued. | 460 if (security_info.sha1_deprecation_status != |
| 465 // 2016-01-01 00:00:00 UTC | 461 SecurityStateModel::NO_DEPRECATED_SHA1) { |
| 466 static const int64_t kSHA1LastIssuanceDate = INT64_C(13096080000000000); | |
| 467 if ((ssl.cert_status & net::CERT_STATUS_SHA1_SIGNATURE_PRESENT) && | |
| 468 cert->valid_expiry() > | |
| 469 base::Time::FromInternalValue(kSHA1LastIssuanceDate)) { | |
| 470 site_identity_status_ = | 462 site_identity_status_ = |
| 471 SITE_IDENTITY_STATUS_DEPRECATED_SIGNATURE_ALGORITHM; | 463 SITE_IDENTITY_STATUS_DEPRECATED_SIGNATURE_ALGORITHM; |
| 472 site_identity_details_ += | 464 site_identity_details_ += |
| 473 UTF8ToUTF16("\n\n") + | 465 UTF8ToUTF16("\n\n") + |
| 474 l10n_util::GetStringUTF16( | 466 l10n_util::GetStringUTF16( |
| 475 IDS_PAGE_INFO_SECURITY_TAB_DEPRECATED_SIGNATURE_ALGORITHM); | 467 IDS_PAGE_INFO_SECURITY_TAB_DEPRECATED_SIGNATURE_ALGORITHM); |
| 476 } | 468 } |
| 477 } | 469 } |
| 478 } else { | 470 } else { |
| 479 // HTTP or HTTPS with errors (not warnings). | 471 // HTTP or HTTPS with errors (not warnings). |
| 480 site_identity_details_.assign(l10n_util::GetStringUTF16( | 472 site_identity_details_.assign(l10n_util::GetStringUTF16( |
| 481 IDS_PAGE_INFO_SECURITY_TAB_INSECURE_IDENTITY)); | 473 IDS_PAGE_INFO_SECURITY_TAB_INSECURE_IDENTITY)); |
| 482 if (ssl.security_style == content::SECURITY_STYLE_UNAUTHENTICATED) | 474 if (!security_info.scheme_is_cryptographic || !security_info.cert_id) |
| 483 site_identity_status_ = SITE_IDENTITY_STATUS_NO_CERT; | 475 site_identity_status_ = SITE_IDENTITY_STATUS_NO_CERT; |
| 484 else | 476 else |
| 485 site_identity_status_ = SITE_IDENTITY_STATUS_ERROR; | 477 site_identity_status_ = SITE_IDENTITY_STATUS_ERROR; |
| 486 | 478 |
| 487 const base::string16 bullet = UTF8ToUTF16("\n • "); | 479 const base::string16 bullet = UTF8ToUTF16("\n • "); |
| 488 std::vector<SSLErrorInfo> errors; | 480 std::vector<SSLErrorInfo> errors; |
| 489 SSLErrorInfo::GetErrorsForCertStatus(ssl.cert_id, ssl.cert_status, | 481 SSLErrorInfo::GetErrorsForCertStatus( |
| 490 url, &errors); | 482 security_info.cert_id, security_info.cert_status, url, &errors); |
| 491 for (size_t i = 0; i < errors.size(); ++i) { | 483 for (size_t i = 0; i < errors.size(); ++i) { |
| 492 site_identity_details_ += bullet; | 484 site_identity_details_ += bullet; |
| 493 site_identity_details_ += errors[i].short_description(); | 485 site_identity_details_ += errors[i].short_description(); |
| 494 } | 486 } |
| 495 | 487 |
| 496 if (ssl.cert_status & net::CERT_STATUS_NON_UNIQUE_NAME) { | 488 if (security_info.cert_status & net::CERT_STATUS_NON_UNIQUE_NAME) { |
| 497 site_identity_details_ += ASCIIToUTF16("\n\n"); | 489 site_identity_details_ += ASCIIToUTF16("\n\n"); |
| 498 site_identity_details_ += l10n_util::GetStringUTF16( | 490 site_identity_details_ += l10n_util::GetStringUTF16( |
| 499 IDS_PAGE_INFO_SECURITY_TAB_NON_UNIQUE_NAME); | 491 IDS_PAGE_INFO_SECURITY_TAB_NON_UNIQUE_NAME); |
| 500 } | 492 } |
| 501 } | 493 } |
| 502 | 494 |
| 503 // Site Connection | 495 // Site Connection |
| 504 // We consider anything less than 80 bits encryption to be weak encryption. | 496 // We consider anything less than 80 bits encryption to be weak encryption. |
| 505 // TODO(wtc): Bug 1198735: report mixed/unsafe content for unencrypted and | 497 // TODO(wtc): Bug 1198735: report mixed/unsafe content for unencrypted and |
| 506 // weakly encrypted connections. | 498 // weakly encrypted connections. |
| 507 site_connection_status_ = SITE_CONNECTION_STATUS_UNKNOWN; | 499 site_connection_status_ = SITE_CONNECTION_STATUS_UNKNOWN; |
| 508 | 500 |
| 509 base::string16 subject_name(GetSimpleSiteName(url, profile_)); | 501 base::string16 subject_name(GetSimpleSiteName(url, profile_)); |
| 510 if (subject_name.empty()) { | 502 if (subject_name.empty()) { |
| 511 subject_name.assign( | 503 subject_name.assign( |
| 512 l10n_util::GetStringUTF16(IDS_PAGE_INFO_SECURITY_TAB_UNKNOWN_PARTY)); | 504 l10n_util::GetStringUTF16(IDS_PAGE_INFO_SECURITY_TAB_UNKNOWN_PARTY)); |
| 513 } | 505 } |
| 514 | 506 |
| 515 if (ssl.security_style == content::SECURITY_STYLE_UNKNOWN) { | 507 if (!security_info.cert_id || !security_info.scheme_is_cryptographic) { |
| 516 // Page is still loading, so SSL status is not yet available. Say nothing. | 508 // Page is still loading (so SSL status is not yet available) or |
| 517 DCHECK_EQ(ssl.security_bits, -1); | 509 // loaded over HTTP or loaded over HTTPS with no cert. |
| 518 site_connection_status_ = SITE_CONNECTION_STATUS_UNENCRYPTED; | 510 site_connection_status_ = SITE_CONNECTION_STATUS_UNENCRYPTED; |
| 519 | 511 |
| 520 site_connection_details_.assign(l10n_util::GetStringFUTF16( | 512 site_connection_details_.assign(l10n_util::GetStringFUTF16( |
| 521 IDS_PAGE_INFO_SECURITY_TAB_NOT_ENCRYPTED_CONNECTION_TEXT, | 513 IDS_PAGE_INFO_SECURITY_TAB_NOT_ENCRYPTED_CONNECTION_TEXT, |
| 522 subject_name)); | 514 subject_name)); |
| 523 } else if (ssl.security_style == content::SECURITY_STYLE_UNAUTHENTICATED) { | 515 } else if (security_info.security_bits < 0) { |
| 524 // HTTPS without a certificate, or not HTTPS. | |
| 525 DCHECK(!ssl.cert_id); | |
| 526 site_connection_status_ = SITE_CONNECTION_STATUS_UNENCRYPTED; | |
| 527 | |
| 528 site_connection_details_.assign(l10n_util::GetStringFUTF16( | |
| 529 IDS_PAGE_INFO_SECURITY_TAB_NOT_ENCRYPTED_CONNECTION_TEXT, | |
| 530 subject_name)); | |
| 531 } else if (ssl.security_bits < 0) { | |
| 532 // Security strength is unknown. Say nothing. | 516 // Security strength is unknown. Say nothing. |
| 533 site_connection_status_ = SITE_CONNECTION_STATUS_ENCRYPTED_ERROR; | 517 site_connection_status_ = SITE_CONNECTION_STATUS_ENCRYPTED_ERROR; |
| 534 } else if (ssl.security_bits == 0) { | 518 } else if (security_info.security_bits == 0) { |
| 535 DCHECK_NE(ssl.security_style, content::SECURITY_STYLE_UNAUTHENTICATED); | 519 DCHECK_NE(security_info.security_level, SecurityStateModel::NONE); |
| 536 site_connection_status_ = SITE_CONNECTION_STATUS_ENCRYPTED_ERROR; | 520 site_connection_status_ = SITE_CONNECTION_STATUS_ENCRYPTED_ERROR; |
| 537 site_connection_details_.assign(l10n_util::GetStringFUTF16( | 521 site_connection_details_.assign(l10n_util::GetStringFUTF16( |
| 538 IDS_PAGE_INFO_SECURITY_TAB_NOT_ENCRYPTED_CONNECTION_TEXT, | 522 IDS_PAGE_INFO_SECURITY_TAB_NOT_ENCRYPTED_CONNECTION_TEXT, |
| 539 subject_name)); | 523 subject_name)); |
| 540 } else { | 524 } else { |
| 541 site_connection_status_ = SITE_CONNECTION_STATUS_ENCRYPTED; | 525 site_connection_status_ = SITE_CONNECTION_STATUS_ENCRYPTED; |
| 542 | 526 |
| 543 if (net::SSLConnectionStatusToVersion(ssl.connection_status) >= | 527 if (net::SSLConnectionStatusToVersion(security_info.connection_status) >= |
| 544 net::SSL_CONNECTION_VERSION_TLS1_2 && | 528 net::SSL_CONNECTION_VERSION_TLS1_2 && |
| 545 net::IsSecureTLSCipherSuite( | 529 net::IsSecureTLSCipherSuite(net::SSLConnectionStatusToCipherSuite( |
| 546 net::SSLConnectionStatusToCipherSuite(ssl.connection_status))) { | 530 security_info.connection_status))) { |
| 547 site_connection_details_.assign(l10n_util::GetStringFUTF16( | 531 site_connection_details_.assign(l10n_util::GetStringFUTF16( |
| 548 IDS_PAGE_INFO_SECURITY_TAB_ENCRYPTED_CONNECTION_TEXT, | 532 IDS_PAGE_INFO_SECURITY_TAB_ENCRYPTED_CONNECTION_TEXT, |
| 549 subject_name)); | 533 subject_name)); |
| 550 } else { | 534 } else { |
| 551 site_connection_details_.assign(l10n_util::GetStringFUTF16( | 535 site_connection_details_.assign(l10n_util::GetStringFUTF16( |
| 552 IDS_PAGE_INFO_SECURITY_TAB_WEAK_ENCRYPTION_CONNECTION_TEXT, | 536 IDS_PAGE_INFO_SECURITY_TAB_WEAK_ENCRYPTION_CONNECTION_TEXT, |
| 553 subject_name)); | 537 subject_name)); |
| 554 } | 538 } |
| 555 | 539 |
| 556 if (ssl.content_status) { | 540 if (security_info.mixed_content_status != |
| 557 bool ran_insecure_content = | 541 SecurityStateModel::NO_MIXED_CONTENT) { |
| 558 !!(ssl.content_status & content::SSLStatus::RAN_INSECURE_CONTENT); | 542 bool ran_insecure_content = security_info.mixed_content_status != |
| 543 SecurityStateModel::DISPLAYED_MIXED_CONTENT; | |
|
palmer
2015/09/17 20:23:01
Nit: Re-phrase this for clarity as discussed in pe
estark
2015/09/18 00:26:33
Done.
| |
| 559 site_connection_status_ = ran_insecure_content | 544 site_connection_status_ = ran_insecure_content |
| 560 ? SITE_CONNECTION_STATUS_MIXED_SCRIPT | 545 ? SITE_CONNECTION_STATUS_MIXED_SCRIPT |
| 561 : SITE_CONNECTION_STATUS_MIXED_CONTENT; | 546 : SITE_CONNECTION_STATUS_MIXED_CONTENT; |
| 562 site_connection_details_.assign(l10n_util::GetStringFUTF16( | 547 site_connection_details_.assign(l10n_util::GetStringFUTF16( |
| 563 IDS_PAGE_INFO_SECURITY_TAB_ENCRYPTED_SENTENCE_LINK, | 548 IDS_PAGE_INFO_SECURITY_TAB_ENCRYPTED_SENTENCE_LINK, |
| 564 site_connection_details_, | 549 site_connection_details_, |
| 565 l10n_util::GetStringUTF16(ran_insecure_content ? | 550 l10n_util::GetStringUTF16(ran_insecure_content ? |
| 566 IDS_PAGE_INFO_SECURITY_TAB_ENCRYPTED_INSECURE_CONTENT_ERROR : | 551 IDS_PAGE_INFO_SECURITY_TAB_ENCRYPTED_INSECURE_CONTENT_ERROR : |
| 567 IDS_PAGE_INFO_SECURITY_TAB_ENCRYPTED_INSECURE_CONTENT_WARNING))); | 552 IDS_PAGE_INFO_SECURITY_TAB_ENCRYPTED_INSECURE_CONTENT_WARNING))); |
| 568 } | 553 } |
| 569 } | 554 } |
| 570 | 555 |
| 571 uint16 cipher_suite = | 556 uint16 cipher_suite = |
| 572 net::SSLConnectionStatusToCipherSuite(ssl.connection_status); | 557 net::SSLConnectionStatusToCipherSuite(security_info.connection_status); |
| 573 if (ssl.security_bits > 0 && cipher_suite) { | 558 if (security_info.security_bits > 0 && cipher_suite) { |
| 574 int ssl_version = | 559 int ssl_version = |
| 575 net::SSLConnectionStatusToVersion(ssl.connection_status); | 560 net::SSLConnectionStatusToVersion(security_info.connection_status); |
| 576 const char* ssl_version_str; | 561 const char* ssl_version_str; |
| 577 net::SSLVersionToString(&ssl_version_str, ssl_version); | 562 net::SSLVersionToString(&ssl_version_str, ssl_version); |
| 578 site_connection_details_ += ASCIIToUTF16("\n\n"); | 563 site_connection_details_ += ASCIIToUTF16("\n\n"); |
| 579 site_connection_details_ += l10n_util::GetStringFUTF16( | 564 site_connection_details_ += l10n_util::GetStringFUTF16( |
| 580 IDS_PAGE_INFO_SECURITY_TAB_SSL_VERSION, | 565 IDS_PAGE_INFO_SECURITY_TAB_SSL_VERSION, |
| 581 ASCIIToUTF16(ssl_version_str)); | 566 ASCIIToUTF16(ssl_version_str)); |
| 582 | 567 |
| 583 bool no_renegotiation = | 568 bool no_renegotiation = |
| 584 (ssl.connection_status & | 569 (security_info.connection_status & |
| 585 net::SSL_CONNECTION_NO_RENEGOTIATION_EXTENSION) != 0; | 570 net::SSL_CONNECTION_NO_RENEGOTIATION_EXTENSION) != 0; |
| 586 const char *key_exchange, *cipher, *mac; | 571 const char *key_exchange, *cipher, *mac; |
| 587 bool is_aead; | 572 bool is_aead; |
| 588 net::SSLCipherSuiteToStrings( | 573 net::SSLCipherSuiteToStrings( |
| 589 &key_exchange, &cipher, &mac, &is_aead, cipher_suite); | 574 &key_exchange, &cipher, &mac, &is_aead, cipher_suite); |
| 590 | 575 |
| 591 site_connection_details_ += ASCIIToUTF16("\n\n"); | 576 site_connection_details_ += ASCIIToUTF16("\n\n"); |
| 592 if (is_aead) { | 577 if (is_aead) { |
| 593 site_connection_details_ += l10n_util::GetStringFUTF16( | 578 site_connection_details_ += l10n_util::GetStringFUTF16( |
| 594 IDS_PAGE_INFO_SECURITY_TAB_ENCRYPTION_DETAILS_AEAD, | 579 IDS_PAGE_INFO_SECURITY_TAB_ENCRYPTION_DETAILS_AEAD, |
| 595 ASCIIToUTF16(cipher), ASCIIToUTF16(key_exchange)); | 580 ASCIIToUTF16(cipher), ASCIIToUTF16(key_exchange)); |
| 596 } else { | 581 } else { |
| 597 site_connection_details_ += l10n_util::GetStringFUTF16( | 582 site_connection_details_ += l10n_util::GetStringFUTF16( |
| 598 IDS_PAGE_INFO_SECURITY_TAB_ENCRYPTION_DETAILS, | 583 IDS_PAGE_INFO_SECURITY_TAB_ENCRYPTION_DETAILS, |
| 599 ASCIIToUTF16(cipher), ASCIIToUTF16(mac), ASCIIToUTF16(key_exchange)); | 584 ASCIIToUTF16(cipher), ASCIIToUTF16(mac), ASCIIToUTF16(key_exchange)); |
| 600 } | 585 } |
| 601 | 586 |
| 602 if (ssl_version == net::SSL_CONNECTION_VERSION_SSL3 && | 587 if (ssl_version == net::SSL_CONNECTION_VERSION_SSL3 && |
| 603 site_connection_status_ < SITE_CONNECTION_STATUS_MIXED_CONTENT) { | 588 site_connection_status_ < SITE_CONNECTION_STATUS_MIXED_CONTENT) { |
| 604 site_connection_status_ = SITE_CONNECTION_STATUS_ENCRYPTED_ERROR; | 589 site_connection_status_ = SITE_CONNECTION_STATUS_ENCRYPTED_ERROR; |
| 605 } | 590 } |
| 606 | 591 |
| 607 const bool did_fallback = | 592 const bool did_fallback = (security_info.connection_status & |
| 608 (ssl.connection_status & net::SSL_CONNECTION_VERSION_FALLBACK) != 0; | 593 net::SSL_CONNECTION_VERSION_FALLBACK) != 0; |
| 609 if (did_fallback) { | 594 if (did_fallback) { |
| 610 site_connection_details_ += ASCIIToUTF16("\n\n"); | 595 site_connection_details_ += ASCIIToUTF16("\n\n"); |
| 611 site_connection_details_ += l10n_util::GetStringUTF16( | 596 site_connection_details_ += l10n_util::GetStringUTF16( |
| 612 IDS_PAGE_INFO_SECURITY_TAB_FALLBACK_MESSAGE); | 597 IDS_PAGE_INFO_SECURITY_TAB_FALLBACK_MESSAGE); |
| 613 } | 598 } |
| 614 | 599 |
| 615 if (no_renegotiation) { | 600 if (no_renegotiation) { |
| 616 site_connection_details_ += ASCIIToUTF16("\n\n"); | 601 site_connection_details_ += ASCIIToUTF16("\n\n"); |
| 617 site_connection_details_ += l10n_util::GetStringUTF16( | 602 site_connection_details_ += l10n_util::GetStringUTF16( |
| 618 IDS_PAGE_INFO_SECURITY_TAB_RENEGOTIATION_MESSAGE); | 603 IDS_PAGE_INFO_SECURITY_TAB_RENEGOTIATION_MESSAGE); |
| (...skipping 112 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... | |
| 731 info.connection_status = site_connection_status_; | 716 info.connection_status = site_connection_status_; |
| 732 info.connection_status_description = | 717 info.connection_status_description = |
| 733 UTF16ToUTF8(site_connection_details_); | 718 UTF16ToUTF8(site_connection_details_); |
| 734 info.identity_status = site_identity_status_; | 719 info.identity_status = site_identity_status_; |
| 735 info.identity_status_description = | 720 info.identity_status_description = |
| 736 UTF16ToUTF8(site_identity_details_); | 721 UTF16ToUTF8(site_identity_details_); |
| 737 info.cert_id = cert_id_; | 722 info.cert_id = cert_id_; |
| 738 info.show_ssl_decision_revoke_button = show_ssl_decision_revoke_button_; | 723 info.show_ssl_decision_revoke_button = show_ssl_decision_revoke_button_; |
| 739 ui_->SetIdentityInfo(info); | 724 ui_->SetIdentityInfo(info); |
| 740 } | 725 } |
| OLD | NEW |
