OLD | NEW |
| (Empty) |
1 // Copyright 2015 The Chromium Authors. All rights reserved. | |
2 // Use of this source code is governed by a BSD-style license that can be | |
3 // found in the LICENSE file. | |
4 | |
5 #ifndef CHROME_BROWSER_SSL_SECURITY_STATE_MODEL_H_ | |
6 #define CHROME_BROWSER_SSL_SECURITY_STATE_MODEL_H_ | |
7 | |
8 #include "base/macros.h" | |
9 #include "content/public/browser/web_contents_user_data.h" | |
10 #include "content/public/common/security_style.h" | |
11 #include "content/public/common/ssl_status.h" | |
12 #include "net/cert/cert_status_flags.h" | |
13 #include "net/cert/sct_status_flags.h" | |
14 #include "net/cert/x509_certificate.h" | |
15 | |
16 namespace content { | |
17 class WebContents; | |
18 } // namespace content | |
19 | |
20 class Profile; | |
21 | |
22 // SecurityStateModel provides high-level security information about a | |
23 // page or request. It is attached to a WebContents and will provide the | |
24 // security info for that WebContents. SecurityStateModel must be | |
25 // notified when its WebContents's security state changes, by calling | |
26 // SecurityStateModel::SecurityStateChanged(). | |
27 // | |
28 // SecurityStateModel::SecurityInfo is the main data structure computed | |
29 // by a SecurityStateModel. SecurityInfo contains a SecurityLevel (which | |
30 // is a single value describing the overall security state) along with | |
31 // information that a consumer might want to display in UI to explain or | |
32 // elaborate on the SecurityLevel. | |
33 class SecurityStateModel | |
34 : public content::WebContentsUserData<SecurityStateModel> { | |
35 public: | |
36 // Describes the overall security state of the page. | |
37 // | |
38 // If you reorder, add, or delete values from this enum, you must also | |
39 // update the UI icons in ToolbarModelImpl::GetIconForSecurityLevel. | |
40 // | |
41 // A Java counterpart will be generated for this enum. | |
42 // GENERATED_JAVA_ENUM_PACKAGE: org.chromium.chrome.browser.ssl | |
43 // GENERATED_JAVA_CLASS_NAME_OVERRIDE: ConnectionSecurityLevel | |
44 enum SecurityLevel { | |
45 // HTTP/no URL/HTTPS but with insecure passive content on the page | |
46 NONE, | |
47 | |
48 // HTTPS with valid EV cert | |
49 EV_SECURE, | |
50 | |
51 // HTTPS (non-EV) with valid cert | |
52 SECURE, | |
53 | |
54 // HTTPS, but unable to check certificate revocation status or with | |
55 // errors | |
56 SECURITY_WARNING, | |
57 | |
58 // HTTPS, but the certificate verification chain is anchored on a | |
59 // certificate that was installed by the system administrator | |
60 SECURITY_POLICY_WARNING, | |
61 | |
62 // Attempted HTTPS and failed, page not authenticated; or HTTPS with | |
63 // insecure active content on the page | |
64 SECURITY_ERROR, | |
65 }; | |
66 | |
67 // Describes how the SHA1 deprecation policy applies to an HTTPS | |
68 // connection. | |
69 enum SHA1DeprecationStatus { | |
70 // No SHA1 deprecation policy applies. | |
71 NO_DEPRECATED_SHA1, | |
72 // The connection used a certificate with a SHA1 signature in the | |
73 // chain, and policy says that the connection should be treated with a | |
74 // warning. | |
75 DEPRECATED_SHA1_WARNING, | |
76 // The connection used a certificate with a SHA1 signature in the | |
77 // chain, and policy says that the connection should be treated as | |
78 // broken HTTPS. | |
79 DEPRECATED_SHA1_BROKEN, | |
80 }; | |
81 | |
82 // Describes the type of mixed content (if any) that a site | |
83 // displayed/ran. | |
84 enum MixedContentStatus { | |
85 NO_MIXED_CONTENT, | |
86 // The site displayed nonsecure resources (passive mixed content). | |
87 DISPLAYED_MIXED_CONTENT, | |
88 // The site ran nonsecure resources (active mixed content). | |
89 RAN_MIXED_CONTENT, | |
90 // The site both ran and displayed nonsecure resources. | |
91 RAN_AND_DISPLAYED_MIXED_CONTENT, | |
92 }; | |
93 | |
94 // Describes the security status of a page or request. This is the | |
95 // main data structure provided by this class. | |
96 struct SecurityInfo { | |
97 SecurityInfo(); | |
98 ~SecurityInfo(); | |
99 SecurityLevel security_level; | |
100 SHA1DeprecationStatus sha1_deprecation_status; | |
101 MixedContentStatus mixed_content_status; | |
102 // The verification statuses of the signed certificate timestamps | |
103 // for the connection. | |
104 std::vector<net::ct::SCTVerifyStatus> sct_verify_statuses; | |
105 bool scheme_is_cryptographic; | |
106 net::CertStatus cert_status; | |
107 int cert_id; | |
108 // The security strength, in bits, of the SSL cipher suite. | |
109 // 0 means the connection is not encrypted. | |
110 // -1 means the security strength is unknown. | |
111 int security_bits; | |
112 // Information about the SSL connection, such as protocol and | |
113 // ciphersuite. See ssl_connection_flags.h in net. | |
114 int connection_status; | |
115 }; | |
116 | |
117 // These security styles describe the treatment given to pages that | |
118 // display and run mixed content. They are used to coordinate the | |
119 // treatment of mixed content with other security UI elements. | |
120 static const content::SecurityStyle kDisplayedInsecureContentStyle; | |
121 static const content::SecurityStyle kRanInsecureContentStyle; | |
122 | |
123 ~SecurityStateModel() override; | |
124 | |
125 // Notifies the SecurityStateModel that the security status of the | |
126 // page has changed and that the SecurityInfo should be updated | |
127 // accordingly. | |
128 void SecurityStateChanged(); | |
129 | |
130 // Returns a SecurityInfo describing the page as of the last call to | |
131 // SecurityStateChanged(). | |
132 const SecurityInfo& security_info() const; | |
133 | |
134 // Returns a SecurityInfo describing an individual request for the | |
135 // given |profile|. | |
136 static void SecurityInfoForRequest(const GURL& url, | |
137 const content::SSLStatus& ssl, | |
138 Profile* profile, | |
139 SecurityInfo* security_info); | |
140 | |
141 private: | |
142 explicit SecurityStateModel(content::WebContents* web_contents); | |
143 friend class content::WebContentsUserData<SecurityStateModel>; | |
144 | |
145 // The WebContents for which this class describes the security status. | |
146 content::WebContents* web_contents_; | |
147 SecurityInfo security_info_; | |
148 | |
149 DISALLOW_COPY_AND_ASSIGN(SecurityStateModel); | |
150 }; | |
151 | |
152 #endif // CHROME_BROWSER_SSL_SECURITY_STATE_MODEL_H_ | |
OLD | NEW |