| Index: chrome/browser/ssl/chrome_security_state_model_client.cc
|
| diff --git a/chrome/browser/ssl/chrome_security_state_model_client.cc b/chrome/browser/ssl/chrome_security_state_model_client.cc
|
| index 412b89f3d547af090a0b9c59db8b1fdb7b13c9d1..299cdf531a20aa2aef65feb8993815c2e3dfe56a 100644
|
| --- a/chrome/browser/ssl/chrome_security_state_model_client.cc
|
| +++ b/chrome/browser/ssl/chrome_security_state_model_client.cc
|
| @@ -7,16 +7,22 @@
|
| #include "base/command_line.h"
|
| #include "base/metrics/field_trial.h"
|
| #include "base/metrics/histogram_macros.h"
|
| +#include "base/strings/utf_string_conversions.h"
|
| #include "build/build_config.h"
|
| #include "chrome/browser/chromeos/policy/policy_cert_service.h"
|
| #include "chrome/browser/chromeos/policy/policy_cert_service_factory.h"
|
| #include "chrome/browser/profiles/profile.h"
|
| +#include "chrome/grit/generated_resources.h"
|
| #include "content/public/browser/cert_store.h"
|
| #include "content/public/browser/navigation_entry.h"
|
| +#include "content/public/browser/security_style_explanation.h"
|
| +#include "content/public/browser/security_style_explanations.h"
|
| #include "content/public/browser/web_contents.h"
|
| #include "content/public/common/origin_util.h"
|
| #include "content/public/common/ssl_status.h"
|
| +#include "net/base/net_errors.h"
|
| #include "net/cert/x509_certificate.h"
|
| +#include "ui/base/l10n/l10n_util.h"
|
|
|
| DEFINE_WEB_CONTENTS_USER_DATA_KEY(ChromeSecurityStateModelClient);
|
|
|
| @@ -49,6 +55,28 @@ SecurityStateModel::SecurityLevel GetSecurityLevelForSecurityStyle(
|
| return SecurityStateModel::NONE;
|
| }
|
|
|
| +// Note: This is a lossy operation. Not all of the policies that can be
|
| +// expressed by a SecurityLevel (a //chrome concept) can be expressed by
|
| +// a content::SecurityStyle.
|
| +content::SecurityStyle SecurityLevelToSecurityStyle(
|
| + SecurityStateModel::SecurityLevel security_level) {
|
| + switch (security_level) {
|
| + case SecurityStateModel::NONE:
|
| + return content::SECURITY_STYLE_UNAUTHENTICATED;
|
| + case SecurityStateModel::SECURITY_WARNING:
|
| + case SecurityStateModel::SECURITY_POLICY_WARNING:
|
| + return content::SECURITY_STYLE_WARNING;
|
| + case SecurityStateModel::EV_SECURE:
|
| + case SecurityStateModel::SECURE:
|
| + return content::SECURITY_STYLE_AUTHENTICATED;
|
| + case SecurityStateModel::SECURITY_ERROR:
|
| + return content::SECURITY_STYLE_AUTHENTICATION_BROKEN;
|
| + }
|
| +
|
| + NOTREACHED();
|
| + return content::SECURITY_STYLE_UNKNOWN;
|
| +}
|
| +
|
| } // namespace
|
|
|
| ChromeSecurityStateModelClient::ChromeSecurityStateModelClient(
|
| @@ -60,6 +88,101 @@ ChromeSecurityStateModelClient::ChromeSecurityStateModelClient(
|
|
|
| ChromeSecurityStateModelClient::~ChromeSecurityStateModelClient() {}
|
|
|
| +// static
|
| +content::SecurityStyle ChromeSecurityStateModelClient::GetSecurityStyle(
|
| + const security_state::SecurityStateModel::SecurityInfo& security_info,
|
| + content::SecurityStyleExplanations* security_style_explanations) {
|
| + const content::SecurityStyle security_style =
|
| + SecurityLevelToSecurityStyle(security_info.security_level);
|
| +
|
| + security_style_explanations->ran_insecure_content_style =
|
| + SecurityLevelToSecurityStyle(
|
| + SecurityStateModel::kRanInsecureContentLevel);
|
| + security_style_explanations->displayed_insecure_content_style =
|
| + SecurityLevelToSecurityStyle(
|
| + SecurityStateModel::kDisplayedInsecureContentLevel);
|
| +
|
| + // Check if the page is HTTP; if so, no explanations are needed. Note
|
| + // that SECURITY_STYLE_UNAUTHENTICATED does not necessarily mean that
|
| + // the page is loaded over HTTP, because the security style merely
|
| + // represents how the embedder wishes to display the security state of
|
| + // the page, and the embedder can choose to display HTTPS page as HTTP
|
| + // if it wants to (for example, displaying deprecated crypto
|
| + // algorithms with the same UI treatment as HTTP pages).
|
| + security_style_explanations->scheme_is_cryptographic =
|
| + security_info.scheme_is_cryptographic;
|
| + if (!security_info.scheme_is_cryptographic) {
|
| + return security_style;
|
| + }
|
| +
|
| + if (security_info.sha1_deprecation_status ==
|
| + SecurityStateModel::DEPRECATED_SHA1_MAJOR) {
|
| + security_style_explanations->broken_explanations.push_back(
|
| + content::SecurityStyleExplanation(
|
| + l10n_util::GetStringUTF8(IDS_MAJOR_SHA1),
|
| + l10n_util::GetStringUTF8(IDS_MAJOR_SHA1_DESCRIPTION),
|
| + security_info.cert_id));
|
| + } else if (security_info.sha1_deprecation_status ==
|
| + SecurityStateModel::DEPRECATED_SHA1_MINOR) {
|
| + security_style_explanations->unauthenticated_explanations.push_back(
|
| + content::SecurityStyleExplanation(
|
| + l10n_util::GetStringUTF8(IDS_MINOR_SHA1),
|
| + l10n_util::GetStringUTF8(IDS_MINOR_SHA1_DESCRIPTION),
|
| + security_info.cert_id));
|
| + }
|
| +
|
| + security_style_explanations->ran_insecure_content =
|
| + security_info.mixed_content_status ==
|
| + SecurityStateModel::RAN_MIXED_CONTENT ||
|
| + security_info.mixed_content_status ==
|
| + SecurityStateModel::RAN_AND_DISPLAYED_MIXED_CONTENT;
|
| + security_style_explanations->displayed_insecure_content =
|
| + security_info.mixed_content_status ==
|
| + SecurityStateModel::DISPLAYED_MIXED_CONTENT ||
|
| + security_info.mixed_content_status ==
|
| + SecurityStateModel::RAN_AND_DISPLAYED_MIXED_CONTENT;
|
| +
|
| + if (net::IsCertStatusError(security_info.cert_status)) {
|
| + base::string16 error_string = base::UTF8ToUTF16(net::ErrorToString(
|
| + net::MapCertStatusToNetError(security_info.cert_status)));
|
| +
|
| + content::SecurityStyleExplanation explanation(
|
| + l10n_util::GetStringUTF8(IDS_CERTIFICATE_CHAIN_ERROR),
|
| + l10n_util::GetStringFUTF8(
|
| + IDS_CERTIFICATE_CHAIN_ERROR_DESCRIPTION_FORMAT, error_string),
|
| + security_info.cert_id);
|
| +
|
| + if (net::IsCertStatusMinorError(security_info.cert_status))
|
| + security_style_explanations->unauthenticated_explanations.push_back(
|
| + explanation);
|
| + else
|
| + security_style_explanations->broken_explanations.push_back(explanation);
|
| + } else {
|
| + // If the certificate does not have errors and is not using
|
| + // deprecated SHA1, then add an explanation that the certificate is
|
| + // valid.
|
| + if (security_info.sha1_deprecation_status ==
|
| + SecurityStateModel::NO_DEPRECATED_SHA1) {
|
| + security_style_explanations->secure_explanations.push_back(
|
| + content::SecurityStyleExplanation(
|
| + l10n_util::GetStringUTF8(IDS_VALID_SERVER_CERTIFICATE),
|
| + l10n_util::GetStringUTF8(
|
| + IDS_VALID_SERVER_CERTIFICATE_DESCRIPTION),
|
| + security_info.cert_id));
|
| + }
|
| + }
|
| +
|
| + if (security_info.is_secure_protocol_and_ciphersuite) {
|
| + security_style_explanations->secure_explanations.push_back(
|
| + content::SecurityStyleExplanation(
|
| + l10n_util::GetStringUTF8(IDS_SECURE_PROTOCOL_AND_CIPHERSUITE),
|
| + l10n_util::GetStringUTF8(
|
| + IDS_SECURE_PROTOCOL_AND_CIPHERSUITE_DESCRIPTION)));
|
| + }
|
| +
|
| + return security_style;
|
| +}
|
| +
|
| const SecurityStateModel::SecurityInfo&
|
| ChromeSecurityStateModelClient::GetSecurityInfo() const {
|
| return security_state_model_->GetSecurityInfo();
|
|
|
Chromium Code Reviews
Issue 1986953002:
Move SecurityStyleChanged logic and tests to chrome/browser/ssl (Closed)
Base URL: https://chromium.googlesource.com/chromium/src.git@master