OLD | NEW |
---|---|
1 // Copyright 2015 The Chromium Authors. All rights reserved. | 1 // Copyright 2015 The Chromium Authors. All rights reserved. |
2 // Use of this source code is governed by a BSD-style license that can be | 2 // Use of this source code is governed by a BSD-style license that can be |
3 // found in the LICENSE file. | 3 // found in the LICENSE file. |
4 | 4 |
5 #include "chrome/browser/ssl/chrome_security_state_model_client.h" | 5 #include "chrome/browser/ssl/chrome_security_state_model_client.h" |
6 | 6 |
7 #include "base/command_line.h" | 7 #include "base/command_line.h" |
8 #include "base/metrics/field_trial.h" | 8 #include "base/metrics/field_trial.h" |
9 #include "base/metrics/histogram_macros.h" | 9 #include "base/metrics/histogram_macros.h" |
10 #include "base/strings/utf_string_conversions.h" | 10 #include "base/strings/utf_string_conversions.h" |
11 #include "build/build_config.h" | 11 #include "build/build_config.h" |
12 #include "chrome/browser/chromeos/policy/policy_cert_service.h" | 12 #include "chrome/browser/chromeos/policy/policy_cert_service.h" |
13 #include "chrome/browser/chromeos/policy/policy_cert_service_factory.h" | 13 #include "chrome/browser/chromeos/policy/policy_cert_service_factory.h" |
14 #include "chrome/browser/profiles/profile.h" | 14 #include "chrome/browser/profiles/profile.h" |
15 #include "chrome/grit/generated_resources.h" | 15 #include "chrome/grit/generated_resources.h" |
16 #include "content/public/browser/cert_store.h" | 16 #include "content/public/browser/cert_store.h" |
17 #include "content/public/browser/navigation_entry.h" | 17 #include "content/public/browser/navigation_entry.h" |
18 #include "content/public/browser/security_style_explanation.h" | 18 #include "content/public/browser/security_style_explanation.h" |
19 #include "content/public/browser/security_style_explanations.h" | 19 #include "content/public/browser/security_style_explanations.h" |
20 #include "content/public/browser/web_contents.h" | 20 #include "content/public/browser/web_contents.h" |
21 #include "content/public/common/origin_util.h" | 21 #include "content/public/common/origin_util.h" |
22 #include "content/public/common/ssl_status.h" | 22 #include "content/public/common/ssl_status.h" |
23 #include "net/base/net_errors.h" | 23 #include "net/base/net_errors.h" |
24 #include "net/cert/x509_certificate.h" | 24 #include "net/cert/x509_certificate.h" |
25 #include "net/ssl/ssl_cipher_suite_names.h" | |
26 #include "net/ssl/ssl_connection_status_flags.h" | |
25 #include "ui/base/l10n/l10n_util.h" | 27 #include "ui/base/l10n/l10n_util.h" |
26 | 28 |
27 DEFINE_WEB_CONTENTS_USER_DATA_KEY(ChromeSecurityStateModelClient); | 29 DEFINE_WEB_CONTENTS_USER_DATA_KEY(ChromeSecurityStateModelClient); |
28 | 30 |
29 using security_state::SecurityStateModel; | 31 using security_state::SecurityStateModel; |
30 | 32 |
31 namespace { | 33 namespace { |
32 | 34 |
33 // Converts a content::SecurityStyle (an indicator of a request's | 35 // Converts a content::SecurityStyle (an indicator of a request's |
34 // overall security level computed by //content) into a | 36 // overall security level computed by //content) into a |
(...skipping 35 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... | |
70 case SecurityStateModel::SECURE: | 72 case SecurityStateModel::SECURE: |
71 return content::SECURITY_STYLE_AUTHENTICATED; | 73 return content::SECURITY_STYLE_AUTHENTICATED; |
72 case SecurityStateModel::SECURITY_ERROR: | 74 case SecurityStateModel::SECURITY_ERROR: |
73 return content::SECURITY_STYLE_AUTHENTICATION_BROKEN; | 75 return content::SECURITY_STYLE_AUTHENTICATION_BROKEN; |
74 } | 76 } |
75 | 77 |
76 NOTREACHED(); | 78 NOTREACHED(); |
77 return content::SECURITY_STYLE_UNKNOWN; | 79 return content::SECURITY_STYLE_UNKNOWN; |
78 } | 80 } |
79 | 81 |
82 void AddConnectionExplanation( | |
83 const security_state::SecurityStateModel::SecurityInfo& security_info, | |
84 content::SecurityStyleExplanations* security_style_explanations) { | |
85 int ssl_version = | |
86 net::SSLConnectionStatusToVersion(security_info.connection_status); | |
87 const char* protocol; | |
88 net::SSLVersionToString(&protocol, ssl_version); | |
89 const char* key_exchange; | |
90 const char* cipher; | |
91 const char* mac; | |
92 bool is_aead; | |
93 uint16_t cipher_suite = | |
94 net::SSLConnectionStatusToCipherSuite(security_info.connection_status); | |
95 net::SSLCipherSuiteToStrings(&key_exchange, &cipher, &mac, &is_aead, | |
96 cipher_suite); | |
97 base::string16 protocol_name = base::ASCIIToUTF16(protocol); | |
98 base::string16 key_exchange_name = base::ASCIIToUTF16(key_exchange); | |
99 const base::string16 cipher_name = | |
100 (mac == NULL) ? base::ASCIIToUTF16(cipher) | |
101 : l10n_util::GetStringFUTF16(IDS_CIPHER_WITH_MAC, | |
102 base::ASCIIToUTF16(cipher), | |
103 base::ASCIIToUTF16(mac)); | |
104 if (security_info.obsolete_ssl_status == net::OBSOLETE_SSL_NONE) { | |
105 security_style_explanations->secure_explanations.push_back( | |
106 content::SecurityStyleExplanation( | |
107 l10n_util::GetStringUTF8(IDS_STRONG_SSL_SUMMARY), | |
108 l10n_util::GetStringFUTF8(IDS_STRONG_SSL_DESCRIPTION, protocol_name, | |
109 key_exchange_name, cipher_name))); | |
110 return; | |
111 } else { | |
estark
2016/06/15 04:46:08
no need for else + indentation after return
lgarron
2016/08/05 23:22:58
Done.
| |
112 // We avoid trying to show TLS details when we couldn't even establish a TLS | |
estark
2016/06/15 04:46:08
nit: avoid "we" in comments
lgarron
2016/08/05 23:22:58
Done.
| |
113 // connection (e.g. for net errors). We check the cert_id to see if there | |
estark
2016/06/15 04:46:08
nit: |cert_id|
lgarron
2016/08/05 23:22:58
Done.
| |
114 // was a connection. | |
115 if (security_info.cert_id != 0) { | |
estark
2016/06/15 04:46:08
prefer early return:
if (security_info.cert_id ==
lgarron
2016/08/05 23:22:58
Done.
| |
116 std::vector<base::string16> description_replacements; | |
117 int status = security_info.obsolete_ssl_status; | |
118 int str_id; | |
119 | |
120 str_id = (status & net::OBSOLETE_SSL_MASK_PROTOCOL) | |
121 ? IDS_SSL_AN_OBSOLETE_PROTOCOL | |
122 : IDS_SSL_A_STRONG_PROTOCOL; | |
123 description_replacements.push_back(l10n_util::GetStringUTF16(str_id)); | |
124 description_replacements.push_back(protocol_name); | |
125 | |
126 str_id = (status & net::OBSOLETE_SSL_MASK_KEY_EXCHANGE) | |
127 ? IDS_SSL_AN_OBSOLETE_KEY_EXCHANGE | |
128 : IDS_SSL_A_STRONG_KEY_EXCHANGE; | |
129 description_replacements.push_back(l10n_util::GetStringUTF16(str_id)); | |
130 description_replacements.push_back(key_exchange_name); | |
131 | |
132 str_id = (status & net::OBSOLETE_SSL_MASK_CIPHER) | |
133 ? IDS_SSL_AN_OBSOLETE_CIPHER | |
134 : IDS_SSL_A_STRONG_CIPHER; | |
135 description_replacements.push_back(l10n_util::GetStringUTF16(str_id)); | |
136 description_replacements.push_back(cipher_name); | |
137 | |
138 security_style_explanations->info_explanations.push_back( | |
139 content::SecurityStyleExplanation( | |
140 l10n_util::GetStringUTF8(IDS_OBSOLETE_SSL_SUMMARY), | |
141 base::UTF16ToUTF8(l10n_util::GetStringFUTF16( | |
142 IDS_OBSOLETE_SSL_DESCRIPTION, description_replacements, | |
143 nullptr)))); | |
144 return; | |
estark
2016/06/15 04:46:08
no return necessary here
lgarron
2016/08/05 23:22:58
Done.
| |
145 } | |
146 } | |
147 } | |
148 | |
80 } // namespace | 149 } // namespace |
81 | 150 |
82 ChromeSecurityStateModelClient::ChromeSecurityStateModelClient( | 151 ChromeSecurityStateModelClient::ChromeSecurityStateModelClient( |
83 content::WebContents* web_contents) | 152 content::WebContents* web_contents) |
84 : web_contents_(web_contents), | 153 : web_contents_(web_contents), |
85 security_state_model_(new SecurityStateModel()) { | 154 security_state_model_(new SecurityStateModel()) { |
86 security_state_model_->SetClient(this); | 155 security_state_model_->SetClient(this); |
87 } | 156 } |
88 | 157 |
89 ChromeSecurityStateModelClient::~ChromeSecurityStateModelClient() {} | 158 ChromeSecurityStateModelClient::~ChromeSecurityStateModelClient() {} |
(...skipping 75 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... | |
165 SecurityStateModel::NO_DEPRECATED_SHA1) { | 234 SecurityStateModel::NO_DEPRECATED_SHA1) { |
166 security_style_explanations->secure_explanations.push_back( | 235 security_style_explanations->secure_explanations.push_back( |
167 content::SecurityStyleExplanation( | 236 content::SecurityStyleExplanation( |
168 l10n_util::GetStringUTF8(IDS_VALID_SERVER_CERTIFICATE), | 237 l10n_util::GetStringUTF8(IDS_VALID_SERVER_CERTIFICATE), |
169 l10n_util::GetStringUTF8( | 238 l10n_util::GetStringUTF8( |
170 IDS_VALID_SERVER_CERTIFICATE_DESCRIPTION), | 239 IDS_VALID_SERVER_CERTIFICATE_DESCRIPTION), |
171 security_info.cert_id)); | 240 security_info.cert_id)); |
172 } | 241 } |
173 } | 242 } |
174 | 243 |
175 if (security_info.is_secure_protocol_and_ciphersuite) { | 244 AddConnectionExplanation(security_info, security_style_explanations); |
176 security_style_explanations->secure_explanations.push_back( | |
177 content::SecurityStyleExplanation( | |
178 l10n_util::GetStringUTF8(IDS_SECURE_PROTOCOL_AND_CIPHERSUITE), | |
179 l10n_util::GetStringUTF8( | |
180 IDS_SECURE_PROTOCOL_AND_CIPHERSUITE_DESCRIPTION))); | |
181 } | |
182 | 245 |
183 return security_style; | 246 return security_style; |
184 } | 247 } |
185 | 248 |
186 const SecurityStateModel::SecurityInfo& | 249 const SecurityStateModel::SecurityInfo& |
187 ChromeSecurityStateModelClient::GetSecurityInfo() const { | 250 ChromeSecurityStateModelClient::GetSecurityInfo() const { |
188 return security_state_model_->GetSecurityInfo(); | 251 return security_state_model_->GetSecurityInfo(); |
189 } | 252 } |
190 | 253 |
191 bool ChromeSecurityStateModelClient::RetrieveCert( | 254 bool ChromeSecurityStateModelClient::RetrieveCert( |
(...skipping 50 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... | |
242 state->sct_verify_statuses.insert(state->sct_verify_statuses.end(), | 305 state->sct_verify_statuses.insert(state->sct_verify_statuses.end(), |
243 ssl.num_valid_scts, net::ct::SCT_STATUS_OK); | 306 ssl.num_valid_scts, net::ct::SCT_STATUS_OK); |
244 state->displayed_mixed_content = | 307 state->displayed_mixed_content = |
245 (ssl.content_status & content::SSLStatus::DISPLAYED_INSECURE_CONTENT) | 308 (ssl.content_status & content::SSLStatus::DISPLAYED_INSECURE_CONTENT) |
246 ? true | 309 ? true |
247 : false; | 310 : false; |
248 state->ran_mixed_content = | 311 state->ran_mixed_content = |
249 (ssl.content_status & content::SSLStatus::RAN_INSECURE_CONTENT) ? true | 312 (ssl.content_status & content::SSLStatus::RAN_INSECURE_CONTENT) ? true |
250 : false; | 313 : false; |
251 } | 314 } |
OLD | NEW |