Add SecurityStateModelClient interface and implementation

chrome/browser/ssl/security_state_model.cc

 // Copyright 2015 The Chromium Authors. All rights reserved.
 // Use of this source code is governed by a BSD-style license that can be
 // found in the LICENSE file.
 
 #include "chrome/browser/ssl/security_state_model.h"
 
 #include "base/command_line.h"
 #include "base/metrics/field_trial.h"
 #include "base/metrics/histogram_macros.h"
 #include "base/prefs/pref_service.h"
 #include "chrome/browser/profiles/profile.h"
+#include "chrome/browser/ssl/chrome_security_state_model_delegate.h"
 #include "chrome/common/chrome_constants.h"
 #include "chrome/common/chrome_switches.h"
 #include "chrome/common/pref_names.h"
 #include "chrome/common/pref_names.h"
 #include "content/public/browser/cert_store.h"
 #include "content/public/browser/navigation_entry.h"
 #include "content/public/browser/navigation_handle.h"
 #include "content/public/browser/web_contents.h"
 #include "content/public/common/origin_util.h"
 #include "net/ssl/ssl_cipher_suite_names.h"
@@ skipping 86 matching lines @@
 
   return SecurityStateModel::NO_MIXED_CONTENT;
 }
 
 SecurityStateModel::SecurityLevel GetSecurityLevelForRequest(
     const GURL& url,
     const content::SSLStatus& ssl,
     Profile* profile,
     scoped_refptr<net::X509Certificate> cert,
     SecurityStateModel::SHA1DeprecationStatus sha1_status,
-    SecurityStateModel::MixedContentStatus mixed_content_status) {
+    SecurityStateModel::MixedContentStatus mixed_content_status,
+    bool used_known_mitm_certificate) {
   switch (ssl.security_style) {
     case content::SECURITY_STYLE_UNKNOWN:
       return SecurityStateModel::NONE;
 
     case content::SECURITY_STYLE_UNAUTHENTICATED: {
       if (!content::IsOriginSecure(url) && url.IsStandard())
         return GetSecurityLevelForNonSecureFieldTrial();
       return SecurityStateModel::NONE;
     }
 
     case content::SECURITY_STYLE_AUTHENTICATION_BROKEN:
       return SecurityStateModel::SECURITY_ERROR;
 
     case content::SECURITY_STYLE_WARNING:
       NOTREACHED();
       return SecurityStateModel::SECURITY_WARNING;
 
     case content::SECURITY_STYLE_AUTHENTICATED: {
-#if defined(OS_CHROMEOS)
-      // Report if there is a policy cert first, before reporting any other
-      // authenticated-but-with-errors cases. A policy cert is a strong
-      // indicator of a MITM being present (the enterprise), while the
-      // other authenticated-but-with-errors indicate something may
-      // be wrong, or may be wrong in the future, but is unclear now.
-      policy::PolicyCertService* service =
-          policy::PolicyCertServiceFactory::GetForProfile(profile);
-      if (service && service->UsedPolicyCertificates())
+      if (used_known_mitm_certificate)
         return SecurityStateModel::SECURITY_POLICY_WARNING;
-#endif
 
       if (sha1_status == SecurityStateModel::DEPRECATED_SHA1_MAJOR)
         return SecurityStateModel::SECURITY_ERROR;
       if (sha1_status == SecurityStateModel::DEPRECATED_SHA1_MINOR)
         return SecurityStateModel::NONE;
 
       // Active mixed content is downgraded to the BROKEN style and
       // handled above.
       DCHECK_NE(SecurityStateModel::RAN_MIXED_CONTENT, mixed_content_status);
       DCHECK_NE(SecurityStateModel::RAN_AND_DISPLAYED_MIXED_CONTENT,
@@ skipping 57 matching lines @@
     visible_url_ = GURL();
     visible_ssl_status_ = content::SSLStatus();
     return security_info_;
   }
 
   if (entry->GetURL() == visible_url_ &&
       entry->GetSSL().Equals(visible_ssl_status_)) {
     // A cert must be present in the CertStore in order for the site to
     // be considered EV_SECURE, and the cert might have been removed
     // since the security level was last computed.
+    scoped_refptr<net::X509Certificate> cert;
     if (security_info_.security_level == EV_SECURE &&
-        !GetCertForSSLStatus(visible_ssl_status_)) {

[blundell, 2015/11/23 16:06:17]

Should this method be going away in this CL?

[estark, 2015/11/23 16:23:39]

Not quite yet, but it will be going away in one of the follow-up CLs. Here are
the gory details: GetCertForSSLStatus() is called from the static
SecurityInfoForRequest() on line 242, so it's still in use. However, because of
a recent, unrelated refactoring, the static SecurityInfoForRequest() method is
actually only needed for SecurityStateModel unit tests right now. Once I fill
out the SecurityStateModelDelegate interface, I'll be able to create a
TestSecurityStateModelDelegate in the unit tests and refactor the tests to use
that instead of relying on SecurityInfoForRequest() -- then I can get rid of
SecurityInfoForRequest() and GetCertForSSLStatus(). Does that make sense?

(In other words, right now the SSM unit tests construct content::SSLStatuses and
pass them in to SecurityInfoForRequest(), and soon I'll be able to instead
construct TestSSMDelegates and inject those into SSMs in the unit tests, as I
did in the original gigantic CL here:
https://codereview.chromium.org/1440303002/diff/280001/components/security_st...)

+        !delegate_->RetrieveCert(&cert)) {
       security_info_.security_level = SECURE;
     }
     return security_info_;
   }
 
   SecurityInfoForRequest(
       entry->GetURL(), entry->GetSSL(),
       Profile::FromBrowserContext(web_contents_->GetBrowserContext()),
-      &security_info_);
+      delegate_->UsedKnownMITMCertificate(), &security_info_);
   visible_url_ = entry->GetURL();
   visible_ssl_status_ = entry->GetSSL();
   return security_info_;
 }
 
 // static
-void SecurityStateModel::SecurityInfoForRequest(const GURL& url,
-                                                const content::SSLStatus& ssl,
-                                                Profile* profile,
-                                                SecurityInfo* security_info) {
+void SecurityStateModel::SecurityInfoForRequest(
+    const GURL& url,
+    const content::SSLStatus& ssl,
+    Profile* profile,
+    bool used_known_mitm_certificate,
+    SecurityInfo* security_info) {
   scoped_refptr<net::X509Certificate> cert = GetCertForSSLStatus(ssl);
   security_info->cert_id = ssl.cert_id;
   security_info->sha1_deprecation_status = GetSHA1DeprecationStatus(cert, ssl);
   security_info->mixed_content_status = GetMixedContentStatus(ssl);
   security_info->security_bits = ssl.security_bits;
   security_info->connection_status = ssl.connection_status;
   security_info->cert_status = ssl.cert_status;
   security_info->scheme_is_cryptographic = url.SchemeIsCryptographic();
   security_info->is_secure_protocol_and_ciphersuite =
       (net::SSLConnectionStatusToVersion(ssl.connection_status) >=
            net::SSL_CONNECTION_VERSION_TLS1_2 &&
        net::IsSecureTLSCipherSuite(
            net::SSLConnectionStatusToCipherSuite(ssl.connection_status)));
 
   security_info->sct_verify_statuses.clear();
   for (const auto& sct : ssl.signed_certificate_timestamp_ids) {
     security_info->sct_verify_statuses.push_back(sct.status);
   }
 
   security_info->security_level = GetSecurityLevelForRequest(
       url, ssl, profile, cert, security_info->sha1_deprecation_status,
-      security_info->mixed_content_status);
+      security_info->mixed_content_status, used_known_mitm_certificate);
 }
 
 SecurityStateModel::SecurityStateModel(content::WebContents* web_contents)
-    : web_contents_(web_contents) {}
+    : web_contents_(web_contents),
+      delegate_(new ChromeSecurityStateModelDelegate(web_contents)) {}