OLD | NEW |
(Empty) | |
| 1 // Copyright 2015 The Chromium Authors. All rights reserved. |
| 2 // Use of this source code is governed by a BSD-style license that can be |
| 3 // found in the LICENSE file. |
| 4 |
| 5 #include "chrome/browser/ssl/connection_security.h" |
| 6 |
| 7 #include "base/command_line.h" |
| 8 #include "base/metrics/field_trial.h" |
| 9 #include "base/metrics/histogram_macros.h" |
| 10 #include "base/prefs/pref_service.h" |
| 11 #include "chrome/browser/profiles/profile.h" |
| 12 #include "chrome/browser/ssl/ssl_error_info.h" |
| 13 #include "chrome/common/chrome_constants.h" |
| 14 #include "chrome/common/chrome_switches.h" |
| 15 #include "chrome/common/pref_names.h" |
| 16 #include "content/public/browser/cert_store.h" |
| 17 #include "content/public/browser/navigation_controller.h" |
| 18 #include "content/public/browser/navigation_entry.h" |
| 19 #include "content/public/browser/web_contents.h" |
| 20 #include "content/public/common/origin_util.h" |
| 21 #include "content/public/common/ssl_status.h" |
| 22 #include "net/base/net_util.h" |
| 23 #include "net/cert/cert_status_flags.h" |
| 24 #include "net/cert/x509_certificate.h" |
| 25 #include "net/ssl/ssl_connection_status_flags.h" |
| 26 |
| 27 #if defined(OS_CHROMEOS) |
| 28 #include "chrome/browser/chromeos/policy/policy_cert_service.h" |
| 29 #include "chrome/browser/chromeos/policy/policy_cert_service_factory.h" |
| 30 #endif |
| 31 |
| 32 namespace { |
| 33 |
| 34 connection_security::SecurityLevel GetSecurityLevelForNonSecureFieldTrial() { |
| 35 std::string choice = |
| 36 base::CommandLine::ForCurrentProcess()->GetSwitchValueASCII( |
| 37 switches::kMarkNonSecureAs); |
| 38 std::string group = base::FieldTrialList::FindFullName("MarkNonSecureAs"); |
| 39 |
| 40 // Do not change this enum. It is used in the histogram. |
| 41 enum MarkNonSecureStatus { NEUTRAL, DUBIOUS, NON_SECURE, LAST_STATUS }; |
| 42 const char kEnumeration[] = "MarkNonSecureAs"; |
| 43 |
| 44 connection_security::SecurityLevel level; |
| 45 MarkNonSecureStatus status; |
| 46 |
| 47 if (choice == switches::kMarkNonSecureAsNeutral) { |
| 48 status = NEUTRAL; |
| 49 level = connection_security::NONE; |
| 50 } else if (choice == switches::kMarkNonSecureAsNonSecure) { |
| 51 status = NON_SECURE; |
| 52 level = connection_security::SECURITY_ERROR; |
| 53 } else if (group == switches::kMarkNonSecureAsNeutral) { |
| 54 status = NEUTRAL; |
| 55 level = connection_security::NONE; |
| 56 } else if (group == switches::kMarkNonSecureAsNonSecure) { |
| 57 status = NON_SECURE; |
| 58 level = connection_security::SECURITY_ERROR; |
| 59 } else { |
| 60 status = NEUTRAL; |
| 61 level = connection_security::NONE; |
| 62 } |
| 63 |
| 64 UMA_HISTOGRAM_ENUMERATION(kEnumeration, status, LAST_STATUS); |
| 65 return level; |
| 66 } |
| 67 |
| 68 scoped_refptr<net::X509Certificate> GetCertForSSLStatus( |
| 69 const content::SSLStatus& ssl) { |
| 70 scoped_refptr<net::X509Certificate> cert; |
| 71 return content::CertStore::GetInstance()->RetrieveCert(ssl.cert_id, &cert) |
| 72 ? cert |
| 73 : nullptr; |
| 74 } |
| 75 |
| 76 connection_security::SHA1DeprecationStatus GetSHA1DeprecationStatus( |
| 77 scoped_refptr<net::X509Certificate> cert, |
| 78 const content::SSLStatus& ssl) { |
| 79 if (!cert || !(ssl.cert_status & net::CERT_STATUS_SHA1_SIGNATURE_PRESENT)) |
| 80 return connection_security::NO_DEPRECATED_SHA1; |
| 81 |
| 82 // The internal representation of the dates for UI treatment of SHA-1. |
| 83 // See http://crbug.com/401365 for details. |
| 84 static const int64_t kJanuary2017 = INT64_C(13127702400000000); |
| 85 if (cert->valid_expiry() >= base::Time::FromInternalValue(kJanuary2017)) |
| 86 return connection_security::DEPRECATED_SHA1_BROKEN; |
| 87 // kJanuary2016 needs to be kept in sync with |
| 88 // ToolbarModelAndroid::IsDeprecatedSHA1Present(). |
| 89 static const int64_t kJanuary2016 = INT64_C(13096080000000000); |
| 90 if (cert->valid_expiry() >= base::Time::FromInternalValue(kJanuary2016)) |
| 91 return connection_security::DEPRECATED_SHA1_WARNING; |
| 92 |
| 93 return connection_security::NO_DEPRECATED_SHA1; |
| 94 } |
| 95 |
| 96 connection_security::MixedContentStatus GetMixedContentStatus( |
| 97 const content::SSLStatus& ssl) { |
| 98 bool ran_insecure_content = false; |
| 99 bool displayed_insecure_content = false; |
| 100 if (ssl.content_status & content::SSLStatus::RAN_INSECURE_CONTENT) |
| 101 ran_insecure_content = true; |
| 102 if (ssl.content_status & content::SSLStatus::DISPLAYED_INSECURE_CONTENT) |
| 103 displayed_insecure_content = true; |
| 104 |
| 105 if (ran_insecure_content && displayed_insecure_content) |
| 106 return connection_security::RAN_AND_DISPLAYED_MIXED_CONTENT; |
| 107 if (ran_insecure_content) |
| 108 return connection_security::RAN_MIXED_CONTENT; |
| 109 if (displayed_insecure_content) |
| 110 return connection_security::DISPLAYED_MIXED_CONTENT; |
| 111 |
| 112 return connection_security::NO_MIXED_CONTENT; |
| 113 } |
| 114 |
| 115 } // namespace |
| 116 |
| 117 namespace connection_security { |
| 118 |
| 119 SecurityLevel GetSecurityLevelForWebContents( |
| 120 const content::WebContents* web_contents) { |
| 121 if (!web_contents) |
| 122 return NONE; |
| 123 |
| 124 content::NavigationEntry* entry = |
| 125 web_contents->GetController().GetVisibleEntry(); |
| 126 if (!entry) |
| 127 return NONE; |
| 128 |
| 129 const content::SSLStatus& ssl = entry->GetSSL(); |
| 130 switch (ssl.security_style) { |
| 131 case content::SECURITY_STYLE_UNKNOWN: |
| 132 return NONE; |
| 133 |
| 134 case content::SECURITY_STYLE_UNAUTHENTICATED: { |
| 135 const GURL& url = entry->GetURL(); |
| 136 if (!content::IsOriginSecure(url) && url.IsStandard()) |
| 137 return GetSecurityLevelForNonSecureFieldTrial(); |
| 138 return NONE; |
| 139 } |
| 140 |
| 141 case content::SECURITY_STYLE_AUTHENTICATION_BROKEN: |
| 142 return SECURITY_ERROR; |
| 143 |
| 144 case content::SECURITY_STYLE_AUTHENTICATED: { |
| 145 #if defined(OS_CHROMEOS) |
| 146 // Report if there is a policy cert first, before reporting any other |
| 147 // authenticated-but-with-errors cases. A policy cert is a strong |
| 148 // indicator of a MITM being present (the enterprise), while the |
| 149 // other authenticated-but-with-errors indicate something may |
| 150 // be wrong, or may be wrong in the future, but is unclear now. |
| 151 policy::PolicyCertService* service = |
| 152 policy::PolicyCertServiceFactory::GetForProfile( |
| 153 Profile::FromBrowserContext(web_contents->GetBrowserContext())); |
| 154 if (service && service->UsedPolicyCertificates()) |
| 155 return SECURITY_POLICY_WARNING; |
| 156 #endif |
| 157 |
| 158 scoped_refptr<net::X509Certificate> cert = GetCertForSSLStatus(ssl); |
| 159 SHA1DeprecationStatus sha1_status = GetSHA1DeprecationStatus(cert, ssl); |
| 160 if (sha1_status == DEPRECATED_SHA1_BROKEN) |
| 161 return SECURITY_ERROR; |
| 162 if (sha1_status == DEPRECATED_SHA1_WARNING) |
| 163 return NONE; |
| 164 |
| 165 MixedContentStatus mixed_content_status = GetMixedContentStatus(ssl); |
| 166 // Active mixed content is downgraded to the BROKEN style and |
| 167 // handled above. |
| 168 DCHECK_NE(RAN_MIXED_CONTENT, mixed_content_status); |
| 169 DCHECK_NE(RAN_AND_DISPLAYED_MIXED_CONTENT, mixed_content_status); |
| 170 // This should be kept in sync with |
| 171 // |kDisplayedInsecureContentStyle|. That is: the treatment |
| 172 // given to passive mixed content here should be expressed by |
| 173 // |kDisplayedInsecureContentStyle|, which is used to coordinate |
| 174 // the treatment of passive mixed content with other security UI |
| 175 // elements. |
| 176 if (mixed_content_status == DISPLAYED_MIXED_CONTENT) |
| 177 return NONE; |
| 178 |
| 179 if (net::IsCertStatusError(ssl.cert_status)) { |
| 180 DCHECK(net::IsCertStatusMinorError(ssl.cert_status)); |
| 181 return NONE; |
| 182 } |
| 183 if (net::SSLConnectionStatusToVersion(ssl.connection_status) == |
| 184 net::SSL_CONNECTION_VERSION_SSL3) { |
| 185 // SSLv3 will be removed in the future. |
| 186 return SECURITY_WARNING; |
| 187 } |
| 188 if ((ssl.cert_status & net::CERT_STATUS_IS_EV) && cert) |
| 189 return EV_SECURE; |
| 190 return SECURE; |
| 191 } |
| 192 |
| 193 default: |
| 194 NOTREACHED(); |
| 195 return NONE; |
| 196 } |
| 197 } |
| 198 |
| 199 void GetSecurityInfoForWebContents(const content::WebContents* web_contents, |
| 200 SecurityInfo* security_info) { |
| 201 content::NavigationEntry* entry = |
| 202 web_contents ? web_contents->GetController().GetVisibleEntry() : nullptr; |
| 203 if (!entry) { |
| 204 security_info->security_style = content::SECURITY_STYLE_UNKNOWN; |
| 205 return; |
| 206 } |
| 207 |
| 208 security_info->scheme_is_cryptographic = |
| 209 entry->GetURL().SchemeIsCryptographic(); |
| 210 |
| 211 SecurityLevel security_level = GetSecurityLevelForWebContents(web_contents); |
| 212 switch (security_level) { |
| 213 case SECURITY_WARNING: |
| 214 case NONE: |
| 215 security_info->security_style = content::SECURITY_STYLE_UNAUTHENTICATED; |
| 216 break; |
| 217 case EV_SECURE: |
| 218 case SECURE: |
| 219 security_info->security_style = content::SECURITY_STYLE_AUTHENTICATED; |
| 220 break; |
| 221 case SECURITY_POLICY_WARNING: |
| 222 security_info->security_style = content::SECURITY_STYLE_WARNING; |
| 223 break; |
| 224 case SECURITY_ERROR: |
| 225 security_info->security_style = |
| 226 content::SECURITY_STYLE_AUTHENTICATION_BROKEN; |
| 227 break; |
| 228 } |
| 229 |
| 230 const content::SSLStatus& ssl = entry->GetSSL(); |
| 231 scoped_refptr<net::X509Certificate> cert = GetCertForSSLStatus(ssl); |
| 232 security_info->sha1_deprecation_status = GetSHA1DeprecationStatus(cert, ssl); |
| 233 security_info->mixed_content_status = GetMixedContentStatus(ssl); |
| 234 security_info->cert_status = ssl.cert_status; |
| 235 security_info->cert_id = ssl.cert_id; |
| 236 } |
| 237 |
| 238 } // namespace connection_security |
OLD | NEW |