Move SecurityStyleChanged logic and tests to chrome/browser/ssl

chrome/browser/ssl/chrome_security_state_model_client.cc

Index: chrome/browser/ssl/chrome_security_state_model_client.cc
diff --git a/chrome/browser/ssl/chrome_security_state_model_client.cc b/chrome/browser/ssl/chrome_security_state_model_client.cc
index 412b89f3d547af090a0b9c59db8b1fdb7b13c9d1..97bf8dbc25b67812d1052858e771a7fe6e35c7a6 100644
--- a/chrome/browser/ssl/chrome_security_state_model_client.cc
+++ b/chrome/browser/ssl/chrome_security_state_model_client.cc
@@ -7,16 +7,22 @@
 #include "base/command_line.h"
 #include "base/metrics/field_trial.h"
 #include "base/metrics/histogram_macros.h"
+#include "base/strings/utf_string_conversions.h"
 #include "build/build_config.h"
 #include "chrome/browser/chromeos/policy/policy_cert_service.h"
 #include "chrome/browser/chromeos/policy/policy_cert_service_factory.h"
 #include "chrome/browser/profiles/profile.h"
+#include "chrome/grit/generated_resources.h"
 #include "content/public/browser/cert_store.h"
 #include "content/public/browser/navigation_entry.h"
+#include "content/public/browser/security_style_explanation.h"
+#include "content/public/browser/security_style_explanations.h"
 #include "content/public/browser/web_contents.h"
 #include "content/public/common/origin_util.h"
 #include "content/public/common/ssl_status.h"
+#include "net/base/net_errors.h"
 #include "net/cert/x509_certificate.h"
+#include "ui/base/l10n/l10n_util.h"
 
 DEFINE_WEB_CONTENTS_USER_DATA_KEY(ChromeSecurityStateModelClient);
 
@@ -49,6 +55,28 @@ SecurityStateModel::SecurityLevel GetSecurityLevelForSecurityStyle(
   return SecurityStateModel::NONE;
 }
 
+// Note: This is a lossy operation. Not all of the policies that can be
+// expressed by a SecurityLevel (a //chrome concept) can be expressed by
+// a content::SecurityStyle.
+content::SecurityStyle SecurityLevelToSecurityStyle(
+    SecurityStateModel::SecurityLevel security_level) {
+  switch (security_level) {
+    case SecurityStateModel::NONE:
+      return content::SECURITY_STYLE_UNAUTHENTICATED;
+    case SecurityStateModel::SECURITY_WARNING:
+    case SecurityStateModel::SECURITY_POLICY_WARNING:
+      return content::SECURITY_STYLE_WARNING;
+    case SecurityStateModel::EV_SECURE:
+    case SecurityStateModel::SECURE:
+      return content::SECURITY_STYLE_AUTHENTICATED;
+    case SecurityStateModel::SECURITY_ERROR:
+      return content::SECURITY_STYLE_AUTHENTICATION_BROKEN;
+  }
+
+  NOTREACHED();
+  return content::SECURITY_STYLE_UNKNOWN;
+}
+
 }  // namespace
 
 ChromeSecurityStateModelClient::ChromeSecurityStateModelClient(
@@ -60,6 +88,102 @@ ChromeSecurityStateModelClient::ChromeSecurityStateModelClient(
 
 ChromeSecurityStateModelClient::~ChromeSecurityStateModelClient() {}
 
+content::SecurityStyle ChromeSecurityStateModelClient::GetSecurityStyle(
+    content::WebContents* web_contents,

[msw, 2016/05/18 17:20:24]

nit: remove |web_contents| if it isn't used (use |web_contents_| if needed?).

[estark, 2016/05/20 22:12:09]

Done.

+    content::SecurityStyleExplanations* security_style_explanations) {
+  const SecurityStateModel::SecurityInfo& security_info = GetSecurityInfo();

[msw, 2016/05/18 17:20:24]

optional nit: If this is the only instance data needed, perhaps that could be
passed into a static (class or namespace) function?

[estark, 2016/05/20 22:12:09]

Done.

+
+  const content::SecurityStyle security_style =
+      SecurityLevelToSecurityStyle(security_info.security_level);
+
+  security_style_explanations->ran_insecure_content_style =
+      SecurityLevelToSecurityStyle(
+          SecurityStateModel::kRanInsecureContentLevel);
+  security_style_explanations->displayed_insecure_content_style =
+      SecurityLevelToSecurityStyle(
+          SecurityStateModel::kDisplayedInsecureContentLevel);
+
+  // Check if the page is HTTP; if so, no explanations are needed. Note
+  // that SECURITY_STYLE_UNAUTHENTICATED does not necessarily mean that
+  // the page is loaded over HTTP, because the security style merely
+  // represents how the embedder wishes to display the security state of
+  // the page, and the embedder can choose to display HTTPS page as HTTP
+  // if it wants to (for example, displaying deprecated crypto
+  // algorithms with the same UI treatment as HTTP pages).
+  security_style_explanations->scheme_is_cryptographic =
+      security_info.scheme_is_cryptographic;
+  if (!security_info.scheme_is_cryptographic) {
+    return security_style;
+  }
+
+  if (security_info.sha1_deprecation_status ==
+      SecurityStateModel::DEPRECATED_SHA1_MAJOR) {
+    security_style_explanations->broken_explanations.push_back(
+        content::SecurityStyleExplanation(
+            l10n_util::GetStringUTF8(IDS_MAJOR_SHA1),
+            l10n_util::GetStringUTF8(IDS_MAJOR_SHA1_DESCRIPTION),
+            security_info.cert_id));
+  } else if (security_info.sha1_deprecation_status ==
+             SecurityStateModel::DEPRECATED_SHA1_MINOR) {
+    security_style_explanations->unauthenticated_explanations.push_back(
+        content::SecurityStyleExplanation(
+            l10n_util::GetStringUTF8(IDS_MINOR_SHA1),
+            l10n_util::GetStringUTF8(IDS_MINOR_SHA1_DESCRIPTION),
+            security_info.cert_id));
+  }
+
+  security_style_explanations->ran_insecure_content =
+      security_info.mixed_content_status ==
+          SecurityStateModel::RAN_MIXED_CONTENT ||
+      security_info.mixed_content_status ==
+          SecurityStateModel::RAN_AND_DISPLAYED_MIXED_CONTENT;
+  security_style_explanations->displayed_insecure_content =
+      security_info.mixed_content_status ==
+          SecurityStateModel::DISPLAYED_MIXED_CONTENT ||
+      security_info.mixed_content_status ==
+          SecurityStateModel::RAN_AND_DISPLAYED_MIXED_CONTENT;
+
+  if (net::IsCertStatusError(security_info.cert_status)) {
+    base::string16 error_string = base::UTF8ToUTF16(net::ErrorToString(
+        net::MapCertStatusToNetError(security_info.cert_status)));
+
+    content::SecurityStyleExplanation explanation(
+        l10n_util::GetStringUTF8(IDS_CERTIFICATE_CHAIN_ERROR),
+        l10n_util::GetStringFUTF8(
+            IDS_CERTIFICATE_CHAIN_ERROR_DESCRIPTION_FORMAT, error_string),
+        security_info.cert_id);
+
+    if (net::IsCertStatusMinorError(security_info.cert_status))
+      security_style_explanations->unauthenticated_explanations.push_back(
+          explanation);
+    else
+      security_style_explanations->broken_explanations.push_back(explanation);
+  } else {
+    // If the certificate does not have errors and is not using
+    // deprecated SHA1, then add an explanation that the certificate is
+    // valid.
+    if (security_info.sha1_deprecation_status ==
+        SecurityStateModel::NO_DEPRECATED_SHA1) {
+      security_style_explanations->secure_explanations.push_back(
+          content::SecurityStyleExplanation(
+              l10n_util::GetStringUTF8(IDS_VALID_SERVER_CERTIFICATE),
+              l10n_util::GetStringUTF8(
+                  IDS_VALID_SERVER_CERTIFICATE_DESCRIPTION),
+              security_info.cert_id));
+    }
+  }
+
+  if (security_info.is_secure_protocol_and_ciphersuite) {
+    security_style_explanations->secure_explanations.push_back(
+        content::SecurityStyleExplanation(
+            l10n_util::GetStringUTF8(IDS_SECURE_PROTOCOL_AND_CIPHERSUITE),
+            l10n_util::GetStringUTF8(
+                IDS_SECURE_PROTOCOL_AND_CIPHERSUITE_DESCRIPTION)));
+  }
+
+  return security_style;
+}
+
 const SecurityStateModel::SecurityInfo&
 ChromeSecurityStateModelClient::GetSecurityInfo() const {
   return security_state_model_->GetSecurityInfo();