Index: chrome/browser/ssl/chrome_security_state_model_client.cc |
diff --git a/chrome/browser/ssl/chrome_security_state_model_client.cc b/chrome/browser/ssl/chrome_security_state_model_client.cc |
index b5f4014c1a07281159dbd2f1d940d8edab7142d6..db7a6d608c370e99b29ecec3dca65e41beaf4dc2 100644 |
--- a/chrome/browser/ssl/chrome_security_state_model_client.cc |
+++ b/chrome/browser/ssl/chrome_security_state_model_client.cc |
@@ -22,6 +22,8 @@ |
#include "content/public/common/ssl_status.h" |
#include "net/base/net_errors.h" |
#include "net/cert/x509_certificate.h" |
+#include "net/ssl/ssl_cipher_suite_names.h" |
+#include "net/ssl/ssl_connection_status_flags.h" |
#include "ui/base/l10n/l10n_util.h" |
DEFINE_WEB_CONTENTS_USER_DATA_KEY(ChromeSecurityStateModelClient); |
@@ -77,6 +79,73 @@ content::SecurityStyle SecurityLevelToSecurityStyle( |
return content::SECURITY_STYLE_UNKNOWN; |
} |
+void AddConnectionExplanation( |
+ const security_state::SecurityStateModel::SecurityInfo& security_info, |
+ content::SecurityStyleExplanations* security_style_explanations) { |
+ int ssl_version = |
+ net::SSLConnectionStatusToVersion(security_info.connection_status); |
+ const char* protocol; |
+ net::SSLVersionToString(&protocol, ssl_version); |
+ const char* key_exchange; |
+ const char* cipher; |
+ const char* mac; |
+ bool is_aead; |
+ uint16_t cipher_suite = |
+ net::SSLConnectionStatusToCipherSuite(security_info.connection_status); |
+ net::SSLCipherSuiteToStrings(&key_exchange, &cipher, &mac, &is_aead, |
+ cipher_suite); |
+ base::string16 protocol_name = base::ASCIIToUTF16(protocol); |
+ base::string16 key_exchange_name = base::ASCIIToUTF16(key_exchange); |
+ const base::string16 cipher_name = |
+ (mac == NULL) ? base::ASCIIToUTF16(cipher) |
+ : l10n_util::GetStringFUTF16(IDS_CIPHER_WITH_MAC, |
+ base::ASCIIToUTF16(cipher), |
+ base::ASCIIToUTF16(mac)); |
+ if (security_info.obsolete_ssl_status == net::OBSOLETE_SSL_NONE) { |
+ security_style_explanations->secure_explanations.push_back( |
+ content::SecurityStyleExplanation( |
+ l10n_util::GetStringUTF8(IDS_STRONG_SSL_SUMMARY), |
+ l10n_util::GetStringFUTF8(IDS_STRONG_SSL_DESCRIPTION, protocol_name, |
+ key_exchange_name, cipher_name))); |
+ return; |
+ } else { |
estark
2016/06/15 04:46:08
no need for else + indentation after return
lgarron
2016/08/05 23:22:58
Done.
|
+ // We avoid trying to show TLS details when we couldn't even establish a TLS |
estark
2016/06/15 04:46:08
nit: avoid "we" in comments
lgarron
2016/08/05 23:22:58
Done.
|
+ // connection (e.g. for net errors). We check the cert_id to see if there |
estark
2016/06/15 04:46:08
nit: |cert_id|
lgarron
2016/08/05 23:22:58
Done.
|
+ // was a connection. |
+ if (security_info.cert_id != 0) { |
estark
2016/06/15 04:46:08
prefer early return:
if (security_info.cert_id ==
lgarron
2016/08/05 23:22:58
Done.
|
+ std::vector<base::string16> description_replacements; |
+ int status = security_info.obsolete_ssl_status; |
+ int str_id; |
+ |
+ str_id = (status & net::OBSOLETE_SSL_MASK_PROTOCOL) |
+ ? IDS_SSL_AN_OBSOLETE_PROTOCOL |
+ : IDS_SSL_A_STRONG_PROTOCOL; |
+ description_replacements.push_back(l10n_util::GetStringUTF16(str_id)); |
+ description_replacements.push_back(protocol_name); |
+ |
+ str_id = (status & net::OBSOLETE_SSL_MASK_KEY_EXCHANGE) |
+ ? IDS_SSL_AN_OBSOLETE_KEY_EXCHANGE |
+ : IDS_SSL_A_STRONG_KEY_EXCHANGE; |
+ description_replacements.push_back(l10n_util::GetStringUTF16(str_id)); |
+ description_replacements.push_back(key_exchange_name); |
+ |
+ str_id = (status & net::OBSOLETE_SSL_MASK_CIPHER) |
+ ? IDS_SSL_AN_OBSOLETE_CIPHER |
+ : IDS_SSL_A_STRONG_CIPHER; |
+ description_replacements.push_back(l10n_util::GetStringUTF16(str_id)); |
+ description_replacements.push_back(cipher_name); |
+ |
+ security_style_explanations->info_explanations.push_back( |
+ content::SecurityStyleExplanation( |
+ l10n_util::GetStringUTF8(IDS_OBSOLETE_SSL_SUMMARY), |
+ base::UTF16ToUTF8(l10n_util::GetStringFUTF16( |
+ IDS_OBSOLETE_SSL_DESCRIPTION, description_replacements, |
+ nullptr)))); |
+ return; |
estark
2016/06/15 04:46:08
no return necessary here
lgarron
2016/08/05 23:22:58
Done.
|
+ } |
+ } |
+} |
+ |
} // namespace |
ChromeSecurityStateModelClient::ChromeSecurityStateModelClient( |
@@ -172,13 +241,7 @@ content::SecurityStyle ChromeSecurityStateModelClient::GetSecurityStyle( |
} |
} |
- if (security_info.is_secure_protocol_and_ciphersuite) { |
- security_style_explanations->secure_explanations.push_back( |
- content::SecurityStyleExplanation( |
- l10n_util::GetStringUTF8(IDS_SECURE_PROTOCOL_AND_CIPHERSUITE), |
- l10n_util::GetStringUTF8( |
- IDS_SECURE_PROTOCOL_AND_CIPHERSUITE_DESCRIPTION))); |
- } |
+ AddConnectionExplanation(security_info, security_style_explanations); |
return security_style; |
} |