OLD | NEW |
(Empty) | |
| 1 // Copyright 2015 The Chromium Authors. All rights reserved. |
| 2 // Use of this source code is governed by a BSD-style license that can be |
| 3 // found in the LICENSE file. |
| 4 |
| 5 #ifndef CHROME_BROWSER_SSL_CONNECTION_SECURITY_H_ |
| 6 #define CHROME_BROWSER_SSL_CONNECTION_SECURITY_H_ |
| 7 |
| 8 #include "base/macros.h" |
| 9 #include "content/public/common/security_style.h" |
| 10 #include "net/cert/cert_status_flags.h" |
| 11 |
| 12 namespace content { |
| 13 class WebContents; |
| 14 } // namespace content |
| 15 |
| 16 // This namespace contains functions responsible for computing the |
| 17 // connection security status of a page. |
| 18 namespace connection_security { |
| 19 |
| 20 // These security styles describe the treatment given to pages that |
| 21 // display and run mixed content. They are used to coordinate the |
| 22 // treatment of mixed content with other security UI elements. |
| 23 const content::SecurityStyle kDisplayedInsecureContentStyle = |
| 24 content::SECURITY_STYLE_UNAUTHENTICATED; |
| 25 const content::SecurityStyle kRanInsecureContentStyle = |
| 26 content::SECURITY_STYLE_AUTHENTICATION_BROKEN; |
| 27 |
| 28 // TODO(wtc): unify this enum with SecurityStyle. We |
| 29 // don't need two sets of security UI levels. SECURITY_STYLE_AUTHENTICATED |
| 30 // needs to be refined into three levels: warning, standard, and EV. |
| 31 // See crbug.com/425728 |
| 32 // |
| 33 // If you reorder, add, or delete values from this enum, you must also |
| 34 // update the UI icons in ToolbarModelImpl::GetIconForSecurityLevel. |
| 35 // |
| 36 // A Java counterpart will be generated for this enum. |
| 37 // GENERATED_JAVA_ENUM_PACKAGE: org.chromium.chrome.browser.ssl |
| 38 // GENERATED_JAVA_CLASS_NAME_OVERRIDE: ConnectionSecurityLevel |
| 39 enum SecurityLevel { |
| 40 // HTTP/no URL |
| 41 NONE, |
| 42 |
| 43 // HTTPS with valid EV cert |
| 44 EV_SECURE, |
| 45 |
| 46 // HTTPS (non-EV) |
| 47 SECURE, |
| 48 |
| 49 // HTTPS, but unable to check certificate revocation status or with insecure |
| 50 // content on the page |
| 51 SECURITY_WARNING, |
| 52 |
| 53 // HTTPS, but the certificate verification chain is anchored on a |
| 54 // certificate that was installed by the system administrator |
| 55 SECURITY_POLICY_WARNING, |
| 56 |
| 57 // Attempted HTTPS and failed, page not authenticated |
| 58 SECURITY_ERROR, |
| 59 }; |
| 60 |
| 61 // Describes how the SHA1 deprecation policy applies to an HTTPS |
| 62 // connection. |
| 63 enum SHA1DeprecationStatus { |
| 64 // No SHA1 deprecation policy applies. |
| 65 NO_DEPRECATED_SHA1, |
| 66 // The connection used a certificate with a SHA1 signature in the |
| 67 // chain, and policy says that the connection should be treated as |
| 68 // broken HTTPS. |
| 69 DEPRECATED_SHA1_BROKEN, |
| 70 // The connection used a certificate with a SHA1 signature in the |
| 71 // chain, and policy says that the connection should be treated with a |
| 72 // warning. |
| 73 DEPRECATED_SHA1_WARNING, |
| 74 }; |
| 75 |
| 76 // Describes the type of mixed content (if any) that a site |
| 77 // displayed/ran. |
| 78 enum MixedContentStatus { |
| 79 NO_MIXED_CONTENT, |
| 80 // The site displayed nonsecure resources (passive mixed content). |
| 81 DISPLAYED_MIXED_CONTENT, |
| 82 // The site ran nonsecure resources (active mixed content). |
| 83 RAN_MIXED_CONTENT, |
| 84 // The site both ran and displayed nonsecure resources. |
| 85 RAN_AND_DISPLAYED_MIXED_CONTENT, |
| 86 }; |
| 87 |
| 88 // Contains information about a page's security status, including a |
| 89 // SecurityStyle and the information that was used to decide which |
| 90 // SecurityStyle to assign. |
| 91 struct SecurityInfo { |
| 92 content::SecurityStyle security_style; |
| 93 SHA1DeprecationStatus sha1_deprecation_status; |
| 94 MixedContentStatus mixed_content_status; |
| 95 net::CertStatus cert_status; |
| 96 int cert_id; |
| 97 bool scheme_is_cryptographic; |
| 98 }; |
| 99 |
| 100 // Returns a security level describing the overall security state of |
| 101 // the given |WebContents|. |
| 102 SecurityLevel GetSecurityLevelForWebContents( |
| 103 const content::WebContents* web_contents); |
| 104 |
| 105 // Populates |security_info| with information describing the given |
| 106 // |web_contents|, including a content::SecurityStyle value and security |
| 107 // properties that caused that value to be chosen. |
| 108 // |
| 109 // Note: This is a lossy operation. Not all of the policies |
| 110 // that can be expressed by a SecurityLevel (a //chrome concept) can |
| 111 // be expressed by a content::SecurityStyle. |
| 112 // In general, code in //chrome should prefer to use |
| 113 // GetSecurityLevelForWebContents() to determine security policy, and |
| 114 // only use this function when policy needs to be supplied back to |
| 115 // layers in //content. |
| 116 void GetSecurityInfoForWebContents(const content::WebContents* web_contents, |
| 117 SecurityInfo* security_info); |
| 118 |
| 119 } // namespace connection_security |
| 120 |
| 121 #endif // CHROME_BROWSER_SSL_CONNECTION_SECURITY_H_ |
OLD | NEW |