Chromium Code Reviews Chromium Code Reviews
Issue 1930963002:
🌈 Upstream some code related to PolicyAuditing. (Closed)
Base URL: https://chromium.googlesource.com/chromium/src.git@master| Index: chrome/browser/android/policy/policy_auditor.cc |
| diff --git a/chrome/browser/android/policy/policy_auditor.cc b/chrome/browser/android/policy/policy_auditor.cc |
| new file mode 100644 |
| index 0000000000000000000000000000000000000000..6347893ef9852f6397e1972af7ffc4ab61dc1f72 |
| --- /dev/null |
| +++ b/chrome/browser/android/policy/policy_auditor.cc |
| @@ -0,0 +1,71 @@ |
| +// Copyright 2016 The Chromium Authors. All rights reserved. |
| +// Use of this source code is governed by a BSD-style license that can be |
| +// found in the LICENSE file. |
| + |
| +#include "chrome/browser/android/policy/policy_auditor.h" |
| + |
| +#include "content/public/browser/navigation_entry.h" |
| +#include "content/public/browser/render_process_host.h" |
| +#include "content/public/browser/web_contents.h" |
| +#include "content/public/common/ssl_status.h" |
| +#include "jni/PolicyAuditor_jni.h" |
| +#include "net/cert/cert_status_flags.h" |
| + |
| +int GetCertificateFailure(JNIEnv* env, |
|
Bernhard Bauer
2016/04/28 16:33:08
Just to check: the generated JNI binding declares
Yaron
2016/04/28 19:30:49
yep (cause it was static in java):
static jint Ge
|
| + const JavaParamRef<jclass>& obj, |
| + const JavaParamRef<jobject>& java_web_contents) { |
| + // This function is similar to |
| + // ToolbarModelImpl::GetSecurityLevelForWebContents, but has a custom mapping |
| + // for policy auditing |
| + enum CertificateFailure { |
|
Bernhard Bauer
2016/04/28 16:33:08
You could put this into a header and generate the
Yaron
2016/04/28 19:30:49
Done.
|
| + NONE = 0, |
| + CERTIFICATE_FAIL_UNSPECIFIED = 1, |
| + CERTIFICATE_FAIL_UNTRUSTED = 2, |
| + CERTIFICATE_FAIL_REVOKED = 3, |
| + CERTIFICATE_FAIL_NOT_YET_VALID = 4, |
| + CERTIFICATE_FAIL_EXPIRED = 5, |
| + CERTIFICATE_FAIL_UNABLE_TO_CHECK_REVOCATION_STATUS = 6, |
| + }; |
| + |
| + content::WebContents* web_contents = |
| + content::WebContents::FromJavaWebContents(java_web_contents); |
| + content::NavigationEntry* entry = |
| + web_contents->GetController().GetVisibleEntry(); |
| + if (!entry) |
| + return NONE; |
| + |
| + const content::SSLStatus& ssl = entry->GetSSL(); |
| + switch (ssl.security_style) { |
| + case content::SECURITY_STYLE_UNKNOWN: |
| + case content::SECURITY_STYLE_UNAUTHENTICATED: |
| + return NONE; |
| + |
| + case content::SECURITY_STYLE_AUTHENTICATION_BROKEN: |
| + case content::SECURITY_STYLE_AUTHENTICATED: { |
| + if (net::IsCertStatusError(ssl.cert_status)) { |
| + if (ssl.cert_status & net::CERT_STATUS_AUTHORITY_INVALID) |
| + return CERTIFICATE_FAIL_UNTRUSTED; |
| + if (ssl.cert_status & net::CERT_STATUS_REVOKED) |
| + return CERTIFICATE_FAIL_REVOKED; |
| + // No mapping for CERTIFICATE_FAIL_NOT_YET_VALID. |
| + if (ssl.cert_status & net::CERT_STATUS_DATE_INVALID) |
| + return CERTIFICATE_FAIL_EXPIRED; |
| + if (ssl.cert_status & net::CERT_STATUS_UNABLE_TO_CHECK_REVOCATION) |
| + return CERTIFICATE_FAIL_UNABLE_TO_CHECK_REVOCATION_STATUS; |
| + return CERTIFICATE_FAIL_UNSPECIFIED; |
| + } |
| + if (!!(ssl.content_status & |
|
Bernhard Bauer
2016/04/28 16:33:08
Is the cast to bool necessary if we're using this
Yaron
2016/04/28 19:30:49
Just copied from internal tree
|
| + content::SSLStatus::DISPLAYED_INSECURE_CONTENT)) |
| + return CERTIFICATE_FAIL_UNSPECIFIED; |
|
Bernhard Bauer
2016/04/28 16:33:08
I think if the condition is long enough to require
Yaron
2016/04/28 19:30:49
Done.
|
| + // Secure content, no certificate errors. |
| + return NONE; |
| + } |
| + default: |
|
Bernhard Bauer
2016/04/28 16:33:08
What other values are there? Could we remove the d
Yaron
2016/04/28 19:30:49
Done.
|
| + NOTREACHED(); |
| + return NONE; |
| + } |
| +} |
| + |
| +bool RegisterPolicyAuditor(JNIEnv* env) { |
| + return RegisterNativesImpl(env); |
| +} |
